Page Not Found
We could not find what you were looking for.
Please contact the owner of the site that linked you to the original URL and let them know their link is broken.
diff --git a/blog/2023-07-14-cwtch-ui-reproducible-builds.md b/blog/2023-07-14-cwtch-ui-reproducible-builds.md new file mode 100644 index 00000000..e752f6e8 --- /dev/null +++ b/blog/2023-07-14-cwtch-ui-reproducible-builds.md @@ -0,0 +1,64 @@ +--- +title: Cwtch UI Reproducible Builds (Linux) +description: "" +slug: cwtch-ui-reproducible-builds-linux +tags: [cwtch, cwtch-stable, reproducible-builds, bindings, repliqate] +image: /img/devlog1_small.jpg +hide_table_of_contents: false +authors: +- name: Sarah Jamie Lewis + title: Executive Director, Open Privacy Research Society + image_url: /img/sarah.jpg +--- + +Earlier this year we talked about the changes we have made to make [Cwtch Bindings Reproducible](https://docs.cwtch.im/blog/cwtch-bindings-reproducible). + +In this devlog we will talk about how the Cwtch UI are currently built, the changes we have made to Cwtch UI to make future distributions verifiable, and the next steps we will be taking to make all Cwtch builds reproducible. + +This will be useful to anyone who is looking to reproduce Cwtch UI builds specifically, and to anyone who wants to start implementing reproducible builds in their own project. + +![](/img/devlog1.png) + + + +## Building the Cwtch UI + +The official Cwtch UI project uses the FLutter framework. The Cwtch UI deliberately tracks the `stable` channel. + +All builds are conducted through the `flutter` tool e.g. `flutter build`. We inject two build flags as part of the official build `VERSION` and `COMMIT_DATE`: + + flutter build linux --dart-define BUILD_VER=`cat VERSION` --dart-define BUILD_DATE=`cat COMMIT_DATE` + +These flags are defined to be identical to Cwtch Bindings. `VERSION` is the latest git tag: `git describe --tags --abbrev=1` and `COMMIT_DATE` is the date of the latest commit on the branch ``echo `git log -1 --format=%cd --date=format:%G-%m-%d-%H-%M` > COMMIT_DATE`` + +All Cwtch UI builds also depend on two external dependencies not managed directly by the flutter project: Tor (implicit as part of the fetchTor scripts) and libCwtch (defined in `LIBCWTCH-GO.version`, and fetched via the fetch-libcwtch scripts). + +The binaries are downloaded via their respective scripts prior to the build, and managed via a separate update process. + +## Changes we made for reproducible builds + +For reproducible linux builds we had to modify the generated `linux/CMakeLists.txt` file to include the following compiler and linker flags: + +* `-fno-ident` - suppresses compiler identifying information from compiled artifacts. Without this small changes in compiler versions will result in different binaries. +* `--hash-style=gnu` - asserts a standard hashing scheme to use across all compiled artifacts. Without this compilers that have been compiled with different default schemes will produce different artifacts +* `--build-id=none` - suppresses build id generation. Without this each compiled artifact will have a section of effectively randomized data. + + +We also define a new [link script](https://git.openprivacy.ca/cwtch.im/cwtch-ui/src/commit/3148a8e0642e51bc59d9eb00ca2b319a7097285a/elf_x86_64.x) that differs from the default by removing all `.comment` sections from object files. We do this because the linking process links in non-project artifacts like `crtbeginS.o` which, in most systems, us compiled with a `.comment` section (the default linking script already removes the `.note.gnu*` sections. + +## Help us go further! + +We couldn't do what we do without all the wonderful community support we get, from [one-off donations](https://openprivacy.ca/donate) to [recurring support via Patreon](https://www.patreon.com/openprivacy). + +If you want to see us move faster on some of these goals and are in a position to, please [donate](https://openprivacy.ca/donate). If you happen to be at a company that wants to do more for the community and this aligns, please consider donating or sponsoring a developer. + +Donations of **$5 or more** can opt to receive stickers as a thank-you gift! + +For more information about donating to Open Privacy and claiming a thank you gift [please visit the Open Privacy Donate page](https://openprivacy.ca/donate/). + +![A Photo of Cwtch Stickers](/img/stickers-new.jpg) + + +## Stay up to date! + +This is not all we have planned for the upcoming months. Subscribe to our [RSS feed](/blog/rss.xml), [Atom feed](/blog/atom.xml), or [JSON feed](/blog/feed.json) to stay up to date, and get the latest on, all aspects of Cwtch development. diff --git a/build-staging/404.html b/build-staging/404.html index bbe55182..b4db145a 100644 --- a/build-staging/404.html +++ b/build-staging/404.html @@ -12,13 +12,13 @@ - - + +
We could not find what you were looking for.
Please contact the owner of the site that linked you to the original URL and let them know their link is broken.