[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3688 [Tor bundles/installation]: Deterministic builds



#3688: Deterministic builds
--------------------------------------+-------------------------------------
 Reporter:  mikeperry                 |          Owner:  mikeperry                    
     Type:  enhancement               |         Status:  assigned                     
 Priority:  major                     |      Milestone:  TorBrowserBundle 2.3.x-stable
Component:  Tor bundles/installation  |        Version:                               
 Keywords:  tbb-2.2.32-5              |         Parent:                               
   Points:                            |   Actualpoints:                               
--------------------------------------+-------------------------------------

Comment(by mikeperry):

 Ok, I just committed a Firefox patch to origin/maint-2.4 that allows me to
 now build Firefox deterministically using the above snippet from the
 previous comment:
 https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-
 patches/firefox/0029-Disable-library-timestamping.patch

 However, there is a library signing process for NSS where a utility called
 'shlibsign' generates a temporary signing key that lives only in memory,
 and then signs all the NSS libs with it:
 https://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html

 One thing we can do is have the first build publish these .chk files
 somewhere the other builds can retrieve during their build process.

 The other thing we can do is simply omit the .chk files (which would
 'disable' FIPS-140 mode, whatever that means).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3688#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs