** Summary changed: - torbrowser-launcher has missing gnupg dependency + [SRU] torbrowser-launcher has missing gnupg dependency
** Description changed: + [Impact] + + torbrowser-launcher, on some Ubuntu flavors, will not run unless + gnupg/gnupg2 is available on the system. This is due to the package + making signature verification checks to validate the tarballs obtained + from the Tor project. + + As such, we require gnupg/gnupg2 to be installed as a dependency. + + Further, we also require to use the actual /usr/bin/gnupg binary as + there are cases where /usr/bin/gnupg2 does *not* symlink back to the + gnupg binary. + + [Test Case] + (1) Install torbrowser-launcher + (2) Signature verification for the download of tor browser's tarball will fail. + + [Regression Potential] + Limited regression potential - requiring gnupg is not insane here, and using the non-symlinked binary is also a sane change. + + + [Original Bug Description] + The torbrowser-launcher package does not depend on gnupg/gnupg2 on Ubuntu 20.04. This results in torbrowser-launcher not working on some Ubuntu flavors that do not have gnupg installed by-default. Also, torbrowser-launcher calls /usr/bin/gpg2 instead of /usr/bin/gpg. The /usr/bin/gpg2 is just a symlink to /usr/bin/gpg on Debian/Ubuntu, provided by gnupg2 package that is not installed by-default on some Ubuntu-based systems (including Linux Mint), even if they have gnupg installed out-of-box. The following patch and debian/control update fix the issue: https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/f83349ae954a888a7913ac64c98dbb53a284932f https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/68908ebd6567fad56642c57d2fb1f75dad6efe4a The first link contain a patch that replaces /usr/bin/gpg2 with /usr/bin/gpg in torbrowser-launcher code. The second link contain a change adding gnupg as torbrowser-launcher dependency to debian/control. It is already fixed in Groovy. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1897306 Title: [SRU] torbrowser-launcher has missing gnupg dependency To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/torbrowser-launcher/+bug/1897306/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
