[tor-bugs] #32523 [Applications/Tor Browser]: Consider building tor-browser-build containers with Bitcoin Core's Guix-based system
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 16 11:39:46 UTC 2019
#32523: Consider building tor-browser-build containers with Bitcoin Core's Guix-
based system
-------------------------+------------------------------------------
Reporter: JeremyRand | Owner: tbb-team
Type: enhancement | Status: new
Priority: Medium | Component: Applications/Tor Browser
Version: | Severity: Normal
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------+------------------------------------------
Bitcoin Core recently merged a PR from Carl Dong (from Chaincode Labs)
that allows building Bitcoin Core using containers that are constructed
via GNU Guix, instead of using an OS ISO or debootstrap. This provides
better security against supply-chain attacks by reducing the amount of
trusted binary code used to bootstrap the build system. Bitcoin Core
intends to use Carl's system as a replacement for Gitian.
It would be interesting to investigate whether tor-browser-build could
transition to constructing its containers via Bitcoin Core's new system
instead of using debootstrap.
A talk that Carl gave at Breaking Bitcoin about the new system is here:
https://www.youtube.com/watch?v=I2iShmUTEl8
A transcript of Carl's talk (transcribed by Bryan Bishop) is here:
https://diyhpl.us/wiki/transcripts/breaking-bitcoin/2019/bitcoin-build-
system/
Here's the PR that Carl submitted to Bitcoin Core:
https://github.com/bitcoin/bitcoin/pull/15277
And here's the documentation in Bitcoin Core's master branch:
https://github.com/bitcoin/bitcoin/tree/master/contrib/guix
GNU/Linux targets are already working and are merged; macOS and Windows
are working as well but I think Carl hasn't gotten those merged to Bitcoin
Core yet. I have no idea what the situation is with Android/Linux.
Bitcoin Core isn't yet using Carl's system to build their official
binaries, so it might be wise for Tor to let Bitcoin Core torture-test the
code a bit in production first, but it does look like a very nice system,
and it would be great to see it used for Tor Browser in the future.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32523>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list