[tbb-bugs] #31564 [Applications/Tor Browser]: Android bundles based on ESR 68 are not built reproducibly anymore

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Sep 27 20:11:08 UTC 2019 

#31564: Android bundles based on ESR 68 are not built reproducibly anymore
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-9.0-must-alpha,                  |  Actual Points:
  TorBrowserTeam201909, GeorgKoppen201909        |
Parent ID:  #30324                               |         Points:  5
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by sisbell):

 So the buster/openjdk-8 part of the build works perfectly now. But when I
 get to tor-browser project, I get a failure with apktool 2.4 (the one
 packaged for buster).

 {{{
 W: aapt: brut.common.BrutException: brut.common.BrutException: Could not
 extract resource: /prebuilt/linux/aapt_64 (defaulting to $PATH binary)
 W: res/drawable-v21/$avd_hide_password__0.xml: Invalid file name: must
 contain only [a-z0-9_.]
 W: res/drawable-v21/$avd_hide_password__1.xml: Invalid file name: must
 contain only [a-z0-9_.]
 }}}

 So the question becomes why does the 2.4 apktool downloaded from repo
 work, but the one packaged in buster doesn't?

 The downloaded one which works:

 {{{
 Apktool v2.4.0 - a tool for reengineering Android apk files
 with smali v2.2.6 and baksmali v2.2.6
 }}}

 The one included in buster (which is busted)


 {{{
 Apktool v2.4.0-dirty - a tool for reengineering Android apk files
 with smali v2.2.7-debian and baksmali v2.2.7-debian
 }}}

 However when I check /usr/share/java directory, I see smali version 2.2.3.
 This doesn't match 2.2.7 version the tool says its using.  2.2.3. is the
 same version of smali included in stretch. So the smali dependencies are
 the same in stretch/buster

 -rw-r--r--  1 root root  127604 Jul 22 00:53 baksmali-2.2.3.jar
 -rw-r--r--  1 root root  292694 Jul 22 00:53 smali-2.2.3.jar
 -rw-r--r--  1 root root   26148 Jul 22 00:53 smali-util-2.2.3.jar
 -rw-r--r--  1 root root 1037269 Jul 22 00:53 dexlib2-2.2.3.jar

 The resource causing the problem is a resource in a google material-ui
 library that firefox doesn't use. So I considered shrinking the resources
 during the build, but due to the implementation of Firefox on Android,
 which uses a dynamic lookup of resource ids, the shrink resource option is
 not enabled.
 https://bugzilla.mozilla.org/show_bug.cgi?id=1229269

 So this effectively blocks the use of apktool packaged with buster.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31564#comment:44>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list