#18291 closed defect (fixed)
Don't use libfaketime anymore for building the Firefox part of Tor Browser
| Reported by: | gk | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | tbb-gitian, ff45-esr, TorBrowserTeam201605, GeorgKoppen201605 |
| Cc: | Actual Points: | ||
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
There should be no reproducibility issues for the Firefox part of Tor Browser anymore with the switch to ESR 45. Thus, we can get rid of libfaketime for building it.
Child Tickets
Change History (9)
comment:1 Changed 3 years ago by
| Keywords: | TorBrowserTeam201604 GeorgKoppen201604 added |
|---|
comment:2 Changed 3 years ago by
| Parent ID: | #18226 |
|---|
comment:3 Changed 3 years ago by
| Keywords: | TorBrowserTeam201605 added; TorBrowserTeam201604 removed |
|---|
comment:4 Changed 3 years ago by
| Keywords: | GeorgKoppen201605 added; GeorgKoppen201604 removed |
|---|
Moving things for me to May.
comment:5 Changed 3 years ago by
| Keywords: | TorBrowserTeam201605R added; TorBrowserTeam201605 removed |
|---|---|
| Status: | new → needs_review |
The branch bug_18291-v2 in my repo has a patch for this:
https://gitweb.torproject.org/user/boklm/tor-browser-bundle.git/commit/?h=bug_18291-v2&id=596a8f6d3bb586712f5895ba6daf7ff7e8033afc
I have been building this branch twice and got the same result.
comment:6 Changed 3 years ago by
| Keywords: | TorBrowserTeam201605 added; TorBrowserTeam201605R removed |
|---|---|
| Status: | needs_review → needs_revision |
Thanks. One thing I think we should keep are notes about which parts of our toolchains (and our other artifacts even if they are not exposed in the sha256sums.txt) are still not reproducible. This might make debugging issues in the future easier and leaves the ToDos obvious. Parts of the comment in the Windows gitian-utils descriptor could be resurrected for that. I know GCC is affected, too, and I bet clang as well.
comment:7 Changed 3 years ago by
| Status: | needs_revision → needs_review |
|---|
The branch bug_18291-v3 has new comments listing which parts are not reproducible.
https://gitweb.torproject.org/user/boklm/tor-browser-bundle.git/log/?h=bug_18291-v3
It is adding the following comments:
diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml
index 723cd1842d6e..0adcf5d43532 100644
--- a/gitian/descriptors/linux/gitian-utils.yml
+++ b/gitian/descriptors/linux/gitian-utils.yml
@@ -125,6 +125,10 @@ script: |
cd ..
# Grabbing the remaining results and making sure timestamps don't spoil them
+ # Since we stopped using libfaketime, the binutils, gcc, openssl,
+ # libevent archives are no longer reproducible. The main reason
+ # is that they include some .a archives which include timestamps.
+ # Those files are however not part of the files we ship.
cd $INSTDIR
~/build/dzip.sh binutils-$BINUTILS_VER-linux$GBUILD_BITS-utils.zip binutils
~/build/dzip.sh gcc-$GCC_VER-linux$GBUILD_BITS-utils.zip gcc
diff --git a/gitian/descriptors/mac/gitian-utils.yml b/gitian/descriptors/mac/gitian-utils.yml
index 63babd7eef5a..33db2e8925a2 100644
--- a/gitian/descriptors/mac/gitian-utils.yml
+++ b/gitian/descriptors/mac/gitian-utils.yml
@@ -54,6 +54,10 @@ script: |
make $MAKEOPTS
make install
cd $INSTDIR
+ # Since we stopped using libfaketime, the clang archive is no longer
+ # reproducible. The reason is that it includes some .a archives and
+ # other files which include timestamps.
+ # Those files are however not part of the files we ship.
~/build/dzip.sh clang-$CLANG_VER-linux64-wheezy-utils.zip clang
cp *utils.zip $OUTDIR/
else
@@ -106,6 +110,10 @@ script: |
cd ..
# Grabbing the results
+ # Since we stopped using libfaketime, the openssl archive is no
+ # longer reproducible. The main reason is that it includes some .a
+ # archives which include timestamps.
+ # Those files are however not part of the files we ship.
cd $INSTDIR
~/build/dzip.sh openssl-$OPENSSL_VER-mac64-utils.zip openssl
~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-mac64-utils.zip libevent
diff --git a/gitian/descriptors/windows/gitian-utils.yml b/gitian/descriptors/windows/gitian-utils.yml
index 8c77c8d62cea..0876bff114b5 100644
--- a/gitian/descriptors/windows/gitian-utils.yml
+++ b/gitian/descriptors/windows/gitian-utils.yml
@@ -180,6 +180,10 @@ script: |
cd ..
# Grabbing the remaining results
+ # Since we stopped using libfaketime, the gcc, gmp, zlib, openssl,
+ # libevent, mingw-w64 archives are no longer reproducible. The main
+ # reason is that they include some .a archives which include timestamps.
+ # Those files are however not part of the files we ship.
cd $INSTDIR
# We might want to bump binutils independent of bumping mingw-w64.
touch binutils-$BINUTILS_VER-win32-utils.zip
comment:8 Changed 3 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | needs_review → closed |
Thanks! Fixed on master with commit 3acd55740d447b2afb47ab5da5e3eece93337829.
comment:9 Changed 2 years ago by
Even though
+ # Those files are however not part of the files we ship.
maybe, it's better instead of adding comments like
+ # Since we stopped using libfaketime, the gcc, gmp, zlib, openssl, + # libevent, mingw-w64 archives are no longer reproducible. The main + # reason is that they include some .a archives which include timestamps.
start to use deterministic mode of binutils?
https://wiki.debian.org/ReproducibleBuilds/TimestampsInStaticLibraries
Moving tickets