On Thu, Sep 12, 2019 at 10:50 AM Hans-Christoph Steiner hans@guardianproject.info wrote:
Hey all,
I'm currently working on tor for Android as part of a Guardian Project project. One key goal is making a shareable, reproducible build process for the tor daemon for Android. Then this would be published to MavenCentral as an Android AAR package to be used in all the apps that include tor (Tor Browser, Orbot, Briar, Thali, etc). I have cleaned up the existing build process a lot, so now I'm down to troubleshooting reproducible issues.
So we're clear on the expectations and goals of this, you're working on compiling Tor reproducibly without using rbm, correct? And are you imagining the Guardian Project would build and upload these packages to MavenCentral, as part of your work?
I wonder if extracting tor binaries and shared libraries from tor-browser-build (or another project on top of rbm) is an easier route, in the longer term. I don't know what issue you'll find when you begin diving into the differences between builds (if there are any, at all).
Overall, I think this is a great plan and I'd like to see more applications bundled with Tor (and CalyxOS is exciting). However, as Georg already mentioned, this may not be something that fits into Tor Browser in the future.