subject:"\[tor\-bugs\] #27438 \[Applications\/Tor Browser\]\: Android Gradle Build Downloads"

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-10-19 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 Closing this ticket as those changes will be reviewed as part of #27443.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-10-18 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Patch applied

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-10-18 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Replying to [comment:18 boklm]:

 > Replying to [comment:17 sisbell]:
 >
 >
 > > > > Its a little more complicated but not by much. Basically, it
 checks extensions to see if it has gpg signature for an artifact and if so
 then verifies it with a key from key server. If there is no gpg sig, then
 it looks for a sha2 file and verifies that. If there is no sha2, then it
 just generates one and flags it. (it could go on to check sha1, md5 but I
 didn't implement that). I'm ok either way with script or artc. Would that
 require different scripts for each platform we build on?
 > > > >
 > > > >
 >
 > If I understand correctly the sources of artc, a signature made by any
 key that is available on pgp.mit.edu will be accepted, so that does not
 seem very useful as anybody can generate a key and upload it there. A sha
 file that is hosted on the same server as the file we download is also not
 very useful as someone able to modify the file on the server will probably
 also be able to modify the sha file too.
 >
 > In branch `bug_27438` I added a script, in an `input_files`, that is
 downloading all the URLs from `gradle-dependencies-list.txt`, check that
 the files are matching the expected sha256sums, and move them to the same
 directory as in their URL:
 > https://gitweb.torproject.org/user/boklm/tor-browser-
 build.git/commit/?h=bug_27438=ba47a5262a31039ef519b0655cbfe221dcb71b8b
 >
 > After running this I'm getting the same content as `maven-
 repo-1.0.tar.gz`. If that looks good to you, you can add the patch to your
 branch.
 >> Looks good. I'll apply the patch shortly

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-10-18 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_review
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810R  |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * keywords:  tbb-rbm, tbb-mobile, TorBrowserTeam201810 => tbb-rbm, tbb-
 mobile, TorBrowserTeam201810R
 * status:  needs_revision => needs_review


Comment:

 Replying to [comment:17 sisbell]:
 > >> Its a little more complicated but not by much. Basically, it checks
 extensions to see if it has gpg signature for an artifact and if so then
 verifies it with a key from key server. If there is no gpg sig, then it
 looks for a sha2 file and verifies that. If there is no sha2, then it just
 generates one and flags it. (it could go on to check sha1, md5 but I
 didn't implement that). I'm ok either way with script or artc. Would that
 require different scripts for each platform we build on?

 If I understand correctly the sources of artc, a signature made by any key
 that is available on pgp.mit.edu will be accepted, so that does not seem
 very useful as anybody can generate a key and upload it there. A sha file
 that is hosted on the same server as the file we download is also not very
 useful as someone able to modify the file on the server will probably also
 be able to modify the sha file too.

 In branch `bug_27438` I added a script, in an `input_files`, that is
 downloading all the URLs from `gradle-dependencies-list.txt`, check that
 the files are matching the expected sha256sums, and move them to the same
 directory as in their URL:
 https://gitweb.torproject.org/user/boklm/tor-browser-
 build.git/commit/?h=bug_27438=ba47a5262a31039ef519b0655cbfe221dcb71b8b

 After running this I'm getting the same content as `maven-
 repo-1.0.tar.gz`. If that looks good to you, you can add the patch to your
 branch.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-10-17 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Replying to [comment:15 boklm]:
 > Looking at the content of https://github.com/sisbell/tor-android-
 repo/blob/master/download-urls-1.0.txt and the content of the `maven-
 repo-1.0.tar.gz` archive, it seems that the archive simply contains the
 files listed in `download-urls-1.0.txt` in the same directories as the
 URLs. Is there more than that in the process to generate the maven repo?
 If not then it seems to me a little overkill to require a rust program to
 generate that archive.
 >
 > I think we could add sha256sums to the `download-urls-1.0.txt` file, and
 then it would not be very complicate to write a shell script that download
 each file, check its checksum, extract the directory from the URL and move
 the file to that directory. We could then use this script within an `exec`
 of an `input_file`, similarly to what is done in `projects/firefox-
 langpacks/config`.
 >
 > I only looked at the content of `maven-repo-1.0.tar.gz` quickly, so I
 may have missed something. Is there something that I missed in the process
 of generating the maven repo?
 >> Its a little more complicated but not by much. Basically, it checks
 extensions to see if it has gpg signature for an artifact and if so then
 verifies it with a key from key server. If there is no gpg sig, then it
 looks for a sha2 file and verifies that. If there is no sha2, then it just
 generates one and flags it. (it could go on to check sha1, md5 but I
 didn't implement that). I'm ok either way with script or artc. Would that
 require different scripts for each platform we build on?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-10-17 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Replying to [comment:14 boklm]:
 > For a review of commit `27604107dca4992aac4a2f3b015f5a7c4273a606`:
 > - does `maven-repo-1.0.tar.gz` contains the dependencies that are
 specific to firefox? If so then I think it should be moved to
 `projects/firefox/config` instead of `projects/android-toolchain/config`.
 In the future `android-toolchain` will be used to build other components
 than firefox, such as Tor.
 > > A lot of these artifacts will be duplicated between projects, meaning
 we may be downloading and archiving multiple times. Would that be a
 problem?

 > - the name of the file `README.ANDROID` is a little confusing, as it
 doesn't really talk about android but only about how to generate a maven
 repo archive. Maybe that could be renamed to something like
 `projects/firefox/how-to-generate-maven-repo.txt`?
 >> Sounds good

 > - `curl https://sh.rustup.rs -sSf | sh` does not look like a safe way to
 install rust. Would that work if we just suggested installing the `rustc`
 package from the distribution?
 >> It can be downloaded and used like we do in projects/rust

 > - I don't know much about cargo, but do I understand correctly that
 `cargo install artc` is downloading artc binaries from https://crates.io/?
 If so, is there some way this can be done by building
 https://github.com/sisbell/artc from sources?
 >> crates just has the source and builds from that.
 ~/.cargo/registry/src/artc contains the source. But yes, it can also be
 downloaded directly from git and run.

 > - How was `download-urls-1.0.txt` from https://github.com/sisbell/tor-
 android-repo generated? Maybe we should include that file directly into
 `tor-browser-build` (for instance in the projects/firefox directory)
 instead of storing it in a separate git repo.
 >> I put info on how its generated in the readme file of the tor-android-
 repo. Basically, I just grep the gradle logs and pull out the URLS.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-10-17 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by boklm):

 Looking at the content of https://github.com/sisbell/tor-android-
 repo/blob/master/download-urls-1.0.txt and the content of the `maven-
 repo-1.0.tar.gz` archive, it seems that the archive simply contains the
 files listed in `download-urls-1.0.txt` in the same directories as the
 URLs. Is there more than that in the process to generate the maven repo?
 If not then it seems to me a little overkill to require a rust program to
 generate that archive.

 I think we could add sha256sums to the `download-urls-1.0.txt` file, and
 then it would not be very complicate to write a shell script that download
 each file, check its checksum, extract the directory from the URL and move
 the file to that directory. We could then use this script within an `exec`
 of an `input_file`, similarly to what is done in `projects/firefox-
 langpacks/config`.

 I only looked at the content of `maven-repo-1.0.tar.gz` quickly, so I may
 have missed something. Is there something that I missed in the process of
 generating the maven repo?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-10-17 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:
 |  needs_revision
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by boklm):

 * status:  new => needs_revision


Comment:

 For a review of commit `27604107dca4992aac4a2f3b015f5a7c4273a606`:
 - does `maven-repo-1.0.tar.gz` contains the dependencies that are specific
 to firefox? If so then I think it should be moved to
 `projects/firefox/config` instead of `projects/android-toolchain/config`.
 In the future `android-toolchain` will be used to build other components
 than firefox, such as Tor.
 - the name of the file `README.ANDROID` is a little confusing, as it
 doesn't really talk about android but only about how to generate a maven
 repo archive. Maybe that could be renamed to something like
 `projects/firefox/how-to-generate-maven-repo.txt`?
 - `curl https://sh.rustup.rs -sSf | sh` does not look like a safe way to
 install rust. Would that work if we just suggested installing the `rustc`
 package from the distribution?
 - I don't know much about cargo, but do I understand correctly that `cargo
 install artc` is downloading artc binaries from https://crates.io/? If so,
 is there some way this can be done by building
 https://github.com/sisbell/artc from sources?
 - How was `download-urls-1.0.txt` from https://github.com/sisbell/tor-
 android-repo generated? Maybe we should include that file directly into
 `tor-browser-build` (for instance in the projects/firefox directory)
 instead of storing it in a separate git repo.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-10-17 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Replying to [comment:12 boklm]:
 > Replying to [comment:8 boklm]:
 > > I think we can start with (1), generating a tar file independently and
 uploading it somewhere. Then we can see later if we can integrate it
 better.
 >
 > We should also have a comment near the tar file URL explaining how that
 archive was generated.

 I've added this comment. If it looks good, I think we can close this issue

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-10-08 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201810   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by boklm):

 Replying to [comment:8 boklm]:
 > I think we can start with (1), generating a tar file independently and
 uploading it somewhere. Then we can see later if we can integrate it
 better.

 We should also have a comment near the tar file URL explaining how that
 archive was generated.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-09-27 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201809   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by boklm):

 Replying to [comment:9 sisbell]:
 >
 > If later we choose option (2), we can create a project that will
 download artc source and build it with our version of rust. I noticed
 there is an exec option in rbm input_files. Could this be used to exec a
 compiled version of artc to download and package the maven repo?

 Yes, it might be possible to do that with the `exec` option. However it
 will probably make things more complicate for #23401.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-09-27 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201809   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Replying to [comment:8 boklm]:

 > I think we can start with (1), generating a tar file independently and
 uploading it somewhere. Then we can see later if we can integrate it
 better.

 I added (1) commit: https://github.com/sisbell/tor-browser-
 build/commit/e00c5e4319e67f7d17ed737b0e0c87db27547e3d

 If later we choose option (2), we can create a project that will download
 artc source and build it with our version of rust. I noticed there is an
 exec option in rbm input_files. Could this be used to exec a compiled
 version of artc to download and package the maven repo?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-09-27 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201809   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by boklm):

 I think we can start with (1), generating a tar file independently and
 uploading it somewhere. Then we can see later if we can integrate it
 better.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-09-27 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201809   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 The archive will be reproducible. I see two obvious options: 1) generate
 the tar independently of RBM, upload the tar to some location and then
 include the URL in the android-toolchain config. or 2) include the program
 that generates the archive as part of the RBM build (an RBM project?).

 In the case of (2) I will need some guidance how that should be done.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-09-26 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201809   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by boklm):

 I think adding a very long list of URLs and shasums to the rbm config file
 is not the best way to do it.

 Maybe generating one tar file containing all the dependencies is better.
 Is the generated maven-repo.tar.gz reproducible? Will different people
 generating it at a different time get the same archive?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-09-25 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201809   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 I've added in these changes. More details are in comments section of
 !#26697

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-09-10 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201809   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Need discuss how we want to handle artifacts that don't have a sha2 or gpg
 sig associated with them (they may only have sha1 or md5 hashes)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-09-10 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201809   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 Program and documentation at:

  * !https://crates.io/crates/artc
  * https://github.com/sisbell/artc

 Includes two different approaches we can take for downloading and
 including android artifacts in RBM

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-09-04 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-
 |  team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor Browser |Version:
 Severity:  Normal   | Resolution:
 Keywords:  tbb-rbm, tbb-mobile, |  Actual Points:
  TorBrowserTeam201808   |
Parent ID:  #26693   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by sisbell):

 We can either have RBM manage each download from their original source  OR
 we can tar the dependencies and have a single download.

 I have  created a program (in Rust) that downloads the Android
 dependencies. It  verifies each downloaded artifact based on GPG
 signatures or Sha2 hash.

 The program handles individual downloads (1, 2) or tarball options (3):

  1. Generates RBM config files containing each URL and Sha256 OR GPG
 key_id
  1. Generates RBM build files that copy each downloaded artifact into a
 maven repo structure that the android build can use
  1. Archives the artifacts as a tarball and add that to the config/build
 files. (We would need a place to upload the tarball)

 Remaining issues

  1. import of gpg keys into keyring;
  1. command line interface
  1. Push code to git repo
  1. Upload program to crates.io

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

[tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

2018-09-04 Thread Tor Bug Tracker & Wiki

#27438: Android Gradle Build Downloads
-+-
 Reporter:  sisbell  |  Owner:  tbb-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Applications/Tor |Version:
  Browser|   Keywords:  tbb-rbm, tbb-mobile,
 Severity:  Normal   |  TorBrowserTeam201808
Actual Points:   |  Parent ID:  #26693
   Points:   |   Reviewer:
  Sponsor:   |
-+-
 Android gradle build is downloading artifacts outside of RBM.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

Re: [tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

[tor-bugs] #27438 [Applications/Tor Browser]: Android Gradle Build Downloads

20 matches

Site Navigation

Mail list logo

Footer information