Opened 2 years ago

Closed 2 years ago

#16014 closed defect (fixed)

Windows: staged update fails if Meek is enabled

Reported by: mcs Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords: TorBrowserTeam201506R, GeorgKoppen201506R, meek
Cc: brade Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

On Windows, if Meek is enabled, the updater fails while trying to copy files to the staged "update applied" directory. Failure occurs because the file Browser/TorBrowser/Data/Browser/profile.meek-http-helper/parent.lock is in use. The updater will fallback to an unstaged update and users will be prompted to restart to apply the update. This works but a large updated/ directory is left behind which will not be deleted until another update is staged.

We can fix this problem by skipping this parent.lock file inside the updater when copying files.

Child Tickets

Change History (21)

comment:1 Changed 2 years ago by mcs

  • Keywords TorBrowserTeam201505R added
  • Status changed from new to needs_review

Here is a fix (untested so far, but it should fix the problem):
https://gitweb.torproject.org/user/brade/tor-browser.git/commit/?h=bug16014-01&id=0b5ce197900bcbec938ed4075c09dbeb03e965a0

This does not seem like an urgent fix, but we should pick it up as soon as possible so fewer updates will be affected in the future.

We may also want to tell Windows users that it is safe to delete a leftover <installpath>/Browser/updated directory.

comment:2 Changed 2 years ago by gk

  • Keywords GeorgKoppen201505RR added

comment:3 Changed 2 years ago by gk

  • Keywords GeorgKoppen201505R added; GeorgKoppen201505RR removed

comment:4 Changed 2 years ago by mcs

A brief update: we tested this proposed fix by installing TB 5.0a1 on a Windows 7 system, enabling meek-azure, adding an app.update.url.override that pointed to a test server that was configured to advertise a 5.0a2 update, and trying to update. After the staged update failed for the reason mentioned in this bug's description, we deleted the downloaded update info. from TorBrowser\Data\Browser\Caches\firefox, we replaced updater.exe with one that we built with the patch, and tried to update again. That time it succeeded without any trouble other than #13247.

Pending code review, Kathy and I think we should include this fix in 4.5.next and in the next 5.0 alpha.

comment:5 follow-up: Changed 2 years ago by gk

  • Status changed from needs_review to needs_information

Hrm... how can I reproduce the original problem? I took a Tor Browser 4.5a5, started it with meek-azure and performed an update to 5.0a1 on a Windows 7 machine. Worked like it should it seems (apart from the issue tracked in #13247).

comment:6 in reply to: ↑ 5 Changed 2 years ago by mcs

Replying to gk:

Hrm... how can I reproduce the original problem?

Because the browser will fallback to an unstaged update (apply changes during restart), it may not be obvious that the staged update failed. You can set app.update.log=true and watch the Browser Console to see if a complaint is logged about a staged update failure. You can also check if a directory named updated/ is left behind after the update finishes.

comment:7 follow-up: Changed 2 years ago by gk

15:57 < GeKo> mcs: using my updater.exe I always get "status: failed: 19" and the 
              update breaks. I wonder what happens and whether I messed up the .exe
15:57 < GeKo> mcs: do you have, by chance, your updater.exe with a hash sum 
              somewhere to rule build failures on my side out?
Last edited 2 years ago by gk (previous) (diff)

comment:8 in reply to: ↑ 7 Changed 2 years ago by mcs

Replying to gk:

15:57 < GeKo> mcs: using my updater.exe I always get "status: failed: 19" and the 
              update breaks. I wonder what happens and whether I messed up the .exe
15:57 < GeKo> mcs: do you have, by chance, your updater.exe with a hash sum 
              somewhere to rule build failures on my side out?

I am sorry I missed you on IRC. I no longer have the installed copy of TB on Windows that we used when testing the fix for this ticket, but I put a copy of the updater.exe from my builder tree plus its checksum here:

https://pearlcrescent.com/tor/16014/

I am 99% sure that is what we used to test.

If you get error 19 (CERT_VERIFY_ERROR) it is may be that the wrong signing certificate was embedded in updater.exe. I have run into that before; alpha, beta, and release builds use release_primary.der and release_secondary.der but nightly builds use nightly_aurora_level3*.der.

Or you do are using an unsigned MAR. Or something else that we do not understand is happening.

comment:9 follow-up: Changed 2 years ago by gk

Yeah, I just made a nightly build forgetting about the different certs, good. While the updated/ directory is gone there is now the problem that every start produces the check-your-extensions-compatibility-dialog which is quite annoying. This does not happen without using your updater.exe and we should avoid that. Btw: Do you know where this mysterious tobedeleted directory is coming from with weird "temporary files" in it (happens without your updater.exe as well)? I just saw this inside /Browser after the update while testing.

comment:10 in reply to: ↑ 9 ; follow-up: Changed 2 years ago by mcs

Replying to gk:

Yeah, I just made a nightly build forgetting about the different certs, good. While the updated/ directory is gone there is now the problem that every start produces the check-your-extensions-compatibility-dialog which is quite annoying. This does not happen without using your updater.exe and we should avoid that.

I do not see how the fix for this ticket could affect the extensions compatibility dialog. How can I reproduce that problem? Is it a dialog that stays open or is it the one that quickly opens and closes while checking for extension updates? (maybe I do not see it on my system because it closes too quickly)

Btw: Do you know where this mysterious tobedeleted directory is coming from with weird "temporary files" in it (happens without your updater.exe as well)? I just saw this inside /Browser after the update while testing.

Having a few files in "tobedeleted" is expected. If the updater is unable to delete a file on Windows because it is in use, it moves the file to a tobedeleted directory and arranges for the file to be deleted the next time Windows is restarted. The file is also renamed to so it has a temporary/unique name. This usually happens for updater.exe and the NSPR/NSS DLLs. While describing this to you, I just realized that this involves Windows registry changes. Should we create our own code to clean up the "tobedeleted" files?

comment:11 in reply to: ↑ 10 ; follow-up: Changed 2 years ago by gk

  • Status changed from needs_information to needs_review

Replying to mcs:

Replying to gk:

Yeah, I just made a nightly build forgetting about the different certs, good. While the updated/ directory is gone there is now the problem that every start produces the check-your-extensions-compatibility-dialog which is quite annoying. This does not happen without using your updater.exe and we should avoid that.

I do not see how the fix for this ticket could affect the extensions compatibility dialog. How can I reproduce that problem? Is it a dialog that stays open or is it the one that quickly opens and closes while checking for extension updates?

The latter. The weird thing is that I see it once on the Windows machine doing a "normal" update from 4.5a5 (with or without meek) which is quite normal. But using your updater.exe I see that dialog shortly with every start. If you think these things are unrelated, fine by me. I am just worried that the fix has some unintended side effects. :)

Btw: Do you know where this mysterious tobedeleted directory is coming from with weird "temporary files" in it (happens without your updater.exe as well)? I just saw this inside /Browser after the update while testing.

Having a few files in "tobedeleted" is expected. If the updater is unable to delete a file on Windows because it is in use, it moves the file to a tobedeleted directory and arranges for the file to be deleted the next time Windows is restarted. The file is also renamed to so it has a temporary/unique name. This usually happens for updater.exe and the NSPR/NSS DLLs. While describing this to you, I just realized that this involves Windows registry changes. Should we create our own code to clean up the "tobedeleted" files?

Dunno, I don't feel strongly here.

comment:12 Changed 2 years ago by mcs

I created #16236 to track the "tobedeleted" / Windows Registry issue.

comment:13 in reply to: ↑ 11 Changed 2 years ago by mcs

Replying to gk:

The latter. The weird thing is that I see it once on the Windows machine doing a "normal" update from 4.5a5 (with or without meek) which is quite normal. But using your updater.exe I see that dialog shortly with every start. If you think these things are unrelated, fine by me. I am just worried that the fix has some unintended side effects. :)

I am also worried there is a side effect or another bug.

I think it would help a lot if Kathy and I could reproduce the problem. Can you provide a little more detail about how you set things up? I am thinking you did something like this:

  • Downloaded TB 4.5a5 and replaced the updater.exe with the one from https://pearlcrescent.com/tor/16014/.
  • Started the the browser and configured it to use meek-azure (but what you said earlier implies that meek is not required in order to experience the extension compatibility dialog bug)
  • Checked for updates and restarted to apply when prompted.
  • Restarted again to get meek to work correctly (due to #13247).
  • From now on you see the add-on compatibility check window each time you start Tor Browser.

Is that it? Or did you use a different server and mar file? Did you use an en-US package?

Also, I am not sure in general if it works to simply swap in a different updater.exe (I cannot remember if the updater has version information embedded in it or not). So maybe you did something else.

Here are a few things you can look at within your install where you see this problem:
1) Look under <instdir>\Browser\TorBrowser\Data\Browser\Caches\firefox\updates\0 and see if there is an update.status file (that directory should be empty after a successful update). If there is an update.status file, what is in it?
2) Look at the log files up one level from there and see if there is anything interesting in them (or just make them available so Kathy and I can look).
3) Check timestamps on the log files and maybe other files to ensure that an update is not occurring over and over again (that seems unlikely, because you would notice slowness).
4) Set app.update.log to true and see if anything is logged during start up.

comment:14 follow-up: Changed 2 years ago by mcs

Never mind. Kathy and I just reproduced the problem (basically by following the steps I mentioned in my previous comment). We are out of time for today but we will debug this soon.

comment:15 Changed 2 years ago by dcf

  • Keywords meek added

comment:16 Changed 2 years ago by mikeperry

  • Keywords TorBrowserTeam201506 added

comment:17 Changed 2 years ago by mikeperry

  • Keywords TorBrowserTeam201506R GeorgKoppen201506R added; TorBrowserTeam201505R GeorgKoppen201505R TorBrowserTeam201506 removed

comment:18 in reply to: ↑ 14 Changed 2 years ago by mcs

Replying to mcs:

Never mind. Kathy and I just reproduced the problem (basically by following the steps I mentioned in my previous comment). We are out of time for today but we will debug this soon.

This turned out to be a meek problem. See #16269.
Georg, please let us know if are satisfied with the fix for this ticket.

comment:19 follow-up: Changed 2 years ago by gk

I think the fix is fine. I am just wondering if we should land that one only if the one for #16269 lands as well given that there is somehow an interdependency. Or was it just by chance that using your modified updater.exe revealed that problem?

comment:20 in reply to: ↑ 19 Changed 2 years ago by mcs

Replying to gk:

I think the fix is fine. I am just wondering if we should land that one only if the one for #16269 lands as well given that there is somehow an interdependency. Or was it just by chance that using your modified updater.exe revealed that problem?

I think they are separate problems but it is hard to be sure. There is apparently a codepath in the browser that causes the meek helper browser's prefs.js file to be written... but only sometimes. Maybe it happens more often with the fix for this ticket? I tried again and was not able to reproduce the problem (I have been working on #16269 using a installation that I made by copying the one where I reproduced the problem on May 29th).

In any case, I hope we can get both fixes in at the same time. I just posted a revised patch in #16269 for dcf to review.

comment:21 Changed 2 years ago by gk

  • Resolution set to fixed
  • Status changed from needs_review to closed

Ok, this is fixed in 5.0a2 (commit ead805176e983d0137880e50447208b2c658c829) which uses meek 0.19, too.

Note: See TracTickets for help on using tickets.