[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] reproducible builds for Android tor daemon

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] reproducible builds for Android tor daemon
From: Hans-Christoph Steiner <hans@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 12 Sep 2019 12:50:43 +0200
Autocrypt: addr=hans@xxxxxxxxxxxxxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBFY1RO0BEAC94s679hO9oxi2h1GF0hN7xCXxeIyJp58rA2QxuMJ/NvMhrfBGVqhkolUb 7IqvHy8n7jvTCCAJOHP6ZAtUUwV20ZpUa2Mfp0/6dbGkvXcXwGlU9ShpBiXnDsKvgRRX5gOO /WeWLe8x8HRcFfcJVXS9pHRw2bxjrbs3zKlf7yBACcSt6ZSgPsqHuUQSUs4Qo0E0/H14uJiD k32qQ1YicVrE1r2pFe9iZpxBMGTwgZyNUEUYDeVfTDubL7Jc1MUpgotNTxbJ3jVxt0uHn20l hNXG6ybaYK3MhIHIEp9Nbd4l6+Y81ZgIQbs4jAbAPcy+qY3GT2uQfbFb2UK8+hnDotGmejgo YuDZGBaAukiELIKxrsNCvaSg5DI/yrH6Vx6ZceHpitrer6yOwZescc5SGud3btU4Iktfw7w+ 5pxmyypUazaltibSd13o56n/aKrQZw098bhqnh9xTbPVK14t4wTdsJKyZmJv8oKCqppEuhTc q8kur0PWOM85NSBl0igSfj8/CR8CbzgasMPNQVVwUA0Ody0s8wO13+WVaLq7y6Xpy9t6jSVv S8KLgmJ/wTJimHb2cctHNBSQEwnJtRyy/o7kKnge6HPzOprjPAlv6okA2XQaLTxyjW1YCRwN GatNAJ2WnJx3m89WGRONN6qQ3RFX59kbyzR1uL6D3Z6ts7bTmwARAQABtDJIYW5zLUNocmlz dG9waCBTdGVpbmVyIDxoYW5zQGd1YXJkaWFucHJvamVjdC5pbmZvPokCfgQTAQoAaAIbAQUL CQgHAwUVCgkICwUWAgMBAAIeAQIXgAIZAQUCVjdjhUMYaHR0cHM6Ly9wZ3AubWl0LmVkdS9w a3MvbG9va3VwP29wPXZpbmRleCZzZWFyY2g9MHhFOUUyOERFQTAwQUE1NTU2AAoJEOnijeoA qlVW/IwP/0Uq8896f4NJPv9m5xKZnpCErXhvGU8b4gwH5EXaw66Z/0Zp56zF+J0rLdQZ9FoL HmShM8ZIEHmbNs/NTxqJ5qR0QDKJl8kJW7P/yfNjYOHtBCxPOS5LcapGtUT9jx7GAPU+oJ7z RC0nF8eot97Ds797n139BSbabZ74j0mfwKdGFxRaZVAfhzOD3tevyxUGMwj3w+zRpSXrDHc+ mZa9oHVE6J632rKMUTyDH/7kjzqN54l+dW29SK2NCfC79jfjDcO+ldbUV0lDz+HcLAiEYY1U ucuGVYgL0s/blCqw8YBmwBFdzYYwL6JXiK0KO+eukEZZl9nAWb0CUtuq/8dqkB5VKE39sBjZ pADf8xknMXJVTN1NlMUv6ZDKgRByL0gWdxmSaLLcjBliieXsDvMDHZnwhVsXeoPB1o6PaNLr Ho6ohf8vUrpVzDt6jwEydKBjJiykoSae4Gb7zgVx2/jvHZG3TrMqwktmPQKc+mS/WQBVMfUm ay3EYuIXRFhh2l4czMxFPWpan0nxV3QSpjPYJFOcKm0fPOLBAfe5WnatO8RGtL/quOdpOhMi rfzZKb0I4CiLGmyUHhewCGcggejqrBNDsip4RE4XwEYbH/VjWs0g5VVodSLUm0aC/98eG+XR 0bV/v0urdHFedFOVbkTBYYYJWNzRxvv2paJVoUzxWn5GuQENBFY1RikBCAC2ZLMA4e7v4nZL 4Fy5X5vfaZ5pGHuh/8i34V4geqbMgWKnTgi2CJkAzglVDkbhpyk/Q8hCj4DdiRMsK4+TpLmp sbCYVGBeoaB/zkhZdjHksymED7V5sUim1BV418JXk19bnrDNFvfyhy8fer8FoDKeT0HJNdab lTt5NJrVFIVmglOZFIF+dSbz+HoH15bbwUDoedM63Q9ChQ5RsPKxiKHbwsYQ6zAJb+f/xLsG RUSzg6q6GPwX0A0P6QMkl2a/OXZhk+LGmzvldg4M0roWr6ohH+4iiBxttId4VACNPjQR7UME c8E6GZTRpviaMTTioXHY2wxkjcD6LmdjZ7Hm7F2NABEBAAGJAiUEGAEKAA8FAlY1RikCGwwF CQlmAYAACgkQ6eKN6gCqVVZbvxAAk1RTjZ017OWt/Tpm7Wa1VprbNPSFmDjzXSjIM2ut7E5B iScJLRy4sl7Fl5GcwS8lWkfIz2n8R7zn0Xj4T91dKZZ4J9m+Mf37cHGBBn5Hp2E6gqoClqbN CNLpWeHtwbLf7p9e513yRZwIdwAC4sHCGSzT6ZpFNhOhTqSj4nllfpbkSSjac5KaeV7oRQXI fE8BvwH02sGM5LpsoifhShrdcoEZe3GjyERbf3oh3cqYnr9pR64DnO8IMc+RL2c+sGPoirVS d/kBCIA8vEABZzpHeoNN4DNu3ykg0d0Knn/2CoMY92w4UGrdDRc++uMOawXtI9aGdtt4AIMy YvHfSO5KtZr+U9sViMhSXiiJ1Ofl46C9nZwjyZ5t5NnwfVh3Am79uhDHrckxJ/2aWOt9KOdY H8QqxovWCCq9esUgV+Q0SXow8zdkBa8lKR2H9xbI4frKULnu29iyIv4CbWOZE8QbjKoBcThA XesRjmVb5bvAYx+t5UMyQKaaH7dVTzvdFiIRM3zm0Hxrpxn3muaGk9WRTzKi+cYlAcT3o2ES mlWXkYGArbRoOtnQ1aXbySkF/+veMptetrZ8nyAZJ5oZmjDJ70EBGHEbEhMhNhYXlua4QIiV HdBRZ93PQnQA5j8JcYkeY8g977F9I/Cjk4xSmEuPZ/rmXci54nqnT4tGKQsdnsW5AQ0EVjVG VQEIAMQWAxQD5XvNeoGOwaT6wA63+R2CY2JWutofvPRdftVyrtp02m8M1gfWevNgiooYpI/4 pJiukC2h1WUyqPVaUdBZC7bM64pSO6LLplel8bASe5gwIIm+zd/0WsjxSmmeJvHwDUzuGp6k kiw2is4b+oiokmgQUZsm0AYkNBjYbsPsBD6b5e8seKidtzdKSmJeZkFw4SqEyxRRbYXtPWub JJQjwDxJMA3xt73wsu08wbshsSESNsT34gxjWWF5EofJrYM2x6jABzhzfbx/tQv7J6z9fBTc e06eanR916OjcDyvEaDRI419Ihlyfp0Lx3zfSy3NP+S0NwALA7pML1h0LbkAEQEAAYkDRAQY AQoADwUCVjVGVQIbAgUJCWYBgAEpCRDp4o3qAKpVVsBdIAQZAQoABgUCVjVGVQAKCRA+F3gX uhub+jcFB/0XRcxwcGMkYiGpTZBt5vo/VlqAv5dBUtG/aNb/Mi4jhXZqWO6SGVpiRHrhlNAd jMWJPB9xvcsxF3GwDJfyIKYJlKAVoArJQDcqyXllqIhmhvWbOFH5Tj/XbZNNbbtvbCXSF+sJ 5l94yI/XGhN+PyQlUaHPOZJparDDuP/WGHe5CkhBLf0zNwf6ingo2qUu2Mi+U/GYhAOIgsz1 sy/8oqLWkMmlNnfYHhNEUTviXiBYd1k9qbCxU7LDvl6+ivbpUiNDn9rhmWz0imQHiheXjuSa H1ytDtxm0V9OxP2SzFrx9cGUV4q24h6ytG1bSE07D96/jSt8xIUfsZUx9BM9XbxhVdYP/jIg tMedxiv6MwVhKbNVhmjaGG/6uYuw+eqQeN1zjmXa1N/TmnEss22hiN9qtsR7QpVcAoo3QtMX YyzeplwMQuEfjCFlGb8sy7IqyoCVnSMVj57zvcQPMzbWbckhpTngYtLqzGPemaGYkoMgS2P8 HRQCQzkR5s3VBDNlpT653lRXo+yVdlJkGk72qlauv4GaRyMASX9f5TNCMl17eXvgyQZvlmge QFWm5UUgxR+J/u+U2yhSJbvkW9d/07zof7D3j+IuNuLXGFszb2916yLSyB7EZATpXFZc9MOj 5wTAf9lvFxo5I69WT999ZtRHVosgtixan2WGhOWjQV5ajCkeVvsBrSP91l8G8bzC5SCO8D5K zBn4SusmgVoK1OVdrNpM9hB5OusRl4ah8+ReC/LaxcFtf/38k73ViKI1+8bD+L7pza5enbLD W95kvIaKmer84FwyD+bfEQo6pvLzxEUBsR30JpmqzkPU8KMFtkbPEIKlQlEbk4vvAN12VDL7 jJsQZIVeH92+X4Wfyf2a7bLufsaNR/YOXLLROeZnzntF7MhS9oO+c8Z/J5py0F0KDRrhCrqb u9lRKRcxpPslTd8DKZ3Qtv64Ij/rPVDzsyHgtcgFd7E6fkKGHeiwz67WjFoLUnf09ry7rua+ yqP9FP9bXSbDaeAq9sGXH7wPTAAwbGSX
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 12 Sep 2019 06:51:02 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Openpgp: preference=signencrypt
Organization: Guardian Project
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Hey all,

I'm currently working on tor for Android as part of a Guardian Project
project.  One key goal is making a shareable, reproducible build process
for the tor daemon for Android.  Then this would be published to
MavenCentral as an Android AAR package to be used in all the apps that
include tor (Tor Browser, Orbot, Briar, Thali, etc).  I have cleaned up
the existing build process a lot, so now I'm down to troubleshooting
reproducible issues.

First off, can anyone see any objections to switching Tor Browser,
Orbot, Briar, etc. to use GPG-signed reproducible binaries via
MavenCentral for the tor dameon?

Second, I'd welcome pointers to the integration points in Tor Browser,
Briar, etc.

And third, and tips on getting a Linux shared library to build
reproducibly.  E.g. is faketime a hard requirement?


And for those interested, the here's an overview of the whole project
I'm tasked with:

The basic idea is to make an Android-native TorService, which is a
subclass of android.app.Service and loads tor daemon as a shared
library, and starts it via JNI methods. This should be pretty close to
how iOS apps use tor. Then that TorService should then plug into Orbot,
Tor Browser, Briar, etc. Then based on that, I'll make a standalone,
dead simple "TorServices" app that only provides Tor. No PTs, HSs, etc.,
just a tor daemon linked in as a shared library, providing a SOCKS and
HTTP CONNECT proxy via tor. I hope to switch the ControlPort to use a
UNIX domain socket.  This then can also be embedded into Android OS ROMs
that want to have Tor built-in as a system service, like CalyxOS.

Then I'll be working on the apps choosing which tor provider to use,
since we'll have a new TorServices, so apps that don't include Tor will
have to figure out how to use Orbot and/or TorServices. Then that work
will hopefully be extended into sharing tor between apps, e.g. letting
Briar, Tor Browser, etc share the tor SOCKS proxy to other apps that
want to use it. That would happen via Android mechanisms like Intents to
manage the discovery of SOCKS ports.

.hc

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] reproducible builds for Android tor daemon
  - From: Georg Koppen
- Re: [tor-dev] reproducible builds for Android tor daemon
  - From: Matthew Finkel
- Re: [tor-dev] reproducible builds for Android tor daemon
  - From: Nicolas Vigier
- Re: [tor-dev] reproducible builds for Android tor daemon
  - From: teor

Prev by Author: Re: [tor-dev] reproducible builds for Android tor daemon
Next by Author: Re: [tor-dev] Counter Galois Onion: A New Proposal for Forward-Secure Relay Cryptography
Previous by thread: [tor-dev] Non-endorsed methods for accessing Tor hidden services
Next by thread: Re: [tor-dev] reproducible builds for Android tor daemon
Index(es):
- Author
- Thread