Opened 4 years ago

Closed 19 months ago

#12240 closed defect (fixed)

Make Mac bundles built with LXC match their KVM counterparts

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: gitian, tbb-gitian
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


There seem to be extensive differences in Mike reports that the OpenSSL input ends up different between LXC and KVM. Might be a first starting point in fixing the problem.

Child Tickets

Change History (13)

comment:1 Changed 4 years ago by erinn

Component: Tor bundles/installationTor Browser
Keywords: tbb-gitian added
Owner: changed from erinn to tbb-team

comment:2 Changed 3 years ago by lunar indeed came up differently between LXC and KVM. The only differences are in libcrypto.a.

I'm assuming the the symbol table is different because the offsets of the members are different.

The offsets differ because some members get added with their name using the long filename trick. The member length itself differs once in a while for (I assume) alignment purposes.

comment:3 Changed 3 years ago by lunar

It seems to happen because of “clock skew” issues. Some members get built and added twice to archive. That seems to match the long filenames headers.

comment:4 Changed 3 years ago by lunar

Confirmed. If I unset LD_PRELOAD to disable libfaketime, the build logs are nearly identical. libcrypto.a is left with only timestamp related differences. The one in headers can be removed using strip-nondeterminism but there's another timestamp coming from crypto/Makefile:buildinf.h.

comment:5 Changed 3 years ago by gk

Keywords: TorBrowserTeam201508R added
Status: newneeds_review

I think I have a fix for this. It is in my bug_12240_4 branch ( and up for review.

comment:6 Changed 3 years ago by mcs

I have not tested this, but the changes look OK.

comment:7 Changed 3 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Thanks, let's call this closed then and try it in an alpha for realz (commit b8633570c5ae6b2881096e318889c335c958e1c2 is the fix).

comment:8 Changed 2 years ago by mikeperry

Parent ID: #12237
Resolution: fixed
Status: closedreopened

We're going to revert this temporarily to save time on rebuilding 5.5a2. Reopening so we remember to reapply after 5.5a2 is out.

comment:9 Changed 2 years ago by gk

Resolution: fixed
Status: reopenedclosed

This is now fixed in commit a640b2e3c2d58f89880350bdee883f7f1d2f90be on master.

comment:10 Changed 2 years ago by gk

Resolution: fixed
Status: closedreopened

It seems I forgot the portion of this ticket.

comment:11 Changed 2 years ago by mcs

Keywords: TorBrowserTeam201510 added; TorBrowserTeam201508R removed

comment:12 Changed 2 years ago by gk

Keywords: TorBrowserTeam201510 removed

No time for these during October.

Last edited 2 years ago by gk (previous) (diff)

comment:13 Changed 19 months ago by gk

Resolution: fixed
Severity: Normal
Status: reopenedclosed

We are building release builds on LXC machines for a while now and it works.

Note: See TracTickets for help on using tickets.