4.7 KiB
Tor upgrade in Haveno
This guide describes the steps necessary to upgrade the tor dependencies used by Haveno.
Background
Haveno uses two libraries for tor: netlayer and tor-binary.
As per the project's authors, netlayer is "essentially a wrapper around the official Tor releases, pre-packaged for
easy use and convenient integration into Kotlin/Java projects".
Similarly, tor-binary is "[the] Tor binary packaged in a way that can be used for java projects". The project
unpacks the Tor Browser binaries to extract and repackage the tor binaries themselves.
Therefore, upgrading tor in Haveno comes down to upgrading these two artefacts.
Upgrade steps
1. Decide if upgrade necessary
- Find out which tor version Haveno currently uses
- Find out the current
netlayerversion (seenetlayerVersioninhaveno/build.gradle) - Find that tag on the project's Tags page
- The tag description says which tor version it includes
- Find out the current
- Find out the latest available tor release
- See the official tor changelog
2. Update tor-binary
During this update, you will need to keep track of:
- the new Tor Browser version
- the new tor binary version
Create a PR for the master branch of tor-binary with the following changes:
- Decide which Tor Browser version contains the desired tor binary version
- The latest official Tor Browser releases are here: https://dist.torproject.org/torbrowser/
- All official Tor Browser releases are here: https://archive.torproject.org/tor-package-archive/torbrowser/
- For the chosen Tor Browser version, get the list of SHA256 checksums and its signature
- For example, for Tor Browser 14.0.7:
- Verify the signature of the checksums list (see instructions)
- Update the
tor-binarychecksums- For each file present in
tor-binary/tor-binary-resources/checksums:- Rename the file such that it reflects the new Tor Browser version, but preserves the naming scheme
- Update the contents of the file with the corresponding SHA256 checksum from the list
- For each file present in
- Update
torbrowser.versionto the new Tor Browser version in:tor-binary/build.xmltor-binary/pom.xml
- Update
versionto the new tor binary version in:tor-binary/pom.xmltor-binary-geoip/pom.xmltor-binary-linux32/pom.xmltor-binary-linux64/pom.xmltor-binary-macos/pom.xmltor-binary-windows/pom.xmltor-binary-resources/pom.xml
- Run
mvn install- If it completes successfully, then the artefact is correctly configured
Only the files listed above should be part of the PR. The last step will generate a few extra artefacts (for
example in tor-binary-resources/src/main/resources), but these should NOT be committed.
Once the PR is merged, make a note of the commit ID in the master branch (for example a4b868a), as it will be needed
next.
3. Update netlayer
Create a PR for the master branch of netlayer with the following changes:
- In
netlayer/pom.xml:- Update
tor-binary.versionto thetor-binarycommit ID from above (e.g.a4b868a)
- Update
- Bump
version, representing thenetlayerartefact version, in:netlayer/pom.xmlnetlayer/tor/pom.xmlnetlayer/tor.external/pom.xmlnetlayer/tor.native/pom.xml
Once the PR is merged, make a note of the commit ID in the master branch (for example 32779ac), as it will be
needed next.
Create a tag for the new artefact version, having the new tor binary version as description, for example:
# Create tag locally for new netlayer release, on the master branch
git tag -s 0.7.0 -m"tor 0.4.5.6"
# Push it to netlayer repo
git push origin 0.7.0
4. Update dependency in Haveno
Create a Haveno PR with the following changes:
- In
haveno/build.gradleupdatenetlayerVersionto thenetlayercommit ID from above - Update the gradle dependency checksums
- See instructions in
haveno/gradle/witness/gradle-witness.gradle
- See instructions in
Credits
Thanks to freimair, JesusMcCloud, mrosseel, sschuberth and cedricwalter for their work on the original tor-binary and netlayer repos.