Opened 2 years ago

Last modified 2 years ago

#21032 new task

Creating some public database of "reproduced builds"

Reported by: boklm Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: brade, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

The process of checking that our builds have been reproduced by multiple people is currently mostly manual. In order to make this process easier, more automated (to be able to use it in the updater or some launcher) and possible to use at a larger scale (checking that some large number of people reproduced a build), we could have some tool indexing the builds created by various people.

This could be done by adding the generation of some buildinfo files (similar to the Debian's buildinfo files) to our build process, containing important informations about the build, such as its inputs and outputs, and indexing them with their signatures in some database.

This database would contain the following types of builds or operations, signed by various builders:

  • the build of a bundle from a git tag
  • the creation of a signed mar file, from an unsigned mar (or the reverse operation)
  • the creation of an OSX code-signed mar file, from an unsigned mar (or the reverse operation)
  • the creation of an incremental mar file, from two full mar files

Child Tickets

Change History (1)

comment:1 Changed 2 years ago by mcs

Cc: brade mcs added
Note: See TracTickets for help on using tickets.