14:59:18 <richard> #startmeeting Tor Browser Weekly Meeting 2022-12-05
14:59:18 <MeetBot> Meeting started Mon Dec  5 14:59:18 2022 UTC.  The chair is richard. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:59:18 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
14:59:21 <Jeremy_Rand_36C3[m]> Hi!
14:59:23 <richard> pad: https://pad.riseup.net/p/tor-tbb-keep
15:01:56 <richard> So we released 12.0a5 last week, and so far it's been pretty quiet in terms of bug reports
15:02:52 <richard> i'm in the middle of release prep for 12.0 and we should have build tags later today, so should be able to build overnight/tomorrow AM
15:03:24 <msim> \o/
15:03:33 <dan_b> oo
15:04:07 <PieroV> (I'm already building Firefox at HEAD of tor-browser-102.5esr-12.0-2, but if the translations are also for Firefox I'll have to drop these binaries :()
15:04:24 <richard> once that's ready I'll start prioritizing issues/review the roadmap for 12.5 and s131 work
15:05:56 <richard> in the meantime this week feel free to grab s131 milestone 2 issues
15:06:30 <cschutijser> Hi all, I have a question about Tor Browser, OpenBSD and Pluggable Transports. Should I ask that during a meeting like this one or is it better if I ask in #tor-browser-dev? I don't want to hijack your meeting
15:06:31 <Jeremy_Rand_36C3[m]> Nice, congrats on having 12.0 almost ready!
15:06:55 <richard> here's a gitlab query: https://gitlab.torproject.org/groups/tpo/applications/-/boards?label_name[]=Sponsor%20131&milestone_title=Sponsor%20131%20-%20Phase%202%20-%20Privacy%20Browser
15:08:48 <ma1> Question: what's the workflow for S131 + Tor Browser patches vs Tor Browser only patches vs S131 only patches (if any)?
15:09:12 <richard> ah good question
15:09:38 <richard> so going forward we're going to have a base-browser branch rather than a base-browser tag
15:10:52 <richard> so for MRs which should be merged to base-browser, please target the appropriate base-browser-102.Xesr-12.5-1 branch
15:11:33 <richard> whomever merges should merge such issues into both base-browser and tor-browser branches
15:11:53 <Jeremy_Rand_36C3[m]> richard: just to clarify, are you saying there will not be any tagged releases of Base Browser going forward?
15:12:22 <richard> which will affect the rebase/release process so I'll have to update the checklist again :p
15:13:29 <henry-x> Will the tor-browser branch always be based on top of base-browser?
15:13:38 <richard> sorry, i think we will continue to tag base-browser branches in line with the tor-browser tags
15:14:20 <richard> henry-x: not always
15:15:01 <richard> so on release day they will in line but if base-browser specific fixes come in throughout the month then tehre will be divergence
15:15:09 <Jeremy_Rand_36C3[m]> richard: ok, thanks for clarification.  (I know some people who are interested in using Base Browser tagged releases.)
15:15:15 <richard> (but such fixes should also be merged to tor-browser too)
15:15:22 <richard> jeremy: oh?
15:15:48 <richard> tbf that is cool but unexpected
15:15:57 <PieroV> richard: I think that targeting tor-browser would be easier for reviewers and testing
15:16:00 <henry-x> ok, what do we do if the base-browser patch must be applied before any tor-browser-only patch?
15:16:42 <Jeremy_Rand_36C3[m]> richard: yeah the Kicksecure guys are evaluating using it.  They haven't committed to using it yet, but if they do, tagged releases would presumably be a prereq.
15:17:36 <richard> hmm neat
15:18:22 <richard> henry-x: what sort of situation would require this?
15:19:00 <richard> so, the current workflow has been basically merge to tor-browser with a note that it needs to be in the base-brwoser section, adn then it's moved on the next rebase
15:19:16 <Jeremy_Rand_36C3[m]> richard: it's not super surprising that Kicksecure is interested; they had their own (now-discontinued) project called SecBrowser that was basically the same concept was Base Browser.
15:19:27 <Jeremy_Rand_36C3[m]> s/was/as/
15:20:49 <henry-x> if we need to touch the same file twice: once for base-browser and then again with some tor-specific parts in tor-browser. And then later we want to fixup the file in base-browser.
15:21:32 <richard> ahh so we have had that before
15:21:38 <PieroV> if I understand correctly, it's the kind of problem we've solved with the "dropme!"
15:21:45 <richard> yeah that^
15:21:52 <msim> what's "dropme!"?
15:22:03 <PieroV> It's something we invented :P
15:22:10 <richard> basically add a commit which brings back the stuff we want to remove with 'dropme!' as the header
15:22:17 <msim> ah
15:22:20 <msim> nice
15:22:27 <PieroV> We've reverted the tor-browser part of the patch, applied the base-browser part, and then the tor-browser part again
15:22:31 <richard> and the a fixup! that comes after which undoes it but in the right place
15:23:01 <richard> it is inelegant
15:23:09 <PieroV> I think that 2 MRs could be a better solution in the future
15:23:09 <msim> so like a spicy rebase?
15:23:17 <richard> i think in that case you'd probably be better doing two MRs, one for tor-browser and one for base-browser
15:23:23 <PieroV> That
15:23:50 <PieroV> So, probably we'll have to split the rebase in parts in the future
15:23:59 <richard> yes p much
15:24:04 <msim> makes sense
15:24:16 <henry-x> hmm, maybe we can have an automated test for base-browser merge requests that let you know if tor-browser can be based on top of it
15:24:16 <richard> rebase base-browser to ESR, then cherry-pick/rebase the tor-browser patches onto base-browser
15:25:18 <richard> tbh I'm sure we haven't quite converged to the perfect workflow, so we can make improvements as we go
15:26:36 <henry-x> yeah. Hopefully most of our features are modular-enough that their files will only be in base-browser or tor-browser
15:26:48 <richard> yeah ideally
15:27:14 <PieroV> ideally tor-browser should be only connection to tor + onion services on top of base-browser
15:27:52 <richard> ok the only other thing was I wanted to encourage you all to please 'link' issues that get merged with the appropriate Release Prep issue(s) in tor-browser-build
15:28:26 <richard> makes it a lot easier to build out changelogs if the things we've done are all listed in the same place ^^;
15:29:00 <ma1> guilty as charged, I don't think I've ever done it, sorry. I'll do it :)
15:29:23 <dan_b> release prep issues?
15:29:24 <msim> richard: wdym release prep issues?
15:29:31 <richard> eeeeh
15:29:41 <richard> so in tor-browser-build we have issues labeled "Release Prep"
15:29:58 <richard> such as https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40637
15:30:38 <richard> it's basically the meta ticket for each release where all the coordination/checklist happens
15:31:21 <richard> currently we only have one for 12.0 but i'll make one for 12.5a1 later today
15:31:37 <henry-x> Do we just link the one that is currently open?
15:31:53 <richard> so for usual features you'll typically only add the next alpha to the Linked items section
15:32:15 <richard> for MRs that should also be backported, we should add also the next stable as well
15:32:24 <richard> henry-x: yeah exactly
15:32:36 <richard> there aren't usually that many
15:32:57 <richard> the short list of open ones is in the first column on the tor-browser-build board: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/boards
15:33:03 <dan_b> ah cool
15:34:12 <richard> ok I think that's all i wanted to talk about
15:34:20 <richard> does anyone else have something to discuss?
15:34:27 <PieroV> richard: I think you missed a question from cschutijser at the beginning of the meeting
15:34:34 <richard> whoops
15:34:47 <PieroV> cschutijser | Hi all, I have a question about Tor Browser, OpenBSD and Pluggable Transports. Should I ask that during a meeting like this one or is it better if I ask in #tor-browser-dev? I don't want to hijack your meeting
15:34:57 <richard> oh hi cschutijser
15:35:00 <PieroV> (not sure they're still online)
15:35:01 <cschutijser> Hi!
15:35:04 <cschutijser> Yep, I'm still here
15:35:10 <richard> feel free to ask!
15:35:16 <cschutijser> Okay!
15:35:25 <cschutijser> Quickly introducing myself for those who don't know me: I maintain Tor Browser on OpenBSD. Right now Tor Browser on OpenBSD does not have any support for Pluggable Transports. Prompted by some discussion on a mailing list I looked into it. For now I came up with something like to enable it: https://marc.info/?l=openbsd-ports&m=166937708328808&w=2
15:35:34 <richard> and if we go over happy to chat in #tor-browser-dev
15:35:37 <cschutijser> I don't expect you to fully understand it as it's a diff of an OpenBSD port, but I hope you get the gist of it. I concat tools/torbrowser/bridges.js to browser/app/profile/000-tor-browser.js and I tweak the shipped torrc-defaults file to include a ClientTransportPlugin entry for obfs4proxy. I tested it and it works. Would that be OK to ship or are there some common pitfalls in this area?
15:35:45 <cschutijser> As you can see, with the "cat ${WRKSRC}/tools/torbrowser/bridges.js >>${WRKSRC}/browser/app/profile/000-tor-browser.js" stuff, I'm basically re-doing some stuff that you as upstream take care of in a couple of scripts. That's another topic which I hope to look at some point, to basically re-use your scripts instead of doing stuff like this by hand (because we're obviously going to miss things in
15:35:51 <cschutijser> OpenBSD). But that's not a small project and not something I can look at right now
15:36:50 <PieroV> cschutijser: that file isn't always up to date
15:37:13 <PieroV> You might prefer the lines that are in tor-browser-build/projects/browser/_something_, let me find the files
15:37:23 <PieroV> (there are many of them, one for each pt)
15:38:01 <cschutijser> Ah, it would be great if they're separate for each PT indeed. On OpenBSD we currently only have obfs4proxy so that's the only ones I need to append to 000-tor-browser.js
15:38:45 <PieroV> Oh, sorry, they're in projects/common, not projects/browser
15:38:56 <PieroV> bridges_list.$PT.txt
15:39:25 <PieroV> And you should tweak torrc also for snowflake
15:39:26 <cschutijser> Okay. Thanks, that's good to know. Now there's one tiny problem and that is that I don't have an easy way to access tor-browser-build.git from the port build process
15:39:26 <richard> yes common/bridges_list.obfs4.txt (and meek-azure.txt)
15:39:37 <PieroV> And also bridges_list.snowflake.txt
15:39:40 <richard> can you download files?
15:39:56 <cschutijser> Yes, I can. If they are stable in the sense that they always have the same checksum
15:39:57 <richard> during port build?
15:40:04 <msim> ah, the expert bundle thing would come in handy here by the sounds of it
15:40:05 <cschutijser> Not during the build, only before
15:40:20 <richard> in that case checkout https://dist.torproject.org/torbrowser/12.0a5/
15:40:32 <richard> there are a bunch of tor-expert-bundle*.tar.gz files (with sigs)
15:40:55 <richard> that contain built bins for all our platforms used in tor-browser-build as well as bridge strings in text files
15:41:09 <richard> and they coincide with each tor-browser release
15:41:18 <richard> currently alpha but we'll be shipping with stable too for 12.0
15:41:23 <cschutijser> Ah, thanks! I never looked at those files before. That's exactly what I need for this purpose. Thank you
15:41:33 <msim> :D
15:41:44 <richard> they're relatively new :3
15:42:17 <cschutijser> So If I use the bridges_list.obfs4.txt file and I add torrc-defaults like I did in the URL shown above and it works, you don't see a problem with me shipping that?
15:42:27 <cschutijser> Not any obvious problems, let's say
15:42:40 <PieroV> cschutijser: actually there are a few files for pts
15:42:43 <cschutijser> s/add torrc-defaults/modify torrc-defaults/
15:43:04 <PieroV> I expect that you're closer to Linux, so please have a look also at projects/browser/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
15:43:58 <richard> obs4_proxy also supports meek-azure too btw
15:44:20 <cschutijser> richard: okay. So I was probably holding it wrong. I'll double-check that, thanks
15:44:41 <cschutijser> PieroV: I'll have a look at that, thanks. I don't have the files at hand right now but I'll make a note
15:45:07 <richard> you may run into some unexpected behaviour w/ connection assist too if you don't have snowflake configured
15:45:45 <richard> and you'll probably want a patch for about:preferences#connection to remove the Snowflake bridge config
15:45:49 <cschutijser> Okay. We already have snowflake-proxy in ports on OpenBSD, I'll see how much work it is to get the client as well. Probably shouldn't be too hard
15:46:06 <richard> probably easier than carrying tor-browser patches ;)
15:46:14 <PieroV> It's another go project
15:46:15 <cschutijser> Right, that's a good idea if I don't ship with Snowflake support
15:46:25 <PieroV> I'd expect it not to be more difficult than obfs4
15:46:34 <richard> yeah
15:46:47 <cschutijser> Okay, makes sense
15:47:14 <cschutijser> Is it OK if I work on a diff for the OpenBSD port in which I take your feedback into account   and then I show the diff to you again? Perhaps just in #tor-browser-dev
15:47:33 <richard> oh, and long term you'll want to use archive.torproject.org ( https://archive.torproject.org/tor-package-archive/torbrowser/12.0a4/ for instance ) since links on dist.tpo are fairly ephemeral
15:48:13 <PieroV> I think that taking blobs directly from GitLab could work, too
15:48:23 <PieroV> cschutijser: sure! Feel free to ask anytime
15:48:28 <cschutijser> richard: I already do that also, archive.torproject.org is a fallback. https://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/tor-browser/browser/Makefile?rev=1.97&content-type=text/x-cvsweb-markup
15:48:45 <richard> true true
15:48:47 <cschutijser> But thanks for the feedback :)
15:48:53 <cschutijser> PieroV: great!
15:49:18 <richard> but yeah feel free to ping us for any code reviews
15:49:35 <richard> and also let us know if there's anything we could change on our end to make things easier for you
15:49:45 <cschutijser> That's appreciated, thank you. For now I think I have some homework to do and then I can get back to you with a new diff
15:49:59 <richard> ok perfect
15:50:12 <cschutijser> Yes, I will
15:50:18 <richard> anything else
15:50:31 <cschutijser> Not from my side
15:50:32 <PieroV> Not from me; just a remainder that I'll be afk Thu and Fri
15:50:37 * Jeremy_Rand_36C3[m] has a quick question
15:50:42 <richard> go go go
15:51:42 <Jeremy_Rand_36C3[m]> As you're probably aware, Robert Min is doing an Outreachy project for us involving proxy leak detection via ptrace.  There's nothing actionable yet for you guys, but at some point we should talk about maybe using that code in automated tests of Tor Browser or something.
15:51:49 <Jeremy_Rand_36C3[m]> Just wanted to have it on your radar.
15:52:01 <richard> love it
15:52:15 <Jeremy_Rand_36C3[m]> And see if you have any workflow related thoughts on the topic, e.g. how it might best be integrated into your test systems
15:52:36 <richard> i think we will have opinions on that in the coming weeks :p
15:52:41 <Jeremy_Rand_36C3[m]> Great!
15:53:06 <Jeremy_Rand_36C3[m]> That is all from me
15:53:27 <msim> nothing from me :)
15:53:28 <richard> ok, then i'm gonna call it here
15:53:35 <msim> o/
15:53:39 <richard> have a good week everyone!
15:53:44 <Jeremy_Rand_36C3[m]> Thanks!
15:53:45 <PieroV> thanks everyone!
15:53:48 <richard> #endmeeting