[tor-bugs] #10066 [EFF-HTTPS Everywhere]: Incorrect git hash used by makexpi.sh and merge-rulesets.py
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Oct 31 22:15:59 UTC 2013
#10066: Incorrect git hash used by makexpi.sh and merge-rulesets.py
----------------------------------+---------------------
Reporter: mikeperry | Owner: pde
Type: defect | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Keywords: | Actual Points:
Parent ID: | Points:
----------------------------------+---------------------
In makexpi.sh, https-everywhere does:
{{{
# Used for figuring out which branch to pull from when viewing source for
rules
GIT_OBJECT_FILE=".git/refs/heads/master"
export GIT_COMMIT_ID="HEAD"
if [ -e "$GIT_OBJECT_FILE" ]; then
export GIT_COMMIT_ID=$(cat "$GIT_OBJECT_FILE")
fi
}}}
Unfortunately, this process extracts whatever master is pointing at,
regarless of the release you are building.
merge-rulesets.py then reads in the env var $GIT_COMMIT_ID to shove it
into the resulting default.rulesets file.
This makes reproducible builds difficult, because that random 'master'
commit hash ends up in the ruleset file in the resulting xpi, which has
obviously no relation to whatever release tag you're building.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10066>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list