Don't use libfaketime anymore for building the Firefox part of Tor Browser

There should be no reproducibility issues for the Firefox part of Tor Browser anymore with the switch to ESR 45. Thus, we can get rid of libfaketime for building it.

added GeorgKoppen201605 TorBrowserTeam201605 component::applications/tor browser ff45-esr owner::tbb-team priority::medium resolution::fixed severity::normal status::closed tbb-gitian type::defect labels

Trac:
Keywords: N/A deleted, TorBrowserTeam201604, GeorgKoppen201604 added

Trac:
Parent: #18226 (moved) to N/A
Reviewer: N/A to N/A

Moving tickets

Trac:
Keywords: TorBrowserTeam201604 deleted, TorBrowserTeam201605 added

Moving things for me to May.

Trac:
Keywords: GeorgKoppen201604 deleted, GeorgKoppen201605 added

The branch bug_18291-v2 in my repo has a patch for this: https://gitweb.torproject.org/user/boklm/tor-browser-bundle.git/commit/?h=bug_18291-v2&id=596a8f6d3bb586712f5895ba6daf7ff7e8033afc

I have been building this branch twice and got the same result.

Trac:
Keywords: TorBrowserTeam201605 deleted, TorBrowserTeam201605R added
Status: new to needs_review

Thanks. One thing I think we should keep are notes about which parts of our toolchains (and our other artifacts even if they are not exposed in the sha256sums.txt) are still not reproducible. This might make debugging issues in the future easier and leaves the ToDos obvious. Parts of the comment in the Windows gitian-utils descriptor could be resurrected for that. I know GCC is affected, too, and I bet clang as well.

Trac:
Keywords: TorBrowserTeam201605R deleted, TorBrowserTeam201605 added
Status: needs_review to needs_revision

The branch bug_18291-v3 has new comments listing which parts are not reproducible. https://gitweb.torproject.org/user/boklm/tor-browser-bundle.git/log/?h=bug_18291-v3

It is adding the following comments:

diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml
index 723cd1842d6e..0adcf5d43532 100644
--- a/gitian/descriptors/linux/gitian-utils.yml
+++ b/gitian/descriptors/linux/gitian-utils.yml
@@ -125,6 +125,10 @@ script: |
   cd ..
 
   # Grabbing the remaining results and making sure timestamps don't spoil them
+  # Since we stopped using libfaketime, the binutils, gcc, openssl,
+  # libevent archives are no longer reproducible. The main reason
+  # is that they include some .a archives which include timestamps.
+  # Those files are however not part of the files we ship.
   cd $INSTDIR
   ~/build/dzip.sh binutils-$BINUTILS_VER-linux$GBUILD_BITS-utils.zip binutils
   ~/build/dzip.sh gcc-$GCC_VER-linux$GBUILD_BITS-utils.zip gcc
diff --git a/gitian/descriptors/mac/gitian-utils.yml b/gitian/descriptors/mac/gitian-utils.yml
index 63babd7eef5a..33db2e8925a2 100644
--- a/gitian/descriptors/mac/gitian-utils.yml
+++ b/gitian/descriptors/mac/gitian-utils.yml
@@ -54,6 +54,10 @@ script: |
     make $MAKEOPTS
     make install
     cd $INSTDIR
+    # Since we stopped using libfaketime, the clang archive is no longer
+    # reproducible. The reason is that it includes some .a archives and
+    # other files which include timestamps.
+    # Those files are however not part of the files we ship.
     ~/build/dzip.sh clang-$CLANG_VER-linux64-wheezy-utils.zip clang
     cp *utils.zip $OUTDIR/
   else
@@ -106,6 +110,10 @@ script: |
     cd ..
 
     # Grabbing the results
+    # Since we stopped using libfaketime, the openssl archive is no
+    # longer reproducible. The main reason is that it includes some .a
+    # archives which include timestamps.
+    # Those files are however not part of the files we ship.
     cd $INSTDIR
     ~/build/dzip.sh openssl-$OPENSSL_VER-mac64-utils.zip openssl
     ~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-mac64-utils.zip libevent
diff --git a/gitian/descriptors/windows/gitian-utils.yml b/gitian/descriptors/windows/gitian-utils.yml
index 8c77c8d62cea..0876bff114b5 100644
--- a/gitian/descriptors/windows/gitian-utils.yml
+++ b/gitian/descriptors/windows/gitian-utils.yml
@@ -180,6 +180,10 @@ script: |
   cd ..
 
   # Grabbing the remaining results
+  # Since we stopped using libfaketime, the gcc, gmp, zlib, openssl,
+  # libevent, mingw-w64 archives are no longer reproducible. The main
+  # reason is that they include some .a archives which include timestamps.
+  # Those files are however not part of the files we ship.
   cd $INSTDIR
   # We might want to bump binutils independent of bumping mingw-w64.
   touch binutils-$BINUTILS_VER-win32-utils.zip

Trac:
Status: needs_revision to needs_review

Thanks! Fixed on master with commit 3acd55740d447b2afb47ab5da5e3eece93337829.

Trac:
Status: needs_review to closed
Resolution: N/A to fixed

Even though

+  # Those files are however not part of the files we ship.

maybe, it's better instead of adding comments like

+  # Since we stopped using libfaketime, the gcc, gmp, zlib, openssl,
+  # libevent, mingw-w64 archives are no longer reproducible. The main
+  # reason is that they include some .a archives which include timestamps.

start to use deterministic mode of binutils? https://wiki.debian.org/ReproducibleBuilds/TimestampsInStaticLibraries

closed

mentioned in issue #18845 (moved)

mentioned in issue #20258 (moved)

moved to tpo/applications/tor-browser#18291 (closed)

mentioned in issue tpo/applications/tor-browser#20258 (closed)