Self-hosted setup for Tor Browser tarballs is fragile when upstream tarballs change
Originally created by @intrigeri on #9020 (Redmine)
To save bandwith, the documentation produced in the initial
implementation (#8125 (closed)) does not actually upload tarballs to our
git-annex repository, but instead it adds such tarballs by URL (with
git annex addurl
). If the tarballs found at these URLs change, then
anyone who gets them later (using git annex copy
will get the updated
tarballs, as opposed to the ones we initially meant to add.
This doesn’t fail in awful ways when building Tails, since what we publish over HTTP is actually use a clone of our master git-annex repository, synchronized very often, so as long as the upstream tarballs are not modified within ~1 hour, the tarballs we’re publishing will be the ones we meant.
Still, this means that our master git-annex repo doesn’t really contain
the data we meant to store in there. The one that does is its (meant to
be read-only) clone used on www.lizard. I think we should fix that. This
means the release manager will have to download the tarballs over HTTP,
then upload them with git annex… and then they’ll be downloading the
tarballs again when they build an ISO image, unless they cheat and
import the tarballs into their apt-cacher-ng
cache.
Related issues
- Related to #8125 (closed)