[tor-bugs] #18331 [Tor Browser]: Update OS X toolchain to work with ESR 45

Wed Apr 13 09:27:36 UTC 2016

#18331: Update OS X toolchain to work with ESR 45
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  boklm
     Type:  task                                 |         Status:
 Priority:  High                                 |  needs_revision
Component:  Tor Browser                          |      Milestone:
 Severity:  Major                                |        Version:
 Keywords:  tbb-gitian, ff45-esr,                |     Resolution:
  TorBrowserTeam201604R                          |  Actual Points:
Parent ID:  #18226                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * status:  needs_review => needs_revision

Comment:

 Replying to [comment:18 boklm]:
 > Replying to [comment:17 gk]:
 > > Hm.. Are we really able to get rid of `faketime` here? Back then when
 I cleaned up the respective Linux descriptor I had the same idea but,
 after testing, realized that we still need it for zipping up the results.
 I just re-run the same tests on an LXC box and again preloading
 libfaketime is needed. I actually don't see a difference in this regard in
 the OS X related descriptor. Thus, I am inclined to do the same here. I
 can probably test whether that really matters later.
 >
 > Are you talking about the tor-mac64-gbuilt.zip, or the final .mar and
 .dmg files?
 >
 > I checked that the .mar and .dmg files we create are reproducible, but
 indeed the intermediary tor-mac64-gbuilt.zip includes timestamps.

 Just the .zip file. Ah, end we are not exposing that one to the public.
 So, we might be fine here. Could you add that reasoning to the commit
 message to make it easier to follow our reasoning?

 > We can maybe add a `find $@  -exec touch --date="$REFERENCE_DATETIME" {}
 \;` in `build-helpers/dzip.sh` to get rid of those timestamps without
 relying on faketime.

 That might be a good idea, generally, but I think this should be a
 different ticket. Mind to file one?

 > >
 > > Regarding the fixup I wonder whether that is a gitian-builder issue as
 well and should be fixed there, too, (like the sudo thing). I mean both
 KVM and LXC are using clean Debian Wheezy VMs and there should be no
 reason this descriptor fixup is needed for KVM but not for LXC.
 >
 > I think the reason is that on Debian wheezy, `/sbin:/usr/sbin` is not
 added to the `PATH`, except for login shells. In the case of LXC, the
 commands are run using something like `lxc-execute -- sudo -u $TUSER -i --
 [command]`, with sudo's -i option to use a login shell. In the case of
 KVM, the commands are run using `ssh $TUSER at localhost [command]` which
 doesn't use a login shell. I'm not sure how to change the ssh command to
 make it use a login shell.

 Okay, then let's leave this fix in tor-browser-bundle for now. Could you
 add a comment/hint why we need this as well?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18331#comment:19>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online