[guardian-dev] Testers wanted: otrfileconverter for Windows
Tom Ritter
tom at ritter.vg
Mon Aug 12 17:06:51 EDT 2013
On 12 August 2013 14:05, Abel Luck <abel at guardianproject.info> wrote:
> Could you describe how the build process would work with the tools you
> described? How exactly would the .NET dependency fit in?
So basically you'd commit the Visual Studio project files (like this:
https://github.com/tomrittervg/Sprocket) and then anyone else could
open the project files. Ctrl+Shift+B and it's built. .Net is much
more friendly than Win32 Visual Studio Projects, I promise. The .Net
Runetime is based around AVOIDING dll hell. I'd set it up so it
used a Visual Studio Express version, which is free.
The .Net dependency is basically the computer has to have .Net
installed. Vista+ ships with .Net 2, and while I'd prefer to get all
the fancy features of 3.0, 4.0, or 4.5 - you can still work with 2.0.
http://stackoverflow.com/questions/909516/what-version-of-net-ships-with-what-version-of-windows
The distribution would be a zip folder with the .exe and 4-5
supporting dlls. You could use IronPython (http://ironpython.net/) to
import the existing python code (probably with a little refactoring)
and run it hosted in the .Net app, to share logic.
> The current build process is complicated, because we choose to build
> some dependencies from source that don't offer verifiable downloads.
> Ideally I'd like to build all such components from source if necessary.
So I think the dependencies would be:
- IronPython (probably not built from source, but potentially)
- openssl (needed for your python code)
- pycrypto (needed for your python code)
Building OpenSSL on windows is a bitch. It requires it's own
toolchain, and .Net won't help there. What is it you need openssl
for anyway?
> Moreover, the current build process can be executed on Linux using wine,
> which means we can produce builds on our continuous integration box and
> secure release build box.
Yea, you're not going to build it on Linux with Visual Studio.
Similarly, there's no mechanism for deterministic builds in .Net.
Although... maybe... I'd basically have to build a new flavor of
gitian for .Net, which might be possible. When you compile C#, you
don't compile it to assembly, you compile it to an intermediate
language called IL, and then the .Net runtime on what OS interprets
that into bytecode as runtime (just like java).
(If that makes you wonder "Hm, could I make a managed code rootkit
that interprets the application malicious, the answer is yes, and it's
been done, although I've never heard of it being weaponized.)
So I'm not sure if Visual Studio is the right path... but my main
desktop is Windows, and I shudder at the contortions Linux users put
themselves through to compile on Windows. A lot of it depends on your
requirements (allowing duplicated logic vs explicitly forbidding it;
having a native OS GUI vs some ugly cross-platform shim).
-tom
More information about the Guardian-dev
mailing list