Opened 6 years ago

Closed 3 years ago

Last modified 22 months ago

#14388 closed task (fixed)

Secure automatic updates for Tor Messenger

Reported by: proper Owned by:
Priority: Medium Milestone:
Component: Archived/Tor Messenger Version:
Severity: Blocker Keywords:
Cc: sukhbir, proper, arlolra, boklm, mcs, brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Child Tickets

#19809closedUpdate verification failed but update still applies on Linux and OS XArchived/Tor Messenger
#19815closedtpaCreate for Tor Messenger updatesInternal Services/Tor Sysadmin Team
#19816closedThe Tor Messenger build process should generate mar filesArchived/Tor Messenger

Change History (14)

comment:1 Changed 6 years ago by arlolra

Cc: arlolra added

comment:2 Changed 5 years ago by proper

Consider using the existing Tor consensus, Tor Control Port mechanism, using getinfo consensus/packages. Reference: #10395

comment:3 Changed 5 years ago by arlolra

That seems like the right approach to notifying the client that an update is required. We still need the other half, of that how that update should take place.

comment:4 Changed 5 years ago by clokep

I'd expect this to be updated the same way as Tor Browser. From Instantbird's POV it's just the standard update mechanism (although pointing to our server instead of Mozilla).

comment:5 Changed 5 years ago by boklm

Cc: boklm added

comment:6 Changed 5 years ago by sukhbir

Severity: Blocker

In addition to the accounts and OTR keys, perhaps we should also backup the cert_override.txt file if users have added exceptions otherwise they will have to verify the fingerprints again after an update. (Reported by Karsten N.)

Last edited 5 years ago by sukhbir (previous) (diff)

comment:7 Changed 4 years ago by boklm

I think we want to use the Tor Browser updater patches to do that. Currently the patches are based on firefox 38 ESR, and it is planned to rebase them on ESR 45.

Currently Tor Messenger is based on Firefox 42. I think we should first move Tor Messenger to ESR 45 to make it easier to use the Tor Browser patches.

comment:8 Changed 4 years ago by boklm

I opened ticket #18400 for the move to ESR 45.

comment:9 Changed 4 years ago by adrelanos

I opened ticket #18449 for Debian packaging.

comment:10 Changed 4 years ago by boklm

In comment 11 on ticket #15197 we can find ESR45 patches for the updater.

comment:11 Changed 4 years ago by mcs

Cc: mcs brade added

comment:12 Changed 4 years ago by arlolra

Summary: figure out how to keep Tor Messenger updatedSecure automatic updates for Tor Messenger

comment:13 Changed 3 years ago by arlolra

Resolution: fixed
Status: newclosed

comment:14 Changed 22 months ago by traumschule

<+sukhe> hello. yes, I think it's fine to close the tickets. thanks for doing what we should done earlier :)

sad but true:

luckily there are alternatives:

.. and maybe someday

Note: See TracTickets for help on using tickets.