Opened 6 weeks ago

Last modified 13 days ago

#31650 needs_review enhancement

pre-crunch and pre-strip PNG in tor-service-android to make it reproducible

Reported by: eighthave Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, TorBrowserTeam201910R
Cc: sysrqb, sisbell, gk, n8fr8 Actual Points:
Parent ID: #31042 Points:
Reviewer: Sponsor:

Description

PNG crunching is not a deterministic process, especially the way aapt does it. This makes the builds not reproducible. The easy solution to this is to pre-crunch the PNGs and commit them to git. This also uses exiftool to strip any metadata from the PNG. This then disables running the crunch as part of the gradle build process.

https://medium.com/@duhroach/smaller-pngs-and-android-s-aapt-tool-4ce38a24019d

I have submitted this upstream to Orbot:
https://github.com/guardianproject/orbot/pull/252

And it is here in my tor-android-service-fork:
https://gitlab.com/eighthave/tor-android-service/commits/png-pre-compress

Once it is merged, someone will need to do:

$ sudo apt install exiftool zopfli
$ cd /path/to/tor-android-service
$ ./tools/png-pre-compress

Then commit all the changed PNGs.

Child Tickets

Attachments (1)

0001-manually-use-aapt-singleCrunch-for-reproducible-buil.patch (1.6 KB) - added by eighthave 6 weeks ago.

Download all attachments as: .zip

Change History (4)

comment:1 Changed 6 weeks ago by eighthave

Component: ApplicationsApplications/Tor Browser
Owner: set to tbb-team
Status: newneeds_review

comment:2 Changed 6 weeks ago by gk

Keywords: TorBrowserTeam201909R added

comment:3 Changed 13 days ago by pili

Keywords: TorBrowserTeam201910R added; TorBrowserTeam201909R removed

We're now in October, moving September outstanding reviews to October

Note: See TracTickets for help on using tickets.