# [% c("var/Project_Name") %] [% c("var/torbrowser_version") %] is a reproducible build

Each stable or alpha release of [% c("var/Project_Name") %] is built by at least
two members from the team, to check that the build is reproducible.

You can also build it yourself and check that you get a matching build,
and this text file should give you basic informations to do that.
[% IF c("var/nightly") -%]

In the case of nightly builds however, we don't check that the build is
reproducible, and doing that can be difficult given that the build is
using the latest commit of some of its components, which can change at
any time. In theory two builds started around the same time should get
the same sets of commits, and produce the same build.
[% END -%]

You can learn more about Reproducible Builds in general on
https://reproducible-builds.org/.


Build details
-------------

version: [% c("var/torbrowser_version") %]
build number: [% c("var/torbrowser_build") %]
build type: [% c("var/channel") %]
git url: https://gitlab.torproject.org/tpo/applications/tor-browser-build/
[% IF ! c("var/nightly") -%]
git tag: [% c("var/tor_browser_build_git_tag") %]
[% END -%]
git commit hash: [% c("var/tor_browser_build_git_commit") %]


Preparing a build
-----------------

[This part should list resources required for building, and dependencies
that need to be installed]


Starting a build
----------------

### Checkout the right commit

Before starting the build you should checkout the right commit:

  git checkout [% c("var/tor_browser_build_git_commit") %]

Alternatively you can use the git tag after verifying its signature:

  git tag --verify [% c("var/tor_browser_build_git_tag") %]
  git checkout [% c("var/tor_browser_build_git_tag") %]

### Start the build

  make [% c("var/projectname") %]-[% c("var/channel") %]

### Generate incremental mar files

  make [% c("var/projectname") %]-incrementals-[% c("var/channel") %]


Verifying a build
-----------------

[This part should explain how to check that the generated sha256sums
files match the upstream build]


Comparing signed with unsigned build
------------------------------------

[This part should explain how to remove signature from exe and mar
files to compare them with the unsigned build]

