[tor-bugs] #25619 [Applications/Tor Browser]: The webrtc build downloads and runs a cipd program

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Mar 26 03:32:00 UTC 2018 

#25619: The webrtc build downloads and runs a cipd program
------------------------------------------+----------------------
     Reporter:  dcf                       |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 While doing a build of Tor Browser, I noticed this in logs/webrtc-linux-
 x86_64.log:
 {{{
 Starting build: Sat Mar 24 00:04:29 2018
 Bootstrapping cipd client for linux-amd64 from https://chrome-infra-
 packages.appspot.com/client?platform=linux-
 amd64&version=git_revision:ae28364c740acff97ae118adcb2808b6cb5129c5...
 [0:02:35] Still working on:
 [0:02:35]   src/third_party/icu
 }}}

 `Bootstrapping cipd client` comes from
 [https://chromium.googlesource.com/chromium/tools/depot_tools.git/+/e346e411d56a33575a9818310e73a66f17de3da0/cipd#67
 the cipd program] in depot_tools. I suppose it is being run somehow
 through `gclient sync`. It downloads a program and then runs it with a
 `selfupdate` argument. "cipd" seems to refer to "Chrome infra packages
 (?)".

 I'm not sure what cipd is doing, but if it's downloading software at build
 time, it could potentially break reproducibility. We are already setting
 `DEPOT_TOOLS_UPDATE=0`.

 I saw the message in logs/webrtc-linux-i686.log and logs/webrtc-linux-
 x86_64.log. I did not see it in logs/webrtc-osx-x86_64.log.

 I haven't looked very deeply into this. I'm also experimenting with some
 changes to the webrtc build, but none that should affect this. As a first
 check, does anyone else have the `Bootstrapping cipd client` message in
 logs/webrtc-linux-x86_64.log?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25619>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list