Update ansible and Dockerfile for tbb

[kushaldas]

Status

Ready for review.

Description of Changes

Fixes #3485

Changes proposed in this pull request:

Tor Browser 7.5.6 and geckodriver v0.17.0

Testing

Tests will fail for now in the whole tbb side.

[heartsucker]

You should use the unarchive module to un-tar the download.

[msheiny]

Heyy @kushaldas i see some potential tweaks that need to be added first. It's minor and I'm happy to help but I didn't want to step over your PR. Let me know if you don't mind and I'll start throwing commits here.

[msheiny]

Can you add these components to the other layer? (line 9). It's best practice to keep these things bundled. You could separate by a comment as a visual separator.

[msheiny]

I would honestly prefer to drop this network outreach and add the key to version control and then docker COPY it into the container. We constantly battle with flakiness of keyservers in various projects

[msheiny]

Can you make this a build ARG instead? Allow over-riding outside of this file

[kushaldas]

@msheiny Why do we need to override the checksum? Asking because we have to use a particular version of geckodriver with Tor Browser?

[msheiny]

oooooooh okay thats not gonna change? i dunno... i just always try to move any unique strings like this outside of the dockerfile.. but i see your point

kushal mentioned waiting for upstream changes for CI. Im happy with his changes so far to this PR

[conorsch]

Where is this file? Pulling down the branch locally, I can't find it anywhere. Was it omitted from an add? Recall that we already have the tor signing key at install_files/ansible-base/roles/tor-hidden-services/files/tor-signing-key.pub, although we'll have to consider the build context for the image and whether that's accessible here.

[kushaldas]

Uh, yes, I added that in the tbb_in_dev branch (after I figured that I am missing that) :(

[conorsch]

Requesting clarification on the Tor apt pubkey location (appears to be missing). Once that's resolved, these changes can certainly be added to the target branch (which is not develop) via merge.

[conorsch]

kushal mentioned waiting for upstream changes for CI.

@msheiny Can you elaborate a bit on this? Unclear to me why we'd wait to merge, particularly since this is landing in a feature branch, not develop.

Im happy with his changes so far to this PR

I concur! Modulo a single clarification on the tor apt pubkey (see requested changes above).

[redshiftzero]

In sprint planning today, there was a lot of confusion about what the base branch is here, which branch is the right/current one, and what the workflow here is, so I'm going to write out what I think the workflow should be (following the approach we took for the alembic and journalist GUI feature branch work).

1. tbb-0.9.0 is the base feature branch for the functional testing work. It is not merged into develop until all tickets related to the feature are completed.
2. PRs implementing tickets for the feature should be proposed here for merge into tbb-0.9.0 as they are completed. There should be one PR per ticket. If the PR is from a fork, the (checked by default) checkbox indicating that maintainers should be allowed to push commits is enabled, this way others can help the PR along if needed.
3. If two tickets for a given feature are dependent on one another, and the (first) dependent ticket is not yet merged, work should proceed regardless, by pulling the dependent commits into the branch where work is being done for the second ticket. PRs should be done as the work for a ticket is ready for review. The PR author should indicate in the PR description that the PR should not be merged until the PR for the dependent ticket(s) is merged.
4. Once all tickets for the feature are implemented, a PR is then proposed for final merge of tbb-0.9.0 into develop.

Does that seem reasonable @kushaldas @msheiny @conorsch? Please let me know if there is a particular issue with this workflow and we can revise it.

[kushaldas]

@conorsch I cherry-picked the commit which adds the missing tor public key. Rest of the branches I am working on are dependent on this branch. This is ready to be merged in the tbb-0.9.0 branch.

[msheiny]

@conorsch can you take another pass here? I dismissed your review since @kushaldas addressed your issue but i wanted to wait to see if you had additional concerns.

kushal addressed original pub key issue

[conorsch]

LGTM! Dev container builds without error for me now.