Make cron job to update RecommendedTBBVersions on check.tp.o

We need some way to keep the RecommendedVersions file updated on for https://trac.torproject.org/projects/tor/ticket/2285#comment:26 to work.

Options include:

1. Giving Erinn and I accounts to update the file manually.
2. Running a cronjob on check that securely downloads the file from elsewhere that we have access to.

Since I'm not sure what else would host the file, it might just be easiest to go with option #1?

added component::company owner::phobos priority::medium resolution::fixed status::closed type::task labels

The file is here in gitweb: https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/build-scripts/recommended-versions

The current server is going away, to be replaced by torbel soon. Can we figure out a way to automate the version updating, via git repo or something similar?

Replying to erinn:

The file is here in gitweb: https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/build-scripts/recommended-versions

Ok. wget of this file in cron is one option. A slightly better one would be a git+ssh or https git clone of the torbrowser repo, and the cp of this file. No git clones via git:// though plz, as those could be MITMed/otherwise altered. If gitweb itself is using git:// on the backend, we probably shouldn't trust it either...

Whatever the mechanism, the file needs to land at https://check.torproject.org/RecommendedTBBVersions

Trac:
Summary: Give Erinn and/or myself access to check.tp.o? to Make cron job to update RecommendedTBBVersions on check.tp.o

Once this is done and the file is up and synced with cron, we'll also want to merge https://trac.torproject.org/projects/tor/attachment/ticket/2285/2285-tbb-updates-on-check-tpo_patch2.patch into check.tp.o, so that it will begin telling users they are out of date.

as a test, https://check.torproject.org/RecommendedTBBVersions works now.

since git and check are on the same subnet sharing the same interfaces, if git is insecure, we're probably already screwed.

Replying to mikeperry:

Once this is done and the file is up and synced with cron, we'll also want to merge https://trac.torproject.org/projects/tor/attachment/ticket/2285/2285-tbb-updates-on-check-tpo_patch2.patch into check.tp.o, so that it will begin telling users they are out of date.

we're scrapping the current check codebase in svn, in favor of the forthcoming torbel site. It will include the redesign of check, as seen https://svn.torproject.org/svn/projects/misc/phobos/2011-check_redesign_files.tar.gz

torbel being https://gitweb.torproject.org/torbel.git

Ok, but what's the harm in deploying that patch now? It is ready to be applied to the current check.

We've been working on the torbel replacement for a while now. My understanding is that it still isn't ready. Unless it is ready to go live tonight (which aagbsn's patch is), it seems silly to allow our users to continue to be exploitable while we wait...

In the meantime, we can work to add the uptodate functionality to the torbel version.

Replying to phobos:

as a test, https://check.torproject.org/RecommendedTBBVersions works now.

since git and check are on the same subnet sharing the same interfaces, if git is insecure, we're probably already screwed.

Ok, that's fine then. However, if we're going to go through gitweb we need to use the raw url in the cron script: https://gitweb.torproject.org/torbrowser.git/blob_plain/maint-2.2:/build-scripts/recommended-versions

then aaron should patch check directly, i can push to the live site for now.

bonus if he can apply the new html redesign too

Replying to mikeperry:

Ok, but what's the harm in deploying that patch now? It is ready to be applied to the current check.

Why the rush for this?

Replying to phobos:

then aaron should patch check directly, i can push to the live site for now.

Who has commit on the check svn dir?

Replying to phobos:

Replying to mikeperry:

Ok, but what's the harm in deploying that patch now? It is ready to be applied to the current check.

Why the rush for this?

Because there have been about two or three dozen Firefox releases with remote code exec bugs since we started shipping Tor Browser Bundle 2 years ago, and we still have no mechanism for telling any of those people that they are running vulnerable software, unless their tor also happens to become vulnerable and Vidalia told them by coincidence..

If we have a mechanism to tell them, we should deploy it yesterday, or last year. Not next month or next quarter.

Oh, in case it wasn't clear, the patch is the last piece. We've built and tested the rest of the notification mechanism in TBB over the last two releases. As soon as the patch is deployed, all users (including even old obsolete TBB users from yesteryear) will begin getting upgrade notifications via the check homepage.

where's a patch i can apply? the one from trac includes trac html.

Trac:
Status: new to accepted

https://trac.torproject.org/projects/tor/raw-attachment/ticket/2285/2285-tbb-updates-on-check-tpo_patch2.patch

Replying to mikeperry:

https://trac.torproject.org/projects/tor/raw-attachment/ticket/2285/2285-tbb-updates-on-check-tpo_patch2.patch

right, that includes the html from trac, i made my own.

Trac:
Status: accepted to closed
Resolution: N/A to implemented

https://lists.torproject.org/pipermail/tor-commits/2011-October/035974.html done and live.

Replying to phobos:

Replying to mikeperry:

https://trac.torproject.org/projects/tor/raw-attachment/ticket/2285/2285-tbb-updates-on-check-tpo_patch2.patch

right, that includes the html from trac, i made my own.

Actually it shouldn't have. Note the difference in the url. This one says raw_attachment. If trac is injecting secret html into those, we have problems...

Replying to mikeperry:

Replying to phobos:

as a test, https://check.torproject.org/RecommendedTBBVersions works now.

since git and check are on the same subnet sharing the same interfaces, if git is insecure, we're probably already screwed.

Ok, that's fine then. However, if we're going to go through gitweb we need to use the raw url in the cron script: https://gitweb.torproject.org/torbrowser.git/blob_plain/maint-2.2:/build-scripts/recommended-versions

Btw, looks like the cron job is still fetching the html gitweb url, too. Note the blob_plain in the one above.

Trac:
Status: closed to reopened
Resolution: implemented to N/A

FYI: Until https://check.torproject.org/RecommendedTBBVersions is the correct file, everyone will get the "You need to upgrade" page, even fresh installs. It defaults to assuming you're out of date if the file fetch or parse fails.

Replying to mikeperry:

FYI: Until https://check.torproject.org/RecommendedTBBVersions is the correct file, everyone will get the "You need to upgrade" page, even fresh installs. It defaults to assuming you're out of date if the file fetch or parse fails.

And this is why I don't like to rush stuff out there. The default failure mode should be to do nothing, not tell everyone they're out of date. The RecommendedTBBVersions file is removed, yet check keeps telling me to upgrade.

There is no cronjob set, it's manual right now until we can be sure this works correctly.

I manually put the correct file in place, copying and pasting from git itself.

Can you put the right file in place again? There was a syntax error (fixed in git) that is causing users to think they need to upgrade. Thanks!

Replying to erinn:

Can you put the right file in place again? There was a syntax error (fixed in git) that is causing users to think they need to upgrade. Thanks!

Done as of Oct 12 23:14 GMT

Can I Erinn and/or Sebastian and/or I just get svn + access to the check VM? This ticket is a Litany of Fail, and I think is it is because we have no maintainer of the current service or the source.

Other than deployment on the actual VM here, everything else about the check.tpo should inform TBB users if they are o... (#2285 - moved)#3337 (closed) deployment was tested beforehand on alternate servers over two TBB releases and it worked properly, yet we still managed to have almost 20 hours of failtime on this feature due to no one being around with the ability to fix it after it was partially deployed.

Also, we really need a cron job to wget the file and mv it into place.

And if we end up still seeing transient failures even after we get a sane deployment on the VM, we can give new TBB users a new default homepage that gets no update message in the case of failures, but right now the default-to-upgrade is the mechanism that tells old TBB users to upgrade... I didn't see any transient failures on the testing systems.

Trac:
Cc: erinn, mikeperry to erinn, mikeperry, Sebastian, aagbsn

cronjob in place, pulling hourly.

Trac:
Resolution: N/A to fixed
Status: reopened to closed

closed