#tor-meeting log

15:00:27 <richard> #startmeeting Tor Browser Weekly Meeting 2022-03-21
15:00:27 <MeetBot> Meeting started Mon Mar 21 15:00:27 2022 UTC.  The chair is richard. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:27 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
15:01:19 <donuts> o/
15:01:28 <Jeremy_Rand_Talos_> Hi!
15:01:30 <richard> okay
15:01:46 <richard> we'll do the usual for some minutes
15:02:04 <richard> update the pad, update your boards/tasks, bring up discussion topics, etc
15:03:55 <aguestuser> o/
15:06:19 <richard> ok then
15:07:54 <richard> ok PieroV, looks like you're up re Discussion topics
15:08:00 <richard> what's all this about apk alignment issues?
15:08:16 <PieroV> a user tried to build Tor Browser from source for all platforms
15:08:32 <PieroV> (I don't know why, if they are also auditing, or if they just don't trust our builds...)
15:08:51 <PieroV> anyway, they had some problems with the Android one, they told they couldn't install it
15:09:10 <PieroV> Because Android 11 changed format/requires APK/zip alignment or something like this
15:09:32 <Jeremy_Rand_Talos_> Certainly a good thing to have people from outside of Tor trying to reproduce our builds.  Wish it were more common....
15:09:44 <aguestuser> PieroV: i have encountered this on API 30 and above
15:09:49 <richard> is there a reproducibility problem here?
15:09:54 <aguestuser> cannot side load
15:09:54 <PieroV> So, my question is: at the signing phase, do we do something that could be moved to tor-browser-build?
15:10:10 <aguestuser> i have to do all my QA work on API 29 or below
15:10:17 <aguestuser> since starting
15:10:29 <PieroV> is API 30 Android 11?
15:10:42 * aguestuser goes to look it up
15:11:11 <aguestuser> yes
15:11:28 <aguestuser> api 29 is android 10 (last one i can manually isntall apks for)
15:11:39 <richard> ok interesting
15:11:43 <PieroV> okay, then probably as the user was saying, it is just that we are using an old sdk/toolchain and they should have done their tests with API 29 as well
15:11:45 <aguestuser> but: can install from playstore or update just fine
15:11:59 <aguestuser> well, this is a standing issue we need to fix
15:12:03 * aguestuser digs up issue
15:12:09 <PieroV> aguestuser: could you please answer the user?
15:12:32 <PieroV> the issue is tor-browser-build#40463
15:12:34 <aguestuser> PieroV: where is ticket?
15:12:51 <PieroV> otherwise if you prefer, I'll just write what came up here
15:13:24 <kwadronaut[m]> PieroV: I can try to reproduce it tomorrow on an Android 11 device.
15:13:43 <aguestuser> here is issue: http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/applications/fenix/-/issues/40202
15:14:16 <PieroV> kwadronaut[m]: you would need to build an apk with tor-browser-build :) If it already known, I don't think we need to reproduce it further, but thanks anyway :)
15:14:25 <sysrqb> aguestuser: huh. our signed releases can be installed on 30+? it's only QA where we see this error?
15:14:30 <kwadronaut[m]> aguestuser: I can tell you a joke now, how I can't open onion links from my  phone ;)
15:14:50 <sysrqb> (ha!)
15:14:57 <aguestuser> lolol
15:15:02 <sysrqb> :(
15:15:05 <sysrqb> anyway
15:15:22 <kwadronaut[m]> Piero: good point, thanks.
15:15:23 <richard> kwadronaut: https://gitlab.torproject.org/tpo/applications/fenix/-/issues/40202
15:15:46 <PieroV> well, that was all for my discussion point
15:15:54 <sysrqb> aguestuser: huh. our signed releases can be installed on 30+? it's only QA where we see this error?
15:16:00 <aguestuser> sysrqb: i don't know if it's also signed releases. just flagged this when honestly too fresh to parse distinctions in what apks were being spit out by tor-browser-build. was just surprised that i could not side-load its output
15:16:14 <aguestuser> i think it's worth investigating1
15:16:27 <sysrqb> yeah
15:16:35 <sysrqb> i remember that initial discussioh
15:16:45 <sysrqb> but i assumed this issue included signed apks
15:17:00 <sysrqb> if it's only QA, then there's probably an easy fix
15:17:04 <aguestuser> i would assume it does?
15:17:12 <sysrqb> okay
15:17:15 <boklm> is it for nightly builds only?
15:17:34 <aguestuser> actually, i can check this right now
15:17:40 <aguestuser> have tons of signed apks lying around lol
15:18:05 <sysrqb> boklm: i think the issue wanted "testbuilds based on nightly"
15:18:23 <PieroV> the issue I've linked is also on release
15:18:28 <PieroV> but with the self-built apks
15:18:55 <PieroV> (according to the report, but I haven't checked)
15:19:05 <sysrqb> okay, aguestuser can verify this affects all apks, and we can make progress on that point
15:20:28 <richard> is a potential fix for this likely to interact at all with the rebase to 99, or is the problem more likely to be in the later packaging stages
15:20:40 <richard> (it sounds like more the latter)
15:20:43 <aguestuser> sysrqb: okay, so i was just able to install a signed release apk
15:20:45 <sysrqb> richard: yeah, unrelated
15:20:52 <aguestuser> for last alpha release
15:20:55 <sysrqb> neat
15:21:06 <richard> yesneat
15:21:29 <sysrqb> that explains why we haven't gotten complains about installation failing on newer Androids
15:22:08 <aguestuser> sysrqb: cannot install unsigned (qa) apks
15:22:31 <aguestuser> 1adb: failed to install tor-browser-11.5a7-android-x86-multi-qa.apk: Failure [-124: Failed parse during installPackageLI: Targeting R+ (version 30 and above) requires the resources.arsc of installed APKs to be stored uncompressed and aligned on a 4-byte boundary]
15:22:32 <sysrqb> okay, so PieroV's question seems correct
15:22:40 <Jeremy_Rand_Talos_> aguestuser, I believe Electrum's Android build scripts sign with a test key when building a test APK, rather than leaving unsigned.
15:22:49 <Jeremy_Rand_Talos_> Maybe this is why?
15:22:56 <sysrqb> we are doing something during package signing that corrrects this
15:23:04 <PieroV> also we sign with a test key
15:23:20 <Jeremy_Rand_Talos_> ok
15:23:40 <sysrqb> aguestuser and I can experiement with this and find the solution
15:23:44 <boklm> it seems the user was able to fix it with zipalign
15:23:52 <sysrqb> it shouldn't be too difficult now that we know the signed releases work
15:24:01 <richard> boklm: also interesting
15:24:13 <boklm> http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/applications/tor-browser-build/-/issues/40463#note_2788931
15:24:42 <richard> ok, so it sounds like we have some avenues to explore here
15:24:53 <sysrqb> yep
15:25:14 <aguestuser> linked the 2 issues
15:25:20 <aguestuser> (just now)
15:25:26 <richard> it seems to me this rates lower in priority than getting android rebased to latest and all of that fun stuff
15:25:45 <aguestuser> yes!
15:25:55 <richard> but if it's one of those things that can be worked on semi-simultaneously, then go for it
15:26:09 <PieroV> (I have a q also on that, but I think that boklm comes first with the nightly emails)
15:26:14 <richard> so highest of the low priority issues :p
15:26:37 <richard> ok, boklm you're up
15:27:09 <boklm> ok, so does anyone wants to receive emails for nightly build and/or nightly tests emails? (a daily email saying if builds were succesful, and if tests were sucessful)
15:27:24 <aguestuser> sure!
15:27:31 <richard> I think i used to be signed up, but haven't gotten them recently
15:27:39 <richard> or my email filters are too agressive...
15:27:54 <PieroV> I'd like to sign up as well
15:28:53 <boklm> ok, so I will add you all 3
15:28:58 <PieroV> thanks
15:29:01 <richard> thanks!
15:29:33 <richard> ok and finally
15:29:56 <richard> it looks like our 11.0.9 release happened over the weekend
15:30:15 <richard> and 11.5a8 should be coming along soon once signing is complete
15:30:28 <richard> which i think means we have a week of rest when it comes to builds and releases
15:30:46 <aguestuser> except TBA!
15:30:50 <aguestuser> ;)
15:30:54 <richard> gah ffs yes
15:31:09 <richard> 11.5a9 scheduled for friday?
15:31:17 <richard> or is the calendar out of date?
15:31:25 <aguestuser> yup friday
15:31:42 <richard> ok great
15:31:52 <aguestuser> if PieroV gets unblocked on GV and testbuilds go well we *could* in theory ship mid-week
15:31:54 <aguestuser> but...
15:32:03 <aguestuser> goal with this release is to fix crashing error
15:32:17 <aguestuser> which is in the *extreme* complexity/uncertainty bucket
15:32:34 <richard> boklm: should I plan on pushing the blog/website updates tomorow'ish?
15:32:38 <PieroV> I've finished the MR on Friday, and this morning I reviewed it... so I'm quite sure it is okay... But I can't build it
15:32:40 <aguestuser> so... that seems to be the main thing that will influence when the release goes out (depending on whether we want to hold the alpha release for fixing it?)
15:32:46 <aguestuser> (which i think we do?)
15:33:12 <richard> aguestuser: fix'd the crashing error by rebasing to to latest right?
15:33:13 <aguestuser> PieroV: sorry typed over you!
15:33:21 <richard> or did something change over the weekend?
15:33:25 <aguestuser> richard: we are *trying* to fix the crashing error that way
15:33:30 <richard> ah ok
15:33:32 <aguestuser> richard: we have no idea whether it will succeed
15:33:34 <richard> god speed
15:33:43 <aguestuser> as the segfault is more or less 100% blackbox ATM
15:33:51 <boklm> richard: yes, I think signing/upload will be finished sometime tomorrow
15:33:54 <richard> mmhm ok that's what I thought :)
15:34:01 <aguestuser> hope is that at v99 it is either (1) gone magically or (2) easier to ask moz engineers for help
15:34:03 <PieroV> (I'd like to understand what caused the sigsegv anyway)
15:35:01 <aguestuser> PieroV: did you want to ask about GV stuff? (sorry i just took us on some tangents!)
15:35:04 <richard> boklm: ok great, it seems like mechanizations are happening in th ebackground getting me access to the signing machine, so we should be able to trade off in the relatively near future on signing duties
15:36:00 <PieroV> aguestuser: yep, I have some nasty cbindgen errors while trying to build GV with mach (so without the additional complications of getting the dependencies first and similar amenities)
15:36:02 <PieroV> https://share.riseup.net/#EvYIF3J1aeUMbpfHgevosg
15:36:50 <boklm> richard: I think maybe you want to try signing an alpha release first (as it may take some time to do it the first time, to avoid delaying the stable release)
15:37:15 <richard> alright let's tentatively plan on my signing the next alpha
15:37:27 <richard> PieroV, aguestuser: what is GV in his context?
15:37:31 <PieroV> in particular this `Conflicting name for constant ...` (on `wgpu-hal`, which is a third-party project)
15:37:37 <aguestuser> richard: "geckoview" sorry!
15:37:38 <PieroV> geckoview
15:37:45 <richard> ah of course
15:38:13 <richard> wrong rust compiler version?
15:38:16 <richard> vOv
15:38:24 <PieroV> I've already updated to 1.59.0
15:38:36 <PieroV> That is what we'll use for `tor-browser-build`
15:39:02 <PieroV> `rustc --version` is `rustc 1.59.0 (9d1b2106e 2022-02-23)`
15:39:18 <JanJan[m]> hello I am jan jan from Poland, currently mounting a project, has anyone experience or can refer me to lawyers who worked on EU regulations and possibly on the new  EU regulations about dual use research
15:39:19 <PieroV> And I've also updated cbdindgen
15:39:53 <richard> JanJan: maybe try #tor if this is tor related?
15:39:57 <richard> otherwise this is a meeting
15:40:49 <aguestuser> yes let's meet! (good luck JanJan!)
15:41:33 <aguestuser> PieroV: you were saying? ...
15:41:37 <PieroV> I've also tried `./mach vendor rust`
15:41:59 <PieroV> So, has any of you had similar errors? Otherwise I think I'll have to ask on Moz channels
15:42:11 <PieroV> Because I have this error also on gecko-dev/beta
15:42:12 <richard> i've never seen anything like it
15:42:41 <richard> first thought would be to just try building the crate outside of ./mach environment, but pinging mozdevs probablya better idea
15:42:50 <aguestuser> PieroV: if you do wind up asking on Moz channels could you point me to that communication? (i'd like to follow along to prep for asking for help on the crash if needed!)
15:43:50 <PieroV> okay, so in case, which channel would be the best one to ask help for an error like this? Also, should I try to get their exact toolchains, first?
15:44:26 <PieroV> (and maybe try to build for desktop as well, I think this isn't an android-only issue)
15:44:46 <sysrqb> PieroV: at which stage do you see this error? `mach build ...` ?
15:45:04 <PieroV> sysrqb: yep, mach build and within a few seconds
15:45:38 <sysrqb> hrm. okay
15:46:28 <sysrqb> i don't know why you;d see this, off the top of my head
15:46:38 <sysrqb> "Skip wgpu-hal::ORDERED - (Unsupported expression. [...]"
15:46:50 <sysrqb> leads me to think it is due to using an older rust version
15:47:02 <sysrqb> but you already said that isn't the case
15:47:14 <PieroV> I haven't tried with nightly - but we couldn't use nightly anyway
15:47:35 <sysrqb> yeah, that's something else wrong
15:47:38 <sysrqb> there's
15:47:53 <PieroV> Then I also have some errors on servo
15:48:00 <PieroV> ERROR: Parsing crate `style`:`/home/piero/Tor/gv2/servo/components/style/stylesheets/page_rule.rs`:
15:48:05 <PieroV> Error("expected identifier or integer")
15:48:33 <PieroV> and I've just tried with the mozconfig we use for desktop, without the TB options, and I still get the error, so it isn't an Android-related thing either
15:49:43 <sysrqb> did you already try clobbering the objdir from older builds?
15:49:47 <GeKo> boklm: thanks for merging my mr (assuming this was you) :)
15:49:50 <sysrqb> or did you use a new objdir for 99?
15:50:09 <PieroV> I created a new one, because I wanted to keep v96 objs in case we wanted to do some other tests
15:50:15 <boklm> GeKo: yes, that was me :)
15:50:25 <sysrqb> PieroV: okay, (good), hrm
15:50:31 <sysrqb> interesting problem.
15:50:41 <richard> hmm
15:51:00 <PieroV> and notice that rustc -Z parse-only /home/piero/Tor/gv2/servo/components/style/stylesheets/page_rule.rs works only on nightly...
15:51:11 <richard> in my experience moving the obj dir hasn't always worked in terms of creating a fresh build :/
15:51:33 <PieroV> richard: no, I moved entirely the geckoview directory
15:51:50 <PieroV> mkdir gv2; cd gv2; cp -R ../geckoview/.git ./; git checkout -- .
15:51:57 <richard> oh wow ok
15:52:44 <richard> well i'm out of ideas
15:52:54 <richard> does anyone have anything else, or shall we wrap this up?
15:52:54 <sysrqb> PieroV: i don't know if this will make a difference, but you could try going through `mach bootrap` again
15:53:20 <PieroV> sysrqb: I don't know if mach bootstrap ever worked for me :)
15:53:27 <sysrqb> i don't have any other ideas right now, after that
15:53:35 <sysrqb> ah, hrm
15:53:37 <PieroV> E.g., I don't have sudo on my PC
15:53:41 <Jeremy_Rand_Talos_> boklm, anything needed from me regarding ARM/POWER?
15:53:55 <sysrqb> okay
15:54:16 <PieroV> Well, I'll come up with something (e.g., trying in a container that is more mozilla-standard)
15:54:23 <sysrqb> yeah
15:54:28 <PieroV> thanks for the help in the meantime :)
15:55:51 <boklm> Jeremy_Rand_Talos_: I still need to do the rebase/continue the review, hopefuly this week (sorry for taking time to do it)
15:56:30 <Jeremy_Rand_Talos_> boklm, ok, no worries
15:58:09 <richard> alright then I'm going to call it there
15:58:16 <richard> have a good week everyone!
15:58:19 <richard> #endmeeting