Opened 11 months ago

Last modified 4 months ago

#32523 new enhancement

Consider building tor-browser-build containers with Bitcoin Core's Guix-based system

Reported by: JeremyRand Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-rbm, tbb-security, TorBrowserTeamTriaged, gitlab-tb-tor-browser-build
Cc: gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Bitcoin Core recently merged a PR from Carl Dong (from Chaincode Labs) that allows building Bitcoin Core using containers that are constructed via GNU Guix, instead of using an OS ISO or debootstrap. This provides better security against supply-chain attacks by reducing the amount of trusted binary code used to bootstrap the build system. Bitcoin Core intends to use Carl's system as a replacement for Gitian.

It would be interesting to investigate whether tor-browser-build could transition to constructing its containers via Bitcoin Core's new system instead of using debootstrap.

A talk that Carl gave at Breaking Bitcoin about the new system is here:

A transcript of Carl's talk (transcribed by Bryan Bishop) is here:

Here's the PR that Carl submitted to Bitcoin Core:

And here's the documentation in Bitcoin Core's master branch:

GNU/Linux targets are already working and are merged; macOS and Windows are working as well but I think Carl hasn't gotten those merged to Bitcoin Core yet. I have no idea what the situation is with Android/Linux.

Bitcoin Core isn't yet using Carl's system to build their official binaries, so it might be wise for Tor to let Bitcoin Core torture-test the code a bit in production first, but it does look like a very nice system, and it would be great to see it used for Tor Browser in the future.

Child Tickets

Change History (6)

comment:1 Changed 11 months ago by gk

Keywords: tbb-rbm tbb-security added

comment:2 Changed 11 months ago by sysrqb

Keywords: TorBrowserTeamTriaged added

comment:3 Changed 8 months ago by gk

Cc: gk added

comment:4 Changed 8 months ago by dongcarl

I'd be happy to answer questions and offer assistance if anyone wants to take the lead here. From my understanding this was proposed as a GSoC candidate?

comment:5 Changed 8 months ago by JeremyRand

Hi Carl,

I suggested it as a potential entry for the GSoC ideas list a while back, subject to whether there was an available mentor and whether the Tor Browser devs considered it a good usage of GSoC time. I don't know what happened after that initial discussion, if anything. I think Pili might know more about the current status.

comment:6 Changed 4 months ago by gk

Keywords: gitlab-tb-tor-browser-build added

Add magic gitlab keyword.

Note: See TracTickets for help on using tickets.