[bisq-network/bisq] Bump netlayer to use tor binary from tor browser v10.0 (#4604)
cd2357
notifications at github.com
Tue Oct 6 17:12:25 UTC 2020
Variant of #4601 which is based on `tor-browser` v10.0 (instead of v9.5.4 used in that PR).
Use a `netlayer` version that includes tor binaries extracted from the latest tor browser [v10.0](https://dist.torproject.org/torbrowser/10.0/).
For simplicity:
- use [netlayer version cc80787](https://jitpack.io/#cd2357/netlayer/cc80787) (based on commit `cc80787` from [this branch](https://github.com/cd2357/netlayer/commits/upgrade-tor-binary-0.4.3.9-on-v0.6.8))
- the referenced branch = previously used `netlayer` v0.6.8 + the following change to `tor-binary`
- above `netlayer` bumps `tor-binary` dependency to [3dbd395](https://jitpack.io/#cd2357/tor-binary/3dbd395) (based on commit `3dbd395` from [this branch](https://github.com/cd2357/tor-binary/commits/upgrade-tor-10.0))
- the referenced branch = previously used `tor-binary` dependency + change A + change B
- change A: extract tor binaries from `tor-browser` v10.0 (instead of 9.5.3 used previously)
- change B: update the extraction and build process to check if the `SHA-256` hashes of the `tor-browser` binaries match [the official ones](https://dist.torproject.org/torbrowser/10.0/sha256sums-signed-build.txt) (instead of `SHA-512` hashes used previously, which are not published in the official tor repo anymore)
- this ensures the build only succeeds if the downloaded `tor-browser` binaries (used to extract the tor binaries) match the official checksums
`tor-browser` v10.0 updates the tor binaries to v0.4.4.5 as per [the tor browser v10 changelog](https://gitweb.torproject.org/builders/tor-browser-build.git/plain/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt?h=maint-10.0). Currently, Bisq uses the tor binary extracted from `tor-browser` v9.5.3, which is tor v0.4.3.6 (as per [the tor browser v9.5 changelog](https://gitweb.torproject.org/builders/tor-browser-build.git/plain/projects/tor-browser/Bundle-Data/Docs/ChangeLog.txt?h=maint-9.5))
In other words:
- compared to PR #4601
- this PR upgrades tor from v0.4.3.6 to v0.4.4.5 (see [here](https://gitweb.torproject.org/tor.git/plain/ReleaseNotes) for tor changes)
- compared to the latest master
- the above note, plus
- ensures that the used tor binaries were extracted from verified `tor-browser` packages, using their `SHA-256` hashes
Fixes #4593
You can view, comment on, or merge this pull request online at:
https://github.com/bisq-network/bisq/pull/4604
-- Commit Summary --
* Bump netlayer to use tor binary from tor browser v10.0
-- File Changes --
M build.gradle (6)
M gradle/witness/gradle-witness.gradle (16)
-- Patch Links --
https://github.com/bisq-network/bisq/pull/4604.patch
https://github.com/bisq-network/bisq/pull/4604.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/bisq/pull/4604
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20201006/e18afa71/attachment-0001.html>
More information about the bisq-github
mailing list