[tor-bugs] #32992 [Applications/Tor Browser]: TBB Project for LZMA

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Feb 21 00:24:10 UTC 2020 

#32992: TBB Project for LZMA
-------------------------------------------------+-------------------------
 Reporter:  sisbell                              |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-mobile, tbb-rbm, tbb-parity,     |  Actual Points:
  TorBrowserTeam202002                           |
Parent ID:  #28704                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by sisbell):

 As far as I can tell, it does have a signed tag but I'm unable to verify
 it with rbm build

 From git project for xz

 {{{
 $ git tag -v v5.2.4
 object b5be61cc06088bb07f488f9baf7d447ff47b37c1
 type commit
 tag v5.2.4
 tagger Lasse Collin <lasse.collin at tukaani.org> 1525017879 +0300

 XZ Utils 5.2.4
 gpg: Signature made Sun 29 Apr 2018 09:04:44 AM PDT
 gpg:                using RSA key 3690C240CE51B4670D30AD1C38EE757D69184620
 gpg:                issuer "lasse.collin at tukaani.org"
 gpg: Good signature from "Lasse Collin <lasse.collin at tukaani.org>"
 [unknown]
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the
 owner.
 Primary key fingerprint: 3690 C240 CE51 B467 0D30  AD1C 38EE 757D 6918
 4620
 }}}

 I add the following to xz/config

 {{{
 version: 5.2.4
 git_url: https://git.tukaani.org/xz.git
 git_hash: 'v[% c("version") %]'
 tag_gpg_id: 1
 gpg_keyring: xz.gpg
 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[%
 c("var/build_id") %].tar.gz'
 }}}

 The xz.gpg file has the key

 {{{
 ./xz.gpg
 --------
 pub   rsa4096 2010-10-24 [SC] [expires: 2020-12-22]
       3690C240CE51B4670D30AD1C38EE757D69184620
 uid           [ unknown] Lasse Collin <lasse.collin at tukaani.org>
 sub   rsa4096 2010-10-24 [E] [expires: 2020-12-22]
 }}}

 And then building the project, I get an error

 {{{
 Error: v5.2.4 is not a signed tag
 }}}

 Any ideas on what is going wrong?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32992#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list