[Pkg-privacy-maintainers] Bug#805078: Bug#805078: [Pkg-anonymity-tools] Bug#805078: torbrowser-launcher: Fails to download signature: TypeError: url must be bytes, not unicode

georg at riseup.net georg at riseup.net
Fri Nov 20 14:31:10 UTC 2015

(No need to Cc: me, I'm subscribed to the bug.)

Some more details:

On 2015-11-20 13:52, Holger Levsen wrote:
> On Freitag, 20. November 2015, georg at riseup.net wrote:
>> After updating today I've run into the same problem.
>> Nothing fancy over here:
>> $ cat /etc/debian_version
>> 8.2
>> $ locale
> [...]
>> Using i3 as a window manager, no KDE or Gnome involved.
>> After doing rm -rf ~/.cache/torbrowser/ ~/.local/share/torbrowser/
>> ~/.config/torbrowser/ the download works again and torbrowser starts
>> afterwards.
> ah, neat! And that's with torbrowser 0.2._1_something?

This is 0.2.1-2~bpo8+1 out of jessie-backports.

There are multiple points involved, running into this problem depends 
for example on the content of ~./config/torbrowser/ and the last time, 
torbrowser-launcher checked for the version to be installed:

- If one does the update and deletes the config folder: Everything works 
as expected.

- If one does the update, keeps the folder and the version check was run 
within the last 24 hours, the user will get this error. This is due to 
the fact, that torbrowser-launcher won't do the version check, tries to 
This url gets rejected by twisted.web.http.urlparse(), especially [1]. 
The mentioned url which gets passed to this function is of <type 
'unicode'>, and therefore gets rejected.

Forcing the correct encoding, for example via mirror_url = 
mirror_url.encode('ascii') in 
gives the "correct" file not found download error.

- If one does the update, keeps the config folder and the version check 
wasn't run within the last 24 hours: Everything works as expected.

- People installing "from scratch" won't hit this bug.

So...not really sure how to go on here. Some thoughts for the future:

- It's not possible to delete ~./config/torbrowser/ if doing apt-get 
dist-upgrade, because touching files / directories in user home 
directories is a no-go (and forbidden by policy), right?
- Maybe a note to the user if doing apt-get dist-upgrade would be 
sufficient (not sure what this technique is called, but if important 
changed are being made, the user gets a note sometimes.)
- Another possibility: Force a version check if apt-get dist-upgrade was 
run at the next start (not sure how to check and implement this).

@Holger: If you need any support / tests / etc., let me know.

Hope this helps somehow,


More information about the Pkg-privacy-maintainers mailing list