[tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 16 15:52:28 UTC 2014
#13379: Sign our MAR files
-------------------------+-------------------------------------------------
Reporter: | Owner: mcs
mikeperry | Status: needs_review
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-security,
Browser | TorBrowserTeam201412,TorBrowserTeam201412R
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by mcs):
Replying to [comment:41 gk]:
> Okay, here is what I've got so far:
>
> 1) `signmar.sh` is not executable
Ugh. Kathy and I messed up the file mode when we created a new branch
(where we merged in boklm's changes and applies other small fixes). We
will fix it.
> 2) I don't get the update working it seems. I get
> {{{
> ERROR: Unsupported signature algorithm (SHA1 with RSA).
> ERROR: Unsupported signature algorithm (SHA1 with RSA).
> }}}
> How do I debug this? Any ideas? I did the following:
>
> 1) I created two certificates and added them atop of your tor-browser
changes (commit 14447aca2f31c56ccadc289cef5f756e97d1f3a9) and tagged that
(I just checked that I really included the 4k-bit certs with SHA-512)
> ...
> 9) `update.log` shows basically "failed: 19" and the above error
messages are shown
Based on the info you provided, I think the MAR file has been signed using
the older (now wrong) algorithm. Kathy and I added the "Unsupported
signature algorithm (SHA1 with RSA)" log message to make it easier to
detect this situation. But it sounds like you did everything correctly.
Is there any chance you used an older signmar program (from mar-tools)?
If you used the signmars-alpha make target the correct signmar should have
been used though.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:42>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list