[tbb-bugs] #27827 [Obfuscation/Snowflake]: Reproducibility issue of the snowflake osx64 build
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Oct 17 05:19:26 UTC 2018
#27827: Reproducibility issue of the snowflake osx64 build
-------------------------------------------+--------------------------
Reporter: boklm | Owner: tbb-team
Type: defect | Status: assigned
Priority: Very High | Milestone:
Component: Obfuscation/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: tbb-rbm, TorBrowserTeam201810 | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------+--------------------------
Comment (by dcf):
I did several builds with [comment:7 boklm's go1.11 patch] and analyzed
the differences.
Now, there are no `/tmp/go-build000000000` paths anymore (where
`000000000` stands for random digits), but there is a single `/tmp/go-
link-000000000/go.o`. This shouldn't be a problem, because the sed
substitution rewrites it to `/tmp/go-link-XXXXXXXXX/go.o` and there is
only one so there is no problem with ordering.
But there's another difference in the binaries, the Go build ID. Here are
sample values that are baked into the binary:
{{{
Go build ID:
"kTjwWGrY9n3mGwOUpwVM/N2WdKU5WHR85aFCEJdn9/aRTcrk1SBq_sas7IMHGu/naljN2FzcmFC20pFl5NO"
Go build ID:
"kTjwWGrY9n3mGwOUpwVM/N2WdKU5WHR85aFCEJdn9/aRTcrk1SBq_sas7IMHGu/XQTshh9tsXMqYLXM55kx"
Go build ID:
"kTjwWGrY9n3mGwOUpwVM/N2WdKU5WHR85aFCEJdn9/aRTcrk1SBq_sas7IMHGu
/Etnddau3jLCah3D-CG_-"
}}}
I found some documentation that says the build ID is, in part, a hash of
all the input filenames. So I suspect it's including the random `/tmp/go-
link-000000000/go.o` in the hash, because the build ID was different in
all 9 builds I did.
One option is just to do another sed substitution on the build ID. But
before that, I'm going to try building with go1.10 to see if this is a new
bug introduced in go1.11.
Potentially related Go issues: [https://github.com/golang/go/issues/16860
GH#16860] [https://github.com/golang/go/issues/28008 GH#28008]
[https://github.com/golang/go/issues/22382 GH#22382].
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/27827#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list