[tbb-bugs] #30280 [Applications/Tor Browser]: Wrong SHA-256 sum for j2objc-annotations-1.1.jar
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 24 08:32:24 UTC 2019
#30280: Wrong SHA-256 sum for j2objc-annotations-1.1.jar
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-mobile, tbb-rbm, | Actual Points:
TorBrowserTeam201904 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
So, I guess the immediate reaction to this bug would be to add the new
SHA-256 sum where needed and bump the gradle dependencies versions
respectively?
However, I'd like to think about other thing we might want to do. For
instance, I think we should try to catch this kind of issue way earlier
and/or avoid it right from the beginning.
Previously, when using Gitian for our reproducible builds our nightly
builds built everything from scratch every day making sure someone who
just set up our reproducible builds environment would very likely get a
working one AND we would get notified about a broken set up fast.
Now, that might not be doable anymore given the complexity of our current
setup and how long it takes to build everything from scratch, but maybe it
would be okay if we, say, build only armv7 from scratch, plus maybe a
desktop arch to have a reasonable coverage?
We could think as well about mirroring the gradle dependencies we use
ourselves to avoid this kind of bug (both in addition to the previous idea
or instead of it).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30280#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list