README.md 4.07 KB
Newer Older
Torsten Grote's avatar
Torsten Grote committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
# Briar Reproducer

This is a tool you can use to verify
that [Briar](https://briar.app) was built exactly from the public source code
and no modifications (such as backdoors) were made.

It works by building the app deterministically in a controlled standard environment
and comparing the result to the [official APK file](https://briarproject.org/download.html).

More information about these so called reproducible builds is available at
[reproducible-builds.org](https://reproducible-builds.org/).

The source code for this tool is available at
https://code.briarproject.org/briar/briar-reproducer

## How it works

We are using the Docker container technology to create a controlled and stable environment.
Our image is based on the official Debian stable image
and installs a minimum of software required to build Briar
and to compare the result with the official APK files.

You can find all software that gets installed in the `install*.sh` files.

Then there are two Python scripts.
`reproduce.py` is downloading the official APK
and the source code from the official git repository.
It builds a new APK from the source code
and then hands over to `verify-apk.py`.

This script verifies that the official APK
and the newly-built one are identical bit by bit.
It does so by repacking both APKs in a deterministic way
stripping both the Android v1
and [v2 signature](https://source.android.com/security/apksigning/v2)
from the APK so that only the contents can be are compared.

Both repacked APKs are then hashed with SHA512.
If their hashes are the same, the contents are identical
and we know that the official APK was built from the exact same source.
If the hashes differ,
[diffoscope](https://diffoscope.org/) is used to show where both versions differ.

## How to use

Verify that you have `docker` installed:

    docker --version

If this command does not work,
please [install Docker](https://docs.docker.com/install/)
and continue once it is installed.

### Using our pre-built image

If you trust that our pre-built Docker image was build exactly from *its* source,
you can use it for faster verification.
58
59
If not, you can read the next section to learn how to build the image yourself.
Then you are only trusting the official `debian:stable` which is out of our control.
Torsten Grote's avatar
Torsten Grote committed
60

61
Otherwise, you can skip the next section and move directly to *Run the verification*.
Torsten Grote's avatar
Torsten Grote committed
62
63
64
65
66
67
68
69
70

### Building your own image

Check out the source repository:

    git clone https://code.briarproject.org/briar/briar-reproducer.git

Build our Docker image:

Torsten Grote's avatar
Torsten Grote committed
71
    docker build -t briar/reproducer briar-reproducer
Torsten Grote's avatar
Torsten Grote committed
72
73
74

### Run the verification

75
76
77
78
79
Currently, the verification needs `disorderfs` as a deterministic file-system.
Therefore, please make sure that `fuse` is installed on your host system.

    apt install fuse

Torsten Grote's avatar
Torsten Grote committed
80
81
To verify a specific version of Briar, run

82
    docker run --cap-add SYS_ADMIN --device /dev/fuse briar/reproducer:latest ./reproduce.py [tag]
Torsten Grote's avatar
Torsten Grote committed
83
84
85
86
87
88

Where `[tag]` is the git tag (source code snapshot) that identifies the version
you want to test, for example `release-1.0.1`.

You can find a list of tags in Briar's
[source code repository](https://code.briarproject.org/akwizgran/briar/tags).
89
90

The `SYS_ADMIN` capability and the `fuse` device are required,
91
92
so the container can build the app inside a `disorderfs` which shuffles the filesystem.

93
94
If the build fails with `fuse: mount failed: Permission denied`, you may need to add the argument `--security-opt apparmor:unconfined` to the Docker command.

95
96
## Historical Changes

97
98
99
100
* Before version `1.4.2`, Briar was build using Java 8. Newer release are built with Java 11
  which produces different byte code breaking reproducibility
  An [old version of briar-reproducer](https://code.briarproject.org/briar/briar-reproducer/tags/pre-1.4.2)
  can be used to verify these releases.
101
102
103
104
105
* Before version `1.1.7`, Briar needed a deterministic files system
  to work around an [Android build system bug](https://issuetracker.google.com/issues/110237303)
  which broke reproducibility.
  An [old version of briar-reproducer](https://code.briarproject.org/briar/briar-reproducer/tags/pre-1.1.7)
  can be used to verify these releases.