[tbb-bugs] #30280 [Applications/Tor Browser]: Wrong SHA-256 sum for j2objc-annotations-1.1.jar

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 24 08:32:24 UTC 2019

#30280: Wrong SHA-256 sum for j2objc-annotations-1.1.jar
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-mobile, tbb-rbm,                 |  Actual Points:
  TorBrowserTeam201904                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:

Comment (by gk):

 So, I guess the immediate reaction to this bug would be to add the new
 SHA-256 sum where needed and bump the gradle dependencies versions

 However, I'd like to think about other thing we might want to do. For
 instance, I think we should try to catch this kind of issue way earlier
 and/or avoid it right from the beginning.

 Previously, when using Gitian for our reproducible builds our nightly
 builds built everything from scratch every day making sure someone who
 just set up our reproducible builds environment would very likely get a
 working one AND we would get notified about a broken set up fast.

 Now, that might not be doable anymore given the complexity of our current
 setup and how long it takes to build everything from scratch, but maybe it
 would be okay if we, say, build only armv7 from scratch, plus maybe a
 desktop arch to have a reasonable coverage?

 We could think as well about mirroring the gradle dependencies we use
 ourselves to avoid this kind of bug (both in addition to the previous idea
 or instead of it).

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30280#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list