Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 25 Apr 2016 19:35:46 -0400
From: Rich Felker <dalias@...c.org>
To: Daniel Simon <ddanielsimonn@...il.com>
Cc: tor-dev@...ts.torproject.org, musl@...ts.openwall.com
Subject: Re: Tor Browser Bundle on musl libc systems

On Mon, Apr 25, 2016 at 01:24:22PM -0300, Daniel Simon wrote:
> Hi,
> 
> the Tor Browser Bundle binaries available at
> https://dist.torproject.org/torbrowser/5.5.4/ do not run on
> musl-libc-based systems, like Void Linux, Alpine Linux, and other
> Linux distributions.
> I believe that's the case because the Tor Browser Bundle binaries are
> compiled dynamically to glibc, making them fail when ran on systems
> that any other libc.
> I'm sending this message to the Tor mailing list and to the Musl
> mailing list, so we can together find a solution.
> 
> I think there are 4 possible solutions:
> - the tor developers can provide binaries built with musl libc
> - the tor developers can provided statically compiled binaries (with
> any libc, but musl is especially good for this). These statically
> compiled binaries would run on any system independently of the libc.
> - the musl libc developers could identify why the binaries fail on
> musl and try to add compatibility
> - Linux distributions that use musl libc could figure out how to
> compile the Tor Browser Bundle from source and provide binaries
> themselves
> 
> What does everyone think about these possible solutions? Which one is
> the best? Are there any others you can think about?

Running entire giant programs that were dynamically linked against
glibc on musl is usually beyond the capability of the limited
binary-compat, and not something we would want to try to guarantee
works; the binary-compat is mainly intended for isolated binary blobs
like flash player (eew) and some simple proprietary programs.

IMO static linking with musl would be a great fit for Tor Browser,
reducing risks of information about the host system's library
ecosystem leaking out onto the network and possibly even making the
same binaries usable on BSDs with a Linux-compat syscall layer.
I thought getting it to build on musl might take significant initial
work, but Daniel seems to have already had good luck with that.

If the Tor project is interested in this and needs any assistance from
the musl side, just let us know.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.