Opened 5 weeks ago

Last modified 3 weeks ago

#32027 new defect

Bump version of Go to 1.13+

Reported by: cohosh Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: snowflake
Cc: dcf, cohosh, phw, JeremyRand Actual Points:
Parent ID: #31688 Points:
Reviewer: Sponsor:

Description

We're going to need it eventually for newer versions of pion/webrtc, and there's a nice feature in to log package that allows us to pass the log output writer to libraries.

Child Tickets

Change History (5)

comment:1 Changed 5 weeks ago by cohosh

Note: as mentioned in https://trac.torproject.org/projects/tor/ticket/28942#comment:66 we should be careful about how modules are handled in 1.13

Perhaps we want to tackle #28325 first.

comment:2 Changed 5 weeks ago by dcf

Another thing to watch out for in Go 1.13. By default, even commands like go build will phone home to proxy.golang.org and sum.golang.org. See:

The phone-home behavior is annoying, but probably mostly harmless in the rbm context. To disable the proxy.golang.org reporting, you can set GOPROXY=direct -- but even better for us may be GOPROXY=off, which is supposed to "disallow downloading modules from any source," which is what we want during the offline portion of the build.

To disable the sum.golang.org reporting, you can set GOSUMDB=off.
https://golang.org/cmd/go/#hdr-Module_authentication_failures

If GOSUMDB is set to "off", or if "go get" is invoked with the -insecure flag, the checksum database is not consulted, and all unrecognized modules are accepted, at the cost of giving up the security guarantee of verified repeatable downloads for all modules.

I personally had problems this week with checksum mismatches using go1.13.1 -- it turns out they changed how checksums are calculated with respect to symlinks, or something, and invalidated previous checksums. I tried clearing my cache and everything, and could not get https://github.com/lucas-clemente/quic-go to build using go1.13.1 because of checksum mismatches. So if you get "checksum mismatch" errors, it's something related to that.

comment:3 Changed 3 weeks ago by sysrqb

It looks like we need for this for supporting obfs4proxy on Android Q (and likely any golang project, for that matter), so that is very exciting.

The fix for https://github.com/golang/go/issues/29674 landed in 1.13 which is the cause of:

WARN: Managed proxy at '/data/app/org.torproject.torbrowser-xxxxxxxx==/lib/arm64/libObfs4proxy.so' reported: error: "/data/app/org.torproject.torbrowser-xxxxxxxx==/lib/arm64/libObfs4proxy.so": executable's TLS segment is underaligned: alignment is 8, needs to be at least 64 for ARM64 Bionic

Multiple other project ran into this problem, too (just for reference):
https://github.com/shadowsocks/v2ray-plugin-android/issues/6
https://github.com/termux/termux-packages/issues/3619
https://github.com/Catfriend1/syncthing-android/issues/370

comment:4 Changed 3 weeks ago by sysrqb

Actual Points: snowflake
Keywords: snowflake added

comment:5 Changed 3 weeks ago by gk

Cc: JeremyRand added
Parent ID: #31688

#31689 is a duplicate.

Note: See TracTickets for help on using tickets.