15:00:27 <richard> #startmeeting Tor Browser Weekly Meeting 2022-03-21 15:00:27 <MeetBot> Meeting started Mon Mar 21 15:00:27 2022 UTC. The chair is richard. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:27 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic. 15:01:19 <donuts> o/ 15:01:28 <Jeremy_Rand_Talos_> Hi! 15:01:30 <richard> okay 15:01:46 <richard> we'll do the usual for some minutes 15:02:04 <richard> update the pad, update your boards/tasks, bring up discussion topics, etc 15:03:55 <aguestuser> o/ 15:06:19 <richard> ok then 15:07:54 <richard> ok PieroV, looks like you're up re Discussion topics 15:08:00 <richard> what's all this about apk alignment issues? 15:08:16 <PieroV> a user tried to build Tor Browser from source for all platforms 15:08:32 <PieroV> (I don't know why, if they are also auditing, or if they just don't trust our builds...) 15:08:51 <PieroV> anyway, they had some problems with the Android one, they told they couldn't install it 15:09:10 <PieroV> Because Android 11 changed format/requires APK/zip alignment or something like this 15:09:32 <Jeremy_Rand_Talos_> Certainly a good thing to have people from outside of Tor trying to reproduce our builds. Wish it were more common.... 15:09:44 <aguestuser> PieroV: i have encountered this on API 30 and above 15:09:49 <richard> is there a reproducibility problem here? 15:09:54 <aguestuser> cannot side load 15:09:54 <PieroV> So, my question is: at the signing phase, do we do something that could be moved to tor-browser-build? 15:10:10 <aguestuser> i have to do all my QA work on API 29 or below 15:10:17 <aguestuser> since starting 15:10:29 <PieroV> is API 30 Android 11? 15:10:42 * aguestuser goes to look it up 15:11:11 <aguestuser> yes 15:11:28 <aguestuser> api 29 is android 10 (last one i can manually isntall apks for) 15:11:39 <richard> ok interesting 15:11:43 <PieroV> okay, then probably as the user was saying, it is just that we are using an old sdk/toolchain and they should have done their tests with API 29 as well 15:11:45 <aguestuser> but: can install from playstore or update just fine 15:11:59 <aguestuser> well, this is a standing issue we need to fix 15:12:03 * aguestuser digs up issue 15:12:09 <PieroV> aguestuser: could you please answer the user? 15:12:32 <PieroV> the issue is tor-browser-build#40463 15:12:34 <aguestuser> PieroV: where is ticket? 15:12:51 <PieroV> otherwise if you prefer, I'll just write what came up here 15:13:24 <kwadronaut[m]> PieroV: I can try to reproduce it tomorrow on an Android 11 device. 15:13:43 <aguestuser> here is issue: http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/applications/fenix/-/issues/40202 15:14:16 <PieroV> kwadronaut[m]: you would need to build an apk with tor-browser-build :) If it already known, I don't think we need to reproduce it further, but thanks anyway :) 15:14:25 <sysrqb> aguestuser: huh. our signed releases can be installed on 30+? it's only QA where we see this error? 15:14:30 <kwadronaut[m]> aguestuser: I can tell you a joke now, how I can't open onion links from my phone ;) 15:14:50 <sysrqb> (ha!) 15:14:57 <aguestuser> lolol 15:15:02 <sysrqb> :( 15:15:05 <sysrqb> anyway 15:15:22 <kwadronaut[m]> Piero: good point, thanks. 15:15:23 <richard> kwadronaut: https://gitlab.torproject.org/tpo/applications/fenix/-/issues/40202 15:15:46 <PieroV> well, that was all for my discussion point 15:15:54 <sysrqb> aguestuser: huh. our signed releases can be installed on 30+? it's only QA where we see this error? 15:16:00 <aguestuser> sysrqb: i don't know if it's also signed releases. just flagged this when honestly too fresh to parse distinctions in what apks were being spit out by tor-browser-build. was just surprised that i could not side-load its output 15:16:14 <aguestuser> i think it's worth investigating1 15:16:27 <sysrqb> yeah 15:16:35 <sysrqb> i remember that initial discussioh 15:16:45 <sysrqb> but i assumed this issue included signed apks 15:17:00 <sysrqb> if it's only QA, then there's probably an easy fix 15:17:04 <aguestuser> i would assume it does? 15:17:12 <sysrqb> okay 15:17:15 <boklm> is it for nightly builds only? 15:17:34 <aguestuser> actually, i can check this right now 15:17:40 <aguestuser> have tons of signed apks lying around lol 15:18:05 <sysrqb> boklm: i think the issue wanted "testbuilds based on nightly" 15:18:23 <PieroV> the issue I've linked is also on release 15:18:28 <PieroV> but with the self-built apks 15:18:55 <PieroV> (according to the report, but I haven't checked) 15:19:05 <sysrqb> okay, aguestuser can verify this affects all apks, and we can make progress on that point 15:20:28 <richard> is a potential fix for this likely to interact at all with the rebase to 99, or is the problem more likely to be in the later packaging stages 15:20:40 <richard> (it sounds like more the latter) 15:20:43 <aguestuser> sysrqb: okay, so i was just able to install a signed release apk 15:20:45 <sysrqb> richard: yeah, unrelated 15:20:52 <aguestuser> for last alpha release 15:20:55 <sysrqb> neat 15:21:06 <richard> yesneat 15:21:29 <sysrqb> that explains why we haven't gotten complains about installation failing on newer Androids 15:22:08 <aguestuser> sysrqb: cannot install unsigned (qa) apks 15:22:31 <aguestuser> 1adb: failed to install tor-browser-11.5a7-android-x86-multi-qa.apk: Failure [-124: Failed parse during installPackageLI: Targeting R+ (version 30 and above) requires the resources.arsc of installed APKs to be stored uncompressed and aligned on a 4-byte boundary] 15:22:32 <sysrqb> okay, so PieroV's question seems correct 15:22:40 <Jeremy_Rand_Talos_> aguestuser, I believe Electrum's Android build scripts sign with a test key when building a test APK, rather than leaving unsigned. 15:22:49 <Jeremy_Rand_Talos_> Maybe this is why? 15:22:56 <sysrqb> we are doing something during package signing that corrrects this 15:23:04 <PieroV> also we sign with a test key 15:23:20 <Jeremy_Rand_Talos_> ok 15:23:40 <sysrqb> aguestuser and I can experiement with this and find the solution 15:23:44 <boklm> it seems the user was able to fix it with zipalign 15:23:52 <sysrqb> it shouldn't be too difficult now that we know the signed releases work 15:24:01 <richard> boklm: also interesting 15:24:13 <boklm> http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/applications/tor-browser-build/-/issues/40463#note_2788931 15:24:42 <richard> ok, so it sounds like we have some avenues to explore here 15:24:53 <sysrqb> yep 15:25:14 <aguestuser> linked the 2 issues 15:25:20 <aguestuser> (just now) 15:25:26 <richard> it seems to me this rates lower in priority than getting android rebased to latest and all of that fun stuff 15:25:45 <aguestuser> yes! 15:25:55 <richard> but if it's one of those things that can be worked on semi-simultaneously, then go for it 15:26:09 <PieroV> (I have a q also on that, but I think that boklm comes first with the nightly emails) 15:26:14 <richard> so highest of the low priority issues :p 15:26:37 <richard> ok, boklm you're up 15:27:09 <boklm> ok, so does anyone wants to receive emails for nightly build and/or nightly tests emails? (a daily email saying if builds were succesful, and if tests were sucessful) 15:27:24 <aguestuser> sure! 15:27:31 <richard> I think i used to be signed up, but haven't gotten them recently 15:27:39 <richard> or my email filters are too agressive... 15:27:54 <PieroV> I'd like to sign up as well 15:28:53 <boklm> ok, so I will add you all 3 15:28:58 <PieroV> thanks 15:29:01 <richard> thanks! 15:29:33 <richard> ok and finally 15:29:56 <richard> it looks like our 11.0.9 release happened over the weekend 15:30:15 <richard> and 11.5a8 should be coming along soon once signing is complete 15:30:28 <richard> which i think means we have a week of rest when it comes to builds and releases 15:30:46 <aguestuser> except TBA! 15:30:50 <aguestuser> ;) 15:30:54 <richard> gah ffs yes 15:31:09 <richard> 11.5a9 scheduled for friday? 15:31:17 <richard> or is the calendar out of date? 15:31:25 <aguestuser> yup friday 15:31:42 <richard> ok great 15:31:52 <aguestuser> if PieroV gets unblocked on GV and testbuilds go well we *could* in theory ship mid-week 15:31:54 <aguestuser> but... 15:32:03 <aguestuser> goal with this release is to fix crashing error 15:32:17 <aguestuser> which is in the *extreme* complexity/uncertainty bucket 15:32:34 <richard> boklm: should I plan on pushing the blog/website updates tomorow'ish? 15:32:38 <PieroV> I've finished the MR on Friday, and this morning I reviewed it... so I'm quite sure it is okay... But I can't build it 15:32:40 <aguestuser> so... that seems to be the main thing that will influence when the release goes out (depending on whether we want to hold the alpha release for fixing it?) 15:32:46 <aguestuser> (which i think we do?) 15:33:12 <richard> aguestuser: fix'd the crashing error by rebasing to to latest right? 15:33:13 <aguestuser> PieroV: sorry typed over you! 15:33:21 <richard> or did something change over the weekend? 15:33:25 <aguestuser> richard: we are *trying* to fix the crashing error that way 15:33:30 <richard> ah ok 15:33:32 <aguestuser> richard: we have no idea whether it will succeed 15:33:34 <richard> god speed 15:33:43 <aguestuser> as the segfault is more or less 100% blackbox ATM 15:33:51 <boklm> richard: yes, I think signing/upload will be finished sometime tomorrow 15:33:54 <richard> mmhm ok that's what I thought :) 15:34:01 <aguestuser> hope is that at v99 it is either (1) gone magically or (2) easier to ask moz engineers for help 15:34:03 <PieroV> (I'd like to understand what caused the sigsegv anyway) 15:35:01 <aguestuser> PieroV: did you want to ask about GV stuff? (sorry i just took us on some tangents!) 15:35:04 <richard> boklm: ok great, it seems like mechanizations are happening in th ebackground getting me access to the signing machine, so we should be able to trade off in the relatively near future on signing duties 15:36:00 <PieroV> aguestuser: yep, I have some nasty cbindgen errors while trying to build GV with mach (so without the additional complications of getting the dependencies first and similar amenities) 15:36:02 <PieroV> https://share.riseup.net/#EvYIF3J1aeUMbpfHgevosg 15:36:50 <boklm> richard: I think maybe you want to try signing an alpha release first (as it may take some time to do it the first time, to avoid delaying the stable release) 15:37:15 <richard> alright let's tentatively plan on my signing the next alpha 15:37:27 <richard> PieroV, aguestuser: what is GV in his context? 15:37:31 <PieroV> in particular this `Conflicting name for constant ...` (on `wgpu-hal`, which is a third-party project) 15:37:37 <aguestuser> richard: "geckoview" sorry! 15:37:38 <PieroV> geckoview 15:37:45 <richard> ah of course 15:38:13 <richard> wrong rust compiler version? 15:38:16 <richard> vOv 15:38:24 <PieroV> I've already updated to 1.59.0 15:38:36 <PieroV> That is what we'll use for `tor-browser-build` 15:39:02 <PieroV> `rustc --version` is `rustc 1.59.0 (9d1b2106e 2022-02-23)` 15:39:18 <JanJan[m]> hello I am jan jan from Poland, currently mounting a project, has anyone experience or can refer me to lawyers who worked on EU regulations and possibly on the new EU regulations about dual use research 15:39:19 <PieroV> And I've also updated cbdindgen 15:39:53 <richard> JanJan: maybe try #tor if this is tor related? 15:39:57 <richard> otherwise this is a meeting 15:40:49 <aguestuser> yes let's meet! (good luck JanJan!) 15:41:33 <aguestuser> PieroV: you were saying? ... 15:41:37 <PieroV> I've also tried `./mach vendor rust` 15:41:59 <PieroV> So, has any of you had similar errors? Otherwise I think I'll have to ask on Moz channels 15:42:11 <PieroV> Because I have this error also on gecko-dev/beta 15:42:12 <richard> i've never seen anything like it 15:42:41 <richard> first thought would be to just try building the crate outside of ./mach environment, but pinging mozdevs probablya better idea 15:42:50 <aguestuser> PieroV: if you do wind up asking on Moz channels could you point me to that communication? (i'd like to follow along to prep for asking for help on the crash if needed!) 15:43:50 <PieroV> okay, so in case, which channel would be the best one to ask help for an error like this? Also, should I try to get their exact toolchains, first? 15:44:26 <PieroV> (and maybe try to build for desktop as well, I think this isn't an android-only issue) 15:44:46 <sysrqb> PieroV: at which stage do you see this error? `mach build ...` ? 15:45:04 <PieroV> sysrqb: yep, mach build and within a few seconds 15:45:38 <sysrqb> hrm. okay 15:46:28 <sysrqb> i don't know why you;d see this, off the top of my head 15:46:38 <sysrqb> "Skip wgpu-hal::ORDERED - (Unsupported expression. [...]" 15:46:50 <sysrqb> leads me to think it is due to using an older rust version 15:47:02 <sysrqb> but you already said that isn't the case 15:47:14 <PieroV> I haven't tried with nightly - but we couldn't use nightly anyway 15:47:35 <sysrqb> yeah, that's something else wrong 15:47:38 <sysrqb> there's 15:47:53 <PieroV> Then I also have some errors on servo 15:48:00 <PieroV> ERROR: Parsing crate `style`:`/home/piero/Tor/gv2/servo/components/style/stylesheets/page_rule.rs`: 15:48:05 <PieroV> Error("expected identifier or integer") 15:48:33 <PieroV> and I've just tried with the mozconfig we use for desktop, without the TB options, and I still get the error, so it isn't an Android-related thing either 15:49:43 <sysrqb> did you already try clobbering the objdir from older builds? 15:49:47 <GeKo> boklm: thanks for merging my mr (assuming this was you) :) 15:49:50 <sysrqb> or did you use a new objdir for 99? 15:50:09 <PieroV> I created a new one, because I wanted to keep v96 objs in case we wanted to do some other tests 15:50:15 <boklm> GeKo: yes, that was me :) 15:50:25 <sysrqb> PieroV: okay, (good), hrm 15:50:31 <sysrqb> interesting problem. 15:50:41 <richard> hmm 15:51:00 <PieroV> and notice that rustc -Z parse-only /home/piero/Tor/gv2/servo/components/style/stylesheets/page_rule.rs works only on nightly... 15:51:11 <richard> in my experience moving the obj dir hasn't always worked in terms of creating a fresh build :/ 15:51:33 <PieroV> richard: no, I moved entirely the geckoview directory 15:51:50 <PieroV> mkdir gv2; cd gv2; cp -R ../geckoview/.git ./; git checkout -- . 15:51:57 <richard> oh wow ok 15:52:44 <richard> well i'm out of ideas 15:52:54 <richard> does anyone have anything else, or shall we wrap this up? 15:52:54 <sysrqb> PieroV: i don't know if this will make a difference, but you could try going through `mach bootrap` again 15:53:20 <PieroV> sysrqb: I don't know if mach bootstrap ever worked for me :) 15:53:27 <sysrqb> i don't have any other ideas right now, after that 15:53:35 <sysrqb> ah, hrm 15:53:37 <PieroV> E.g., I don't have sudo on my PC 15:53:41 <Jeremy_Rand_Talos_> boklm, anything needed from me regarding ARM/POWER? 15:53:55 <sysrqb> okay 15:54:16 <PieroV> Well, I'll come up with something (e.g., trying in a container that is more mozilla-standard) 15:54:23 <sysrqb> yeah 15:54:28 <PieroV> thanks for the help in the meantime :) 15:55:51 <boklm> Jeremy_Rand_Talos_: I still need to do the rebase/continue the review, hopefuly this week (sorry for taking time to do it) 15:56:30 <Jeremy_Rand_Talos_> boklm, ok, no worries 15:58:09 <richard> alright then I'm going to call it there 15:58:16 <richard> have a good week everyone! 15:58:19 <richard> #endmeeting