Opened 6 weeks ago

Closed 5 weeks ago

Last modified 4 weeks ago

#31942 closed enhancement (fixed)

Re-enable language pack signature checks for Linux and Windows and double-check macOS

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-9.0-must-alpha, TorBrowserTeam201910R, GeorgKoppen201910
Cc: intrigeri, acat Actual Points: 0.25
Parent ID: Points: 1
Reviewer: Sponsor:

Description

With https://bugzilla.mozilla.org/show_bug.cgi?id=1437942 Mozilla removed search engines from language packs which means one reason less for us to modify them which means in turn that it seems we can enable signature verification at least on Linux and Windows.

We should double-check whether we still need to have the bookmarks problem (#21879) for macOS which would remain the only reason to not enable the signature check there.

Child Tickets

Change History (7)

comment:1 Changed 6 weeks ago by gk

Summary: Re-enabled language pack signature checks for Linux and Windows and double-check macOSRe-enable language pack signature checks for Linux and Windows and double-check macOS

intrigeri: Would that work for Tails if we enabled the signature check verification?

comment:2 in reply to:  1 ; Changed 5 weeks ago by intrigeri

Replying to gk:

intrigeri: Would that work for Tails if we enabled the signature check verification?

Thanks for caring! I've just checked and AFAICT, we use the langpacks, that we extract from your tarballs, as-is. So I don't see what can possibly go wrong (famous last words) by enabling signature verification for them. Still, I'd be more comfortable if this change was applied in a Tor Browser 9.0 alpha/beta/RC, before 9.0 final, so we have a chance to test it while it's still time to fix stuff :)

comment:3 in reply to:  2 ; Changed 5 weeks ago by gk

Keywords: GeorgKoppen201910 added

Replying to intrigeri:

Replying to gk:

intrigeri: Would that work for Tails if we enabled the signature check verification?

Thanks for caring! I've just checked and AFAICT, we use the langpacks, that we extract from your tarballs, as-is. So I don't see what can possibly go wrong (famous last words) by enabling signature verification for them. Still, I'd be more comfortable if this change was applied in a Tor Browser 9.0 alpha/beta/RC, before 9.0 final, so we have a chance to test it while it's still time to fix stuff :)

Fair enough and sounds good. We'll plan to start building another alpha (the last one before 9.0) at the end of next week. I'll try to get the fix for this bug into it.

comment:4 Changed 5 weeks ago by gk

Actual Points: 0.25
Keywords: TorBrowserTeam201910R added; TorBrowserTeam201910 removed
Status: newneeds_review

Okay, here is what I did: I double-checked that we are using the unmodified language packs on Windows and Linux (we do) and that enabling the signature check does not cause any issues on those platforms (it does not).

Moreover, I looked at the macOS bundles and it seems that we still need our bookmark issue workaround done in #21879, which is unfortunate. I wonder whether the reason for that is that macOS is the platform where we use the profile not in the bundle itself but I have not looked closer.

bug_31942 (https://gitweb.torproject.org/user/gk/tor-browser.git/commit/?h=bug_31942&id=ec33831d9bc09cb705f9d5b44296a1af69cca3b8) has the change for this bug for review, setting extensions.langpacks.signatures.required to false only on macOS.

comment:5 Changed 5 weeks ago by acat

Looks good to me, I verified this indeed works for Linux and Windows.

comment:6 Changed 5 weeks ago by gk

Resolution: fixed
Status: needs_reviewclosed

Thanks. Fixed with commit 293608f16682a977f22527bd74a449cd04d0fcd3 on tor-browser-68.1.0esr-9.0-2.

comment:7 in reply to:  3 Changed 4 weeks ago by intrigeri

Replying to gk:

Replying to intrigeri:

Replying to gk:

intrigeri: Would that work for Tails if we enabled the signature check verification?

Thanks for caring! I've just checked and AFAICT, we use the langpacks, that we extract from your tarballs, as-is. So I don't see what can possibly go wrong (famous last words) by enabling signature verification for them. Still, I'd be more comfortable if this change was applied in a Tor Browser 9.0 alpha/beta/RC, before 9.0 final, so we have a chance to test it while it's still time to fix stuff :)

Fair enough and sounds good. We'll plan to start building another alpha (the last one before 9.0) at the end of next week. I'll try to get the fix for this bug into it.

I confirm that with Tor Browser 9.0a8 in Tails, the langpacks still work :)

Note: See TracTickets for help on using tickets.