Creating incremental MAR files should not include Tor Browser version in meta data

While trying to build the incrementals for 5.5.2 on a machine that had older mar-tools I ended up with them not matching incrementals built on other machines. Upon investigation it turned out that the browser versions gets embedded in the MAR files' metadata. There is no need for doing that actually.

added component::applications/tor browser gitlab-tb-tor-browser-build owner::tbb-team parent::18325 priority::medium severity::normal status::new tbb-rbm tbb-update type::defect labels

Not sure if that is actually a child ticket of #18325 (moved) but it might be so.

Trac:
Keywords: N/A deleted, tbb-gitian added
Component: - Select a component to Tor Browser
Parent: N/A to #18325 (moved)
Owner: N/A to tbb-team

I think we do need this but I am not 100% sure. Mozilla embedded the version number in the MAR file to ensure that a MAR won't be applied that downgrades the browser to an older version.

Also, there may be a way to set a different version using the MAR tools (I will have to look to be sure). If that is possible we could avoid a dependency on the exact tools that are built with the browser.

Replying to mcs:

I think we do need this but I am not 100% sure. Mozilla embedded the version number in the MAR file to ensure that a MAR won't be applied that downgrades the browser to an older version.

Hmm, if this is actually a security feature then this is fine to me and I think we might have to live with it. I don't remember that one in particular to be honest. But it's been a while that I looked closer at the updater related code...

The mar program does have an option to update the product info block:

  Refresh the product information block of a MAR file:
    mar [-H MARChannelID] [-V ProductVersion] [-C workingDir] -i unsigned_archive_to_refresh.mar

That means it should work to run a command like this before signing:

  mar -H release -V 5.5.2 -i unsigned.mar

I think I have successfully used a command like that before when Kathy and I were doing some testing but I did not try it today.

Moving over to rbm

Trac:
Keywords: tbb-gitian deleted, tbb-rbm added

Trac:
Keywords: N/A deleted, tbb-updater added
Reviewer: N/A to N/A

Renaming keyword to make it a bit broader

Trac:
Keywords: tbb-updater deleted, tbb-update added

Add magic gitlab keyword.

Trac:
Keywords: N/A deleted, gitlab-tb-tor-browser-build added

moved to tpo/applications/tor-browser-build#18326