[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3688 [Tor bundles/installation]: Deterministic builds
#3688: Deterministic builds
--------------------------------------+-------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: enhancement | Status: assigned
Priority: major | Milestone: TorBrowserBundle 2.3.x-stable
Component: Tor bundles/installation | Version:
Keywords: tbb-2.2.32-5 | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by mikeperry):
Ok, I just committed a Firefox patch to origin/maint-2.4 that allows me to
now build Firefox deterministically using the above snippet from the
previous comment:
https://gitweb.torproject.org/torbrowser.git/blob/maint-2.4:/src/current-
patches/firefox/0029-Disable-library-timestamping.patch
However, there is a library signing process for NSS where a utility called
'shlibsign' generates a temporary signing key that lives only in memory,
and then signs all the NSS libs with it:
https://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html
One thing we can do is have the first build publish these .chk files
somewhere the other builds can retrieve during their build process.
The other thing we can do is simply omit the .chk files (which would
'disable' FIPS-140 mode, whatever that means).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3688#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs