[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #31564 [Applications/Tor Browser]: Android bundles based on ESR 68 are not built reproducibly anymore
#31564: Android bundles based on ESR 68 are not built reproducibly anymore
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-9.0-must-alpha, | Actual Points:
TorBrowserTeam201909, GeorgKoppen201909 |
Parent ID: #30324 | Points: 5
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by sisbell):
I did the apktool decompile/decompile approach. The apktool that can be
added in config/arch_deps is an old version of apktool with a bug
{{{
I: Using Apktool 2.2.1-dirty on tor-browser-unsigned-unaligned.apk
I: Loading resource table...
I: Decoding AndroidManifest.xml with resources...
I: Loading resource table from file:
/home/rbm/.local/share/apktool/framework/1.apk
I: Regular manifest package...
I: Decoding file-resources...
I: Decoding values */* XMLs...
Exception in thread "main" java.lang.NullPointerException
at
brut.androlib.res.data.value.ResStyleValue.serializeToResValuesXml(ResStyleValue.java:58)
at
brut.androlib.res.AndrolibResources.generateValuesFile(AndrolibResources.java:516)
at
brut.androlib.res.AndrolibResources.decode(AndrolibResources.java:267)
at brut.androlib.Androlib.decodeResourcesFull(Androlib.java:132)
at brut.androlib.ApkDecoder.decode(ApkDecoder.java:108)
at brut.apktool.Main.cmdDecode(Main.java:166)
at brut.apktool.Main.main(Main.java:81)
}}}
https://github.com/iBotPeaches/Apktool/issues/1399
So I'm using apktool 2.4.0, downloading it as part of the build.
When re-zipping the file, I was getting some zip entry extra field flags
that would change each build. I'm not exactly sure what the extra field
info was as its platform specific and not standard fields like timestamp..
I removed these using the -X option. After that, multiple builds of the
apk result in the same checksum. I'll need someone to verify that the
checksum matches across different build machine OSes.
There is some room to cleanup the build further if it is verified to fix
this bug.
The code is at https://github.com/sisbell/tor-browser-
build/commit/694de9f7431b022cf974aa5bd8b6150e59f0bcbf
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31564#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs