[tor-bugs] #28672 [Circumvention/Snowflake]: Android reproducible build of Snowflake

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 1 11:34:29 UTC 2019 

#28672: Android reproducible build of Snowflake
-------------------------------------------------+-------------------------
 Reporter:  dcf                                  |          Owner:  (none)
     Type:  project                              |         Status:
                                                 |  needs_revision
 Priority:  Medium                               |      Milestone:
Component:  Circumvention/Snowflake              |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-mobile, tbb-rbm,                 |  Actual Points:
  GeorgKoppen201904, ex-sponsor-19,              |
  TorBrowserTeam201907                           |
Parent ID:  #30318                               |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor28-can
-------------------------------------------------+-------------------------
Changes (by gk):

 * keywords:
     tbb-mobile, tbb-rbm, GeorgKoppen201904, ex-sponsor-19,
     TorBrowserTeam201906R
     =>
     tbb-mobile, tbb-rbm, GeorgKoppen201904, ex-sponsor-19,
     TorBrowserTeam201907
 * status:  needs_review => needs_revision


Comment:

 Thanks! It seems I got reproducible builds now, nice! Here come some
 review notes:

 93b7f904ec931c56adf9f84b50756cf2f7776f38 -- okay
 524f9d9b6cfc6418e237fcd6c5264bb301a2411f -- okay
 093ab72ddc37be1f4932213c4a78ff1e55348500 -- not okay;
 1) So, we need a particular OpenSSL version or is the one in Stretch just
 too old? Could you add a
 comment here explaining what happens (and ideally pointing to the
 problematic
 code)?
 2) `+      target_os = ["win", "android"]` -- we don't target Windows
 right now and should leave that target out
 3) What's the reason for moving the `gclient config` part outside of the
 `if [ ! -d "src"]` one, in particular as this affects non-Android
 platforms as well. And what does it mean? That it is
 not run for Linux and macOS anymore?
 4) We could change the `GN_ARGS`-adding parts to
 {{{
 [% IF c("var/linux") -%]
   GN_ARGS+=
 [% ELSIF c("var/osx") -%]
   GN_ARGS+=
 [% ELSIF c("var/android") -%]
   GN_ARGS+=
 [% END -%]
 }}}
 commit 082b4fd8759ef9e88317940d77d091291d0363df -- not okay; Just copying
 the .aar over does not mean it gets included into the final result. I
 think we'd need to update the `android-dependencies.patch` file for that
 as well. However, I am not exactly sure about the way forward here as the
 .aar approach seems to be in line with
 https://github.com/guardianproject/AndroidPluggableTransports but that's
 not how we currently utilize PTs on mobile which is having a binary like
 we do on desktop. I'll bring this as a topic for the meeting discussion up
 today.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28672#comment:24>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list