Opened 3 years ago

Closed 3 months ago

#14388 closed task (fixed)

Secure automatic updates for Tor Messenger

Reported by: proper Owned by:
Priority: Medium Milestone:
Component: Applications/Tor Messenger Version:
Severity: Blocker Keywords:
Cc: sukhbir, proper, arlolra, boklm, mcs, brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description


Child Tickets

TicketStatusOwnerSummaryComponent
#19809closedUpdate verification failed but update still applies on Linux and OS XApplications/Tor Messenger
#19815closedtpaCreate https://aus2.torproject.org/ for Tor Messenger updatesInternal Services/Tor Sysadmin Team
#19816closedThe Tor Messenger build process should generate mar filesApplications/Tor Messenger

Change History (13)

comment:1 Changed 3 years ago by arlolra

Cc: arlolra added

comment:2 Changed 3 years ago by proper

Consider using the existing Tor consensus, Tor Control Port mechanism, using getinfo consensus/packages. Reference: #10395

comment:3 Changed 3 years ago by arlolra

That seems like the right approach to notifying the client that an update is required. We still need the other half, of that how that update should take place.

comment:4 Changed 2 years ago by clokep

I'd expect this to be updated the same way as Tor Browser. From Instantbird's POV it's just the standard update mechanism (although pointing to our server instead of Mozilla).

comment:5 Changed 2 years ago by boklm

Cc: boklm added

comment:6 Changed 2 years ago by sukhbir

Severity: Blocker

In addition to the accounts and OTR keys, perhaps we should also backup the cert_override.txt file if users have added exceptions otherwise they will have to verify the fingerprints again after an update. (Reported by Karsten N.)

Last edited 2 years ago by sukhbir (previous) (diff)

comment:7 Changed 21 months ago by boklm

I think we want to use the Tor Browser updater patches to do that. Currently the patches are based on firefox 38 ESR, and it is planned to rebase them on ESR 45.

Currently Tor Messenger is based on Firefox 42. I think we should first move Tor Messenger to ESR 45 to make it easier to use the Tor Browser patches.

comment:8 Changed 21 months ago by boklm

I opened ticket #18400 for the move to ESR 45.

comment:9 Changed 21 months ago by adrelanos

I opened ticket #18449 for Debian packaging.

comment:10 Changed 21 months ago by boklm

In comment 11 on ticket #15197 we can find ESR45 patches for the updater.

comment:11 Changed 20 months ago by mcs

Cc: mcs brade added

comment:12 Changed 13 months ago by arlolra

Summary: figure out how to keep Tor Messenger updatedSecure automatic updates for Tor Messenger

comment:13 Changed 3 months ago by arlolra

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.