[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #3688 [Tor bundles/installation]: Deterministic builds for Linux and Mac OS

To: undisclosed-recipients:;
Subject: [tor-bugs] #3688 [Tor bundles/installation]: Deterministic builds for Linux and Mac OS
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 05 Aug 2011 00:56:08 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 04 Aug 2011 20:56:21 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3688: Deterministic builds for Linux and Mac OS
--------------------------------------+-------------------------------------
 Reporter:  mikeperry                 |          Owner:  erinn
     Type:  enhancement               |         Status:  new  
 Priority:  major                     |      Milestone:       
Component:  Tor bundles/installation  |        Version:       
 Keywords:                            |         Parent:       
   Points:                            |   Actualpoints:       
--------------------------------------+-------------------------------------
 To ensure integrity against build machine compromise, we should be able to
 produce identical binaries on two different identically configured
 machines and verify that hash is the same for each. Right now, this is not
 possible, primarily because of two things:

 1. gcc uses entropy for symbol mangling
 2. The linker inserts timestamps into libraries, especially static ones.

 Issue 1 can be solved by giving gcc a specific seed in our makefiles
 (-frandom-seed=string). If we have no collisions, we can get away with
 giving the same seed to every gcc invocation.

 Issue 2 can be solved for static libraries by passing the -D option to
 'ar'. It is unclear if shared libraries can be produced in this way, or if
 this option is not needed for shared libraries.

 On Windows, the problem remains entirely unsolved:
 http://stackoverflow.com/questions/1180852/deterministic-builds-under-
 windows

 However, if we can do this for Linux and Mac OS using the same build
 flags, that would still be worth it.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3688>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #3688 [Tor bundles/installation]: Deterministic builds for Linux and Mac OS
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #3688 [Tor bundles/installation]: Deterministic builds for Linux and Mac OS
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #3688 [Tor bundles/installation]: Deterministic builds for Linux and Mac OS
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #3688 [Tor bundles/installation]: Deterministic builds for Linux and Mac OS
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #3687 [Vidalia]: Vidalia consumes all available memory on Ubuntu AMD 4x64
Next by Author: Re: [tor-bugs] #3638 [arm]: Please add Control Socket support
Previous by thread: Re: [tor-bugs] #3687 [Vidalia]: Vidalia consumes all available memory on Ubuntu AMD 4x64
Next by thread: Re: [tor-bugs] #3688 [Tor bundles/installation]: Deterministic builds for Linux and Mac OS
Index(es):
- Author
- Thread