Fix URLs in the downloads.json file
Following changes from #19202 (moved), the URLs in the downloads.json file (added in #16551 (moved)) are broken.
Activity
-
I attached a patch to fix that.
Additionally, this should make updating the
config.ymlfile for a new release a little easier, as there is no more a version to update in thedownload_urloption.I checked on 6.5a2 that with
make update_responses-alphathe xml files generated are the same with or without the patch, and the URLs indownloads.jsonare fixed.Trac:
Keywords: N/A deleted, TorBrowserTeam201608R added
Status: new to needs_review Is this supposed to be fixed in the live files currently deployed? As far as I can tell, all of them in the alpha channel json file 404.
Eg: https://dist.torproject.org/torbrowser/update_2/alpha/downloads.json (302 redirect -> https://aus1.torproject.org/torbrowser/update_2/alpha/downloads.json)
Trac:
Status: closed to reopened
Resolution: fixed to N/AOk. For the sake of my sanity, is the redirect situation to
aus1.torproject.orggoing to be an ongoing thing, or is thedownloads.jsonfile going to be ondist.torproject.org?I'd like the redirect to go away if possible, since I want to pin the entire cert chain that I use to fetch said file...
If this is getting fixed tomorrow then I'll just re-close this I guess.
-
Replying to yawning:
Ok. For the sake of my sanity, is the redirect situation to
aus1.torproject.orggoing to be an ongoing thing, or is thedownloads.jsonfile going to be ondist.torproject.org?I'd like the redirect to go away if possible, since I want to pin the entire cert chain that I use to fetch said file...
Currently, the internal updater is using http://www.torproject.org/dist/torbrowser/update_2/ URLs, which is redirected to dist.tpo for the stable and aus1.tpo for the alpha. At some point we want to change the URL to aus1.tpo directly (and have a redirect on the old URLs for the older browsers). We have #19481 (moved) for that.
-
Replying to boklm:
Currently, the internal updater is using http://www.torproject.org/dist/torbrowser/update_2/ URLs, which is redirected to dist.tpo for the stable and aus1.tpo for the alpha. At some point we want to change the URL to aus1.tpo directly (and have a redirect on the old URLs for the older browsers). We have #19481 (moved) for that.
Contrary to what I said before, we'll be moving back the alpha and hardened channels to dist.tpo, until we have pinning for aus1.tpo.
-
Replying to yawning:
Will the move back happen in the upcoming release? Or rather, assuming I am writing code now, that uses the
downloads.jsonfile and the auto-update related xml files, and that I will likely publish it after the next release happens, can I rip out the support for handling different hostnames now?I opened ticket #20219 (moved) to ask sysadmins to update the redirects. I think the URL you should use is https://www.torproject.org/dist/torbrowser/update_2/alpha/downloads.json which will redirect to dist.tpo (when #20219 (moved) is done). When we have pinning for aus1.tpo we will update the redirects to point there instead of dist.tpo, so keeping support for handling different hostnames can be useful.
