[tor-bugs] #4234 [Tor Browser]: Investigate the Firefox update process
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Sep 1 00:29:38 UTC 2014
#4234: Investigate the Firefox update process
-------------------------+-------------------------------------------------
Reporter: | Owner: mcs
mikeperry | Status: accepted
Type: task | Milestone: TorBrowserBundle 2.3.x-stable
Priority: major | Version:
Component: Tor | Keywords: tbb-bounty, tbb-usability,
Browser | pantheon, chronos, tbb-firefox-
Resolution: | patch,TorBrowserTeam201408,MikePerry201408R
Actual Points: | Parent ID:
Points: |
-------------------------+-------------------------------------------------
Comment (by mikeperry):
I have noticed that the mar-tools-linux*.zip is being copied into the
distribution directory. It appears as if these tools are not reproducible
(their hash differed on two of my local build machines). Do we need to
distribute these tools to our users for some reason? Or is it enough for
them to be present in the inputs directory during build only? Line 251 of
mkbundle-linux.sh seems to be the offending line:
https://gitweb.torproject.org/builders/tor-browser-
bundle.git/blob/HEAD:/gitian/mkbundle-linux.sh#l251
I am going to comment this line out for now, as we can't get matching
sha256sums.txt with these things being unreproducible. If we do need to
distribute them, we'll have to go down the reproducibility rabbit hole
later. But for now, I don't want to hold up the 4.0a2 release for that
work.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4234#comment:49>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list