From fc3763f85c25394a3d12eee67329906d6b9e575c Mon Sep 17 00:00:00 2001 From: nopeitsnothing Date: Thu, 18 Jun 2026 04:51:25 -0400 Subject: [PATCH] docs(web!): get new web design up Serve the new look, update licensing. --- .github/workflows/03-release.yml | 2 +- LICENSE | 427 ++++++++++++++++++++++++++++ docs/about/index.md | 9 +- docs/changelog/index.md | 20 +- docs/code/develop.md | 404 --------------------------- docs/code/index.md | 359 +++++++++++++++++++++++- docs/constitution/index.md | 181 ++++++------ docs/contribute/index.md | 3 +- docs/guide/index.md | 102 +++---- docs/index.md | 75 +++-- docs/mirrors/index.md | 3 - docs/pgp/index.md | 150 ++++++---- docs/stylesheets/accessibility.css | 105 +++++++ docs/stylesheets/dark-extra.css | 130 --------- docs/stylesheets/extra.css | 201 ------------- docs/stylesheets/footer-fix.css | 203 -------------- docs/stylesheets/footer.css | 153 ++++++++++ docs/stylesheets/going-dark.css | 122 ++++++++ docs/stylesheets/hacker-extra.css | 344 +++++++++++++++++++++++ docs/stylesheets/hacker.css | 433 +++++++++++++++++++++++++++++ docs/stylesheets/nav-extra.css | 126 --------- docs/stylesheets/navigation.css | 165 +++++++++++ docs/twitter/index.md | 10 - docs/verify/index.md | 40 ++- mkdocs.yml | 59 ++-- pgp/core-devs/README.md | 4 +- remove-memory-history.sh | 35 +++ 27 files changed, 2465 insertions(+), 1400 deletions(-) create mode 100644 LICENSE delete mode 100644 docs/code/develop.md create mode 100644 docs/stylesheets/accessibility.css delete mode 100644 docs/stylesheets/dark-extra.css delete mode 100644 docs/stylesheets/extra.css delete mode 100644 docs/stylesheets/footer-fix.css create mode 100644 docs/stylesheets/footer.css create mode 100644 docs/stylesheets/going-dark.css create mode 100644 docs/stylesheets/hacker-extra.css create mode 100644 docs/stylesheets/hacker.css delete mode 100644 docs/stylesheets/nav-extra.css create mode 100644 docs/stylesheets/navigation.css delete mode 100644 docs/twitter/index.md create mode 100644 remove-memory-history.sh diff --git a/.github/workflows/03-release.yml b/.github/workflows/03-release.yml index bcf2442..d8768e9 100644 --- a/.github/workflows/03-release.yml +++ b/.github/workflows/03-release.yml @@ -154,7 +154,7 @@ jobs: ### πŸ” Verifying GPG signatures - ```bash + ```sh # Import the release signing key gpg --import pgp/anonymousplanet-release.asc diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..7d4f96c --- /dev/null +++ b/LICENSE @@ -0,0 +1,427 @@ +Attribution-ShareAlike 4.0 International + +======================================================================= + +Creative Commons Corporation ("Creative Commons") is not a law firm and +does not provide legal services or legal advice. Distribution of +Creative Commons public licenses does not create a lawyer-client or +other relationship. Creative Commons makes its licenses and related +information available on an "as-is" basis. Creative Commons gives no +warranties regarding its licenses, any material licensed under their +terms and conditions, or any related information. Creative Commons +disclaims all liability for damages resulting from their use to the +fullest extent possible. + +Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and +conditions that creators and other rights holders may use to share +original works of authorship and other material subject to copyright +and certain other rights specified in the public license below. The +following considerations are for informational purposes only, are not +exhaustive, and do not form part of our licenses. + + Considerations for licensors: Our public licenses are + intended for use by those authorized to give the public + permission to use material in ways otherwise restricted by + copyright and certain other rights. Our licenses are + irrevocable. Licensors should read and understand the terms + and conditions of the license they choose before applying it. + Licensors should also secure all rights necessary before + applying our licenses so that the public can reuse the + material as expected. Licensors should clearly mark any + material not subject to the license. This includes other CC- + licensed material, or material used under an exception or + limitation to copyright. More considerations for licensors: + wiki.creativecommons.org/Considerations_for_licensors + + Considerations for the public: By using one of our public + licenses, a licensor grants the public permission to use the + licensed material under specified terms and conditions. If + the licensor's permission is not necessary for any reason--for + example, because of any applicable exception or limitation to + copyright--then that use is not regulated by the license. Our + licenses grant only permissions under copyright and certain + other rights that a licensor has authority to grant. Use of + the licensed material may still be restricted for other + reasons, including because others have copyright or other + rights in the material. A licensor may make special requests, + such as asking that all changes be marked or described. + Although not required by our licenses, you are encouraged to + respect those requests where reasonable. More considerations + for the public: + wiki.creativecommons.org/Considerations_for_licensees + +======================================================================= + +Creative Commons Attribution-ShareAlike 4.0 International Public +License + +By exercising the Licensed Rights (defined below), You accept and agree +to be bound by the terms and conditions of this Creative Commons +Attribution-ShareAlike 4.0 International Public License ("Public +License"). To the extent this Public License may be interpreted as a +contract, You are granted the Licensed Rights in consideration of Your +acceptance of these terms and conditions, and the Licensor grants You +such rights in consideration of benefits the Licensor receives from +making the Licensed Material available under these terms and +conditions. + + +Section 1 -- Definitions. + + a. Adapted Material means material subject to Copyright and Similar + Rights that is derived from or based upon the Licensed Material + and in which the Licensed Material is translated, altered, + arranged, transformed, or otherwise modified in a manner requiring + permission under the Copyright and Similar Rights held by the + Licensor. For purposes of this Public License, where the Licensed + Material is a musical work, performance, or sound recording, + Adapted Material is always produced where the Licensed Material is + synched in timed relation with a moving image. + + b. Adapter's License means the license You apply to Your Copyright + and Similar Rights in Your contributions to Adapted Material in + accordance with the terms and conditions of this Public License. + + c. BY-SA Compatible License means a license listed at + creativecommons.org/compatiblelicenses, approved by Creative + Commons as essentially the equivalent of this Public License. + + d. Copyright and Similar Rights means copyright and/or similar rights + closely related to copyright including, without limitation, + performance, broadcast, sound recording, and Sui Generis Database + Rights, without regard to how the rights are labeled or + categorized. For purposes of this Public License, the rights + specified in Section 2(b)(1)-(2) are not Copyright and Similar + Rights. + + e. Effective Technological Measures means those measures that, in the + absence of proper authority, may not be circumvented under laws + fulfilling obligations under Article 11 of the WIPO Copyright + Treaty adopted on December 20, 1996, and/or similar international + agreements. + + f. Exceptions and Limitations means fair use, fair dealing, and/or + any other exception or limitation to Copyright and Similar Rights + that applies to Your use of the Licensed Material. + + g. License Elements means the license attributes listed in the name + of a Creative Commons Public License. The License Elements of this + Public License are Attribution and ShareAlike. + + h. Licensed Material means the artistic or literary work, database, + or other material to which the Licensor applied this Public + License. + + i. Licensed Rights means the rights granted to You subject to the + terms and conditions of this Public License, which are limited to + all Copyright and Similar Rights that apply to Your use of the + Licensed Material and that the Licensor has authority to license. + + j. Licensor means the individual(s) or entity(ies) granting rights + under this Public License. + + k. Share means to provide material to the public by any means or + process that requires permission under the Licensed Rights, such + as reproduction, public display, public performance, distribution, + dissemination, communication, or importation, and to make material + available to the public including in ways that members of the + public may access the material from a place and at a time + individually chosen by them. + + l. Sui Generis Database Rights means rights other than copyright + resulting from Directive 96/9/EC of the European Parliament and of + the Council of 11 March 1996 on the legal protection of databases, + as amended and/or succeeded, as well as other essentially + equivalent rights anywhere in the world. + + m. You means the individual or entity exercising the Licensed Rights + under this Public License. Your has a corresponding meaning. + + +Section 2 -- Scope. + + a. License grant. + + 1. Subject to the terms and conditions of this Public License, + the Licensor hereby grants You a worldwide, royalty-free, + non-sublicensable, non-exclusive, irrevocable license to + exercise the Licensed Rights in the Licensed Material to: + + a. reproduce and Share the Licensed Material, in whole or + in part; and + + b. produce, reproduce, and Share Adapted Material. + + 2. Exceptions and Limitations. For the avoidance of doubt, where + Exceptions and Limitations apply to Your use, this Public + License does not apply, and You do not need to comply with + its terms and conditions. + + 3. Term. The term of this Public License is specified in Section + 6(a). + + 4. Media and formats; technical modifications allowed. The + Licensor authorizes You to exercise the Licensed Rights in + all media and formats whether now known or hereafter created, + and to make technical modifications necessary to do so. The + Licensor waives and/or agrees not to assert any right or + authority to forbid You from making technical modifications + necessary to exercise the Licensed Rights, including + technical modifications necessary to circumvent Effective + Technological Measures. For purposes of this Public License, + simply making modifications authorized by this Section 2(a) + (4) never produces Adapted Material. + + 5. Downstream recipients. + + a. Offer from the Licensor -- Licensed Material. Every + recipient of the Licensed Material automatically + receives an offer from the Licensor to exercise the + Licensed Rights under the terms and conditions of this + Public License. + + b. Additional offer from the Licensor -- Adapted Material. + Every recipient of Adapted Material from You + automatically receives an offer from the Licensor to + exercise the Licensed Rights in the Adapted Material + under the conditions of the Adapter's License You apply. + + c. No downstream restrictions. You may not offer or impose + any additional or different terms or conditions on, or + apply any Effective Technological Measures to, the + Licensed Material if doing so restricts exercise of the + Licensed Rights by any recipient of the Licensed + Material. + + 6. No endorsement. Nothing in this Public License constitutes or + may be construed as permission to assert or imply that You + are, or that Your use of the Licensed Material is, connected + with, or sponsored, endorsed, or granted official status by, + the Licensor or others designated to receive attribution as + provided in Section 3(a)(1)(A)(i). + + b. Other rights. + + 1. Moral rights, such as the right of integrity, are not + licensed under this Public License, nor are publicity, + privacy, and/or other similar personality rights; however, to + the extent possible, the Licensor waives and/or agrees not to + assert any such rights held by the Licensor to the limited + extent necessary to allow You to exercise the Licensed + Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this + Public License. + + 3. To the extent possible, the Licensor waives any right to + collect royalties from You for the exercise of the Licensed + Rights, whether directly or through a collecting society + under any voluntary or waivable statutory or compulsory + licensing scheme. In all other cases the Licensor expressly + reserves any right to collect such royalties. + + +Section 3 -- License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the +following conditions. + + a. Attribution. + + 1. If You Share the Licensed Material (including in modified + form), You must: + + a. retain the following if it is supplied by the Licensor + with the Licensed Material: + + i. identification of the creator(s) of the Licensed + Material and any others designated to receive + attribution, in any reasonable manner requested by + the Licensor (including by pseudonym if + designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of + warranties; + + v. a URI or hyperlink to the Licensed Material to the + extent reasonably practicable; + + b. indicate if You modified the Licensed Material and + retain an indication of any previous modifications; and + + c. indicate the Licensed Material is licensed under this + Public License, and include the text of, or the URI or + hyperlink to, this Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any + reasonable manner based on the medium, means, and context in + which You Share the Licensed Material. For example, it may be + reasonable to satisfy the conditions by providing a URI or + hyperlink to a resource that includes the required + information. + + 3. If requested by the Licensor, You must remove any of the + information required by Section 3(a)(1)(A) to the extent + reasonably practicable. + + b. ShareAlike. + + In addition to the conditions in Section 3(a), if You Share + Adapted Material You produce, the following conditions also apply. + + 1. The Adapter's License You apply must be a Creative Commons + license with the same License Elements, this version or + later, or a BY-SA Compatible License. + + 2. You must include the text of, or the URI or hyperlink to, the + Adapter's License You apply. You may satisfy this condition + in any reasonable manner based on the medium, means, and + context in which You Share Adapted Material. + + 3. You may not offer or impose any additional or different terms + or conditions on, or apply any Effective Technological + Measures to, Adapted Material that restrict exercise of the + rights granted under the Adapter's License You apply. + + +Section 4 -- Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that +apply to Your use of the Licensed Material: + + a. for the avoidance of doubt, Section 2(a)(1) grants You the right + to extract, reuse, reproduce, and Share all or a substantial + portion of the contents of the database; + + b. if You include all or a substantial portion of the database + contents in a database in which You have Sui Generis Database + Rights, then the database in which You have Sui Generis Database + Rights (but not its individual contents) is Adapted Material, + including for purposes of Section 3(b); and + + c. You must comply with the conditions in Section 3(a) if You Share + all or a substantial portion of the contents of the database. + +For the avoidance of doubt, this Section 4 supplements and does not +replace Your obligations under this Public License where the Licensed +Rights include other Copyright and Similar Rights. + + +Section 5 -- Disclaimer of Warranties and Limitation of Liability. + + a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE + EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS + AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF + ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, + IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, + WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, + ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT + KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT + ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. + + b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE + TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, + NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, + INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, + COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR + USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR + DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR + IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. + + c. The disclaimer of warranties and limitation of liability provided + above shall be interpreted in a manner that, to the extent + possible, most closely approximates an absolute disclaimer and + waiver of all liability. + + +Section 6 -- Term and Termination. + + a. This Public License applies for the term of the Copyright and + Similar Rights licensed here. However, if You fail to comply with + this Public License, then Your rights under this Public License + terminate automatically. + + b. Where Your right to use the Licensed Material has terminated under + Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided + it is cured within 30 days of Your discovery of the + violation; or + + 2. upon express reinstatement by the Licensor. + + For the avoidance of doubt, this Section 6(b) does not affect any + right the Licensor may have to seek remedies for Your violations + of this Public License. + + c. For the avoidance of doubt, the Licensor may also offer the + Licensed Material under separate terms or conditions or stop + distributing the Licensed Material at any time; however, doing so + will not terminate this Public License. + + d. Sections 1, 5, 6, 7, and 8 survive termination of this Public + License. + + +Section 7 -- Other Terms and Conditions. + + a. The Licensor shall not be bound by any additional or different + terms or conditions communicated by You unless expressly agreed. + + b. Any arrangements, understandings, or agreements regarding the + Licensed Material not stated herein are separate from and + independent of the terms and conditions of this Public License. + + +Section 8 -- Interpretation. + + a. For the avoidance of doubt, this Public License does not, and + shall not be interpreted to, reduce, limit, restrict, or impose + conditions on any use of the Licensed Material that could lawfully + be made without permission under this Public License. + + b. To the extent possible, if any provision of this Public License is + deemed unenforceable, it shall be automatically reformed to the + minimum extent necessary to make it enforceable. If the provision + cannot be reformed, it shall be severed from this Public License + without affecting the enforceability of the remaining terms and + conditions. + + c. No term or condition of this Public License will be waived and no + failure to comply consented to unless expressly agreed to by the + Licensor. + + d. Nothing in this Public License constitutes or may be interpreted + as a limitation upon, or waiver of, any privileges and immunities + that apply to the Licensor or You, including from the legal + processes of any jurisdiction or authority. + + +======================================================================= + +Creative Commons is not a party to its public +licenses. Notwithstanding, Creative Commons may elect to apply one of +its public licenses to material it publishes and in those instances +will be considered the β€œLicensor.” The text of the Creative Commons +public licenses is dedicated to the public domain under the CC0 Public +Domain Dedication. Except for the limited purpose of indicating that +material is shared under a Creative Commons public license or as +otherwise permitted by the Creative Commons policies published at +creativecommons.org/policies, Creative Commons does not authorize the +use of the trademark "Creative Commons" or any other trademark or logo +of Creative Commons without its prior written consent including, +without limitation, in connection with any unauthorized modifications +to any of its public licenses or any other arrangements, +understandings, or agreements concerning use of licensed material. For +the avoidance of doubt, this paragraph does not form part of the +public licenses. + +Creative Commons may be contacted at creativecommons.org. diff --git a/docs/about/index.md b/docs/about/index.md index 29ac889..eabe984 100644 --- a/docs/about/index.md +++ b/docs/about/index.md @@ -13,11 +13,8 @@ schema: - https://opencollective.com/anonymousplanetorg - https://mastodon.social/@anonymousplanet --- -![Anonymous Planet logo](../media/profile.png){ align=right } -**Anonymous Planet** are the maintainers of the [_Hitchhiker's Guide_](../guide/index.md) and the [_PSA Community_](https://psa.anonymousplanet.net). It is responsible for maintaining the projects and code repositories. This project is part of our ongoing efforts to provide open-source tools and resources for the community, with regular updates and improvements added to the changelog. - -The purpose: providing an introduction to various online tracking techniques, online ID verification techniques, and detailed guidance to creating and maintaining (truly) anonymous online identities. It is written with the hopes that good people (e.g., activists, journalists, scientists, lawyers, whistle-blowers, etc.) will be able to fight oppression, censorship and harassment! The website and projects are free (as in freedom) and not affiliated with any donor or projects discussed. +**Anonymous Planet** are the maintainers of [_The Hitchhiker's Guide_](../guide/index.md) and the [_PSA Community_](https://psa.anonymousplanet.net). This project is part of our ongoing efforts to provide open-source tools and resources for the community, made by people with extensive knowledge in signals and forensics, and expertise in various distributions of Linux. We are providing an introduction to various online tracking techniques, online ID verification techniques, and detailed guidance to creating and maintaining (truly) anonymous online identities. It is written with the hopes that good people (e.g., activists, journalists, scientists, lawyers, whistle-blowers, etc.) will be able to fight oppression, censorship and harassment! The website and projects are free (as in freedom). We are high at risk individuals. We are not simply hackers with a bunch of recommendations and affiliate links like privacytools. To be blunt like Linus Torvalds with a bullshit Merge Request, we don't do that. Here, you will find a trove of information compiled into a single, cohesive set of instructions and sub-guides. ??? Note "Where do I start?" @@ -25,14 +22,12 @@ The purpose: providing an introduction to various online tracking techniques, on ??? Note "Notes on the journey" - This guide is a work in progress. It will probably never be "finished". You may (will) find broken links when you click on some search results and during some navigation steps. Please report these. Otherwise, most of the search functionality is a great experience and can help you find linked topics. Try to search for something in one section of the reading. It will show up in many other places. + This guide is a work in progress. It will probably never be "finished". You may find broken links when you click on some search results and during some navigation steps. Please report these. Otherwise, most of the search functionality is a great experience and can help you find linked topics. Try to search for something in one section of the reading. It will show up in many other places. ??? Note "Disclaimer" There might be some wrong or outdated information in this guide because no one is perfect. Your experience may vary. Remember, check regularly for an updated version of this guide. Please do your own independent, well-thought research. There is no one resource online that can provide 100% security, anonymity, and/or privacy. -This guide is a non-profit open-source initiative, licensed under Creative Commons **Attribution-NonCommercial** 4.0 International ([cc-by-nc-4.0](https://creativecommons.org/licenses/by-nc/4.0/) [[Archive.org]](https://web.archive.org/web/https://creativecommons.org/licenses/by-nc/4.0/)). - - For mirrors see [Mirrors](../mirrors/index.md) and the links at the bottom right of the page. You should see these on every page. - For help in comparing versions see [Comparing versions](../guide/index.md#appendix-a6-comparing-versions) diff --git a/docs/changelog/index.md b/docs/changelog/index.md index d4e012a..d60dd23 100644 --- a/docs/changelog/index.md +++ b/docs/changelog/index.md @@ -14,16 +14,20 @@ schema: - https://mastodon.social/@anonymousplanet --- -# Release Notes - -Notable changes to the guide and its tooling. Follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +Notable changes to the guide. Follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) and [Semantic Versioning](https://semver.org/spec/v2.0.0.html). --- + ## [v1.2.5] +!!! Note "Meta" + + - Website theme customization + - License change to accomodate our fiscal host Open Source Collective + !!! Note "Changed" - - Comprehensive updates throughout the guide reflecting the transition to Whonix 18.x as the default version + - Comprehensive updates throughout the guide reflecting the transition to Whonix 18.x as the newest version - Replaced outdated Whonix.org wiki docs links with GitHub releases mirror and Archive.org backups - Updated Virtualbox hardening instructions (e.g., network time desync offsets, Spectre/Meltdown mitigations) - Added AppArmor enabling guidance for Debian-based Whonix 18.x Workstation VMs @@ -33,20 +37,18 @@ Notable changes to the guide and its tooling. Follows [Keep a Changelog](https:/ - Enhanced system verification instructions after upgrades (checkvm, tor --verify) - Improved documentation links to use clean markdown format with Archive.org mirrors for resilience - Added comprehensive upgrade path guidance with backup procedures - - Updated 196 Wikipedia reference links throughout the entire guide (All links now point to https://wikiless.tiekoetter.com/wiki/) + - Updated 196! Wikipedia reference links throughout the entire guide !!! Note "Added" - All Whonix.org/wiki links now have Archive.org mirror backups for availability - Upgrade path documented: Whonix 17 to 18 with automated release-upgrade support - Detailed Qubes OS compatibility notes for both Whonix versions - - Memory file `whonix-docs-comprehensive-update.md` with full changelog of modifications - - Memory file `whonix-18x-upgrade-notes.md` with upgrade guidance and best practices - - You can now get the RSK and MSK from the navbar + - You can now get the Anonymous Planet PGP keyring from the site (copy/paste or download) !!! Note "Improved" - - Virtualbox hardening section reorganized with bullet points for better readability + - Virtualbox hardening section reorganized - AppArmor configuration guidance added where applicable (Whonix 18.x) - KVM alternative documented in Appendix N for Linux users seeking better security than VirtualBox - Whonix Improvements subsection added before "Pick your guest workstation" VMs section diff --git a/docs/code/develop.md b/docs/code/develop.md deleted file mode 100644 index 2b90709..0000000 --- a/docs/code/develop.md +++ /dev/null @@ -1,404 +0,0 @@ -# Developer Guide - -This page covers everything you need to contribute to the project, run the build pipeline locally, configure GitHub Secrets, and publish a release. - ---- - -## Prerequisites - -Install these before anything else. - -=== "Linux / macOS" - - ```bash - # Python 3.11+ - python3 --version - - # poppler (pdftoppm) and qpdf - sudo apt install poppler-utils qpdf # Debian/Ubuntu - brew install poppler qpdf # macOS - - # GPG - sudo apt install gnupg # Debian/Ubuntu - brew install gnupg # macOS - - # Python dependencies - pip install "mkdocs-material[imaging]" pillow numpy - ``` - -=== "Windows" - - ```powershell - # Python 3.11+ from https://python.org - - # poppler: download from https://github.com/oschwartz10612/poppler-windows/releases - # Extract and add the bin\ folder to PATH - - # qpdf: download from https://github.com/qpdf/qpdf/releases - # Extract and add the bin\ folder to PATH - - # GPG: download Gpg4win from https://gpg4win.org - - # Python dependencies - pip install "mkdocs-material[imaging]" pillow numpy - ``` - -You also need **Google Chrome** or **Microsoft Edge** installed for the light-mode PDF build (headless Chromium). - ---- - -## Repository layout - -``` -.github/ - workflows/ - 01-build.yml # builds PDFs, uploads artifact - 02-sign.yml # hashes + GPG signs, uploads signatures artifact - 03-release.yml # publishes GitHub Release with all assets - 04-changelog.yml # prepends a new entry to docs/changelog/index.md - publish.yml # deploys MkDocs site to GitHub Pages -docs/ - guide/index.md # the guide (single Markdown file) - changelog/ # release notes - code/ # this page -export/ # PDF output (PDFs gitignored; .sha256, .b2sum, .asc tracked) -pgp/ # public signing keys -scripts/ - build_guide_pdf.py # MkDocs + Chromium PDF builder - convert.py # pixel-based dark mode PDF converter - update_changelog.py # auto-generates changelog entries from git log - setup_workflow.py # GitHub Secrets setup assistant - verify_pdf.py # signature verification helper - archived/ - tag_release.py # ARCHIVED - GPG tag helper (not used in current flow) -``` - ---- - -## Building locally - -### Build both PDFs - -```bash -python scripts/build_guide_pdf.py --both -``` - -This builds the MkDocs site, renders it to `export/thgtoa.pdf` via headless Chromium, then calls `scripts/convert.py` to produce `export/thgtoa-dark.pdf`. - -| Flag | Effect | -|------|--------| -| `--both` | Light PDF then dark PDF | -| (no flag) | Light PDF only | -| `--dark` | Dark PDF only (light PDF must already exist) | - -### Build only the dark PDF from an existing light PDF - -```bash -python scripts/convert.py export/thgtoa.pdf export/thgtoa-dark.pdf -``` - -Options: - -| Flag | Default | Description | -|------|---------|-------------| -| `--dpi` | `200` | Rasterization DPI. 150 = smaller file, 300 = sharper but slow | -| `--batch-size` | `50` | Pages per batch. Reduce if you hit OOM | -| `--bg` | `1f1f31` | Background colour (hex) | -| `--text` | `e0e0e0` | Body text colour (hex) | -| `--link` | `5e8bde` | Link / blue element colour (hex) | - -### Preview the MkDocs site - -```bash -mkdocs serve -``` - -Opens at `http://127.0.0.1:8000`. - ---- - -## CI/CD pipeline overview - -The pipeline is fully manual after the initial build - no step automatically triggers the next. This prevents version mismatches between what was built, what was signed, and what gets released. The workflows are numbered to help guide you. - -``` -push to main (or manual trigger) - β”‚ - β–Ό - 01-build.yml - Builds thgtoa.pdf + thgtoa-dark.pdf. - Uploads artifact: pdfs - Note the run ID. - β”‚ - β”‚ # manually trigger 02-sign.yml with the build run ID - β–Ό - 02-sign.yml - Downloads pdfs artifact. Hashes (SHA-256 + BLAKE2b) and GPG-signs - all files. Commits export/ back to main. Uploads artifacts: - signatures, pdfs-signed - Note the run ID. - β”‚ - β”‚ # manually trigger 03-release.yml with the sign run ID - β–Ό - 03-release.yml - Downloads signatures + pdfs-signed artifacts. Runs VirusTotal. - Creates GitHub Release tagged release-YYYYMMDD-. - β”‚ - β”‚ # manually trigger 04-changelog.yml with the version string - β–Ό - 04-changelog.yml - Runs update_changelog.py, prepends a new ## [vX.Y.Z] entry, - commits back to main. -``` - -Each stage is independent. If signing fails (e.g. an expired/revoked key, other problems in CI), re-run only `02-sign.yml` pointing at the existing build artifact - no need to rebuild the PDFs. - -!!! warning "Before you push" - - - Make sure the working tree is clean (`git status`) - - Run `mkdocs build` locally if you changed `docs/` to catch broken links before CI does - - If you added new footnotes, verify they have both a definition `[^N]:` and at least one inline citation `[^N]` - ---- - -## Release process (step by step) - -### 1. Trigger a build - -Push to `main` - `01-build.yml` runs automatically when `docs/`, `mkdocs.yml`, or `scripts/` change. You can also trigger it manually from **Actions β†’ Build PDFs β†’ Run workflow**. - -Once it completes successfully, **note the run ID** from the URL or the Actions list. - ---- - -### 2. Sign the PDFs - -Go to **Actions β†’ Sign PDFs β†’ Run workflow**. - -| Input | Value | -|-------|-------| -| `build_run_id` | The run ID from step 1 | - -`02-sign.yml` will: - -- Download the PDFs artifact from the build run -- Compute SHA-256 and BLAKE2b hashes, writing `thgtoa.pdf.sha256`, `thgtoa.pdf.b2sum`, `sha256sums.txt`, `b2sums.txt`, and the dark equivalents -- GPG-sign all PDFs and hash files, writing `.asc` detached signature files -- Commit the updated `export/` directory back to `main` -- Upload two artifacts: `signatures` and `pdfs-signed` - -Once it completes successfully, **note the run ID**. - ---- - -### 3. Publish the release - -Go to **Actions β†’ Release β†’ Run workflow**. - -| Input | Value | -|-------|-------| -| `sign_run_id` | The run ID from step 2 | -| `prerelease` | `false` for a normal release | - -`03-release.yml` will: - -- Download `signatures` and `pdfs-signed` artifacts from the sign run -- Upload both PDFs to VirusTotal -- Auto-generate a release tag in the format `release-YYYYMMDD-` (e.g. `release-20260527-abc1234`) -- Create a GitHub Release with all PDFs, hash files, and signatures attached, and the VirusTotal report URLs in the body - -No version number needs to be chosen at this step - the tag is derived from the date and commit SHA, so it is always unique and always traceable. - ---- - -### 4. Update the changelog - -Go to **Actions β†’ Update Changelog β†’ Run workflow**. - -| Input | Value | -|-------|-------| -| `version` | The human-readable version string, e.g. `v1.2.4` | -| `dry_run` | `true` to preview without committing | - -`04-changelog.yml` runs `scripts/update_changelog.py`, which: - -- Reads git log since the last `## [vX.Y.Z]` heading in the changelog -- Categorises commits into Added / Changed / Fixed using conventional-commit prefixes -- Prepends a new `## [version]` admonition block to `docs/changelog/index.md` -- Commits the result back to `main` - -The version string is the only human decision in the release process. It goes into the changelog only - it does not affect the release tag. - -!!! tip "Previewing the changelog entry" - Run with `dry_run: true` first to review the generated entry before it is committed. - ---- - -## Release tag format - -Release tags use the format `release-YYYYMMDD-`, for example: - -``` -release-20260527-abc1234 -``` - -This format is always unique, requires no version decision at release time, and is directly traceable to the commit that was built. The version string (e.g. `v1.2.4`) is a separate, human-assigned label that lives only in the changelog. - ---- - -## Commit message format - -All commits must follow the [Conventional Commits](https://www.conventionalcommits.org) format. This is enforced by the `commitizen` pre-commit hook. Not because we want to limit cooperation with others, but becasue it promotes a cleaner Changelog; we can avoid all the noise by doing this programatically. - -``` -(): -``` - -Accepted types and their changelog bucket: - -| Type | Bucket | -|------|--------| -| `feat`, `feature`, `add` | Added | -| `fix`, `bugfix`, `revert`, `security` | Fixed | -| `perf`, `refactor`, `change`, `chore`, `ci`, `docs`, `style`, `test`, `build` | Changed | - -Examples: - -```bash -feat: add dark-mode PDF export -fix(scripts): handle locked PDF on Windows -docs: update developer workflow guide -chore(ci): pin Chrome version to 120 -``` - ---- - -## GitHub Secrets - -Configure these in **Settings β†’ Secrets and variables β†’ Actions** before the pipeline will fully work. The build step requires no secrets; signing and releasing require all of them. - -### `GPG_PRIVATE_KEY` - -The ASCII-armored private key used to sign PDFs and hash files. - -```bash -gpg --armor --export-secret-keys C3023DBEA3FB38C438BA1EEDCEC60AEDE8B992A2 -``` - -Copy the entire output (including `-----BEGIN PGP PRIVATE KEY BLOCK-----` and the closing line) and paste it as the secret value. - -!!! danger "Key security" - This is the release signing key. Only repository admins should have access to it. Never commit it to the repository or share it outside of GitHub Secrets. - -### `GPG_PASSPHRASE` - -The passphrase protecting the private key above. Must match exactly - no trailing newline. - -### `ACTIONS_SSH_SIGNING_KEY` - -An SSH private key used by `02-sign.yml` to sign the commit that pushes `export/` back to `main`. Generate a dedicated key for this: - -```bash -ssh-keygen -t ed25519 -C "github-actions signing key" -f actions_signing_key -``` - -Add the **private key** as the `ACTIONS_SSH_SIGNING_KEY` secret, and the **public key** to the repository's Deploy Keys (Settings β†’ Deploy Keys) with write access. - -### `VT_API_KEY` - -A [VirusTotal](https://www.virustotal.com) API key with file upload permissions. Used by `03-release.yml` to scan both PDFs before publishing. Get one by creating a free account at `virustotal.com` β†’ API key under your profile. The free tier (4 lookups/minute, 500/day) is sufficient. - -### `CHANGELOG_PAT` - -A GitHub Personal Access Token with `contents: write` scope on this repository. Needed because `04-changelog.yml` commits back to `main` - commits made with the default `GITHUB_TOKEN` do not trigger further workflow runs (GitHub loop-prevention). A PAT bypasses this. If absent, falls back to `GITHUB_TOKEN` - the commit still happens, it just won't trigger downstream workflows. - -**Creating one:** GitHub β†’ Settings β†’ Developer settings β†’ Personal access tokens β†’ Fine-grained tokens β†’ set Contents to Read and write for this repo only. - -### Secrets summary - -| Secret | Required by | What happens if missing | -|--------|------------|------------------------| -| `GPG_PRIVATE_KEY` | `02-sign.yml` | Signing step fails - no `.asc` files produced | -| `GPG_PASSPHRASE` | `02-sign.yml` | GPG import succeeds but signing fails | -| `ACTIONS_SSH_SIGNING_KEY` | `02-sign.yml` | Export commit is unsigned (may fail if branch protection requires signed commits) | -| `VT_API_KEY` | `03-release.yml` | VirusTotal step fails - release is not published | -| `CHANGELOG_PAT` | `04-changelog.yml` | Falls back to `GITHUB_TOKEN` - changelog updates but commit won't trigger downstream workflows | - ---- - -## Verifying a release - -Anyone can verify the authenticity of a release download. - -```bash -# Import the release signing key -gpg --import pgp/anonymousplanet-release.asc - -# Verify the PDFs -gpg --verify thgtoa.pdf.asc thgtoa.pdf -gpg --verify thgtoa-dark.pdf.asc thgtoa-dark.pdf - -# Verify the hash files -gpg --verify sha256sums.txt.asc sha256sums.txt -gpg --verify b2sums.txt.asc b2sums.txt - -# Check the PDF hashes match -sha256sum -c sha256sums.txt -b2sum -c b2sums.txt -``` - -A successful verify looks like: - -```txt -gpg: Signature made Sun 31 May 2026 03:23:26 AM EDT -gpg: using EDDSA key C3023DBEA3FB38C438BA1EEDCEC60AEDE8B992A2 -gpg: Good signature from "Anonymous Planet Release Signing Key" [ultimate] -Primary key fingerprint: C302 3DBE A3FB 38C4 38BA 1EED CEC6 0AED E8B9 92A2 -``` - -You can safely ignore Github, Codeberg, etc. warnings like "The email in this signature doesn’t match the committer email." - -```txt -Ξ» > git tag -v v1.2.3 -object cdc54d8b3bc2b286827b23921d8d4062f85295cf -type commit -tag v1.2.3 -tagger nopeitsnothing 1780212206 -0400 - -v1.2.3 -gpg: Signature made Sun 31 May 2026 03:23:26 AM EDT -gpg: using EDDSA key C3023DBEA3FB38C438BA1EEDCEC60AEDE8B992A2 -gpg: Good signature from "Anonymous Planet Release Signing Key" [ultimate] -Primary key fingerprint: C302 3DBE A3FB 38C4 38BA 1EED CEC6 0AED E8B9 92A2 -``` - ---- - -## Troubleshooting - -**`cairosvg` missing during MkDocs build** -Install the imaging extras: `pip install "mkdocs-material[imaging]"`. Required by the `social` plugin. - -**`KeyError: 'JPEG'` in convert.py** -Pillow needs libjpeg. Reinstall after installing the system lib: `sudo apt install libjpeg-dev && pip install --force-reinstall pillow`. - -**`qpdf: can't find PDF header`** -Ensure you are on the current version of `convert.py` - qpdf only accepts PDF inputs, not PNG. - -**GPG signing fails on CI with `No secret key`** -The `GPG_PRIVATE_KEY` secret is missing or malformed. Re-export with `gpg --armor --export-secret-keys ` and paste the full block including header and footer lines. - -**GPG signing fails with `Bad passphrase`** -The `GPG_PASSPHRASE` secret has a trailing space or newline. Paste it again with no surrounding whitespace. - -**`03-release.yml` fails on VirusTotal** -The `VT_API_KEY` is missing, invalid, or over the rate limit (500 requests/day on the free tier). Check the secret and re-run after a few minutes. - -**`02-sign.yml` fails downloading PDF artifact** -The `build_run_id` is wrong, or the artifact has expired (90-day retention). Trigger a new build and use the fresh run ID. - -**Changelog already contains version X** -`update_changelog.py` will error if `MANUAL_VERSION` is set to a version already in the changelog. Choose the next version string. - -**Footnote warnings from MkDocs (`link '#fnref:N' has no anchor`)** -A footnote definition `[^N]:` exists without a matching inline citation. Add the citation or remove the orphaned definition. diff --git a/docs/code/index.md b/docs/code/index.md index 612dea8..81e2724 100644 --- a/docs/code/index.md +++ b/docs/code/index.md @@ -1,6 +1,58 @@ --- -title: Content Contributions +title: "Content Contributions" +description: We are the maintainers of the Hitchhiker's Guide and the PSA Matrix space. +schema: + "@context": https://schema.org + "@type": Organization + "@id": https://anonymousplanet.net/ + name: Anonymous Planet + url: https://anonymousplanet.net/code/ + logo: ../media/profile.png + sameAs: + - https://github.com/Anon-Planet + - https://opencollective.com/anonymousplanetorg --- + + +Install these before anything else. + +=== "Linux / macOS" + + ```sh + # Python 3.11+ + python3 --version + + # poppler (pdftoppm) and qpdf + sudo apt install poppler-utils qpdf # Debian/Ubuntu + brew install poppler qpdf # macOS + + # GPG + sudo apt install gnupg # Debian/Ubuntu + brew install gnupg # macOS + + # Python dependencies + pip install "mkdocs-material[imaging]" pillow numpy + ``` + +=== "Windows" + + ```powershell + # Python 3.11+ from https://python.org + + # poppler: download from https://github.com/oschwartz10612/poppler-windows/releases + # Extract and add the bin\ folder to PATH + + # qpdf: download from https://github.com/qpdf/qpdf/releases + # Extract and add the bin\ folder to PATH + + # GPG: download Gpg4win from https://gpg4win.org + + # Python dependencies + pip install "mkdocs-material[imaging]" pillow numpy + ``` + +You also need **Google Chrome** or **Microsoft Edge** installed for the light-mode PDF build (headless Chromium). + You can [submit bugs and feature requests](https://github.com/Anon-Planet/thgtoa/issues/new) with detailed information about your issue or idea: - If you'd like to propose an addition, please follow the standards outlined here. @@ -10,8 +62,6 @@ You can [submit bugs and feature requests](https://github.com/Anon-Planet/thgtoa For those of you who are looking to add content to the guide, include the following: -##### Pull Requests - - **Do** create a [topic branch] to work on instead of working directly on `main`. This helps to: + Protect the process. + Ensures users are aware of commits on the branch being considered for merge. @@ -26,7 +76,7 @@ For those of you who are looking to add content to the guide, include the follow - **Don't** abandon your pull request. Being responsive helps us land your changes faster. - **Don't** post questions in older closed PRs. - **Do** stick to the guide to find common style issues. -- **Don't** make mass changes (such as replacing "I" with "we") using automated serach/replace functionality. +- **Don't** make mass changes (such as replacing "I" with "we") using automated search/replace functionality. + Search/replace doesn't understand context, and as such, will inevitably cause inconsistencies and make the guide harder to read. + If it's part of a larger PR, it'll also make the reviewer's life harder, as they'll have to go through manually and undo everything by hand. + _If you're going to make mass changes, take the time to do it properly_. Otherwise we'll just have to undo it anyway. @@ -39,23 +89,312 @@ When reporting guide issues: - **Don't** file duplicate reports; search for your bug before filing a new report. - **Don't** attempt to report issues on a closed PR. -### Large PRs - Please split large sets of changes into multiple PRs. For example, a PR that adds Windows 11 support, removes Windows AME references, and fixes typos can be split into 3 PRs. This makes PRs easier to review prior to merging. For an example of what _not_ to do, see: . This PR contains enough changes to split into multiple smaller and individually reviewable PRs. -### Updating PRs - While a PR is being reviewed, modifications may be made to it by the reviewer prior to merging. If this is the case, a new branch will be created for the PR's review. If you would like to submit a change to a PR that is in the process of being reviewed, _do not update the PR directly_. This will only cause merge conflicts and delay the PR from being merged. Instead, submit your changes to the PR's review branch. For an example of what _not_ to do, see: . Instead of submitting changes to the PR directly, they should have been submitted as changes to the PR's associated review branch. ---- - **Thank you** for taking the few moments to read this far! You're already way ahead of the curve, so keep it up! +## Repository layout + +```txt +.github/ + workflows/ + 01-build.yml # builds PDFs, uploads artifact + 02-sign.yml # hashes + GPG signs, uploads signatures artifact + 03-release.yml # publishes GitHub Release with all assets + 04-changelog.yml # prepends a new entry to docs/changelog/index.md + publish.yml # deploys MkDocs site to GitHub Pages +docs/ + guide/index.md # the guide (single Markdown file) + changelog/ # release notes + code/ # this page +export/ # PDF output (PDFs gitignored; .sha256, .b2sum, .asc tracked) +pgp/ # public signing keys +scripts/ + build_guide_pdf.py # MkDocs + Chromium PDF builder + convert.py # pixel-based dark mode PDF converter + update_changelog.py # auto-generates changelog entries from git log + setup_workflow.py # GitHub Secrets setup assistant + verify_pdf.py # signature verification helper + archived/ + tag_release.py # ARCHIVED - GPG tag helper (not used in current flow) +``` + +## Building locally + +```sh +python scripts/build_guide_pdf.py --both +``` + +This builds the MkDocs site, renders it to `export/thgtoa.pdf` via headless Chromium, then calls `scripts/convert.py` to produce `export/thgtoa-dark.pdf`. + +| Flag | Effect | +|------|--------| +| `--both` | Light PDF then dark PDF | +| (no flag) | Light PDF only | +| `--dark` | Dark PDF only (light PDF must already exist) | + +Build only the dark PDF from an existing light PDF: + +```sh +python scripts/convert.py export/thgtoa.pdf export/thgtoa-dark.pdf +``` + +Options: + +| Flag | Default | Description | +|------|---------|-------------| +| `--dpi` | `200` | Rasterization DPI. 150 = smaller file, 300 = sharper but slow | +| `--batch-size` | `50` | Pages per batch. Reduce if you hit OOM | +| `--bg` | `1f1f31` | Background colour (hex) | +| `--text` | `e0e0e0` | Body text colour (hex) | +| `--link` | `5e8bde` | Link / blue element colour (hex) | + +# Preview the MkDocs site + +```sh +mkdocs serve +``` + +Opens at `http://127.0.0.1:8000`. + +# CI/CD pipeline overview + +The pipeline is fully manual after the initial build - no step automatically triggers the next. This prevents version mismatches between what was built, what was signed, and what gets released. The workflows are numbered to help guide you. + +```txt +push to main (or manual trigger) + β”‚ + β–Ό + 01-build.yml + Builds thgtoa.pdf + thgtoa-dark.pdf. + Uploads artifact: pdfs + Note the run ID. + β”‚ + β”‚ # manually trigger 02-sign.yml with the build run ID + β–Ό + 02-sign.yml + Downloads pdfs artifact. Hashes (SHA-256 + BLAKE2b) and GPG-signs + all files. Commits export/ back to main. Uploads artifacts: + signatures, pdfs-signed + Note the run ID. + β”‚ + β”‚ # manually trigger 03-release.yml with the sign run ID + β–Ό + 03-release.yml + Downloads signatures + pdfs-signed artifacts. Runs VirusTotal. + Creates GitHub Release tagged release-YYYYMMDD-. + β”‚ + β”‚ # manually trigger 04-changelog.yml with the version string + β–Ό + 04-changelog.yml + Runs update_changelog.py, prepends a new ## [vX.Y.Z] entry, + commits back to main. +``` + +Each stage is independent. If signing fails (e.g. an expired/revoked key, other problems in CI), re-run only `02-sign.yml` pointing at the existing build artifact - no need to rebuild the PDFs. + +!!! warning "Before you push" + + - Make sure the working tree is clean (`git status`) + - Run `mkdocs build` locally if you changed `docs/` to catch broken links before CI does + - If you added new footnotes, verify they have both a definition `[^N]:` and at least one inline citation `[^N]` + +--- + +# Release process + +## Trigger a build + +Push to `main` - `01-build.yml` runs automatically when `docs/`, `mkdocs.yml`, or `scripts/` change. You can also trigger it manually from **Actions β†’ Build PDFs β†’ Run workflow**. + +Once it completes successfully, **note the run ID** from the URL or the Actions list. + +--- + +## Sign the PDFs + +Go to **Actions β†’ Sign PDFs β†’ Run workflow**. + +| Input | Value | +|-------|-------| +| `build_run_id` | The run ID from step 1 | + +`02-sign.yml` will: + +- Download the PDFs artifact from the build run +- Compute SHA-256 and BLAKE2b hashes, writing `thgtoa.pdf.sha256`, `thgtoa.pdf.b2sum`, `sha256sums.txt`, `b2sums.txt`, and the dark equivalents +- GPG-sign all PDFs and hash files, writing `.asc` detached signature files +- Commit the updated `export/` directory back to `main` +- Upload two artifacts: `signatures` and `pdfs-signed` + +Once it completes successfully, **note the run ID**. + +--- + +## Publish the release + +Go to **Actions β†’ Release β†’ Run workflow**. + +| Input | Value | +|-------|-------| +| `sign_run_id` | The run ID from step 2 | +| `prerelease` | `false` for a normal release | + +`03-release.yml` will: + +- Download `signatures` and `pdfs-signed` artifacts from the sign run +- Upload both PDFs to VirusTotal +- Auto-generate a release tag in the format `release-YYYYMMDD-` (e.g. `release-20260527-abc1234`) +- Create a GitHub Release with all PDFs, hash files, and signatures attached, and the VirusTotal report URLs in the body + +No version number needs to be chosen at this step - the tag is derived from the date and commit SHA, so it is always unique and always traceable. + +--- + +## Update the changelog + +Go to **Actions β†’ Update Changelog β†’ Run workflow**. + +| Input | Value | +|-------|-------| +| `version` | The human-readable version string, e.g. `v1.2.4` | +| `dry_run` | `true` to preview without committing | + +`04-changelog.yml` runs `scripts/update_changelog.py`, which: + +- Reads git log since the last `## [vX.Y.Z]` heading in the changelog +- Categorises commits into Added / Changed / Fixed using conventional-commit prefixes +- Prepends a new `## [version]` admonition block to `docs/changelog/index.md` +- Commits the result back to `main` + +The version string is the only human decision in the release process. It goes into the changelog only - it does not affect the release tag. + +!!! tip "Previewing the changelog entry" + Run with `dry_run: true` first to review the generated entry before it is committed. + +--- + +## Release tag format + +Release tags use the format `release-YYYYMMDD-`, for example: + +```txt +release-20260527-abc1234 +``` + +This format is always unique, requires no version decision at release time, and is directly traceable to the commit that was built. The version string (e.g. `v1.2.4`) is a separate, human-assigned label that lives only in the changelog. + +--- + +## Commit message format + +All commits must follow the [Conventional Commits](https://www.conventionalcommits.org) format. This is enforced by the `commitizen` pre-commit hook. Not because we want to limit cooperation with others, but becasue it promotes a cleaner Changelog; we can avoid all the noise by doing this programatically. + +```txt +(): +``` + +Accepted types and their changelog bucket: + +| Type | Bucket | +|------|--------| +| `feat`, `feature`, `add` | Added | +| `fix`, `bugfix`, `revert`, `security` | Fixed | +| `perf`, `refactor`, `change`, `chore`, `ci`, `docs`, `style`, `test`, `build` | Changed | + +Examples: + +```sh +feat: add dark-mode PDF export +fix(scripts): handle locked PDF on Windows +docs: update developer workflow guide +chore(ci): pin Chrome version to 120 +``` + +# Verifying a release + +Anyone can verify the authenticity of a release download. + +```sh +# Import the release signing key +gpg --import pgp/anonymousplanet-release.asc + +# Verify the PDFs +gpg --verify thgtoa.pdf.asc thgtoa.pdf +gpg --verify thgtoa-dark.pdf.asc thgtoa-dark.pdf + +# Verify the hash files +gpg --verify sha256sums.txt.asc sha256sums.txt +gpg --verify b2sums.txt.asc b2sums.txt + +# Check the PDF hashes match +sha256sum -c sha256sums.txt +b2sum -c b2sums.txt +``` + +A successful verify looks like: + +```txt +gpg: Signature made Sun 31 May 2026 03:23:26 AM EDT +gpg: using EDDSA key C3023DBEA3FB38C438BA1EEDCEC60AEDE8B992A2 +gpg: Good signature from "Anonymous Planet Release Signing Key" [ultimate] +Primary key fingerprint: C302 3DBE A3FB 38C4 38BA 1EED CEC6 0AED E8B9 92A2 +``` + +You can safely ignore Github, Codeberg, etc. warnings like "The email in this signature doesn’t match the committer email." + +```txt +Ξ» > git tag -v v1.2.3 +object cdc54d8b3bc2b286827b23921d8d4062f85295cf +type commit +tag v1.2.3 +tagger nopeitsnothing 1780212206 -0400 + +v1.2.3 +gpg: Signature made Sun 31 May 2026 03:23:26 AM EDT +gpg: using EDDSA key C3023DBEA3FB38C438BA1EEDCEC60AEDE8B992A2 +gpg: Good signature from "Anonymous Planet Release Signing Key" [ultimate] +Primary key fingerprint: C302 3DBE A3FB 38C4 38BA 1EED CEC6 0AED E8B9 92A2 +``` + +--- + +## Troubleshooting + +**`cairosvg` missing during MkDocs build** +Install the imaging extras: `pip install "mkdocs-material[imaging]"`. Required by the `social` plugin. + +**`KeyError: 'JPEG'` in convert.py** +Pillow needs libjpeg. Reinstall after installing the system lib: `sudo apt install libjpeg-dev && pip install --force-reinstall pillow`. + +**`qpdf: can't find PDF header`** +Ensure you are on the current version of `convert.py` - qpdf only accepts PDF inputs, not PNG. + +**GPG signing fails on CI with `No secret key`** +The `GPG_PRIVATE_KEY` secret is missing or malformed. Re-export with `gpg --armor --export-secret-keys ` and paste the full block including header and footer lines. + +**GPG signing fails with `Bad passphrase`** +The `GPG_PASSPHRASE` secret has a trailing space or newline. Paste it again with no surrounding whitespace. + +**`03-release.yml` fails on VirusTotal** +The `VT_API_KEY` is missing, invalid, or over the rate limit (500 requests/day on the free tier). Check the secret and re-run after a few minutes. + +**`02-sign.yml` fails downloading PDF artifact** +The `build_run_id` is wrong, or the artifact has expired (90-day retention). Trigger a new build and use the fresh run ID. + +**Changelog already contains version X** +`update_changelog.py` will error if `MANUAL_VERSION` is set to a version already in the changelog. Choose the next version string. + +**Footnote warnings from MkDocs (`link '#fnref:N' has no anchor`)** +A footnote definition `[^N]:` exists without a matching inline citation. Add the citation or remove the orphaned definition. + [discussions]: https://github.com/Anon-Planet/thgtoa/discussions [issues]: https://github.com/Anon-Planet/thgtoa/issues [help fellow users with open issues]: https://github.com/Anon-Planet/thgtoa/issues diff --git a/docs/constitution/index.md b/docs/constitution/index.md index 5d026ef..94e10b2 100644 --- a/docs/constitution/index.md +++ b/docs/constitution/index.md @@ -1,87 +1,94 @@ ---- -title: Impressum ---- -# A Constitution for an Anonymous Planet. - -To amend the rules and regulations of the network and of the PSA community, this constitution is hereby set forth. It is applicable to all the projects of the initiative, especially the Hitchhiker's Guide to Online Anonymity. All members/collaborators must abide by these lines when contributing within the context of the initiative. - -## Requirements - -> Content is licensed under **[Creative Commons Attribution NonCommercial](https://creativecommons.org/licenses/by-nc/3.0/)** to prevent commercial usage. - -### Anonymity above everything. -Anonymity is necessary to maintain the balance of power, specifically to help journalists, whistleblowers, lawyers, scientists, and victims of oppression. Anonymity first, even if that means using non-free and/or proprietary means. Security and privacy are second, again, even if using non-free or non-open-source and/or proprietary means. In this sense, the ends may at times justify proprietary means. - -### Independence. -The Anonymous Planet initiative has no affiliation with the "Anonymous" collective and does not endorse their activities. -Any overlap of their activities and our guide are purely coincidental. - -### Accessibility. -We will strive to always keep available the following methods of reading the Hitchhiker's Guide: - - - online; - - offline (e.g., PDF, ODT); - - via the Tor network - -### Freedom. -Maintain free, open-source, and non-commercial nature of all our projects. This does not mean proprietary and/or closed-source tools won't be recommendeded. All scientific knowledge should be free for anyone and we support and encourage Sci-Hub and LibGen. Any attempt to erode the freedom of information and flow of knowledge of our projects, in any manner, is hostile. - -### Verifiability, falsifiability and reproducibility. -We will make every effort to be transparent about any and all bias we have. -Anyone claiming to be unbiased is lying, therefore we will not falsely claim to be. - -All our content shall be verifiable, reproducible and fact-checked: - - - academic references (e.g., studies, papers, and peer reviewed publications); - - reputable media references (e.g., articles, videos, and documentaries); - - official documentation (e.g., manuals, field guides, and technical documents); - - renowned and reputable expert review; - - direct testing by our own collaborators for falsifiablity - -### Innocence. -Suspected offenders are innocent until proven guilty, with zero tolerance for abuse of power or position. - -Any accusing/moderating member is: - - - Subject to the burden of proving the wrong-doing of the offender. - - Required to motivate any sanction. - -Any offender has the right to: - - - Face their accuser (know who is accusing them). - - Appeal sanctions to an uninvolved third party. - - Participate in their own incrimination (the burden of proof lies with the accuser). - - Due process of the above. - -### Freedom of thought. -Open-minded and pragmatic - with no tolerance for gatekeeping. - -Critical thinking and fact-checking are strongly encouraged; we welcome criticism including of a harsh nature (excluding ad-hominem and slurs). - -### We do not tolerate intolerance. -See the [Paradox of Tolerance](https://en.wikipedia.org/wiki/Paradox_of_tolerance), which includes hate speech. - -### No analytics. -Note that, while we will never use analytics, the (now free) platforms hosting our content might be gathering such analytics outside of our control, such as Github pages. As the initiative progresses, we will strive to avoid these as soon as possible. - -### No profit. -Any excess donations will only be used to support our main projects first and possibly support other intitiatives (like hosting Tor exit nodes). In all cases, we abide by the following principles: - - - Funding transparency (i.e., all donations, spendings, source code, and future goals will be public). - - Acceptance of donations from any entity anonymously or acknowledged (opt-in) will not have any influence on our content. - - No sponsored content. - - No affiliate links. - - No product placements. - - No advertising. - -**Disclaimer: it is possible that, coincidentally, a donation could correlate with a recommendation. It will then be clearly stated that while the donation was welcome, the donating entity will not be gaining visibility/coverage/endorsement/recommendations due to such a donation.** - -## Core Goals. - -Help people in need of anonymity to maintain both their physical and digital safety. - -## Non-Goals. - -Help any people who are using this knowledge for bad purposes. Helping people takes precedence and we know our content can be used nefariously. Our initiative believes in having one good person given an anonymous voice, safely, is worth the risk of having several using our content for evil. As we do adhere to a fair "rule of law" system which, having 9 criminals and 1 innocent person free, is much better than having one innocent person in prison among 9 criminals. - -**Yours faithfully, Anonymous Planet** +--- +title: Impressum +--- + +To amend the rules and regulations of the network and of the PSA community, this constitution is hereby set forth. It is applicable to all the projects of the initiative, especially the Hitchhiker's Guide to Online Anonymity. All members/collaborators must abide by these lines when contributing within the context of the initiative. + +## Requirements + +### Anonymity above everything + +Anonymity is necessary to maintain the balance of power, specifically to help journalists, whistleblowers, lawyers, scientists, and victims of oppression. Anonymity first, even if that means using non-free and/or proprietary means. Security and privacy are second, again, even if using non-free or non-open-source and/or proprietary means. In this sense, the ends may at times justify proprietary means. + +### Independence + +The Anonymous Planet initiative has no affiliation with the "Anonymous" collective and does not endorse their activities +Any overlap of their activities and our guide are purely coincidental. + +### Accessibility + +We will strive to always keep available the following methods of reading the Hitchhiker's Guide: + +- online; +- offline (e.g., PDF, ODT); +- via the Tor network + +### Freedom + +Maintain free, open-source, and non-commercial nature of all our projects. This does not mean proprietary and/or closed-source tools won't be recommendeded. All scientific knowledge should be free for anyone and we support and encourage Sci-Hub and LibGen. Any attempt to erode the freedom of information and flow of knowledge of our projects, in any manner, is hostile. + +### Verifiability, falsifiability and reproducibility + +We will make every effort to be transparent about any and all bias we have. +Anyone claiming to be unbiased is lying, therefore we will not falsely claim to be. + +All our content shall be verifiable, reproducible and fact-checked: + +- academic references (e.g., studies, papers, and peer reviewed publications); +- reputable media references (e.g., articles, videos, and documentaries); +- official documentation (e.g., manuals, field guides, and technical documents); +- renowned and reputable expert review; +- direct testing by our own collaborators for falsifiablity + +### Innocence + +Suspected offenders are innocent until proven guilty, with zero tolerance for abuse of power or position. + +Any accusing/moderating member is: + +- Subject to the burden of proving the wrong-doing of the offender +- Required to motivate any sanction + +Any offender has the right to: + +- Face their accuser (know who is accusing them) +- Appeal sanctions to an uninvolved third party +- Participate in their own incrimination (the burden of proof lies with the accuser) +- Due process of the above + +### Freedom of thought + +Open-minded and pragmatic - with no tolerance for gatekeeping. + +Critical thinking and fact-checking are strongly encouraged; we welcome criticism including of a harsh nature (excluding ad-hominem and slurs). + +### We do not tolerate intolerance + +See the [Paradox of Tolerance](https://en.wikipedia.org/wiki/Paradox_of_tolerance), which includes hate speech. + +### No analytics + +Note that, while we will never use analytics, the (now free) platforms hosting our content might be gathering such analytics outside of our control, such as Github pages. As the initiative progresses, we will strive to avoid these as soon as possible. + +### No profit + +Any excess donations will only be used to support our main projects first and possibly support other intitiatives (like hosting Tor exit nodes). In all cases, we abide by the following principles: + +- Funding transparency (i.e., all donations, spendings, source code, and future goals will be public) +- Acceptance of donations from any entity anonymously or acknowledged (opt-in) will not have any influence on our content +- No sponsored content +- No affiliate links +- No product placements +- No advertising + +**Disclaimer: it is possible that, coincidentally, a donation could correlate with a recommendation. It will then be clearly stated that while the donation was welcome, the donating entity will not be gaining visibility/coverage/endorsement/recommendations due to such a donation.** + +## Core Goals + +Help people in need of anonymity to maintain both their physical and digital safety. + +## Non-Goals + +Help any people who are using this knowledge for bad purposes. Helping people takes precedence and we know our content can be used nefariously. Our initiative believes in having one good person given an anonymous voice, safely, is worth the risk of having several using our content for evil. As we do adhere to a fair "rule of law" system which, having 9 criminals and 1 innocent person free, is much better than having one innocent person in prison among 9 criminals. + +**Yours faithfully, Anonymous Planet** diff --git a/docs/contribute/index.md b/docs/contribute/index.md index de69fcf..42c8eda 100644 --- a/docs/contribute/index.md +++ b/docs/contribute/index.md @@ -1,6 +1,7 @@ --- title: How to Get Involved --- + There are multiple ways you can add to the guide. Donations to support this project are welcome but are entirely optional. Those donations are mainly used to pay for Tor onion hosting (VPS), mail hosting, domain name registration, and to maintain/run Tor exit nodes. **No profit is ever being made**. All donations and spendings are being logged here below for transparency. Some costs for load balancer servers have been omitted for privacy reasons, but are not paid for with existing Anonymous Planet finances. **Current project donation goals:** @@ -35,7 +36,7 @@ Legacy address: ```1BBgBSVe6w4DWq2BewUQhDEjsNovhfPswD``` ## Content Contributions -You can easily contribute code or information suggestions at our code repositories listed at the bottom of the website and on the [Mirrors](../mirrors/index.md) tab above. We have many options that are easily accessible. Please follow our [contributing guidelines](../code/index.md) and use good PR syntax. +You can easily contribute code or information suggestions at our code repositories listed at the bottom of the website and on the [Mirrors](../mirrors/index.md) tab above. We have many options that are easily accessible. Please follow our [contributing guidelines](../code/index.md) and use good PR syntax. Be sure to go to the [developer guide](../code/index.md) first. **Thank you for any contribution. All donations will be mentioned on this page.** diff --git a/docs/guide/index.md b/docs/guide/index.md index 016e8fb..1e073eb 100644 --- a/docs/guide/index.md +++ b/docs/guide/index.md @@ -1,5 +1,5 @@ --- -title: "./" +title: "The Hitchhiker's Guide" description: We are the maintainers of the Hitchhiker's Guide and the PSA Matrix space. schema: "@context": https://schema.org @@ -12,26 +12,29 @@ schema: - https://github.com/Anon-Planet - https://opencollective.com/anonymousplanetorg --- -