Skip to content
Snippets Groups Projects
New look: Off

Pluggable transports bundles warn of need to upgrade when no new version is yet available

    • Closed (moved) Issue created by David Fifield @dcf

    Say there is a TBB and corresponding PT bundle both with version number X.Y.Z-alpha-1. https://check.torproject.org/RecommendedTBBVersions will say:

    [
/* ... stable bundles ... */
"X.Y.Z-alpha-1-MacOS",
"X.Y.Z-alpha-1-Windows",
"X.Y.Z-alpha-1-Linux"
]

    When the X.Y.Z-alpha-2 TBB is released, the file changes to

    [
/* ... stable bundles ... */
"X.Y.Z-alpha-2-MacOS",
"X.Y.Z-alpha-2-Windows",
"X.Y.Z-alpha-2-Linux"
]

    If we haven't built new corresponding PT bundles yet, those will still have the old version number X.Y.Z-alpha-1, and users will get a blinking Tor button telling them to upgrade. However no upgrade exists for them yet.

    To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

    Child items ...

    • Activity

    • David Fifield added component::circumvention/pluggable transport flashproxy owner::asn priority::medium resolution::fixed status::closed type::defect labels

      added component::circumvention/pluggable transport flashproxy owner::asn priority::medium resolution::fixed status::closed type::defect labels

    • D
      David Fifield @dcf ·
      Author

      Lunar proposes putting separate lines with independent version numbers for PT bundles in RecommendedTBBVersions. Using a naming convention from #8644 (moved), if the X.Y.Z-alpha-1-pt1 PT bundle is still safe to use, the file might look like

      [
/* ... stable bundles ... */
"X.Y.Z-alpha-2-MacOS",
"X.Y.Z-alpha-2-Windows",
"X.Y.Z-alpha-2-Linux",
"X.Y.Z-alpha-1-pt1-MacOS",
"X.Y.Z-alpha-1-pt1-Windows",
"X.Y.Z-alpha-1-pt1-Linux"
]

      What to do if the old PT bundle is not safe to use (i.e., if TBB was updated because of a security vulnerability) is another question. We want to alert the user somehow, with a message other than "Download new version." I think it might be nice to have separate switches for "this version is safe to use" and "there is a newer version." This may not fit how RecommendedTBBVersions works, however.

    • George Kadianakis
      George Kadianakis @asn ·

      It seems to me that if we (Erinn?) start making PT bundles along with normal TBBs this issue will be autosolved. If we can start doing so soon, it will probably be a better solution than hacking torcheck.

      I think that torcheck is a component that is hard to upgrade; for example, aagbsn hacked up a new torcheck a year ago (https://github.com/aagbsn/TorCheck), but we still have the same torcheck in check.tpo. I would prefer not to mess with torcheck.

    • Trac
      Trac @tracbot ·

      It appears that Tor Pluggable Transports Bundle 2.4.11-alpha-2-dev is just Tor Pluggable Transports Bundle 2.4.11-alpha-1-dev renamed. I confirmed this for gnu-linux-i686, gnu-linux-x86_64, and windows.

      `md5sum tor-pluggable-transports-browser-gnu-linux-i686-2.4.11-alpha-2-dev-en-US.tar.gz

      a9737183ecaea2f4c1aa71abffc71de5 tor-pluggable-transports-browser-gnu-linux-i686-2.4.11-alpha-2-dev-en-US.tar.gz`

      and

      `md5sum tor-pluggable-transports-browser-gnu-linux-i686-2.4.11-alpha-1-dev-en-US.tar.gz

      a9737183ecaea2f4c1aa71abffc71de5 tor-pluggable-transports-browser-gnu-linux-i686-2.4.11-alpha-1-dev-en-US.tar.gz`

      Trac:
      Username: matt

    • Trac
      Trac @tracbot ·

      We did just rename the windows/linux bundles for alpha-2, the release was meant to fix a problem in the OSX bundles.

      Replying to matt:

      It appears that Tor Pluggable Transports Bundle 2.4.11-alpha-2-dev is just Tor Pluggable Transports Bundle 2.4.11-alpha-1-dev renamed. I confirmed this for gnu-linux-i686, gnu-linux-x86_64, and windows.

      `md5sum tor-pluggable-transports-browser-gnu-linux-i686-2.4.11-alpha-2-dev-en-US.tar.gz

      a9737183ecaea2f4c1aa71abffc71de5 tor-pluggable-transports-browser-gnu-linux-i686-2.4.11-alpha-2-dev-en-US.tar.gz`

      and

      `md5sum tor-pluggable-transports-browser-gnu-linux-i686-2.4.11-alpha-1-dev-en-US.tar.gz

      a9737183ecaea2f4c1aa71abffc71de5 tor-pluggable-transports-browser-gnu-linux-i686-2.4.11-alpha-1-dev-en-US.tar.gz`

      Trac:
      Username: aallai

    • P
      proper @proper ·

      It seems to me that if we (Erinn?) start making PT bundles along with normal TBBs this issue will be autosolved. If we can start doing so soon, it will probably be a better solution than hacking torcheck.

      Once #6009 (moved) git is implemented, you won't need separate pt bundles anymore?

      However, there may be situations, where pt users need an update, while non-pt users don't. This shouldn't be a problem with the alpha version.

      Will there be ever stable pt builds?

      Trac:
      Cc: asn, aallai to asn, aallai, adrelanos@riseup.net

    • Micah Lee
      Micah Lee @micahflee ·

      I've been working on Tor Browser Launcher, a program that downloads the latest Tor Browser, verifies signatures, installs, and launches it, as well as keeps it up-to-date.

      I've recently added a settings dialog that lets users choose if they want the stable or alpha version, and I would love to add the pluggable transports bundle to that list too. But I can't until there's a reliable way to check for the latest Obfsproxy TBB version.

      Here's the related Tor Browser Launcher bug: https://check.torproject.org/RecommendedTBBVersions

      Is there a timeline for getting this fixed?

      Trac:
      Cc: asn, aallai, adrelanos@riseup.net to asn, aallai, adrelanos@riseup.net, micahlee

    • Micah Lee
      Micah Lee @micahflee ·

      Replying to micahlee:

      Here's the related Tor Browser Launcher bug: https://check.torproject.org/RecommendedTBBVersions

      Oops, here's the real related bug: https://github.com/micahflee/torbrowser-launcher/issues/38

    • D
      David Fifield @dcf ·
      Author

      Replying to micahlee:

      I've recently added a settings dialog that lets users choose if they want the stable or alpha version, and I would love to add the pluggable transports bundle to that list too. But I can't until there's a reliable way to check for the latest Obfsproxy TBB version.

      Is there a timeline for getting this fixed?

      I don't think you should count on the pluggable transports version number ever appearing in RecommendedTBBVersions. Making releases is already difficult enough and involves a lot of people; adding even more version numbers makes maintenance that much harder.

      You might have luck scraping https://www.torproject.org/projects/obfsproxy.html.en#download. Even that is wrong at the moment; the Windows link is broken per #8804 (moved).

      The existence of a separate pluggable transports bundle is temporary. #8019 (closed) is about moving pluggable transports into the normal TBB.

    • Micah Lee
      Micah Lee @micahflee ·

      Thanks, dcf. I don't want to have to scrape HTML to figure out a version number :) -- so I think in that case the best bet is just waiting until #8019 (closed) is finished and not offering the pluggable transports bundle as an option in TBL.

    • D
      David Fifield @dcf ·
      Author

      Pluggable transports are now part of the normal bundle. https://blog.torproject.org/blog/tor-browser-36-beta-1-released

      Trac:
      Resolution: N/A to fixed
      Status: new to closed

    • Trac closed

      closed

    • David Fifield mentioned in issue #9444 (closed)

      mentioned in issue #9444 (closed)

    • Trac moved to tpo/anti-censorship/pluggable-transports/trac#8645 (closed)

      moved to tpo/anti-censorship/pluggable-transports/trac#8645 (closed)

    Please register or sign in to reply