Create directory to house TBB test pages

We need a place to house some test pages for validating TBB builds against regressions and build failures. These tests can probably be static html for now, but they should be in a dir that is accessable from a couple different vhosts, to allow us to test things like url bar isolation.

We need this for #3846 (closed) and #5292 (moved).

added NotWeasel component::archived/ponies owner::phobos parent::5292 priority::medium resolution::wontfix status::closed tor-sysadmin type::task labels

The vhosts should be different second-level domains. Ie: tbb-testing.torproject.org and tbb-testing.freehaven.net, for example.

Can one of the names be an IP address? (The contents of www.tpo are already served from www-master's IP address.)

It probably is a good idea to also test IP address for isolation, but no, we also need to test the domain-based stuff, so we need a second domain pointing at the thing.

www-master.torproject.com currently does not resolve to an IP address. That should be a suitable name.

Why not just use gitweb.torproject.{org|com|net} for these tests rather than setting up all new vhosts?

gitweb.torproject.com doesn't resolve, either. But anyone can set up a pair of hidden services for these tests.

Trac:
Status: new to closed
Resolution: N/A to wontfix

rransom: don't be a jerk. Unless you're volunteering to run these hidden services yourself and accept arbitrary files from random volunteers, you should not have closed this ticket.

If gitweb will serve raw html with the proper mime type that could work I think. Though it is currently unavailable at .net and .com.

As an aside might want to check that things like our ldap web frontend aren't vulnerable to cookie theft from other .torproject.org domains.. The blog and trac look fine, at least.

Trac:
Resolution: wontfix to N/A
Status: closed to reopened

Replying to phobos:

Why not just use gitweb.torproject.{org|com|net} for these tests rather than setting up all new vhosts?

These will resolve in 20 minutes.

added in gitweb.torproject.se and gitweb.torproject.is too.

Replying to mikeperry:

If gitweb will serve raw html with the proper mime type that could work I think. Though it is currently unavailable at .net and .com.

Gitweb isn't supposed to serve raw HTML with the proper MIME type.

[http://idnxcnkne4qt76tg.onion/] points to the content behind www.torproject.org (no redirect). Is that sufficient?

svn.torproject.org would serve files with the proper MIME type, too. (You need at least three domains for a #5472 (closed) test.)

Hidden services look like the best option.

phobos: Small nit: It might also be useful for http://gitweb.torproject.{is,com,net}/ to work, in case we want to test scheme changes for origin policy behavior.. Right now it "works", but it serves a weird gitweb theme directory or something instead of the gitweb root.

rransom: Why don't you want gitweb to serve HTML? No one logs into it, right?

I think I'd rather use git if at all possible, so we can more easily accept and merge people's patches and track the tests themselves. Using gitweb cuts out having to copy updates from git over to commit them in svn. More importantly, it also means user branches of the TBB tests can be directly tested from their remotes without those users needing to create their own servers.

Trac:
Parent: N/A to #5292 (moved)

Oh, two more thoughts: We'll of course want to test that gitweb'a apache is not misconfigured such that inline php or other server-side code/SSI is allowed in .html files. Other than that, I see no major hazards. But it's also possible I missed something because I'm biased in favor of the gitweb idea.

Before this gets closed then, I think the last step is to create the repo for it. How about torbrowser-testing.git?

Trac:
Cc: N/A to Sebastian

Replying to mikeperry:

rransom: Why don't you want gitweb to serve HTML? No one logs into it, right?

Gitweb is intended to not serve files as HTML, because it is sometimes used to host partially trusted or untrusted repositories.

I don't have much of a problem with gitweb.tpo being reconfigured to serve files as HTML, but at a minimum, someone would have to reconfigure it. It may even require patching Gitweb.

I think I'd rather use git if at all possible, so we can more easily accept and merge people's patches and track the tests themselves. Using gitweb cuts out having to copy updates from git over to commit them in svn.

Subversion has the advantage that anyone who can commit to a repo can automatically specify files' MIME types, without having to ask an admin to hack up Gitweb or its configuration.

More importantly, it also means user branches of the TBB tests can be directly tested from their remotes without those users needing to create their own servers.

Only if those ‘user branches’ are hosted on gitweb.tpo or another specially reconfigured Gitweb installation.

I still think you're stuck with hidden services.

Trac:
Username: Tichodroma
Cc: Sebastian to Sebastian, tichodroma@posteo.de

Trac:
Priority: major to normal
Component: Company to Tor Sysadmin Team

Mike says he's unsure if this is the way to go. closing then. Re-open a new ticket if you know what you need from us.

Trac:
Status: reopened to closed
Resolution: N/A to not a bug

That's not exactly what I said. Here's what I said: 00:35 < weasel> mikeperry: what's the deal with 5750? still something you need? 00:37 < mikeperry> in some form, yes.. not sure if that ticket is the best or final form, though..

We definitely want some place to put the web side of our test pages... If you hate the web, there's still options for you to ignore this ticket without closing it, you know.

Are you familiar with trac's query features? You can exclude tickets by tag. For example, to display all Trac sysadmin tickets without the keyword NotWeasel, you can use: https://trac.torproject.org/projects/tor/query?component=Tor+Sysadmin+Team&keywords=!~NotWeasel

Trac:
Status: closed to reopened
Keywords: N/A deleted, NotWeasel added
Resolution: not a bug to N/A

Trac:
Component: Tor Sysadmin Team to Ponies

Man, I was all about this Ponies component idea.. But now I think we need more than one type of Pony.

Trac:
Keywords: N/A deleted, tor-sysadmin added

We could just create tbb-test.torproject.org or something as a static site, add it to the pile of other static sites, and let you go nuts.

It seems no one cares, closing again.

Trac:
Resolution: N/A to wontfix
Status: reopened to closed

closed