Opened 2 years ago

Last modified 7 months ago

#14388 new task

Secure automatic updates for Tor Messenger

Reported by: proper Owned by:
Priority: Medium Milestone:
Component: Applications/Tor Messenger Version:
Severity: Blocker Keywords:
Cc: sukhbir, proper, arlolra, boklm, mcs, brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description


Child Tickets

TicketSummaryOwner
#19809Update verification failed but update still applies on Linux and OS X
#19815Create https://aus2.torproject.org/ for Tor Messenger updatestpa
#19816The Tor Messenger build process should generate mar files
#19817Import script to generate update responses and incremental mars in Tor Messengerboklm

Change History (12)

comment:1 Changed 2 years ago by arlolra

  • Cc arlolra added

comment:2 Changed 2 years ago by proper

Consider using the existing Tor consensus, Tor Control Port mechanism, using getinfo consensus/packages. Reference: #10395

comment:3 Changed 2 years ago by arlolra

That seems like the right approach to notifying the client that an update is required. We still need the other half, of that how that update should take place.

comment:4 Changed 22 months ago by clokep

I'd expect this to be updated the same way as Tor Browser. From Instantbird's POV it's just the standard update mechanism (although pointing to our server instead of Mozilla).

comment:5 Changed 20 months ago by boklm

  • Cc boklm added

comment:6 Changed 18 months ago by sukhbir

  • Severity set to Blocker

In addition to the accounts and OTR keys, perhaps we should also backup the cert_override.txt file if users have added exceptions otherwise they will have to verify the fingerprints again after an update. (Reported by Karsten N.)

Last edited 18 months ago by sukhbir (previous) (diff)

comment:7 Changed 15 months ago by boklm

I think we want to use the Tor Browser updater patches to do that. Currently the patches are based on firefox 38 ESR, and it is planned to rebase them on ESR 45.

Currently Tor Messenger is based on Firefox 42. I think we should first move Tor Messenger to ESR 45 to make it easier to use the Tor Browser patches.

comment:8 Changed 15 months ago by boklm

I opened ticket #18400 for the move to ESR 45.

comment:9 Changed 15 months ago by adrelanos

I opened ticket #18449 for Debian packaging.

comment:10 Changed 15 months ago by boklm

In comment 11 on ticket #15197 we can find ESR45 patches for the updater.

comment:11 Changed 14 months ago by mcs

  • Cc mcs brade added

comment:12 Changed 7 months ago by arlolra

  • Summary changed from figure out how to keep Tor Messenger updated to Secure automatic updates for Tor Messenger
Note: See TracTickets for help on using tickets.