[tor-bugs] #31564 [Applications/Tor Browser]: Android bundles based on ESR 68 are not built reproducibly anymore

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Aug 29 19:30:43 UTC 2019


#31564: Android bundles based on ESR 68 are not built reproducibly anymore
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-9.0-must-nightly,                |  Actual Points:
  TorBrowserTeam201908, GeorgKoppen201908        |
Parent ID:  #30324                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Okay, here are my findings so far: the sole differences (apart from the
 signature and different sha1 sums in the MANIFEST files) are in
 `resources.arsc`. The good news here is that disassembling the whole .apk
 with something like `apktools` shows not differences anymore apart from
 the signature and sha1 ones mentioned above which are due to
 `resources.arsc` being different. Thus, the problem lies in how that file
 gets assembled.

 Dump the contents with `aapt dump resources` and diffing the results gets
 us differences like:
 {{{
 <         resource 0x7f01000c
 org.torproject.torbrowser_nightly:anim/design_bottom_sheet_slide_in:
 t=0x03 d=0x0000025e (s=0x0008 r=0x00)
 <         resource 0x7f01000d
 org.torproject.torbrowser_nightly:anim/design_bottom_sheet_slide_out:
 t=0x03 d=0x0000025f (s=0x0008 r=0x00)
 ---
 >         resource 0x7f01000c
 org.torproject.torbrowser_nightly:anim/design_bottom_sheet_slide_in:
 t=0x03 d=0x0000025d (s=0x0008 r=0x00)
 >         resource 0x7f01000d
 org.torproject.torbrowser_nightly:anim/design_bottom_sheet_slide_out:
 t=0x03 d=0x0000025e (s=0x0008 r=0x00)
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31564#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list