[tor-talk] Deterministic builds?

Pascal Pascal666 at Users.SourceForge.Net
Thu Jan 5 15:57:08 UTC 2012


Just because the build is good, does not mean it will work when run.  I 
recently ran into a problem with Tor (bug 4779) where even a good build 
would not work correctly due to a bug in OpenSSL.  I ran a broken node 
for about a month before I realized what had happened.

I would submit there are actually two parts to this problem:

Bug 4780:  Verifying the build works before allowing it to be installed. 
  There are already tests in place to do this via "make test", but 
currently the Makefile does not require "make test" to complete 
successfully during a "make install".  Note that it does currently 
require "make test" to pass during a "make dist".

Bug 4781:  Verifying the build works in its runtime environment.  Again, 
the tests are already in place, they are just not being utilized.  I 
would suggest that during node startup every test that is run via "make 
test" be run again, and the node refuse to start if any of them fail.

-Pascal


On 1/5/2012 5:15 AM, Jacob Appelbaum wrote:
> Hi,
>
> A few Tor hackers are meeting today to discuss build engineering issues
> and we'd like to start a thread on deterministic builds.
>
> We believe that Windows and Mac OS X both produce build results that are
> extremely difficult to verify. On Gnu/Linux sometimes the build results
> are difficult to verify.
>
> If anyone has thoughts on the matter, we'd love to hear how Tor as a
> project should tackle verifiable builds of the various software we ship.
>
> All the best,
> Jacob
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>


More information about the tor-talk mailing list