[tor-dev] reproducible builds for Android tor daemon

Georg Koppen gk at torproject.org
Thu Sep 12 11:02:00 UTC 2019

Hans-Christoph Steiner:
> Hey all,
> I'm currently working on tor for Android as part of a Guardian Project
> project.  One key goal is making a shareable, reproducible build process
> for the tor daemon for Android.  Then this would be published to
> MavenCentral as an Android AAR package to be used in all the apps that
> include tor (Tor Browser, Orbot, Briar, Thali, etc).  I have cleaned up
> the existing build process a lot, so now I'm down to troubleshooting
> reproducible issues.
> First off, can anyone see any objections to switching Tor Browser,
> Orbot, Briar, etc. to use GPG-signed reproducible binaries via
> MavenCentral for the tor dameon?

We want to include building tor and all its dependencies in
tor-browser-build/rbm to have the latest tor for Android in our nightly
builds and respective alpha and stable versions in our alpha and stable
browsers. We have a ticket for that for a while now in our bug tracker
but did not get to it so far.[1] The plan is to pick that work up in
November after Tor Browser 9 is out.

As to whether other projects would be interested in that, dunno. But I
guess some at least would?


[1] The parent ticket for that work is:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20190912/ceff8406/attachment-0001.sig>

More information about the tor-dev mailing list