[tor-bugs] #26054 [Applications/Tor Browser]: Make sure to create incrementals from previously signed MAR files

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 8 19:34:21 UTC 2018


#26054: Make sure to create incrementals from previously signed MAR files
--------------------------------------+--------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-rbm                   |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------
Description changed by gk:

Old description:

> When creating incremental files we check right now only that MAR files
> from previous versions specified in `torbrowser_incremental_from` are
> *available*. However, this can happen if one only has built those
> previous versions with MAR files still locally available. In that case,
> though, we'll create the wrong MAR files for macOS as those previously
> built MAR files do not contain the content signing bits.
>
> We could be smarter and check whether the previously built MAR files are
> signed and only use them in that case for generating the incremental MAR
> files. Otherwise we would discard them and download the signed ones, as
> we do if no previously built MAR files are available locally.

New description:

 When creating incremental MAR files we check right now only that MAR files
 from previous versions specified in `torbrowser_incremental_from` are
 *available*. However, this can happen if one only has built those previous
 versions with MAR files still locally available. In that case, though,
 we'll create the wrong MAR files for macOS as those previously built MAR
 files do not contain the content signing bits.

 We could be smarter and check whether the previously built MAR files are
 signed and only use them in that case for generating the incremental MAR
 files. Otherwise we would discard them and download the signed ones, as we
 do if no previously built MAR files are available locally.

--

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26054#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list