[tbb-bugs] #27827 [Obfuscation/Snowflake]: Reproducibility issue of the snowflake osx64 build

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 17 05:19:26 UTC 2018


#27827: Reproducibility issue of the snowflake osx64 build
-------------------------------------------+--------------------------
 Reporter:  boklm                          |          Owner:  tbb-team
     Type:  defect                         |         Status:  assigned
 Priority:  Very High                      |      Milestone:
Component:  Obfuscation/Snowflake          |        Version:
 Severity:  Normal                         |     Resolution:
 Keywords:  tbb-rbm, TorBrowserTeam201810  |  Actual Points:
Parent ID:                                 |         Points:
 Reviewer:                                 |        Sponsor:
-------------------------------------------+--------------------------

Comment (by dcf):

 I did several builds with [comment:7 boklm's go1.11 patch] and analyzed
 the differences.

 Now, there are no `/tmp/go-build000000000` paths anymore (where
 `000000000` stands for random digits), but there is a single `/tmp/go-
 link-000000000/go.o`. This shouldn't be a problem, because the sed
 substitution rewrites it to `/tmp/go-link-XXXXXXXXX/go.o` and there is
 only one so there is no problem with ordering.

 But there's another difference in the binaries, the Go build ID. Here are
 sample values that are baked into the binary:
 {{{
 Go build ID:
 "kTjwWGrY9n3mGwOUpwVM/N2WdKU5WHR85aFCEJdn9/aRTcrk1SBq_sas7IMHGu/naljN2FzcmFC20pFl5NO"
 Go build ID:
 "kTjwWGrY9n3mGwOUpwVM/N2WdKU5WHR85aFCEJdn9/aRTcrk1SBq_sas7IMHGu/XQTshh9tsXMqYLXM55kx"
 Go build ID:
 "kTjwWGrY9n3mGwOUpwVM/N2WdKU5WHR85aFCEJdn9/aRTcrk1SBq_sas7IMHGu
 /Etnddau3jLCah3D-CG_-"
 }}}
 I found some documentation that says the build ID is, in part, a hash of
 all the input filenames. So I suspect it's including the random `/tmp/go-
 link-000000000/go.o` in the hash, because the build ID was different in
 all 9 builds I did.

 One option is just to do another sed substitution on the build ID. But
 before that, I'm going to try building with go1.10 to see if this is a new
 bug introduced in go1.11.

 Potentially related Go issues: [https://github.com/golang/go/issues/16860
 GH#16860] [https://github.com/golang/go/issues/28008 GH#28008]
 [https://github.com/golang/go/issues/22382 GH#22382].

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27827#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list