path: root/wiki/src/contribute/release_process/tor-browser.mdwn
diff options
authorTails developers <>2015-02-15 12:28:34 +0000
committerTails developers <>2015-02-15 16:21:33 +0000
commit40788f103271e3bfbf471a9e96efe2eab96b6cc1 (patch)
tree76a8566012b96bf98cc1aa7292f188b30686c3ee /wiki/src/contribute/release_process/tor-browser.mdwn
parenta9fe2d5da9c3d87f0f6104c075eb3c404ada860f (diff)
Document the new release process for Tor Browser.
Will-fix: #8125
Diffstat (limited to 'wiki/src/contribute/release_process/tor-browser.mdwn')
1 files changed, 111 insertions, 0 deletions
diff --git a/wiki/src/contribute/release_process/tor-browser.mdwn b/wiki/src/contribute/release_process/tor-browser.mdwn
index 4f9e666..18f2266 100644
--- a/wiki/src/contribute/release_process/tor-browser.mdwn
+++ b/wiki/src/contribute/release_process/tor-browser.mdwn
@@ -1,5 +1,42 @@
[[!meta title="Releasing the Tor Browser"]]
+[[!toc levels=2]]
+The big picture
+The Tails ISO build system [[!tails_gitweb
+config/chroot_local-hooks/10-tbb desc="downloads"]] a set of Tor
+Browser tarballs from a location specified in [[!tails_gitweb
+config/chroot_local-includes/usr/share/tails/tbb-dist-url.txt]], and
+compares their hash with previously verified ones found in
+Once released officially, Tor Browser tarballs can be found in
+a [permanent (?)
+However, when upgrading Tor Browser for an imminent Tails release, we
+generally have to use Tor Browser tarballs that are under QA and not
+officially released yet. So, we have to retrieve them from another,
+temporary location, such as
+<>. If we hard-coded
+this temporary URL in `tbb-dist-url.txt`, then our release tag would
+only be buildable for as long the tarballs stay in that place, which
+at best is a few months.
+To solve this, we host ourselves the Tor Browser tarballs we need, and
+point to [this permanent
+location]( for anything that
+we tag.
+Still, one can set an arbitrary download location in
+`tbb-dist-url.txt`, which should provide all the flexibility needed
+for development purposes.
+Upgrade Tor Browser in Tails
Have a look at
* <>
@@ -44,3 +81,77 @@ Lastly, commit:
git commit config/chroot_local-includes/usr/share/tails/tbb-*.txt \
-m "Upgrade Tor Browser to ${VERSION}."
+<div class="caution">
+If this new Tor Browser is meant to be included in a Tails
+release, then that's not enough: as explained above, we need to host
+the corresponding tarballs ourselves, so read on the next section.
+Self-hosted Tor Browser tarballs archive
+Initial setup
+First, install git-annex from wheezy-backports or newer.
+Then, make sure you have an entry for `` in
+your `~/.ssh/config`. See systems/ISO_history in the internal Git repo
+for details.
+Then, clone the metadata repository and initialize git-annex:
+ git clone && \
+ cd torbrowser-archive && \
+ git annex init
+You now have a lot of (broken) symlinks in place of the files that are
+available in this git-annex repo.
+To synchronize your git-annex metadata with the remote, run:
+ git annex sync
+Import a new set of Tor Browser tarballs
+1. Make `TAILS_GIT_REPO` point to the main Tails Git repository
+ checkout where `tbb-dist-url.txt` is being worked on, for example:
+ TAILS_GIT_REPO="$HOME/tails/git"
+2. Tell git-annex to record each tarball's URL into Git:
+ cat "${TAILS_GIT_REPO}/config/chroot_local-includes/usr/share/tails/tbb-sha256sums.txt" | \
+ while read expected_sha256 tarball; do
+ git annex addurl --fast --pathdepth=-2 \
+ "$(cat "${TAILS_GIT_REPO}/config/chroot_local-includes/usr/share/tails/tbb-dist-url.txt")/${VERSION}/${tarball}"
+ done
+Commit and push your changes
+ git commit -m "Add Tor Browser ${VERSION}." && \
+ git annex sync && \
+ git annex copy --to origin
+Adjust the URL in the main Git repository
+ cd "$TAILS_GIT_REPO" && \
+ echo '' > \
+ config/chroot_local-includes/usr/share/tails/tbb-dist-url.txt && \
+ git commit config/chroot_local-includes/usr/share/tails/tbb-dist-url.txt \
+ -m "Fetch Tor Browser from our own archive."
+Wait for the synchronization
+Once you've gone through these steps, a cronjob that runs every
+5 minutes will download the tarballs and make them available on
+Wait for this to happen before you can build Tails using the new URL.