Find a nicer way to add exceptions from mandatory signing for our Tor Browser add-ons
The current approach is commit:415f520fde6f84c5f32ff3769f16f42c8209137d, where we unpack and patch the relevant files in the
omni.ja archives. We should upstream this to Tor Browser somehow so we don’t have to carry this delta.
A discussion about this has slowly been started a while back here: https://lists.torproject.org/pipermail/tbb-dev/2017-April/000515.html
It would be good to fix this before Tor Browser drops their current hack and signs their extensions: https://trac.torproject.org/projects/tor/ticket/26553. Otherwise we’ll have to make our hack even worse: instead of “merely” adding an add-on to the whitelist we would have to carry the entire whitelist code as part of our delta.
Regarding timing, Georg told us it “will be 9.0 material if at all”. Tor Browser 9.0 Firefox 68 Oct 2019.
Related to Tails -
|Related to Tails - Bug #16048: Deal with the fact that Tor Browser won't ship language packs anymore||Confirmed||2018-10-12|
|Blocks Tails - Feature #16209: Core work: Foundations Team||Confirmed|
#2 Updated by Anonymous 2017-06-27 12:57:21
Upstream Tor bug which plans to add this to their design documentation: https://trac.torproject.org/projects/tor/ticket/21922
#3 Updated by Anonymous 2017-06-27 12:59:41
Upstream Tor bug about unreproducible omni.ja: https://trac.torproject.org/projects/tor/ticket/21960
#6 Updated by intrigeri 2017-09-07 08:43:02
> Upstream Tor bug about unreproducible omni.ja: https://trac.torproject.org/projects/tor/ticket/21960
(Just to save anonym some time: this seems unrelated to this ticket.)
#7 Updated by intrigeri 2017-09-07 10:34:14
- Target version changed from Tails_3.2 to Tails_3.3
- Type of work changed from Communicate to Code
> A discussion about this has slowly been started a while back here: https://lists.torproject.org/pipermail/tbb-dev/2017-April/000515.html
My understanding is that an agreement was reached (add a pref with the whitelist), so next step is to actually implement it. I’ll let you evaluate if this is something you can do yourself, or something we should kindly ask Tor Browser developers (or other nice people we know who might want to help, Cc garrettr) to implement it themselves.
I suggest you spend a couple hours (not more!) on this evaluation during the 3.3 cycle and then adjust the timeline depending on the outcome.
#14 Updated by anonym 2018-01-23 15:22:06
So I has paid with a few hours of my life due to this hack with commit:55766776a514b2379d37e2f002a99b5c85cbeeb4. At the time I didn’t get why this fixed it, but here’s an explanation from segfault (thanks! ❤):
> the files in omni.js don’t have $tbb_timestamp, but January 19 2018. This means they are newer than the two files you want to compress, which causes the update to fail. If I use “7z u -ux2 -mtc=off -tzip” instead, the update works. I would recommend using -ux2y2w2 to prevent this error in the future (see https://www.scottklement.com/p7zip/MANUAL/switches/update.htm for an explanation of these cryptic values).
#29 Updated by intrigeri 2018-07-03 16:47:38
- Assignee deleted (
- Target version deleted (
One year later, this (arguably ugly) hack has not caused us any major trouble. I was concerned we would need to update it for Firefox ESR60 but works just fine there. So the only reasons I see in favour of keeping this ticket open are:
- Adding a Tor Browser pref for that list of extensions increases the chances that the Tor Browser team notices if they ever break it, e.g. if they start signing their own extensions and don’t need the pref anymore, but that’s quite hypothetical.
- It’s less stressful to deal with this as a new feature, with a relaxed timeline, than in a hurry, to fix stuff after the fact, whenever our current hack breaks.
So for now I’m dropping the target version but I’m refraining from rejecting this ticket. If someone feels strongly either way, let’s talk.
#32 Updated by intrigeri 2018-10-12 16:14:53
- Target version set to Tails_3.13
According to the latest Tor Browser team roadmap, https://trac.torproject.org/projects/tor/ticket/26553 should happen in Tor Browser 8.5, scheduled for March 2019.