[tor-bugs] #10066 [EFF-HTTPS Everywhere]: Incorrect git hash used by makexpi.sh and merge-rulesets.py

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#10066: Incorrect git hash used by makexpi.sh and merge-rulesets.py
----------------------------------+---------------------
 Reporter:  mikeperry             |          Owner:  pde
     Type:  defect                |         Status:  new
 Priority:  normal                |      Milestone:
Component:  EFF-HTTPS Everywhere  |        Version:
 Keywords:                        |  Actual Points:
Parent ID:                        |         Points:
----------------------------------+---------------------
 In makexpi.sh, https-everywhere does:

 {{{
 # Used for figuring out which branch to pull from when viewing source for
 rules
 GIT_OBJECT_FILE=".git/refs/heads/master"
 export GIT_COMMIT_ID="HEAD"
 if [ -e "$GIT_OBJECT_FILE" ]; then
     export GIT_COMMIT_ID=$(cat "$GIT_OBJECT_FILE")
 fi
 }}}


 Unfortunately, this process extracts whatever master is pointing at,
 regarless of the release you are building.

 merge-rulesets.py then reads in the env var $GIT_COMMIT_ID to shove it
 into the resulting default.rulesets file.

 This makes reproducible builds difficult, because that random 'master'
 commit hash ends up in the ruleset file in the resulting xpi, which has
 obviously no relation to whatever release tag you're building.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10066>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs