Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#18291 closed defect (fixed)

Don't use libfaketime anymore for building the Firefox part of Tor Browser

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-gitian, ff45-esr, TorBrowserTeam201605, GeorgKoppen201605
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

There should be no reproducibility issues for the Firefox part of Tor Browser anymore with the switch to ESR 45. Thus, we can get rid of libfaketime for building it.

Child Tickets

Change History (9)

comment:1 Changed 4 years ago by gk

Keywords: TorBrowserTeam201604 GeorgKoppen201604 added

comment:2 Changed 4 years ago by gk

Parent ID: #18226

comment:3 Changed 4 years ago by gk

Keywords: TorBrowserTeam201605 added; TorBrowserTeam201604 removed

Moving tickets

comment:4 Changed 4 years ago by gk

Keywords: GeorgKoppen201605 added; GeorgKoppen201604 removed

Moving things for me to May.

comment:5 Changed 4 years ago by boklm

Keywords: TorBrowserTeam201605R added; TorBrowserTeam201605 removed
Status: newneeds_review

The branch bug_18291-v2 in my repo has a patch for this:
https://gitweb.torproject.org/user/boklm/tor-browser-bundle.git/commit/?h=bug_18291-v2&id=596a8f6d3bb586712f5895ba6daf7ff7e8033afc

I have been building this branch twice and got the same result.

comment:6 Changed 4 years ago by gk

Keywords: TorBrowserTeam201605 added; TorBrowserTeam201605R removed
Status: needs_reviewneeds_revision

Thanks. One thing I think we should keep are notes about which parts of our toolchains (and our other artifacts even if they are not exposed in the sha256sums.txt) are still not reproducible. This might make debugging issues in the future easier and leaves the ToDos obvious. Parts of the comment in the Windows gitian-utils descriptor could be resurrected for that. I know GCC is affected, too, and I bet clang as well.

comment:7 Changed 4 years ago by boklm

Status: needs_revisionneeds_review

The branch bug_18291-v3 has new comments listing which parts are not reproducible.
https://gitweb.torproject.org/user/boklm/tor-browser-bundle.git/log/?h=bug_18291-v3

It is adding the following comments:

diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml
index 723cd1842d6e..0adcf5d43532 100644
--- a/gitian/descriptors/linux/gitian-utils.yml
+++ b/gitian/descriptors/linux/gitian-utils.yml
@@ -125,6 +125,10 @@ script: |
   cd ..
 
   # Grabbing the remaining results and making sure timestamps don't spoil them
+  # Since we stopped using libfaketime, the binutils, gcc, openssl,
+  # libevent archives are no longer reproducible. The main reason
+  # is that they include some .a archives which include timestamps.
+  # Those files are however not part of the files we ship.
   cd $INSTDIR
   ~/build/dzip.sh binutils-$BINUTILS_VER-linux$GBUILD_BITS-utils.zip binutils
   ~/build/dzip.sh gcc-$GCC_VER-linux$GBUILD_BITS-utils.zip gcc
diff --git a/gitian/descriptors/mac/gitian-utils.yml b/gitian/descriptors/mac/gitian-utils.yml
index 63babd7eef5a..33db2e8925a2 100644
--- a/gitian/descriptors/mac/gitian-utils.yml
+++ b/gitian/descriptors/mac/gitian-utils.yml
@@ -54,6 +54,10 @@ script: |
     make $MAKEOPTS
     make install
     cd $INSTDIR
+    # Since we stopped using libfaketime, the clang archive is no longer
+    # reproducible. The reason is that it includes some .a archives and
+    # other files which include timestamps.
+    # Those files are however not part of the files we ship.
     ~/build/dzip.sh clang-$CLANG_VER-linux64-wheezy-utils.zip clang
     cp *utils.zip $OUTDIR/
   else
@@ -106,6 +110,10 @@ script: |
     cd ..
 
     # Grabbing the results
+    # Since we stopped using libfaketime, the openssl archive is no
+    # longer reproducible. The main reason is that it includes some .a
+    # archives which include timestamps.
+    # Those files are however not part of the files we ship.
     cd $INSTDIR
     ~/build/dzip.sh openssl-$OPENSSL_VER-mac64-utils.zip openssl
     ~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-mac64-utils.zip libevent
diff --git a/gitian/descriptors/windows/gitian-utils.yml b/gitian/descriptors/windows/gitian-utils.yml
index 8c77c8d62cea..0876bff114b5 100644
--- a/gitian/descriptors/windows/gitian-utils.yml
+++ b/gitian/descriptors/windows/gitian-utils.yml
@@ -180,6 +180,10 @@ script: |
   cd ..
 
   # Grabbing the remaining results
+  # Since we stopped using libfaketime, the gcc, gmp, zlib, openssl,
+  # libevent, mingw-w64 archives are no longer reproducible. The main
+  # reason is that they include some .a archives which include timestamps.
+  # Those files are however not part of the files we ship.
   cd $INSTDIR
   # We might want to bump binutils independent of bumping mingw-w64.
   touch binutils-$BINUTILS_VER-win32-utils.zip

comment:8 Changed 4 years ago by gk

Resolution: fixed
Status: needs_reviewclosed

Thanks! Fixed on master with commit 3acd55740d447b2afb47ab5da5e3eece93337829.

comment:9 Changed 3 years ago by cypherpunks

Even though

+  # Those files are however not part of the files we ship.

maybe, it's better instead of adding comments like

+  # Since we stopped using libfaketime, the gcc, gmp, zlib, openssl,
+  # libevent, mingw-w64 archives are no longer reproducible. The main
+  # reason is that they include some .a archives which include timestamps.

start to use deterministic mode of binutils?
https://wiki.debian.org/ReproducibleBuilds/TimestampsInStaticLibraries

Note: See TracTickets for help on using tickets.