Opened 3 weeks ago

Closed 2 weeks ago

#30779 closed defect (fixed)

OpenSSL 1.1.1c is not built reproducibly

Reported by: gk Owned by: tbb-team
Priority: Immediate Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: TorBrowserTeam201906R, tbb-rbm
Cc: boklm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

While preparing Tor Browser 9.0a2 we realized that we get OpenSSL related differences on our build machines across all platforms we use it on.

Child Tickets

Change History (7)

comment:1 Changed 3 weeks ago by gk

It seems we get a timestamp related diff now, weird.

--- /dev/fd/63  2019-06-05 19:58:46.221296266 +0000
+++ /dev/fd/62  2019-06-05 19:58:46.221296266 +0000
@@ -122793,8 +122793,8 @@
 001dfa80: 722f 746d 702f 6469 7374 2f6f 7065 6e73  r/tmp/dist/opens
 001dfa90: 736c 2f6c 6962 2f65 6e67 696e 6573 2d31  sl/lib/engines-1
 001dfaa0: 2e31 2200 0000 0000 6275 696c 7420 6f6e  .1".....built on
-001dfab0: 3a20 5475 6520 4a75 6e20 2034 2031 313a  : Tue Jun  4 11:
-001dfac0: 3032 3a35 3120 3230 3139 2055 5443 0000  02:51 2019 UTC..
+001dfab0: 3a20 5765 6420 4a75 6e20 2035 2031 393a  : Wed Jun  5 19:
+001dfac0: 3531 3a31 3220 3230 3139 2055 5443 0000  51:12 2019 UTC..
 001dfad0: 0000 0000 0000 0000 0000 0000 0000 0000  ................
 001dfae0: 3045 efff 4045 efff 8045 efff 5045 efff  0E..@E...E..PE..
 001dfaf0: 6045 efff 7045 efff 0000 0000 0000 0000  `E..pE..........

comment:3 Changed 3 weeks ago by gk

Previously we would get "built on: reproducible build, date unspecified".

comment:4 Changed 3 weeks ago by gk

In 1.0.2* we had

#ifdef DATE
# ifdef OPENSSL_USE_BUILD_DATE
        return (DATE);
# else
        return ("built on: reproducible build, date unspecified");
# endif

with

#define DATE "built on: $date"

and

$date = localtime();

but OPENSSL_USE_BUILD_DATE was undefined. It seems they changed the mode to opt into reproducible builds now while it was previously opt-out.

comment:6 Changed 3 weeks ago by boklm

Keywords: TorBrowserTeam201906R added; TorBrowserTeam201906 removed
Status: newneeds_review

There is a patch for review in branch bug_30779:
https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_30779&id=f69e6db516381f992fdc7be98833a962a170e04b

I checked that I get the same result when building openssl twice.

comment:7 Changed 2 weeks ago by gk

Resolution: fixed
Status: needs_reviewclosed

Fixed with commit 3d5f652a3ec9fb44c41e79174f2de28f14ffdbe0 on master (I silently corrected a typo in the commit message to save a round trip).

Note: See TracTickets for help on using tickets.