Bug #16048: Deal with the fact that Tor Browser won't ship language packs anymore

Bug #16048

Deal with the fact that Tor Browser won't ship language packs anymore

Added by intrigeri 2018-10-12 16:17:00 . Updated 2020-05-12 13:03:19 .

Status:

Confirmed

Priority:

Normal

Assignee:

Category:

Target version:

Start date:

2018-10-12

Due date:

% Done:

Feature Branch:

Type of work:

Communicate

Blueprint:

Starter:

Affected tool:

Browser

Deliverable for:

Description

https://trac.torproject.org/projects/tor/ticket/27466

The major reason for this change are:

Language packs are extensions and would need to be signed once Tor Browser starts requiring all extensions to be signed (see https://trac.torproject.org/projects/tor/ticket/26843, tracked as Feature #12571 here); Tor Browser modifies the strings so they can’t just take the langpacks signed by Mozilla.
multi-lingual TBA (https://trac.torproject.org/projects/tor/ticket/26843)

When building a Tails image, we extract langpacks from the full set of localized Tor Browser tarballs (config/chroot_local-hooks/10-tbb). So once there’s no langpack in there, we don’t know how to ship translations for Tor Browser anymore.

This work upstream is targetted at Tor Browser 9.0 == Firefox 68esr = Oct 2019. As Georg wrote, it “will be 9.0 material if at all”.

Subtasks

Related issues

Related to Tails - Feature #12571: Find a nicer way to add exceptions from mandatory signing for our Tor Browser add-ons	Confirmed	2017-05-19
Blocks Tails - Feature #16209: Core work: Foundations Team	Confirmed

History

#1 Updated by intrigeri 2018-10-12 16:17:10

blocks ~~Feature #15507~~: Core work 2019Q1: Foundations Team added

#2 Updated by anonym 2019-01-10 10:13:00

Parent task changed from #16047 to ~~Feature #16337~~

#3 Updated by intrigeri 2019-02-06 14:31:55

Priority changed from Normal to Elevated
Type of work changed from Code to Communicate

Next step: check what’s the current plan and whether we need to, and can, help make it work for us.

#4 Updated by intrigeri 2019-02-06 15:21:10

Assignee set to intrigeri

I’ll handle the part about communicating with the TB team.

#5 Updated by intrigeri 2019-02-08 14:48:56

related to Feature #12571: Find a nicer way to add exceptions from mandatory signing for our Tor Browser add-ons added

#6 Updated by intrigeri 2019-02-08 14:52:55

Description updated

#7 Updated by intrigeri 2019-02-08 16:00:12

Description updated

#8 Updated by intrigeri 2019-02-08 16:07:21

Description updated

#9 Updated by intrigeri 2019-02-08 16:50:53

My understanding is that the Tor Browser build system, as of tbb-8.0.5-build2, downloads signed langpacks from Mozilla, then for each of them, replaces the default bookmarks and search plugins with custom ones, and repacks it.

And on our side, we extract the langpacks (.xpi) from Tor Browser tarballs and copy them as-is into /usr/local/share/tor-browser-extensions.

So, we could download the langpacks from Mozilla, customize the bookmarks and search plugins ourselves (by copying those from the en-US Tor Browser tarball), and disable signature verification for these XPIs. This approach has a number of problems:

Given https://ftp.mozilla.org/pub/firefox/candidates/ does not support plaintext HTTP, we need to mirror the langpacks under a plaintext HTTP URL (similarly to our Tor Browser archive), so that apt-cacher-ng can cache it, and then we need to add a verification mechanism. That’s errorprone to code and repetitive busywork every time we upgrade Tor Browser. OTOH we can stop mirroring all the Tor Browser tarballs: we only need the en-US one.
It requires either Feature #12571 being fixed nicely, or us carrying more custom code to disable extension signature verification.

#10 Updated by intrigeri 2019-02-08 17:06:38

Also, for our chrooted browsers (currently: Unsafe Browser), we modify each langpack again in delete_chroot_browser_searchplugins(). That’s one more thing that won’t survive extension signing unless Feature #12571 is fixed nicely, or we carry more custom code to disable extension signature verification.

#11 Updated by intrigeri 2019-02-08 18:01:04

On https://trac.torproject.org/projects/tor/ticket/27466#comment:18 I’ve argued in favour of postponing this change. Who knows, maybe the Tor Browser folks will prefer to give us a workaround we can use so they can release this change in their 8.5 :)

I’ll keep handling the communication with upstream for now but I’d rather not be responsible for the implementation.

#12 Updated by intrigeri 2019-02-08 18:17:30

This is for 3.14 (see email from geko on tails-dev) but I think we should work on this ASAP and not wait for post-3.13.

#13 Updated by intrigeri 2019-02-08 19:49:37

Target version changed from Tails_3.13 to Tails_3.14
Parent task deleted (~~~~Feature #16337~~~~)

Won’t happen in TB 8.5, now targets 9.0 ⇒ /me relaxes. Still, I’ll keep this on my radar to ensure I handle the communication with upstream part the best I can (it’s not exactly anonym’s cup of tea last time I checked, but if you want to sneak out of your comfort zone a bit, this could be a good one :)

#14 Updated by intrigeri 2019-02-08 21:03:59

Description updated

#15 Updated by intrigeri 2019-02-09 09:40:12

Description updated

#16 Updated by intrigeri 2019-03-20 14:42:08

blocks Feature #16209: Core work: Foundations Team added

#17 Updated by intrigeri 2019-03-20 14:46:42

blocked by deleted (~~~~Feature #15507~~: Core work 2019Q1: Foundations Team~~)

#18 Updated by intrigeri 2019-04-05 12:56:18

Assignee deleted (~~intrigeri~~)
Target version deleted (~~Tails_3.14~~)

#19 Updated by anonym 2020-05-08 09:38:06

After a meeting with the Tor Browser devs we have learned: “This will not happen anytime soon.”

#20 Updated by intrigeri 2020-05-12 13:03:19

Priority changed from Elevated to Normal

anonym wrote:
> After a meeting with the Tor Browser devs we have learned: “This will not happen anytime soon.”

Thank you for gathering this info and reporting back.
That’s not urgent anymore so I’m downgrading priority accordingly :)