Feature #10197

Rebuild Tor 0.2.7.x for wheezy-backports

Added by intrigeri 2015-09-15 01:32:59 . Updated 2015-10-26 15:17:51 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Tails_1.7
Start date:
2015-09-15
Due date:
% Done:

100%

Feature Branch:
feature/10194-tor-0.2.7
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

Subtasks

History

#1 Updated by intrigeri 2015-09-15 01:33:06

#2 Updated by intrigeri 2015-09-15 01:33:18

  • blocks Feature #10196: Test Tor 0.2.7.x in the context of Tails added

#3 Updated by intrigeri 2015-09-30 09:08:14

  • Assignee set to anonym
  • Target version set to Tails_1.7
  • QA Check set to Info Needed

Actually, as far as I understand, as we don’t ship Tor 0.2.7 before Tails 2.0 (likely 2016-01-26), then we can take deb.tpo’s Jessie package as-is:

  • Jessie has a new enough linux-libc-dev
  • no need to disable systemd support

Before that, our only major release is 1.7, scheduled for November 3, and I don’t think we’ll have time to get everything ready to ship 0.2.7 in it, so I’m inclined to just delay to 2.0 and close this ticket.

anonym, thoughts?

#4 Updated by anonym 2015-10-08 07:04:58

intrigeri wrote:
> Actually, as far as I understand, as we don’t ship Tor 0.2.7 before Tails 2.0 (likely 2016-01-26), then we can take deb.tpo’s Jessie package as-is:
>
> * Jessie has a new enough linux-libc-dev
> * no need to disable systemd support

Indeed, since 0.2.7 introduces KeepAliveIsolateSOCKSAuth so we can drop the bug15482.patch => no patching needed. Finally!

> Before that, our only major release is 1.7, scheduled for November 3, and I don’t think we’ll have time to get everything ready to ship 0.2.7 in it, so I’m inclined to just delay to 2.0 and close this ticket.
>
> anonym, thoughts?

I will create a branch for current Wheezy-based Tails, and see how it runs in the automated test suite. Of course, without a rebuild against wheezy-backports we won’t get seccomp confinement, but the rest should be fine.

#5 Updated by anonym 2015-10-12 05:55:56

  • Assignee changed from anonym to intrigeri

I have pushed feature/10194-tor-0.2.7-in-wheezy (which is a re-write of your feature/10194-tor-0.2.7 since it was based on feature/jessie). All scenarios succeed except ‘The tor process should be confined with Seccomp’, which is expected. This looks quite promising, so if 0.2.7 is released in time for 1.7, perhaps we should try it?

#6 Updated by intrigeri 2015-10-12 09:00:16

> This looks quite promising, so if 0.2.7 is released in time for 1.7, perhaps we should try it?

Now that you’ve done all this work, sure! Just ask nickm if we should ship 0.2.7.3-rc, and follow his advice?

#7 Updated by intrigeri 2015-10-12 09:00:44

  • Assignee changed from intrigeri to anonym
  • QA Check deleted (Info Needed)

#8 Updated by anonym 2015-10-16 07:59:05

  • Subject changed from Build Tor 0.2.7.x with our patches to Rebuild Tor 0.2.7.x for wheezy-backports
  • Description updated
  • QA Check set to Dev Needed
  • Feature Branch set to feature/10194-tor-0.2.7

intrigeri wrote:
> > This looks quite promising, so if 0.2.7 is released in time for 1.7, perhaps we should try it?
>
> Now that you’ve done all this work, sure! Just ask nickm if we should ship 0.2.7.3-rc, and follow his advice?

I’ll answer on the ticket. I believe the other changes I do to this ticket will spoil it though… :)

#9 Updated by anonym 2015-10-16 08:17:09

  • blocked by deleted (Feature #10196: Test Tor 0.2.7.x in the context of Tails)

#10 Updated by anonym 2015-10-16 08:50:10

  • Status changed from Confirmed to In Progress

Applied in changeset commit:f7ab3719045ba7c09918eed983bd6c34e72e4ba4.

#11 Updated by anonym 2015-10-16 09:01:14

  • % Done changed from 0 to 40

I’ve uploaded a rebuilt package. Given the jenkins deplyment, a build was automatically started (link for those with access). Let’s see how the automatically started tests fare as well! :)

#12 Updated by anonym 2015-10-17 05:40:23

  • Assignee deleted (anonym)
  • QA Check changed from Dev Needed to Ready for QA

Test run is done:

Only two scenarios failed:

  • The shipped Tails OpenPGP keys are up-to-date (expected)
  • The system time is not synced to the hardware clock

The latter one is interesting, since the failure was:

02:41:14.816   Scenario: The system time is not synced to the hardware clock       # features/time_syncing.feature:86
02:41:19.722     Given I have started Tails from DVD without network and logged in # features/step_definitions/snapshots.rb:174
02:43:27.659     When I bump the system time with "-15 days"                       # features/step_definitions/time_syncing.rb:20
02:43:27.659     And I warm reboot the computer                                    # features/step_definitions/common_steps.rb:458
02:43:27.659     And the computer reboots Tails                                    # features/step_definitions/common_steps.rb:209
02:43:27.659     Then Tails' hardware clock is close to the host system's time     # features/step_definitions/time_syncing.rb:69
02:43:27.659 Full network capture available at: /tmp/TailsToaster/time_syncing_sniffer.pcap-2015-10-16T14:12:46-07:00
02:43:27.659       The following IPv4 TCP non-Tor Internet hosts were contacted:
02:43:27.659       195.88.84.138 (RuntimeError)
02:43:27.659       /var/lib/jenkins/workspace/test_Tails_ISO_feature-10194-tor-0.2.7/features/support/helpers/firewall_helper.rb:120:in `assert_no_leaks'
02:43:27.659       /var/lib/jenkins/workspace/test_Tails_ISO_feature-10194-tor-0.2.7/features/support/hooks.rb:187:in `After'


i.e. due to the @check_tor_leaks flag we detected a leak. However it most likely is just be Bug #8961 (which I will reopen, and reparent to Bug #10288), and very unlikely an issue with the update to tor 0.2.7.3-rc.

I say this branch is good to go!

#13 Updated by anonym 2015-10-17 05:59:56

  • % Done changed from 40 to 50

#14 Updated by anonym 2015-10-20 03:26:22

  • Assignee set to intrigeri

Since you’ve already been involved in this branch, would you like to review’n’merge it?

#15 Updated by anonym 2015-10-20 03:27:05

Oh, and heads-up: nickm said yesterday that he plans to put out 0.2.7.4-rc today.

#16 Updated by intrigeri 2015-10-20 04:22:11

  • Assignee changed from intrigeri to anonym

> Oh, and heads-up: nickm said yesterday that he plans to put out 0.2.7.4-rc today.

So it’s pointless to merge your branch now, no?

#17 Updated by anonym 2015-10-21 00:43:57

  • Assignee deleted (anonym)

intrigeri wrote:
> > Oh, and heads-up: nickm said yesterday that he plans to put out 0.2.7.4-rc today.
>
> So it’s pointless to merge your branch now, no?

No, it should be merged ASAP any way, imho. This needs more exposure in automated tests. Besides, a new rc wasn’t released, for whatever reason.

#18 Updated by intrigeri 2015-10-21 00:58:53

  • Assignee set to intrigeri

> No, it should be merged ASAP any way, imho.

OK. I’ll try to do it but “ASAP” doesn’t work well with me these days so please try to find someone else.

#19 Updated by anonym 2015-10-22 06:51:37

  • Assignee changed from intrigeri to bertagaz

#20 Updated by bertagaz 2015-10-24 13:17:39

anonym wrote:
> intrigeri wrote:
> > > Oh, and heads-up: nickm said yesterday that he plans to put out 0.2.7.4-rc today.
> >
> > So it’s pointless to merge your branch now, no?
>
> No, it should be merged ASAP any way, imho. This needs more exposure in automated tests. Besides, a new rc wasn’t released, for whatever reason.

I’ve build and tested it. I agree its ready to be merged, but 0.2.7.4-rc has been released. I’ll try to build and test it.

#21 Updated by bertagaz 2015-10-25 03:04:00

  • Assignee changed from bertagaz to anonym

bertagaz wrote:
> I’ve build and tested it. I agree its ready to be merged, but 0.2.7.4-rc has been released. I’ll try to build and test it.

I’ve build and uploaded a package of 0.2.7.4-rc in the APT suite for this branch. I’ve build the ISO, it and run the test suite on it and it works fine.

Reassigning to anonym to review it.

As I’ve also quite well tested this branch with the previous 0.2.7.3-rc package and was ready to merge it before noticing a new Tor release was out, and the changelog for this new Tor release is not so big (mostly bugfixes), I think doing lazy testing (running the test suite) is probably enough.

#22 Updated by bertagaz 2015-10-26 05:33:13

bertagaz wrote:
> As I’ve also quite well tested this branch with the previous 0.2.7.3-rc package and was ready to merge it before noticing a new Tor release was out, and the changelog for this new Tor release is not so big (mostly bugfixes), I think doing lazy testing (running the test suite) is probably enough.

I’ve run several time the test suite on a ISO build with this 0.2.7.4-rc package and seen no regressions.

#23 Updated by anonym 2015-10-26 13:01:13

  • Status changed from In Progress to Fix committed
  • % Done changed from 50 to 100

Applied in changeset commit:86a2af348e8cb86fbc8c702ab72f4dd54713f29d.

#24 Updated by anonym 2015-10-26 13:04:48

  • Assignee deleted (anonym)
  • QA Check changed from Ready for QA to Pass

#25 Updated by anonym 2015-10-26 15:17:51

  • Status changed from Fix committed to Resolved