Opened 8 years ago

Closed 8 years ago

#4984 closed defect (fixed)

remove build detritus from tbb releases

Reported by: phobos Owned by: erinn
Priority: Medium Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


from a tor-talk email:
I located some hidden files in the extracted tbb/linux, current version,
directories, are these common files or rogue and what generates these

Within the Lib directory:

size / name / sha1sum

1264 .shared-library-name-list

808 .shared-library-rename-action-list

Within the Lib/libz directory:

size / name

83 .shared-library-name-list

56 .shared-library-rename-action-list

Contents of the Lib hidden files:

Lib$ cat .shared-library-name-list
{ link} { link} { link}
{ file {}} { link}
{ link} { link} { file {}} { link} { link}
{ link} {
file {}} { link} { link} { link}
{ file {}} { link}
{ file {}} { link} { file {}} { link} { link} { file {}}
{ link}
{ link}
{ file {}} { link} { link}
{ link} { file {}}
{ link} { file {}}ubuntu

Lib$ cat .shared-library-rename-action-list
{rm} {rm} {mv} {rm} {rm} {rm}
{mv} {rm} {rm} {rm} {mv} {rm} {rm} {rm} {mv} {rm}
{rm} {rm} {mv} {rm} {rm} {mv} {rm}
{rm} {mv} {rm} {rm} {rm} {mv} {rm}ubuntu

Contents of the Lib/libz hidden files:

Lib/libz$ cat .shared-library-name-list
{ link} { link} {
file {}}ubuntu

Lib/libz$ cat .shared-library-rename-action-list
{rm} {rm} {mv}ubuntu

Do other tor user's tbb/linux extracted directories contain these, too?
What are they?

Child Tickets

Change History (5)

comment:1 Changed 8 years ago by rransom

Status: newneeds_information


Do you have a valid reason for removing these files from TBB for Linux?

comment:2 Changed 8 years ago by keb

the bundle may be the only package most people will get ahold of so it should appear trustworthy and foster the Tor Project collaborative culture. so if there are "hidden" files they should be either documented within the bundle README or removed before release.

comment:3 Changed 8 years ago by mikeperry

Component: Tor BrowserTor bundles/installation
Owner: changed from mikeperry to erinn
Status: needs_informationassigned

@keb: agree. The whole build process should be documented as well.

However, this is Erinn's dept.

comment:4 Changed 8 years ago by rransom

Status: assignedneeds_review

See bug4984 ( bug4984 ) for a patch to add explanatory comments to remove-shared-lib-symlinks's debug-dump files, so there will be absolutely no excuse for asking whether two small text files might be ‘rogue’ in a directory full of multi-megabyte binaries.

Removing these files is not an option -- I found #3801 (a sign that some TBBs did not contain what their documentation claimed they did) and #3906 (a major security problem) by looking at shared library names in the distributed TBBs. It's bad enough that we have to rename the shared libraries at all.

comment:5 Changed 8 years ago by erinn

Resolution: fixed
Status: needs_reviewclosed

Thanks, rransom. I've merged your branch and it's in the release that's going out tonight. Closing.

Note: See TracTickets for help on using tickets.