[tor-bugs] #31564 [Applications/Tor Browser]: Android bundles based on ESR 68 are not built reproducibly anymore
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Sep 1 05:59:41 UTC 2019
#31564: Android bundles based on ESR 68 are not built reproducibly anymore
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-9.0-must-nightly, | Actual Points:
TorBrowserTeam201908, GeorgKoppen201908 |
Parent ID: #30324 | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by gk):
Replying to [comment:13 sisbell]:
> Looks like Signal created an apkdiff script that ignores resources.arsc
>
> https://github.com/signalapp/Signal-
Android/blob/master/apkdiff/apkdiff.py
>
> Briar went the route of a deterministic file system
>
> https://code.briarproject.org/briar/briar-
reproducer/commit/22d04ff8bba956ec9647fd583ec655df691e15e5
>
> Are either of these approaches workable for us?
Sounds to me like wallpapering over the underlying problem by taking extra
steps during the verification process to work around the still existing
differences, no? If so, I am not a big fan of those approaches.
> A third route is to build and patch the gradle plugin ourselves but I
have been unable to find the elusive change-id that google mentions.
Yes, that's the preferred way I think.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31564#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list