[guardian-dev] deterministic, repeatable build of LilDebi

Michael Rogers michael at briarproject.org
Wed Apr 16 15:45:20 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 14/04/14 01:51, Hans of Guardian wrote:
> I ran this on Ubuntu/precise/amd64 and Debian/wheezy/amd64 using
> openjdk-7, the most recent Android SDK (updated a weekish ago) and
> NDK r9d.

I ran the previous build on Debian/squeeze/i386 - I'm now running
Debian/wheezy/i386, and I've upgraded to openjdk-7 and the latest
Android SDK and NDK.

> assets/debootstrap.tar
> 
> Hmm, this would take some troubleshooting.  Its unpacking the
> Debian package and repacking it, so it should be deterministic.  I
> use vbindiff and bsdiff to check what the differences are.  Perhaps
> different versions of GNU tar?

The difference was due to permissions inside the tar file; adding
- --same-permissions to the tar command on line 36 of
external/debootstrap/Makefile solved the problem.

> assets/busybox
> 
> This is built with the NDK, so NDK differences would come into play
> here.

This still differs, I guess because I'm building on i386.
Unfortunately I don't have a 64-bit machine to test on - do you have a
32-bit machine, or is it possible to run a 32-bit VM on a 64-bit

> classes.dex
> 
> Until I switched both machines to use openjdk-7, this file was
> different for me.  I'm using 7u51-2.4.4-0ubuntu0.12.04.2 and
> 7u25-2.3.10-1~deb7u1

This no longer differs now I've switched to openjdk-7.

Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJTTt3QAAoJEBEET9GfxSfMFBAH/jIbH2rovWvNYyLsYXUn0xg2
b86S335rNZuqRHyjV7OUSYd6qP4bh0YlN5YKmpZfKQrsJmJPle+C/lyy7D8Fin7A
n8BbQvfuVYqwpMiUB+aUcxBTu1Jk8g106J/AgDDcsPJ2G5aLC8bgGK3RFJon2mW8
OyxPazGi+tFG0Z0rWbAqVjD9rQUJBZsK9dGoISHvndzDnx6zfem/0n+VDfGdlebX
znE67aTZxnFr1Q16EvRmwfE9/b0PgqtwCgU6oW9zqyBPjlxyoxS5L8/bTc7u5Zj0
Er5DnALIqRec839t2dMCnAl/nxgYsYQ1j2kqxWnxvS11Y9HtsFBJ59gcQv5y4Rc=
=MomG
-----END PGP SIGNATURE-----


More information about the Guardian-dev mailing list