Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build

Commits: 9c66c1ac by Pier Angelo Vendrame at 2024-10-28T11:59:55+01:00 Bug 41282: Downgrade to Python 3.9.

MozBug 1924022 introduced a dependency on the Python built-in SSL module. This caused an error in our Linux builds, because we run them in a very old version of Debian that still uses OpenSSL 1.1.0, which is not compatible with Python SSL module since Python 3.10. The less intrusive way to resolve this is to downgrade to Python 3.9.x, which is still supported by all our projects.

Also, switch to hashes to verify the Python source tarball, as the Python Software Foundation often rotates keys, which reduces the advantages of verifying the signature rather than the hash for us.

- - - - -

2 changed files:

- − keyring/python.gpg - projects/python/config

Changes:

===================================== keyring/python.gpg deleted ===================================== Binary files a/keyring/python.gpg and /dev/null differ

===================================== projects/python/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 3.11.3 +version: 3.9.20 filename: 'python-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -24,9 +24,7 @@ input_files: - project: container-image - name: python URL: 'https://www.python.org/ftp/python/%5B% c("version") %]/Python-[% c("version") %].tar.xz' - gpg_keyring: python.gpg - sig_ext: asc - file_gpg_id: 1 + sha256sum: 6b281279efd85294d2d6993e173983a57464c0133956fbbb5536ec9646beaf0c - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' enable: '[% c("var/linux") %]'

View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/9c...