| 2020-09-25 15:30:27 |
AsciiWolf |
bug |
|
|
added bug |
| 2020-09-25 15:41:36 |
AsciiWolf |
description |
The torbrowser-launcher package does not depend on gnupg/gnupg2 on Ubuntu 20.04. This results in torbrowser-launcher not working on some Ubuntu flavors that do not have gnupg installed by-default. Also, torbrowser-launcher calls /usr/bin/gpg2 instead of /usr/bin/gpg. The /usr/bin/gpg2 is just a symlink to /usr/bin/gpg on Debian/Ubuntu, provided by gnupg2 package that is not installed by-default on some Ubuntu-based systems (including Linux Mint), even if they have gnupg installed out-of-box.
The following patch and debian/control update fix the issue:
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/f83349ae954a888a7913ac64c98dbb53a284932f
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/68908ebd6567fad56642c57d2fb1f75dad6efe4a
The first link contain a patch that replaces /usr/bin/gpg2 with /usr/bin/gpg in torbrowser-launcher code.
The second link contain a change adding gnupg as torbrowser-launcher dependency to debian/control. |
The torbrowser-launcher package does not depend on gnupg/gnupg2 on Ubuntu 20.04. This results in torbrowser-launcher not working on some Ubuntu flavors that do not have gnupg installed by-default. Also, torbrowser-launcher calls /usr/bin/gpg2 instead of /usr/bin/gpg. The /usr/bin/gpg2 is just a symlink to /usr/bin/gpg on Debian/Ubuntu, provided by gnupg2 package that is not installed by-default on some Ubuntu-based systems (including Linux Mint), even if they have gnupg installed out-of-box.
The following patch and debian/control update fix the issue:
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/f83349ae954a888a7913ac64c98dbb53a284932f
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/68908ebd6567fad56642c57d2fb1f75dad6efe4a
The first link contain a patch that replaces /usr/bin/gpg2 with /usr/bin/gpg in torbrowser-launcher code.
The second link contain a change adding gnupg as torbrowser-launcher dependency to debian/control.
It is already fixed in Groovy. |
|
| 2020-09-25 16:24:54 |
Thomas Ward |
nominated for series |
|
Ubuntu Focal |
|
| 2020-09-25 16:24:54 |
Thomas Ward |
bug task added |
|
torbrowser-launcher (Ubuntu Focal) |
|
| 2020-09-25 16:25:00 |
Thomas Ward |
torbrowser-launcher (Ubuntu): status |
New |
Confirmed |
|
| 2020-09-25 16:25:04 |
Thomas Ward |
torbrowser-launcher (Ubuntu): status |
Confirmed |
Fix Released |
|
| 2020-09-25 16:25:07 |
Thomas Ward |
torbrowser-launcher (Ubuntu Focal): status |
New |
In Progress |
|
| 2020-09-25 16:25:10 |
Thomas Ward |
torbrowser-launcher (Ubuntu Focal): assignee |
|
Thomas Ward (teward) |
|
| 2020-09-28 14:03:03 |
Thomas Ward |
summary |
torbrowser-launcher has missing gnupg dependency |
[SRU] torbrowser-launcher has missing gnupg dependency |
|
| 2020-09-28 14:05:32 |
Thomas Ward |
description |
The torbrowser-launcher package does not depend on gnupg/gnupg2 on Ubuntu 20.04. This results in torbrowser-launcher not working on some Ubuntu flavors that do not have gnupg installed by-default. Also, torbrowser-launcher calls /usr/bin/gpg2 instead of /usr/bin/gpg. The /usr/bin/gpg2 is just a symlink to /usr/bin/gpg on Debian/Ubuntu, provided by gnupg2 package that is not installed by-default on some Ubuntu-based systems (including Linux Mint), even if they have gnupg installed out-of-box.
The following patch and debian/control update fix the issue:
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/f83349ae954a888a7913ac64c98dbb53a284932f
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/68908ebd6567fad56642c57d2fb1f75dad6efe4a
The first link contain a patch that replaces /usr/bin/gpg2 with /usr/bin/gpg in torbrowser-launcher code.
The second link contain a change adding gnupg as torbrowser-launcher dependency to debian/control.
It is already fixed in Groovy. |
[Impact]
torbrowser-launcher, on some Ubuntu flavors, will not run unless gnupg/gnupg2 is available on the system. This is due to the package making signature verification checks to validate the tarballs obtained from the Tor project.
As such, we require gnupg/gnupg2 to be installed as a dependency.
Further, we also require to use the actual /usr/bin/gnupg binary as there are cases where /usr/bin/gnupg2 does *not* symlink back to the gnupg binary.
[Test Case]
(1) Install torbrowser-launcher
(2) Signature verification for the download of tor browser's tarball will fail.
[Regression Potential]
Limited regression potential - requiring gnupg is not insane here, and using the non-symlinked binary is also a sane change.
[Original Bug Description]
The torbrowser-launcher package does not depend on gnupg/gnupg2 on Ubuntu 20.04. This results in torbrowser-launcher not working on some Ubuntu flavors that do not have gnupg installed by-default. Also, torbrowser-launcher calls /usr/bin/gpg2 instead of /usr/bin/gpg. The /usr/bin/gpg2 is just a symlink to /usr/bin/gpg on Debian/Ubuntu, provided by gnupg2 package that is not installed by-default on some Ubuntu-based systems (including Linux Mint), even if they have gnupg installed out-of-box.
The following patch and debian/control update fix the issue:
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/f83349ae954a888a7913ac64c98dbb53a284932f
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/68908ebd6567fad56642c57d2fb1f75dad6efe4a
The first link contain a patch that replaces /usr/bin/gpg2 with /usr/bin/gpg in torbrowser-launcher code.
The second link contain a change adding gnupg as torbrowser-launcher dependency to debian/control.
It is already fixed in Groovy. |
|
| 2020-09-28 14:57:52 |
Thomas Ward |
torbrowser-launcher (Ubuntu Focal): status |
In Progress |
Won't Fix |
|
| 2020-09-28 17:18:38 |
Thomas Ward |
torbrowser-launcher (Ubuntu Focal): status |
Won't Fix |
In Progress |
|
| 2020-09-29 16:24:09 |
AsciiWolf |
description |
[Impact]
torbrowser-launcher, on some Ubuntu flavors, will not run unless gnupg/gnupg2 is available on the system. This is due to the package making signature verification checks to validate the tarballs obtained from the Tor project.
As such, we require gnupg/gnupg2 to be installed as a dependency.
Further, we also require to use the actual /usr/bin/gnupg binary as there are cases where /usr/bin/gnupg2 does *not* symlink back to the gnupg binary.
[Test Case]
(1) Install torbrowser-launcher
(2) Signature verification for the download of tor browser's tarball will fail.
[Regression Potential]
Limited regression potential - requiring gnupg is not insane here, and using the non-symlinked binary is also a sane change.
[Original Bug Description]
The torbrowser-launcher package does not depend on gnupg/gnupg2 on Ubuntu 20.04. This results in torbrowser-launcher not working on some Ubuntu flavors that do not have gnupg installed by-default. Also, torbrowser-launcher calls /usr/bin/gpg2 instead of /usr/bin/gpg. The /usr/bin/gpg2 is just a symlink to /usr/bin/gpg on Debian/Ubuntu, provided by gnupg2 package that is not installed by-default on some Ubuntu-based systems (including Linux Mint), even if they have gnupg installed out-of-box.
The following patch and debian/control update fix the issue:
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/f83349ae954a888a7913ac64c98dbb53a284932f
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/68908ebd6567fad56642c57d2fb1f75dad6efe4a
The first link contain a patch that replaces /usr/bin/gpg2 with /usr/bin/gpg in torbrowser-launcher code.
The second link contain a change adding gnupg as torbrowser-launcher dependency to debian/control.
It is already fixed in Groovy. |
[Impact]
torbrowser-launcher, on some Ubuntu flavors, will not run unless gnupg/gnupg2 is available on the system. This is due to the package making signature verification checks to validate the tarballs obtained from the Tor project.
As such, we require gnupg/gnupg2 to be installed as a dependency.
Further, we also require to use the actual /usr/bin/gnupg binary as there are cases where /usr/bin/gnupg2 does *not* symlink back to the gnupg binary.
[Test Case]
(1) Use a clean installation (not an upgrade from 18.04) of Ubuntu 20.04 where torbrowser-launcher was not installed and configured before.
(2) Install torbrowser-launcher.
(3) Run torbrowser-launcher from a terminal.
(4) torbrowser-launcher will crash during signature verification:
$ torbrowser-launcher
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.3.2
https://github.com/micahflee/torbrowser-launcher
Creating GnuPG homedir /home/user/.local/share/torbrowser/gnupg_homedir
Downloading Tor Browser for the first time.
Downloading https://aus1.torproject.org/torbrowser/update_3/release/Linux_x86_64-gcc3/x/en-US
Latest version: 9.5.4
Downloading https://dist.torproject.org/torbrowser/9.5.4/tor-browser-linux64-9.5.4_en-US.tar.xz.asc
Downloading https://dist.torproject.org/torbrowser/9.5.4/tor-browser-linux64-9.5.4_en-US.tar.xz
Verifying Signature
Refreshing local keyring...
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py", line 589, in verify
c.verify(signature=sig, signed_data=signed)
File "/usr/lib/python3/dist-packages/gpg/core.py", line 559, in verify
raise errors.BadSignatures(results[1], results=results)
gpg.errors.BadSignatures: 110775B5D101FB36BC6C911BEB774491D9FF06E2: Key expired
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py", line 600, in run
verify()
File "/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py", line 594, in verify
raise Exception
Exception
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py", line 603, in run
self.common.refresh_keyring()
File "/usr/lib/python3/dist-packages/torbrowser_launcher/common.py", line 209, in refresh_keyring
'--refresh-keys'], stderr=subprocess.PIPE)
File "/usr/lib/python3.7/subprocess.py", line 775, in __init__
restore_signals, start_new_session)
File "/usr/lib/python3.7/subprocess.py", line 1522, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/gpg2': '/usr/bin/gpg2'
Aborted
[Regression Potential]
Limited regression potential - requiring gnupg is not insane here, and using the non-symlinked binary is also a sane change.
[Original Bug Description]
The torbrowser-launcher package does not depend on gnupg/gnupg2 on Ubuntu 20.04. This results in torbrowser-launcher not working on some Ubuntu flavors that do not have gnupg installed by-default. Also, torbrowser-launcher calls /usr/bin/gpg2 instead of /usr/bin/gpg. The /usr/bin/gpg2 is just a symlink to /usr/bin/gpg on Debian/Ubuntu, provided by gnupg2 package that is not installed by-default on some Ubuntu-based systems (including Linux Mint), even if they have gnupg installed out-of-box.
The following patch and debian/control update fix the issue:
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/f83349ae954a888a7913ac64c98dbb53a284932f
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/68908ebd6567fad56642c57d2fb1f75dad6efe4a
The first link contain a patch that replaces /usr/bin/gpg2 with /usr/bin/gpg in torbrowser-launcher code.
The second link contain a change adding gnupg as torbrowser-launcher dependency to debian/control.
It is already fixed in Groovy. |
|
| 2020-09-29 16:51:10 |
Robie Basak |
description |
[Impact]
torbrowser-launcher, on some Ubuntu flavors, will not run unless gnupg/gnupg2 is available on the system. This is due to the package making signature verification checks to validate the tarballs obtained from the Tor project.
As such, we require gnupg/gnupg2 to be installed as a dependency.
Further, we also require to use the actual /usr/bin/gnupg binary as there are cases where /usr/bin/gnupg2 does *not* symlink back to the gnupg binary.
[Test Case]
(1) Use a clean installation (not an upgrade from 18.04) of Ubuntu 20.04 where torbrowser-launcher was not installed and configured before.
(2) Install torbrowser-launcher.
(3) Run torbrowser-launcher from a terminal.
(4) torbrowser-launcher will crash during signature verification:
$ torbrowser-launcher
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.3.2
https://github.com/micahflee/torbrowser-launcher
Creating GnuPG homedir /home/user/.local/share/torbrowser/gnupg_homedir
Downloading Tor Browser for the first time.
Downloading https://aus1.torproject.org/torbrowser/update_3/release/Linux_x86_64-gcc3/x/en-US
Latest version: 9.5.4
Downloading https://dist.torproject.org/torbrowser/9.5.4/tor-browser-linux64-9.5.4_en-US.tar.xz.asc
Downloading https://dist.torproject.org/torbrowser/9.5.4/tor-browser-linux64-9.5.4_en-US.tar.xz
Verifying Signature
Refreshing local keyring...
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py", line 589, in verify
c.verify(signature=sig, signed_data=signed)
File "/usr/lib/python3/dist-packages/gpg/core.py", line 559, in verify
raise errors.BadSignatures(results[1], results=results)
gpg.errors.BadSignatures: 110775B5D101FB36BC6C911BEB774491D9FF06E2: Key expired
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py", line 600, in run
verify()
File "/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py", line 594, in verify
raise Exception
Exception
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py", line 603, in run
self.common.refresh_keyring()
File "/usr/lib/python3/dist-packages/torbrowser_launcher/common.py", line 209, in refresh_keyring
'--refresh-keys'], stderr=subprocess.PIPE)
File "/usr/lib/python3.7/subprocess.py", line 775, in __init__
restore_signals, start_new_session)
File "/usr/lib/python3.7/subprocess.py", line 1522, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/gpg2': '/usr/bin/gpg2'
Aborted
[Regression Potential]
Limited regression potential - requiring gnupg is not insane here, and using the non-symlinked binary is also a sane change.
[Original Bug Description]
The torbrowser-launcher package does not depend on gnupg/gnupg2 on Ubuntu 20.04. This results in torbrowser-launcher not working on some Ubuntu flavors that do not have gnupg installed by-default. Also, torbrowser-launcher calls /usr/bin/gpg2 instead of /usr/bin/gpg. The /usr/bin/gpg2 is just a symlink to /usr/bin/gpg on Debian/Ubuntu, provided by gnupg2 package that is not installed by-default on some Ubuntu-based systems (including Linux Mint), even if they have gnupg installed out-of-box.
The following patch and debian/control update fix the issue:
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/f83349ae954a888a7913ac64c98dbb53a284932f
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/68908ebd6567fad56642c57d2fb1f75dad6efe4a
The first link contain a patch that replaces /usr/bin/gpg2 with /usr/bin/gpg in torbrowser-launcher code.
The second link contain a change adding gnupg as torbrowser-launcher dependency to debian/control.
It is already fixed in Groovy. |
[Impact]
torbrowser-launcher, on some Ubuntu flavors, will not run unless gnupg/gnupg2 is available on the system. This is due to the package making signature verification checks to validate the tarballs obtained from the Tor project.
As such, we require gnupg/gnupg2 to be installed as a dependency.
Further, we also require to use the actual /usr/bin/gnupg binary as there are cases where /usr/bin/gnupg2 does *not* symlink back to the gnupg binary.
[Test Case]
(1) Use a clean installation (not an upgrade from 18.04) of Ubuntu 20.04 where torbrowser-launcher was not installed and configured before.
(2) Install torbrowser-launcher.
(3) Run torbrowser-launcher from a terminal.
(4) torbrowser-launcher will crash during signature verification:
$ torbrowser-launcher
Tor Browser Launcher
By Micah Lee, licensed under MIT
version 0.3.2
https://github.com/micahflee/torbrowser-launcher
Creating GnuPG homedir /home/user/.local/share/torbrowser/gnupg_homedir
Downloading Tor Browser for the first time.
Downloading https://aus1.torproject.org/torbrowser/update_3/release/Linux_x86_64-gcc3/x/en-US
Latest version: 9.5.4
Downloading https://dist.torproject.org/torbrowser/9.5.4/tor-browser-linux64-9.5.4_en-US.tar.xz.asc
Downloading https://dist.torproject.org/torbrowser/9.5.4/tor-browser-linux64-9.5.4_en-US.tar.xz
Verifying Signature
Refreshing local keyring...
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py", line 589, in verify
c.verify(signature=sig, signed_data=signed)
File "/usr/lib/python3/dist-packages/gpg/core.py", line 559, in verify
raise errors.BadSignatures(results[1], results=results)
gpg.errors.BadSignatures: 110775B5D101FB36BC6C911BEB774491D9FF06E2: Key expired
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py", line 600, in run
verify()
File "/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py", line 594, in verify
raise Exception
Exception
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/torbrowser_launcher/launcher.py", line 603, in run
self.common.refresh_keyring()
File "/usr/lib/python3/dist-packages/torbrowser_launcher/common.py", line 209, in refresh_keyring
'--refresh-keys'], stderr=subprocess.PIPE)
File "/usr/lib/python3.7/subprocess.py", line 775, in __init__
restore_signals, start_new_session)
File "/usr/lib/python3.7/subprocess.py", line 1522, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: '/usr/bin/gpg2': '/usr/bin/gpg2'
Aborted
[Regression Potential]
Limited regression potential - requiring gnupg is not insane here, and using the non-symlinked binary is also a sane change.
[racb] We're changing the binary name used to call gpg, so users with unusual system configurations who don't have a valid /usr/bin/gpg, or have wrapped the old name or similar may be affected.
[Original Bug Description]
The torbrowser-launcher package does not depend on gnupg/gnupg2 on Ubuntu 20.04. This results in torbrowser-launcher not working on some Ubuntu flavors that do not have gnupg installed by-default. Also, torbrowser-launcher calls /usr/bin/gpg2 instead of /usr/bin/gpg. The /usr/bin/gpg2 is just a symlink to /usr/bin/gpg on Debian/Ubuntu, provided by gnupg2 package that is not installed by-default on some Ubuntu-based systems (including Linux Mint), even if they have gnupg installed out-of-box.
The following patch and debian/control update fix the issue:
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/f83349ae954a888a7913ac64c98dbb53a284932f
https://salsa.debian.org/pkg-privacy-team/torbrowser-launcher/-/commit/68908ebd6567fad56642c57d2fb1f75dad6efe4a
The first link contain a patch that replaces /usr/bin/gpg2 with /usr/bin/gpg in torbrowser-launcher code.
The second link contain a change adding gnupg as torbrowser-launcher dependency to debian/control.
It is already fixed in Groovy. |
|
| 2020-09-30 19:04:42 |
Robie Basak |
torbrowser-launcher (Ubuntu Focal): status |
In Progress |
Fix Committed |
|
| 2020-09-30 19:04:43 |
Robie Basak |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2020-09-30 19:04:45 |
Robie Basak |
bug |
|
|
added subscriber SRU Verification |
| 2020-09-30 19:04:47 |
Robie Basak |
tags |
focal |
focal verification-needed verification-needed-focal |
|
| 2020-09-30 20:24:48 |
AsciiWolf |
tags |
focal verification-needed verification-needed-focal |
focal verification-done-focal verification-needed |
|
| 2020-10-06 13:35:36 |
Thomas Ward |
tags |
focal verification-done-focal verification-needed |
focal verification-done-focal |
|
| 2020-10-12 08:46:59 |
Launchpad Janitor |
torbrowser-launcher (Ubuntu Focal): status |
Fix Committed |
Fix Released |
|
| 2020-10-12 08:47:18 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
