[tor-dev] Anti-censorship discussion with Briar devs

Georg Koppen gk at torproject.org
Thu Feb 28 15:07:00 UTC 2019

Nathan Freitas:
> On 2/27/19 4:54 AM, Georg Koppen wrote:
>> Torsten Grote:
>>> On 2/26/19 11:19 AM, Georg Koppen wrote:
>>>> I think we should be able to provide that with our Tor Browser builds
>>>> once we have all the PT pieces sorted out (which is rather soon).
>>> That would be nice!
>>>> So, probably the easiest way would then be to just copy the respective
>>>> binaries we produce over to include them in the Briar software
>>> I assume these binaries are reproducible?
>> They would be used for Tor Browser which has reproducibility as a hard
>> requirement, so yes.
>>> We are currently not including these binaries directly, but publish them
>>> as a library (gradle/maven to jcenter) where Briar and other projects
>>> can get them from.
>> Okay, good to know.
> It seems to me that Tor Browser should instead perhaps rely on the Briar
> build process, at least for Android. I will be switching Orbot and our
> AndroidPT library over to the Briar dependency in the next release.

I am not sure whether I understand your proposal. You mean we should
just switch for the PTs to how Briar is doing things? Or for the whole
Tor Browser for Android? (note the .apk is already being built
reproducibly using the same framwork we use for desktop builds) The
latter would essentially mean maintaining two different build setups
which seems not like a thing we should pursue, at first glance at least.

> We should also figure out who is doing the source builds, how these are
> published as public modules, and who is monitoring and verifying the
> reproducibility. This is for both PT's and the current tor-android
> binary project that I manage (https://github.com/n8fr8/tor-android). It
> would be great to have Tor to be the source for trustworthy binary
> builds, available through direct downloads and gradle/maven/cocoapods,
> etc. We have talked about this many times in the past.

Yeah, I think that's a good idea. Let's tackle this once we have Tor
Browser for Android in stable shape and think about ways to improve both
our build and maintenance processes.

> Related to this, we are also building and publishing PT's as shared
> libraries, instead of binaries, which is eventually going to be required
> on Android for both tor and obfs4proxy. It isn't all quite working yet,
> but will be soon. At some point, we'll have to talk about that whole
> transition.

Where can we find out about the main pieces that are missing here?

> Our goptlib shared library build project is here:
> https://gitlab.com/eighthave/goptbundle which is being made available to
> app developers here:
> https://github.com/guardianproject/AndroidPluggableTransports

Yes, we plan to use that one I think until there are hard blockers that
we are not aware of yet. Shane has made a first attempt to integrate
that into our build system in #28803.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20190228/275a889e/attachment.sig>

More information about the tor-dev mailing list