Robie and everyone else:
## torbrowser-launcher (Focal) I helped the contributor with this one previously, and am pleased to see it's been sponsored. Unfortunately it's missing the LP bug reference, but also the contributor has since mentioned in the bug that an additional fix appears to be needed. It seems that the SRU needs to be delayed then, and I asked in the bug to confirm. I didn't reject this from the queue because the contributor is new to Ubuntu process so I didn't want to confuse them further in case it turns out that a reject is not needed. Outcome: SRU processing is blocked. Feedback: I could have spotted the missing bug reference myself previously, but didn't look throroughly as I assumed the sponsor would do that. When sponsoring, please check that the documented SRU process steps have been followed before uploading.
This single-bug SRU ended up becoming a two-bug SRU, which then ended up exploding into a case of four separate bugs/problems that needed to be addressed, so the single SRU has now expanded to cover four separate bugs for four separate bits of problems that need addressed together for Focal. These four bugs are as follows:
1. New Tor Developers PGP key needed for tarball download validation from Tor to happen - otherwise it fails to verify. (https://bugs.launchpad.net/ubuntu/focal/+source/torbrowser-launcher/+bug/1856895)
2. Version checking was not functioning properly since Tor 10 was released. (https://bugs.launchpad.net/ubuntu/focal/+source/torbrowser-launcher/+bug/1896752)
3. AppArmor profile for Tor Browser was blocking libstdc++ inclusions for memory mapping - this would prevent Tor Browser from starting (https://bugs.launchpad.net/ubuntu/focal/+source/torbrowser-launcher/+bug/1897302)
4. Missing dependency on gpg2 (https://bugs.launchpad.net/ubuntu/focal/+source/torbrowser-launcher/+bug/1897306) - we rejected the original request to include a new dependency on gnupg or gnupg2 (the former is already installed in pretty much every Ubuntu flavor because apt uses it, the latter is a transitional package). The patch that we ended up keeping from Debian for this tells the torbrowser-launcher to use /usr/bin/gpg instead of /usr/bin/gpg2 which solves this issue.
Because I use Tor Browser myself (and want to stop using my custom torbrowser-install.sh script), I kind of 'adopted' the process of getting these issues fast-tracked through the processes. (Not only because I use Tor Browser for security research, but also because one of my clients rolls out Ubuntu systems for their research and ship with Tor Browser). Both the original filer of the bug and Robie seem to be happy with me taking over the SRU process here (at least, the process of getting it ready for SRU review).
All four patches for the aforementioned bugs and issues were available in Debian Salsa, so were nitpicked from there and are now waiting in Proposed.
Robie and I discussed this today, and Robie will be addressing the review of that SRU now, because we've had in-depth discussions to some extent regarding the bits of the SRU. From my perspective, it looks good to go with the version uploaded to proposed by me about 30 minutes ago. Robie EOD'd at the time of this message, so it'll be something Robie deals with tomorrow provided nothing explodes majorly needing Robie's attention tomorrow.
Thomas
