README.md 1.8 KB
Newer Older
Torsten Grote's avatar
Torsten Grote committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47
# Tor Reproducer

This is a tool you can use to verify that the version of Tor
used by [Briar](https://briar.app) was built exactly from the public source code
and no modifications (such as backdoors) were made.

More information about these so called reproducible builds is available at
[reproducible-builds.org](https://reproducible-builds.org/).

The source code for this tool is available at
https://code.briarproject.org/briar/tor-reproducer

## How to use

Make sure the version of Tor you want to verify is included in `tor-versions.json`.

Verify that you have `docker` installed:

    docker --version

If this command does not work,
please [install Docker](https://docs.docker.com/install/)
and continue once it is installed.

### Using our pre-built image

If you trust that our pre-built Docker image was build exactly from *its* source,
you can use it for faster verification.
If not, you can read the next section to learn how to build the image yourself.
Then you are only trusting the official `debian:stable` which is out of our control.

Otherwise, you can skip the next section and move directly to *Run the verification*.

### Building your own image

Check out the source repository:

    git clone https://code.briarproject.org/briar/tor-reproducer.git

Build our Docker image:

    docker build -t briar/tor-reproducer tor-reproducer

### Run the verification

To verify a specific version of Briar, run

48
    docker run briar/tor-reproducer:latest ./build-tor.py [version]
Torsten Grote's avatar
Torsten Grote committed
49

50
Where `[version]` is the version of Tor you want to test, for example `0.3.3.6`.
Torsten Grote's avatar
Torsten Grote committed
51

52
You can find a list of versions in Tor's
Torsten Grote's avatar
Torsten Grote committed
53
[source code repository](https://gitweb.torproject.org/tor.git/refs/).
54 55 56 57
Just remove the `tor-` from `tor-0.3.3.6`.

If you leave out `[version]` it will build the latest version
that was registered in `tor-versions.json`.