From 8ff1a0b29459a48bd15de099860061e874592965 Mon Sep 17 00:00:00 2001
From: Micah Lee <micah@micahflee.com>
Date: Sun, 19 Jun 2022 14:57:37 -0400
Subject: [PATCH] Make scripts to build PT binaries, and run those in CI

---
 .circleci/config.yml                    | 240 +++++-------------------
 desktop/README.md                       |  20 +-
 desktop/scripts/build-meek-client.py    |  80 --------
 desktop/scripts/build-pt-meek.ps1       |   9 +
 desktop/scripts/build-pt-meek.sh        |   9 +
 desktop/scripts/build-pt-obfs4proxy.ps1 |   9 +
 desktop/scripts/build-pt-obfs4proxy.sh  |   9 +
 desktop/scripts/build-pt-snowflake.ps1  |   9 +
 desktop/scripts/build-pt-snowflake.sh   |   9 +
 desktop/scripts/get-tor.py              | 129 +++++++------
 10 files changed, 187 insertions(+), 336 deletions(-)
 delete mode 100755 desktop/scripts/build-meek-client.py
 create mode 100644 desktop/scripts/build-pt-meek.ps1
 create mode 100755 desktop/scripts/build-pt-meek.sh
 create mode 100644 desktop/scripts/build-pt-obfs4proxy.ps1
 create mode 100755 desktop/scripts/build-pt-obfs4proxy.sh
 create mode 100644 desktop/scripts/build-pt-snowflake.ps1
 create mode 100755 desktop/scripts/build-pt-snowflake.sh

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 45519b87..5c0e36a0 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -17,10 +17,10 @@ workflows:
           requires:
             - test-cli
             # - test-gui
-      # - build-macos:
-      #     requires:
-      #       - test-cli
-      #       # - test-gui
+      - build-macos:
+          requires:
+            - test-cli
+            # - test-gui
 
 jobs:
   test-cli:
@@ -86,13 +86,6 @@ jobs:
     executor:
       name: win/default
       shell: powershell.exe
-    environment:
-      # NOTE: change when upgrading obfs4proxy
-      OBFS4PROXY_TAG: obfs4proxy-0.0.13
-      # NOTE: change when upgrading snowflake
-      SNOWFLAKE_TAG: v2.2.0
-      # NOTE: change when upgrading meek
-      MEEK_TAG: v0.37.0
     steps:
       - checkout
 
@@ -120,85 +113,60 @@ jobs:
       - restore_cache:
           key: get-tor-{{ checksum "desktop/scripts/get-tor.py" }}-{{ .Environment.CACHE_VERSION }}
       - run:
-          name: Get tor binaries from Tor Browser (32-bit)
+          name: Get tor binaries from Tor Browser (64-bit)
           command: |
             cd desktop
-            poetry run python .\scripts\get-tor.py
+            poetry run python .\scripts\get-tor.py win64
       - save_cache:
           key: get-tor-{{ checksum "desktop/scripts/get-tor.py" }}-{{ .Environment.CACHE_VERSION }}
           paths:
             - C:\Users\circleci\project\desktop\build\tor
 
       - restore_cache:
-          # NOTE: change when upgrading obfs4proxy
-          key: build-win64-obfs4proxy-v0.0.13-{{ .Environment.CACHE_VERSION }}
+          key: build-win64-obfs4proxy-{{ checksum "~/project/desktop/scripts/build-pt-obfs4proxy.ps1" }}-{{ .Environment.CACHE_VERSION }}
       - run:
           name: Build obfs4proxy
           command: |
             if ((Test-Path -Path C:\Users\circleci\project\desktop\onionshare\resources\tor\obfs4proxy.exe) -eq $True) {
               Write-Output "obfs4proxy already built"
             } else {
-              # curl https://keys.openpgp.org/vks/v1/by-fingerprint/9EB1A490C73CC5D44DFB3E47BFBD1C7B8A6EC81A | gpg --import
-              New-Item -ItemType Directory -Force -Path C:\Users\circleci\src\obfs4proxy
-              cd C:\Users\circleci\src\obfs4proxy
-              git clone https://gitlab.com/yawning/obfs4
-              cd obfs4
-              # TODO: verify signature
-              git checkout $OBFS4PROXY_TAG
-              go build .\obfs4proxy
-              Move-Item -Path .\obfs4proxy.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor\obfs4proxy.exe
+              cd C:\Users\circleci\project\desktop
+              .\scripts\build-pt-obfs4proxy.ps1
             }
       - save_cache:
-          # NOTE: change when upgrading obfs4proxy
-          key: build-win64-obfs4proxy-v0.0.13-{{ .Environment.CACHE_VERSION }}
+          key: build-win64-obfs4proxy-{{ checksum "~/project/desktop/scripts/build-pt-obfs4proxy.ps1" }}-{{ .Environment.CACHE_VERSION }}
           paths:
             - C:\Users\circleci\project\desktop\onionshare\resources\tor\obfs4proxy.exe
 
       - restore_cache:
-          # NOTE: change when upgrading snowflake
-          key: build-win64-snowflake-v2.1.0-{{ .Environment.CACHE_VERSION }}
+          key: build-win64-snowflake-{{ checksum "~/project/desktop/scripts/build-pt-snowflake.ps1" }}-{{ .Environment.CACHE_VERSION }}
       - run:
           name: Build snowflake-client
           command: |
             if ((Test-Path -Path C:\Users\circleci\project\desktop\onionshare\resources\tor\snowflake-client.exe) -eq $True) {
               Write-Output "snowflake already built"
             } else {
-              New-Item -ItemType Directory -Force -Path C:\Users\circleci\src\obfs4proxy
-              cd C:\Users\circleci\src\obfs4proxy
-              git clone https://git.torproject.org/pluggable-transports/snowflake.git
-              cd snowflake
-              # TODO: verify signature
-              git checkout $SNOWFLAKE_TAG
-              go build .\client
-              Move-Item -Path .\client.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor\snowflake-client.exe
+              cd C:\Users\circleci\project\desktop
+              .\scripts\build-pt-snowflake.ps1
             }
       - save_cache:
-          # NOTE: change when upgrading snowflake
-          key: build-win64-snowflake-v2.1.0-{{ .Environment.CACHE_VERSION }}
+          key: build-win64-snowflake-{{ checksum "~/project/desktop/scripts/build-pt-snowflake.ps1" }}-{{ .Environment.CACHE_VERSION }}
           paths:
             - C:\Users\circleci\project\desktop\onionshare\resources\tor\snowflake-client.exe
 
       - restore_cache:
-          # NOTE: change when upgrading meek
-          key: build-win64-meek-v0.37.0-{{ .Environment.CACHE_VERSION }}
+          key: build-win64-meek-{{ checksum "~/project/desktop/scripts/build-pt-meek.ps1" }}-{{ .Environment.CACHE_VERSION }}
       - run:
           name: Build meek-client
           command: |
             if ((Test-Path -Path C:\Users\circleci\project\desktop\onionshare\resources\tor\meek-client.exe) -eq $True) {
               Write-Output "snowflake already built"
             } else {
-              New-Item -ItemType Directory -Force -Path C:\Users\circleci\src\meek
-              cd C:\Users\circleci\src\meek
-              git clone https://git.torproject.org/pluggable-transports/meek.git
-              cd meek
-              # TODO: verify signature
-              git checkout $MEEK_TAG
-              go build .\meek-client
-              Move-Item -Path .\meek-client.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor\meek-client.exe
+              cd C:\Users\circleci\project\desktop
+              .\scripts\build-pt-meek.ps1
             }
       - save_cache:
-          # NOTE: change when upgrading meek
-          key: build-win64-meek-v0.37.0-{{ .Environment.CACHE_VERSION }}
+          key: build-win64-meek-{{ checksum "~/project/desktop/scripts/build-pt-meek.ps1" }}-{{ .Environment.CACHE_VERSION }}
           paths:
             - C:\Users\circleci\project\desktop\onionshare\resources\tor\meek-client.exe
 
@@ -222,13 +190,6 @@ jobs:
     executor:
       name: win/default
       shell: powershell.exe
-    environment:
-      # NOTE: change when upgrading obfs4proxy
-      OBFS4PROXY_TAG: obfs4proxy-0.0.13
-      # NOTE: change when upgrading snowflake
-      SNOWFLAKE_TAG: v2.2.0
-      # NOTE: change when upgrading meek
-      MEEK_TAG: v0.37.0
     steps:
       - checkout
 
@@ -259,7 +220,7 @@ jobs:
           name: Get tor binaries from Tor Browser (32-bit)
           command: |
             cd desktop
-            C:\Python-32bit\Scripts\poetry run python .\scripts\get-tor.py
+            C:\Python-32bit\Scripts\poetry run python .\scripts\get-tor.py win32
       - save_cache:
           key: get-tor-{{ checksum "desktop/scripts/get-tor.py" }}-{{ .Environment.CACHE_VERSION }}
           paths:
@@ -273,75 +234,53 @@ jobs:
             msiexec.exe /i go1.18.windows-386.msi /quiet /L*V go-install.log
 
       - restore_cache:
-          # NOTE: change when upgrading obfs4proxy
-          key: build-win32-obfs4proxy-v0.0.13-{{ .Environment.CACHE_VERSION }}
+          key: build-win32-obfs4proxy-{{ checksum "~/project/desktop/scripts/build-pt-obfs4proxy.ps1" }}-{{ .Environment.CACHE_VERSION }}
       - run:
-          name: Build obfs4proxy (32-bit)
+          name: Build obfs4proxy
           command: |
             if ((Test-Path -Path C:\Users\circleci\project\desktop\onionshare\resources\tor\obfs4proxy.exe) -eq $True) {
               Write-Output "obfs4proxy already built"
             } else {
-              # curl https://keys.openpgp.org/vks/v1/by-fingerprint/9EB1A490C73CC5D44DFB3E47BFBD1C7B8A6EC81A | gpg --import
-              New-Item -ItemType Directory -Force -Path C:\Users\circleci\src\obfs4proxy
-              cd C:\Users\circleci\src\obfs4proxy
-              git clone https://gitlab.com/yawning/obfs4
-              cd obfs4
-              # TODO: verify signature
-              git checkout $OBFS4PROXY_TAG
-              & "C:\Program Files (x86)\Go\bin\go" build .\obfs4proxy
-              Move-Item -Path .\obfs4proxy.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor\obfs4proxy.exe
+              $env:PATH = "C:\Program Files (x86)\Go\bin\go;$env:PATH"
+              cd C:\Users\circleci\project\desktop
+              .\scripts\build-pt-obfs4proxy.ps1
             }
       - save_cache:
-          # NOTE: change when upgrading obfs4proxy
-          key: build-win32-obfs4proxy-v0.0.13-{{ .Environment.CACHE_VERSION }}
+          key: build-win32-obfs4proxy-{{ checksum "~/project/desktop/scripts/build-pt-obfs4proxy.ps1" }}-{{ .Environment.CACHE_VERSION }}
           paths:
             - C:\Users\circleci\project\desktop\onionshare\resources\tor\obfs4proxy.exe
 
       - restore_cache:
-          # NOTE: change when upgrading snowflake
-          key: build-win32-snowflake-v2.1.0-{{ .Environment.CACHE_VERSION }}
+          key: build-win32-snowflake-{{ checksum "~/project/desktop/scripts/build-pt-snowflake.ps1" }}-{{ .Environment.CACHE_VERSION }}
       - run:
-          name: Build snowflake-client (32-bit)
+          name: Build snowflake-client
           command: |
             if ((Test-Path -Path C:\Users\circleci\project\desktop\onionshare\resources\tor\snowflake-client.exe) -eq $True) {
               Write-Output "snowflake already built"
             } else {
-              New-Item -ItemType Directory -Force -Path C:\Users\circleci\src\obfs4proxy
-              cd C:\Users\circleci\src\obfs4proxy
-              git clone https://git.torproject.org/pluggable-transports/snowflake.git
-              cd snowflake
-              # TODO: verify signature
-              git checkout $SNOWFLAKE_TAG
-              & "C:\Program Files (x86)\Go\bin\go" build .\client
-              Move-Item -Path .\client.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor\snowflake-client.exe
+              $env:PATH = "C:\Program Files (x86)\Go\bin\go;$env:PATH"
+              cd C:\Users\circleci\project\desktop
+              .\scripts\build-pt-snowflake.ps1
             }
       - save_cache:
-          # NOTE: change when upgrading snowflake
-          key: build-win32-snowflake-v2.1.0-{{ .Environment.CACHE_VERSION }}
+          key: build-win32-snowflake-{{ checksum "~/project/desktop/scripts/build-pt-snowflake.ps1" }}-{{ .Environment.CACHE_VERSION }}
           paths:
             - C:\Users\circleci\project\desktop\onionshare\resources\tor\snowflake-client.exe
 
       - restore_cache:
-          # NOTE: change when upgrading meek
-          key: build-win32-meek-v0.37.0-{{ .Environment.CACHE_VERSION }}
+          key: build-win32-meek-{{ checksum "~/project/desktop/scripts/build-pt-meek.ps1" }}-{{ .Environment.CACHE_VERSION }}
       - run:
-          name: Build meek-client (32-bit)
+          name: Build meek-client
           command: |
             if ((Test-Path -Path C:\Users\circleci\project\desktop\onionshare\resources\tor\meek-client.exe) -eq $True) {
               Write-Output "snowflake already built"
             } else {
-              New-Item -ItemType Directory -Force -Path C:\Users\circleci\src\meek
-              cd C:\Users\circleci\src\meek
-              git clone https://git.torproject.org/pluggable-transports/meek.git
-              cd meek
-              # TODO: verify signature
-              git checkout $MEEK_TAG
-              & "C:\Program Files (x86)\Go\bin\go" build .\meek-client
-              Move-Item -Path .\meek-client.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor\meek-client.exe
+              $env:PATH = "C:\Program Files (x86)\Go\bin\go;$env:PATH"
+              cd C:\Users\circleci\project\desktop
+              .\scripts\build-pt-meek.ps1
             }
       - save_cache:
-          # NOTE: change when upgrading meek
-          key: build-win32-meek-v0.37.0-{{ .Environment.CACHE_VERSION }}
+          key: build-win32-meek-{{ checksum "~/project/desktop/scripts/build-pt-meek.ps1" }}-{{ .Environment.CACHE_VERSION }}
           paths:
             - C:\Users\circleci\project\desktop\onionshare\resources\tor\meek-client.exe
 
@@ -373,120 +312,25 @@ jobs:
           command: |
             brew install wget
             brew install go
-      - restore_cache:
-          key: build-libevent-2.1.12-tor-0.4.6.10
-      - run:
-          name: Build libevent and tor
-          command: |
-            mkdir -p $BINARY_DIR/tor
-            # Download and verify libevent
-            cd ~/Downloads
-            URL=https://github.com/libevent/libevent/releases/download/release-2.1.12-stable/libevent-2.1.12-stable.tar.gz
-            FILENAME=libevent-2.1.12-stable.tar.gz
-            EXPECTED_SHA256=92e6de1be9ec176428fd2367677e61ceffc2ee1cb119035037a27d346b0403bb
-            wget $URL
-            SHA256=$(shasum -a 256 $FILENAME | cut -d" " -f1)
-            if [ "$SHA256" != "$EXPECTED_SHA256" ]; then echo "Failed" && exit -1; fi
-            tar -xvf $FILENAME
-            # Build libevent
-            cd libevent-2.1.12-stable
-            ./configure --disable-openssl --prefix=$BINARY_DIR/tor
-            make
-            make install
-            # Download and verify tor
-            cd ~/Downloads
-            URL=https://dist.torproject.org/tor-0.4.6.10.tar.gz
-            FILENAME=tor-0.4.6.10.tar.gz
-            EXPECTED_SHA256=94ccd60e04e558f33be73032bc84ea241660f92f58cfb88789bda6893739e31c
-            wget $URL
-            SHA256=$(shasum -a 256 $FILENAME | cut -d" " -f1)
-            if [ "$SHA256" != "$EXPECTED_SHA256" ]; then echo "Failed" && exit -1; fi
-            tar -xvf $FILENAME
-            # Build tor
-            cd tor-0.4.6.10
-            ./configure --prefix=$BINARY_DIR/tor
-            make
-            make install
-      - save_cache:
-          key: build-libevent-2.1.12-tor-0.4.6.10
-          paths:
-            - /Users/distiller/bin/tor
-      - restore_cache:
-          key: build-macos-obfs4proxy-v0.0.13
-      - run:
-          name: Build obfs4proxy
-          command: |
-            # Get source code
-            mkdir ~/Downloads/obfs4proxy
-            cd ~/Downloads/obfs4proxy
-            git clone https://gitlab.com/yawning/obfs4
-            cd obfs4
-            git checkout obfs4proxy-0.0.13
-            # Build
-            go build -o $BINARY_DIR/obfs4proxy ./obfs4proxy
-      - save_cache:
-          key: build-macos-obfs4proxy-v0.0.13
-          paths:
-            - /Users/distiller/bin/obfs4proxy
-      - restore_cache:
-          key: build-macos-snowflake-v2.1.0
-      - run:
-          name: Build snowflake-client
-          command: |
-            # Get source code
-            mkdir ~/Downloads/snowflake-client
-            cd ~/Downloads/snowflake-client
-            git clone https://git.torproject.org/pluggable-transports/snowflake.git
-            cd snowflake
-            git checkout v2.1.0
-            # Build
-            go build -o $BINARY_DIR/snowflake-client ./client
-      - save_cache:
-          key: build-macos-snowflake-v2.1.0
-          paths:
-            - /Users/distiller/bin/snowflake-client
-      - restore_cache:
-          key: build-macos-meek-v0.37.0
-      - run:
-          name: Build meek-client
-          command: |
-            # Get source code
-            mkdir ~/Downloads/meek-client
-            cd ~/Downloads/meek-client
-            git clone https://git.torproject.org/pluggable-transports/meek.git
-            cd meek
-            git checkout v0.37.0
-            # Build
-            go build -o $BINARY_DIR/meek-client ./meek-client
-      - save_cache:
-          key: build-macos-meek-v0.37.0
-          paths:
-            - /Users/distiller/bin/meek-client
-      - run:
-          name: Copy binaries into app
-          command: |
-            export DEST=~\project\desktop\onionshare\resources\tor
-            cp $BINARY_DIR/tor/bin/tor $DEST
-            cp $BINARY_DIR/tor/lib/libevent-2.1.7.dylib $DEST
-            cp $BINARY_DIR/tor/share/tor/geoip* $DEST
-            cp $BINARY_DIR/obfs4proxy $DEST
-            cp $BINARY_DIR/snowflake-client $DEST
-            cp $BINARY_DIR/meek-client $DEST
+
       - run:
           name: Install Python 3.9.12
           command: |
             wget https://www.python.org/ftp/python/3.9.12/python-3.9.12-macosx10.9.pkg -O ~/Downloads/python.pkg
             sudo installer -pkg ~/Downloads/python.pkg -target /
+
       - run:
           name: Install poetry
           command: |
             pip3 install poetry
             ln -s /Library/Frameworks/Python.framework/Versions/3.9/bin/poetry /usr/local/bin
+
       - run:
           name: Install poetry dependencies
           command: |
             cd ~/project/desktop
             poetry install
+
       - run:
           name: Build OnionShare
           command: |
@@ -494,10 +338,12 @@ jobs:
             poetry run python ./setup-freeze.py build
             poetry run python ./setup-freeze.py bdist_mac
             poetry run python ./scripts/build-macos.py cleanup-build
+
       - run:
           name: Compress
           command: |
             cd ~/project/desktop/build
             zip -r ~/onionshare-macos.zip OnionShare.app
+
       - store_artifacts:
           path: ~/onionshare-macos.zip
diff --git a/desktop/README.md b/desktop/README.md
index 31071782..5a070ee6 100644
--- a/desktop/README.md
+++ b/desktop/README.md
@@ -31,20 +31,32 @@ poetry install
 
 **Windows users:** Download and install 7-Zip from https://7-zip.org/download.html. [Add](https://medium.com/@kevinmarkvi/how-to-add-executables-to-your-path-in-windows-5ffa4ce61a53) `C:\Program Files (x86)\7-Zip` to your path.
 
-Download Tor Browser and extract the binaries:
+Download Tor Browser and extract the binaries for your platform. The platform must be `win32`, `win64`, `macos`, or `linux64`.
 
 ```sh
-poetry run python ./scripts/get-tor.py
+poetry run python ./scripts/get-tor.py [platform]
 ```
 
 ### Compile dependencies
 
 Install Go. The simplest way to make sure everything works is to install Go by following [these instructions](https://golang.org/doc/install).
 
-Download and compile `meek-client`:
+Compile pluggable transports:
+
+**Windows users, in PowerShell:**
+
+```powershell
+.\scripts\build-pt-obfs4proxy.ps1
+.\scripts\build-pt-snowflake.ps1
+.\scripts\build-pt-meek.ps1
+```
+
+**macOS and Linux users:**
 
 ```sh
-poetry run python ./scripts/build-meek-client.py
+./scripts/build-pt-obfs4proxy.sh
+./scripts/build-pt-snowflake.sh
+./scripts/build-pt-meek.sh
 ```
 
 ### Running OnionShare from the source code tree
diff --git a/desktop/scripts/build-meek-client.py b/desktop/scripts/build-meek-client.py
deleted file mode 100755
index 6e5d7974..00000000
--- a/desktop/scripts/build-meek-client.py
+++ /dev/null
@@ -1,80 +0,0 @@
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-"""
-OnionShare | https://onionshare.org/
-
-Copyright (C) 2014-2022 Micah Lee, et al. <micah@micahflee.com>
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-"""
-
-"""
-This script downloads a pre-built tor binary to bundle with OnionShare.
-In order to avoid a Mac gnupg dependency, I manually verify the signature
-and hard-code the sha256 hash.
-"""
-import shutil
-import os
-import sys
-import subprocess
-import inspect
-import platform
-
-
-def main():
-    # Figure out the architecture and python path
-    if "64 bit" in sys.version:
-        python_arch = "win-amd64"
-    else:
-        python_arch = "win32"
-
-    if os.getlogin() == "circleci" and python_arch == "win32":
-        go_path = "C:\\Program Files (x86)\\Go\\bin\\go"
-    else:
-        go_path = shutil.which("go")
-
-    if go_path is None:
-        print("Install go: https://golang.org/doc/install")
-        return
-
-    subprocess.run(
-        [
-            go_path,
-            "install",
-            "git.torproject.org/pluggable-transports/meek.git/meek-client@v0.37.0",
-        ]
-    )
-
-    root_path = os.path.dirname(
-        os.path.dirname(os.path.abspath(inspect.getfile(inspect.currentframe())))
-    )
-    if platform.system() == "Windows":
-        dist_path = os.path.join(root_path, "onionshare", "resources", "tor", "Tor")
-        bin_filename = "meek-client.exe"
-    else:
-        dist_path = os.path.join(root_path, "onionshare", "resources", "tor")
-        bin_filename = "meek-client"
-
-    bin_path = os.path.join(os.path.expanduser("~"), "go", "bin", bin_filename)
-    shutil.copyfile(
-        os.path.join(bin_path),
-        os.path.join(dist_path, bin_filename),
-    )
-    os.chmod(os.path.join(dist_path, bin_filename), 0o755)
-
-    print(f"Installed {bin_filename} in {dist_path}")
-
-
-if __name__ == "__main__":
-    main()
diff --git a/desktop/scripts/build-pt-meek.ps1 b/desktop/scripts/build-pt-meek.ps1
new file mode 100644
index 00000000..58a7366a
--- /dev/null
+++ b/desktop/scripts/build-pt-meek.ps1
@@ -0,0 +1,9 @@
+$env:MEEK_TAG = 'v0.37.0'
+
+New-Item -ItemType Directory -Force -Path .\build\meek
+cd .\build\meek
+git clone https://git.torproject.org/pluggable-transports/meek.git
+cd meek
+git checkout $MEEK_TAG
+go build .\meek-client
+Move-Item -Path .\meek-client.exe -Destination ..\onionshare\resources\tor\meek-client.exe
diff --git a/desktop/scripts/build-pt-meek.sh b/desktop/scripts/build-pt-meek.sh
new file mode 100755
index 00000000..5ce91d6c
--- /dev/null
+++ b/desktop/scripts/build-pt-meek.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+MEEK_TAG=v0.37.0
+
+mkdir -p ./build/meek
+cd ./build/meek
+git clone https://git.torproject.org/pluggable-transports/meek.git
+cd meek
+git checkout $MEEK_TAG
+go build -o ../../../onionshare/resources/tor/meek-client ./meek-client
diff --git a/desktop/scripts/build-pt-obfs4proxy.ps1 b/desktop/scripts/build-pt-obfs4proxy.ps1
new file mode 100644
index 00000000..e4688c93
--- /dev/null
+++ b/desktop/scripts/build-pt-obfs4proxy.ps1
@@ -0,0 +1,9 @@
+$env:OBFS4PROXY_TAG = 'obfs4proxy-0.0.13'
+
+New-Item -ItemType Directory -Force -Path .\build\obfs4proxy
+cd .\build\obfs4proxy
+git clone https://gitlab.com/yawning/obfs4
+cd obfs4
+git checkout $OBFS4PROXY_TAG
+go build .\obfs4proxy
+Move-Item -Path .\obfs4proxy.exe -Destination ..\onionshare\resources\tor\obfs4proxy.exe
diff --git a/desktop/scripts/build-pt-obfs4proxy.sh b/desktop/scripts/build-pt-obfs4proxy.sh
new file mode 100755
index 00000000..15b317a3
--- /dev/null
+++ b/desktop/scripts/build-pt-obfs4proxy.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+OBFS4PROXY_TAG=obfs4proxy-0.0.13
+
+mkdir -p ./build/obfs4proxy
+cd ./build/obfs4proxy
+git clone https://gitlab.com/yawning/obfs4 || echo "already cloned"
+cd obfs4
+git checkout $OBFS4PROXY_TAG
+go build -o ../../../onionshare/resources/tor/obfs4proxy ./obfs4proxy
\ No newline at end of file
diff --git a/desktop/scripts/build-pt-snowflake.ps1 b/desktop/scripts/build-pt-snowflake.ps1
new file mode 100644
index 00000000..5d15759d
--- /dev/null
+++ b/desktop/scripts/build-pt-snowflake.ps1
@@ -0,0 +1,9 @@
+$env:SNOWFLAKE_TAG = 'v2.2.0'
+
+New-Item -ItemType Directory -Force -Path .\build\snowflake
+cd .\build\snowflake
+git clone https://git.torproject.org/pluggable-transports/snowflake.git
+cd snowflake
+git checkout $SNOWFLAKE_TAG
+go build .\client
+Move-Item -Path .\client.exe -Destination ..\onionshare\resources\tor\snowflake-client.exe
diff --git a/desktop/scripts/build-pt-snowflake.sh b/desktop/scripts/build-pt-snowflake.sh
new file mode 100755
index 00000000..24a7ce74
--- /dev/null
+++ b/desktop/scripts/build-pt-snowflake.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+SNOWFLAKE_TAG=v2.2.0
+
+mkdir -p ./build/snowflake
+cd ./build/snowflake
+git clone https://git.torproject.org/pluggable-transports/snowflake.git
+cd snowflake
+git checkout $SNOWFLAKE_TAG
+go build -o ../../../onionshare/resources/tor/snowflake-client ./client
diff --git a/desktop/scripts/get-tor.py b/desktop/scripts/get-tor.py
index 29c5a1e4..bda4e8b8 100644
--- a/desktop/scripts/get-tor.py
+++ b/desktop/scripts/get-tor.py
@@ -1,5 +1,4 @@
 #!/usr/bin/env python3
-import platform
 import inspect
 import os
 from re import M
@@ -8,18 +7,30 @@ import hashlib
 import shutil
 import subprocess
 import requests
+import click
 
 torbrowser_version = "11.0.14"
-expected_exe_sha256 = "c14b979c81310ad039985e047dbb5b8058662bb3105b9022f7b9e0d18a29d0d6"
-expected_dmg_sha256 = "558ae5ab188f62feb04c6b2e7f43eae2361e8ec1718e0f4f927801411d911e22"
-expected_txz_sha256 = "b606924fdf8237e697cf95c229189da5875c190875d729769655c7b67aeb9aa6"
+expected_win32_sha256 = (
+    "c14b979c81310ad039985e047dbb5b8058662bb3105b9022f7b9e0d18a29d0d6"
+)
+expected_win64_sha256 = (
+    "ced3de06d089fbbeb8cee309971ac26983aba8eaf948fedce472d40cdd572301"
+)
+expected_macos_sha256 = (
+    "558ae5ab188f62feb04c6b2e7f43eae2361e8ec1718e0f4f927801411d911e22"
+)
+expected_linux64_sha256 = (
+    "b606924fdf8237e697cf95c229189da5875c190875d729769655c7b67aeb9aa6"
+)
 
-exe_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/torbrowser-install-{torbrowser_version}_en-US.exe"
-exe_filename = f"torbrowser-install-{torbrowser_version}_en-US.exe"
-dmg_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/TorBrowser-{torbrowser_version}-osx64_en-US.dmg"
-dmg_filename = f"TorBrowser-{torbrowser_version}-osx64_en-US.dmg"
-tarball_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/tor-browser-linux64-{torbrowser_version}_en-US.tar.xz"
-tarball_filename = f"tor-browser-linux64-{torbrowser_version}_en-US.tar.xz"
+win32_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/torbrowser-install-{torbrowser_version}_en-US.exe"
+win32_filename = f"torbrowser-install-{torbrowser_version}_en-US.exe"
+win64_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/torbrowser-install-win64-{torbrowser_version}_en-US.exe"
+win64_filename = f"torbrowser-install-win64-{torbrowser_version}_en-US.exe"
+macos_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/TorBrowser-{torbrowser_version}-osx64_en-US.dmg"
+macos_filename = f"TorBrowser-{torbrowser_version}-osx64_en-US.dmg"
+linux64_url = f"https://dist.torproject.org/torbrowser/{torbrowser_version}/tor-browser-linux64-{torbrowser_version}_en-US.tar.xz"
+linux64_filename = f"tor-browser-linux64-{torbrowser_version}_en-US.tar.xz"
 
 
 # Common paths
@@ -29,9 +40,21 @@ root_path = os.path.dirname(
 working_path = os.path.join(root_path, "build", "tor")
 
 
-def get_tor_windows():
+def get_tor_windows(platform):
+    if platform == "win32":
+        win_url = win32_url
+        win_filename = win32_filename
+        expected_win_sha256 = expected_win32_sha256
+    elif platform == "win64":
+        win_url = win64_url
+        win_filename = win64_filename
+        expected_win_sha256 = expected_win64_sha256
+    else:
+        click.echo("invalid platform")
+        return
+
     # Build paths
-    exe_path = os.path.join(working_path, exe_filename)
+    win_path = os.path.join(working_path, win_filename)
     dist_path = os.path.join(root_path, "onionshare", "resources", "tor")
 
     # Make sure the working folder exists
@@ -39,21 +62,21 @@ def get_tor_windows():
         os.makedirs(working_path)
 
     # Make sure Tor Browser is downloaded
-    if not os.path.exists(exe_path):
-        print("Downloading {}".format(exe_url))
-        r = requests.get(exe_url)
-        open(exe_path, "wb").write(r.content)
+    if not os.path.exists(win_path):
+        print("Downloading {}".format(win_url))
+        r = requests.get(win_url)
+        open(win_path, "wb").write(r.content)
         exe_sha256 = hashlib.sha256(r.content).hexdigest()
     else:
-        print("Already downloaded: {}".format(exe_path))
-        exe_data = open(exe_path, "rb").read()
-        exe_sha256 = hashlib.sha256(exe_data).hexdigest()
+        print("Already downloaded: {}".format(win_path))
+        win_data = open(win_path, "rb").read()
+        win_sha256 = hashlib.sha256(win_data).hexdigest()
 
     # Compare the hash
-    if exe_sha256 != expected_exe_sha256:
+    if win_sha256 != expected_win_sha256:
         print("ERROR! The sha256 doesn't match:")
-        print("expected: {}".format(expected_exe_sha256))
-        print("  actual: {}".format(exe_sha256))
+        print("expected: {}".format(expected_win32_sha256))
+        print("  actual: {}".format(win_sha256))
         sys.exit(-1)
 
     # Extract the bits we need from the exe
@@ -62,7 +85,7 @@ def get_tor_windows():
             "7z",
             "e",
             "-y",
-            exe_path,
+            win_path,
             "Browser\\TorBrowser\\Tor",
             "-o%s" % os.path.join(working_path, "Tor"),
         ]
@@ -72,7 +95,7 @@ def get_tor_windows():
             "7z",
             "e",
             "-y",
-            exe_path,
+            win_path,
             "Browser\\TorBrowser\\Data\\Tor\\geoip*",
             "-o%s" % os.path.join(working_path, "Data"),
         ]
@@ -113,7 +136,7 @@ def get_tor_macos():
     dmg_tor_path = os.path.join(
         "/Volumes", "Tor Browser", "Tor Browser.app", "Contents"
     )
-    dmg_path = os.path.join(working_path, dmg_filename)
+    dmg_path = os.path.join(working_path, macos_filename)
     dist_path = os.path.join(root_path, "onionshare", "resources", "tor")
     if not os.path.exists(dist_path):
         os.makedirs(dist_path, exist_ok=True)
@@ -124,8 +147,8 @@ def get_tor_macos():
 
     # Make sure the zip is downloaded
     if not os.path.exists(dmg_path):
-        print("Downloading {}".format(dmg_url))
-        r = requests.get(dmg_url)
+        print("Downloading {}".format(macos_url))
+        r = requests.get(macos_url)
         open(dmg_path, "wb").write(r.content)
         dmg_sha256 = hashlib.sha256(r.content).hexdigest()
     else:
@@ -133,9 +156,9 @@ def get_tor_macos():
         dmg_sha256 = hashlib.sha256(dmg_data).hexdigest()
 
     # Compare the hash
-    if dmg_sha256 != expected_dmg_sha256:
+    if dmg_sha256 != expected_macos_sha256:
         print("ERROR! The sha256 doesn't match:")
-        print("expected: {}".format(expected_dmg_sha256))
+        print("expected: {}".format(expected_macos_sha256))
         print("  actual: {}".format(dmg_sha256))
         sys.exit(-1)
 
@@ -182,9 +205,9 @@ def get_tor_macos():
     update_tor_bridges()
 
 
-def get_tor_linux():
+def get_tor_linux64():
     # Build paths
-    tarball_path = os.path.join(working_path, tarball_filename)
+    tarball_path = os.path.join(working_path, linux64_filename)
     dist_path = os.path.join(root_path, "onionshare", "resources", "tor")
 
     # Make sure dirs exist
@@ -196,8 +219,8 @@ def get_tor_linux():
 
     # Make sure the tarball is downloaded
     if not os.path.exists(tarball_path):
-        print("Downloading {}".format(tarball_url))
-        r = requests.get(tarball_url)
+        print("Downloading {}".format(linux64_url))
+        r = requests.get(linux64_url)
         open(tarball_path, "wb").write(r.content)
         tarball_sha256 = hashlib.sha256(r.content).hexdigest()
     else:
@@ -205,9 +228,9 @@ def get_tor_linux():
         tarball_sha256 = hashlib.sha256(tarball_data).hexdigest()
 
     # Compare the hash
-    if tarball_sha256 != expected_txz_sha256:
+    if tarball_sha256 != expected_linux64_sha256:
         print("ERROR! The sha256 doesn't match:")
-        print("expected: {}".format(expected_txz_sha256))
+        print("expected: {}".format(expected_linux64_sha256))
         print("  actual: {}".format(tarball_sha256))
         sys.exit(-1)
 
@@ -250,18 +273,6 @@ def get_tor_linux():
         os.path.join(tarball_tor_path, "Tor", "libstdc++", "libstdc++.so.6"),
         os.path.join(dist_path, "libstdc++.so.6"),
     )
-    shutil.copyfile(
-        os.path.join(tarball_tor_path, "Tor", "PluggableTransports", "obfs4proxy"),
-        os.path.join(dist_path, "obfs4proxy"),
-    )
-    os.chmod(os.path.join(dist_path, "obfs4proxy"), 0o755)
-    shutil.copyfile(
-        os.path.join(
-            tarball_tor_path, "Tor", "PluggableTransports", "snowflake-client"
-        ),
-        os.path.join(dist_path, "snowflake-client"),
-    )
-    os.chmod(os.path.join(dist_path, "snowflake-client"), 0o755)
 
     print(f"Tor binaries extracted to: {dist_path}")
 
@@ -317,19 +328,27 @@ def update_tor_bridges():
                     f.write(f"Bridge {item}\n")
 
 
-def main():
+@click.command()
+@click.argument("platform")
+def main(platform):
     """
     Download Tor Browser and extract tor binaries
     """
-    system = platform.system()
-    if system == "Windows":
-        get_tor_windows()
-    elif system == "Darwin":
+    valid_platforms = ["win32", "win64", "macos", "linux64"]
+    if platform not in valid_platforms:
+        click.echo(f"platform must be one of: {valid_platforms}")
+        return
+
+    if platform == "win32":
+        get_tor_windows(platform)
+    elif platform == "win64":
+        get_tor_windows(platform)
+    elif platform == "macos":
         get_tor_macos()
-    elif system == "Linux":
-        get_tor_linux()
+    elif platform == "linux64":
+        get_tor_linux64()
     else:
-        print("Platform not supported")
+        click.echo("invalid platform")
 
 
 if __name__ == "__main__":