SRU shift report: 2020-09-23

Mon Sep 28 20:17:03 UTC 2020

Robie and everyone else:

On 9/23/20 1:41 PM, Robie Basak wrote:
> ## torbrowser-launcher (Focal)
>
> I helped the contributor with this one previously, and am pleased to see
> it's been sponsored. Unfortunately it's missing the LP bug reference,
> but also the contributor has since mentioned in the bug that an
> additional fix appears to be needed. It seems that the SRU needs to be
> delayed then, and I asked in the bug to confirm.
>
> I didn't reject this from the queue because the contributor is new to
> Ubuntu process so I didn't want to confuse them further in case it turns
> out that a reject is not needed.
>
> Outcome: SRU processing is blocked.
>
> Feedback: I could have spotted the missing bug reference myself
> previously, but didn't look throroughly as I assumed the sponsor would
> do that. When sponsoring, please check that the documented SRU process
> steps have been followed before uploading.

This single-bug SRU ended up becoming a two-bug SRU, which then ended up
exploding into a case of four separate bugs/problems that needed to be
addressed, so the single SRU has now expanded to cover four separate
bugs for four separate bits of problems that need addressed together for
Focal.  These four bugs are as follows:

1. New Tor Developers PGP key needed for tarball download validation
from Tor to happen - otherwise it fails to verify. 
(https://bugs.launchpad.net/ubuntu/focal/+source/torbrowser-launcher/+bug/1856895)

2. Version checking was not functioning properly since Tor 10 was
released. 
(https://bugs.launchpad.net/ubuntu/focal/+source/torbrowser-launcher/+bug/1896752)

3. AppArmor profile for Tor Browser was blocking libstdc++ inclusions
for memory mapping - this would prevent Tor Browser from starting
(https://bugs.launchpad.net/ubuntu/focal/+source/torbrowser-launcher/+bug/1897302)

4. Missing dependency on gpg2
(https://bugs.launchpad.net/ubuntu/focal/+source/torbrowser-launcher/+bug/1897306)
- we rejected the original request to include a new dependency on gnupg
or gnupg2 (the former is already installed in pretty much every Ubuntu
flavor because apt uses it, the latter is a transitional package).  The
patch that we ended up keeping from Debian for this tells the
torbrowser-launcher to use /usr/bin/gpg instead of /usr/bin/gpg2 which
solves this issue.

Because I use Tor Browser myself (and want to stop using my custom
torbrowser-install.sh script), I kind of 'adopted' the process of
getting these issues fast-tracked through the processes.  (Not only
because I use Tor Browser for security research, but also because one of
my clients rolls out Ubuntu systems for their research and ship with Tor
Browser).  Both the original filer of the bug and Robie seem to be happy
with me taking over the SRU process here (at least, the process of
getting it ready for SRU review).

All four patches for the aforementioned bugs and issues were available
in Debian Salsa, so were nitpicked from there and are now waiting in
Proposed.

Robie and I discussed this today, and Robie will be addressing the
review of that SRU now, because we've had in-depth discussions to some
extent regarding the bits of the SRU.  From my perspective, it looks
good to go with the version uploaded to proposed by me about 30 minutes
ago.  Robie EOD'd at the time of this message, so it'll be something
Robie deals with tomorrow provided nothing explodes majorly needing
Robie's attention tomorrow.

Thomas

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20200928/49c24361/attachment-0001.html>