[tor-bugs] #31130 [Applications/Tor Browser]: Use Debian 10 for our Android container images

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Oct 22 20:26:52 UTC 2019


#31130: Use Debian 10 for our Android container images
--------------------------------------+--------------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  defect                    |         Status:  needs_revision
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-rbm                   |  Actual Points:
Parent ID:  #31127                    |         Points:  0.5
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------------

Comment (by sisbell):

 Replying to [comment:5 boklm]:
 > Replying to [comment:4 sisbell]:
 > > I kept in stretch for desktop builds, while adding in buster for
 android.
 > >
 > > https://github.com/sisbell/tor-browser-
 build/commit/8a39f6de0ea833f63ae00e5d3a6f2e2503a6572a
 >
 > I don't think we need to have two different Ubuntu versions to generate
 the images. We could just use Ubuntu 19.10 to generate all images.
 Ok I can change this.

 >
 > >
 > > The above commit works fine for openjdk-8. When I attempted to add
 pinning I would get some dependency errors and I didn't see any advantage
 to making this more complicated.
 >
 > No pinning means that we are not using Debian buster, but Debian
 testing, which is not what we want (and not a good idea for reproducible
 builds as this distribution is changing a lot all the time). From the
 error it looks like `openjdk-8-jre` and `openjdk-8-jdk-headless` need to
 be added to the pinning configuration too.

 I had tried pinning the openjdk-8-jre and openjdk-8-headless but got the
 same result, they were missing.
 >
 > I also think we should not do this configuration in `projects
 /debootstrap-image/config`, but only in the containers that we use for
 android builds, for example by doing it in `var/pre_pkginst` in
 `rbm.conf`.

 I can move the apt sources change to rbm.conf. Assuming I don't modify the
 pre script in the debootstrap config for the android specific build, how
 is the # Bug 29158 going to be handled? Is this related to stretch or to
 the ubuntu version? Can it be removed now?

 >
 > > Also trying to use snapshot with pinning resulted in
 > >
 > >
 > > {{{
 > > Starting build: Mon Oct 21 23:03:49 2019
 > > Hit:1 http://deb.debian.org/debian buster InRelease
 > > Get:2 http://deb.debian.org/debian buster/main Translation-en [5967
 kB]
 > > Ign:3 https://snapshot.debian.org sid InRelease
 > > Err:4 https://snapshot.debian.org sid Release
 > >   Certificate verification failed: The certificate is NOT trusted. The
 certificate issuer is unknown.  Could not handshake: Error in the
 certificate verification. [IP: 185.17.185.185 443]
 > > Reading package lists...
 > > W: https://snapshot.debian.org/dists/sid/InRelease: No system
 certificates available. Try installing ca-certificates.
 > > W: https://snapshot.debian.org/dists/sid/Release: No system
 certificates available. Try installing ca-certificates.
 > > E: The repository 'https://snapshot.debian.org sid Release' does not
 have a Release file.
 > > }}}
 > >
 >
 > Did you try installing `ca-certificates` as suggested in the error
 message?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31130#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list