[tor-bugs] #3688 [Tor bundles/installation]: Deterministic builds
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 26 02:14:59 UTC 2013
#3688: Deterministic builds
--------------------------------------+-------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: enhancement | Status: assigned
Priority: major | Milestone: TorBrowserBundle 2.3.x-stable
Component: Tor bundles/installation | Version:
Keywords: tbb-2.2.32-5 | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by mikeperry):
Ok, I just committed a Firefox patch to origin/maint-2.4 that allows me to
now build Firefox deterministically using the above snippet from the
previous comment:
https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-
patches/firefox/0029-Disable-library-timestamping.patch
However, there is a library signing process for NSS where a utility called
'shlibsign' generates a temporary signing key that lives only in memory,
and then signs all the NSS libs with it:
https://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
One thing we can do is have the first build publish these .chk files
somewhere the other builds can retrieve during their build process.
The other thing we can do is simply omit the .chk files (which would
'disable' FIPS-140 mode, whatever that means).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3688#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list