[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #31130 [Applications/Tor Browser]: Use Debian 10 for our Android container images
#31130: Use Debian 10 for our Android container images
-------------------------------------------+-------------------------------
Reporter: gk | Owner: sisbell
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-rbm, TorBrowserTeam201911 | Actual Points:
Parent ID: #31127 | Points: 0.5
Reviewer: | Sponsor:
-------------------------------------------+-------------------------------
Comment (by gk):
Replying to [comment:51 boklm]:
> Replying to [comment:50 gk]:
> > Replying to [comment:48 sisbell]:
> > > Looks like we just need one additional dependency installed for the
JDK headless installation. I verified a full build.
> > >
> > > https://github.com/sisbell/tor-browser-
build/commit/005b6651ba42737c7e1bd177f01286294355c02f
> >
> > Okay, we are close. Looking over the patch again I see you are
pointing to `https://deb.debian.org/debian/pool/main/o/openjdk-8` for the
openjdk packages. However, that seems to be brittle to me as it's easily
conceivable that our version is getting superseded by newer updates in the
couple of weeks, essentially getting unavailable. Better is using
`snapshot.debian.org` (e.g.
https://snapshot.debian.org/archive/debian/20191031T212011Z/pool/main/o/openjdk-8/).
>
> As it's an update for a stable distribution, I think previous versions
of the packages are not removed from mirrors (until the whole suite is
removed, which I think will not be before 2022 for stretch). So I think
using `https://deb.debian.org/` is fine (but using snapshot.debian.org is
fine too).
I think you are wrong here. Have a look at
https://snapshot.debian.org/archive/debian/20191001T024204Z/pool/main/o/openjdk-8/
and
https://snapshot.debian.org/archive/debian/20191031T212011Z/pool/main/o/openjdk-8/
in the former you still find `8u232-b04` binaries but not the latter right
now there are `8u232-b09-1~deb9u1` ones *instead* of the former which the
stable archive mirrors but it seems that's not guaranteed to hold. That is
there seems to be no reason to assume that `8u232-b09-1~deb9u1` could not
get replaced in the future by a successor, which is why I think we should
go the snapshot route to be on the safe side.
> > boklm: anything else that should get fixed?
>
> I did not try to do a build yet, but the patch looks good to me.
>
> I think we should also check that the creation of `wheezy-amd64` and
`stretch-amd64` images in `debootstrap-image` is still working correctly
with the updated Ubuntu version.
Yes, please.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31130#comment:52>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs