[tor-relays] Tor is not upgrading via apt from deb.torproject.org

s7r s7r at sky-ip.org
Sun Feb 18 23:27:04 UTC 2024 

Peter Palfrader wrote:
> 
> our gitlab-ci has not managed to build a tor nightly in ages.
> 

Thank you for stepping in! No better person to ask :)

The upgrade via apt from nightly used to work every time, back since 
Debian Wheezy. It stopped to work since ~ autumn 2023.

The thing is, if you go with firefox on deb.torproject.org and look at 
the packages release you see a recent-ish timestamp on the tor package 
within max. 2 weeks old, however the system does not upgrade to it.

> unless our gitlab-ci actually manages to build a whole set, you won't
> see packages on deb.tpo.
> 
> cf.
> 
> https://gitlab.torproject.org/tpo/core/debian/tor/-/pipelines?scope=all&page=1&ref=debian-main
> 
> some of these are actual tor building issues,
> like https://gitlab.torproject.org/tpo/core/debian/tor/-/jobs/479068
> 
> | sandbox/opendir_dirname: [forking]
> |   FAIL ../src/test/test_sandbox.c:266: opendir: Operation not permitted [1]
> |   [opendir_dirname FAILED]
> | sandbox/chmod_filename: [forking] OK
> 
> but since almost all build failures are actually problems with gitlab
> and not problems with the packaging (neither is that one), it's just
> tiresome to even start investigating.

Here is how a complete /etc/apt/sources.list file looks (at least under 
my system) - only pasting the deb.tpo related entries, the rest are the 
normal defaults of -security and -updates + distro main:

deb https://deb.torproject.org/torproject.org tor-nightly-main-bullseye main
deb-src https://deb.torproject.org/torproject.org 
tor-nightly-main-bullseye main
deb https://deb.torproject.org/torproject.org bullseye main
deb-src https://deb.torproject.org/torproject.org bullseye main


There are non tor-nightly-main-* entries in the sources.list because 
it's the only way to install deb.torproject.org-keyring via apt, 
otherwise it will not find it.

---

Here is how apt-cache policy looks like:

Package files:
  100 /var/lib/dpkg/status
      release a=now
  500 https://deb.torproject.org/torproject.org bullseye/main amd64 Packages
      release o=TorProject,a=oldstable,n=bullseye,c=main,b=amd64
      origin deb.torproject.org
  500 https://deb.torproject.org/torproject.org 
tor-nightly-main-bullseye/main amd64 Packages
      release 
o=TorProject,a=tor-nightly-main-bullseye,n=tor-nightly-main-bullseye,c=main,b=amd64
      origin deb.torproject.org
  500 http://deb.debian.org/debian bullseye-updates/main amd64 Packages
      release 
v=11-updates,o=Debian,a=oldstable-updates,n=bullseye-updates,l=Debian,c=main,b=amd64
      origin deb.debian.org
  500 http://security.debian.org/debian-security bullseye-security/main 
amd64 Packages
      release 
v=11,o=Debian,a=oldstable-security,n=bullseye-security,l=Debian-Security,c=main,b=amd64
      origin security.debian.org
  500 http://deb.debian.org/debian bullseye/main amd64 Packages
      release v=11.9,o=Debian,a=oldstable,n=bullseye,l=Debian,c=main,b=amd64
      origin deb.debian.org
Pinned packages:
--

If there are problems from gitlab that are hard to fix, what is the best 
way for testers and bug hunters to install the latest git main tor? git 
clone and build locally? This needs a lot of manual systemd 
configuration work, that was easily handled by apt :(

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240219/a2d9f4e8/attachment.sig>

More information about the tor-relays mailing list