[tor-bugs] #18331 [Tor Browser]: Update OS X toolchain to work with ESR 45

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 12 12:14:48 UTC 2016 

#18331: Update OS X toolchain to work with ESR 45
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  boklm
     Type:  task                                 |         Status:
 Priority:  High                                 |  needs_review
Component:  Tor Browser                          |      Milestone:
 Severity:  Major                                |        Version:
 Keywords:  tbb-gitian, ff45-esr,                |     Resolution:
  TorBrowserTeam201604R                          |  Actual Points:
Parent ID:  #18226                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by boklm):

 Replying to [comment:17 gk]:
 > Hm.. Are we really able to get rid of `faketime` here? Back then when I
 cleaned up the respective Linux descriptor I had the same idea but, after
 testing, realized that we still need it for zipping up the results. I just
 re-run the same tests on an LXC box and again preloading libfaketime is
 needed. I actually don't see a difference in this regard in the OS X
 related descriptor. Thus, I am inclined to do the same here. I can
 probably test whether that really matters later.

 Are you talking about the tor-mac64-gbuilt.zip, or the final .mar and .dmg
 files?

 I checked that the .mar and .dmg files we create are reproducible, but
 indeed the intermediary tor-mac64-gbuilt.zip includes timestamps.

 We can maybe add a `find $@  -exec touch --date="$REFERENCE_DATETIME" {}
 \;` in `build-helpers/dzip.sh` to get rid of those timestamps without
 relying on faketime.

 >
 > Regarding the fixup I wonder whether that is a gitian-builder issue as
 well and should be fixed there, too, (like the sudo thing). I mean both
 KVM and LXC are using clean Debian Wheezy VMs and there should be no
 reason this descriptor fixup is needed for KVM but not for LXC.

 I think the reason is that on Debian wheezy, `/sbin:/usr/sbin` is not
 added to the `PATH`, except for login shells. In the case of LXC, the
 commands are run using something like `lxc-execute -- sudo -u $TUSER -i --
 [command]`, with sudo's -i option to use a login shell. In the case of
 KVM, the commands are run using `ssh $TUSER at localhost [command]` which
 doesn't use a login shell. I'm not sure how to change the ssh command to
 make it use a login shell.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18331#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list