Document how to verify reproducibility of build of a mullvad/tor browser release
About the project
- Contact: @boklm
- Chat: #tor-browser-dev on
irc.oftc.net
- Video room: no
Participants
Summary
I think many users don't know that our builds are reproducible, or how they can rebuild to verify that they get a matching build.
We could generate a reproducible-build.txt
file in the release directory containing the following informations:
- which git repository to clone
- which commit to checkout
- which command to use to start the build
- which sha256sums to expect after the build finished
- how to remove embedded signatures from exe and mar files we publish to check that they match the unsigned build
Skills
Need to know how to build Tor Browser.