Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Full path of build path is leaked in libnunchuk-android.so file #6

Open
emanuelb opened this issue Jan 4, 2023 · 2 comments
Open

Full path of build path is leaked in libnunchuk-android.so file #6

emanuelb opened this issue Jan 4, 2023 · 2 comments

Comments

@emanuelb
Copy link

emanuelb commented Jan 4, 2023

from strings diff of libnunchuk-android.so from nunchunk apk downloaded from GooglePlay and apk built with Cotnainerfile at: #1 (comment)

< /Users/khacthong.le/Documents/Personal/nunchuk-android-nativesdk/src/main/native/libnunchuk/embedded/../contrib/bitcoin/src/prevector.h
---
> /home/appuser/app/nunchuk/nunchuk-android-nativesdk/src/main/native/libnunchuk/embedded/../contrib/bitcoin/src/prevector.h
52985c52972
< /Users/khacthong.le/Documents/Personal/nunchuk-android-nativesdk/src/main/native/libnunchuk/src/nunchukimpl.cpp
---
> /home/appuser/app/nunchuk/nunchuk-android-nativesdk/src/main/native/libnunchuk/src/nunchukimpl.cpp

full build path leakage is a issue cause:

  1. for local builds it might leak username (/home/username) or other information like khacthong.le and appuser in above examples.
  2. it makes the build non reproducible when different build-path is used (build path variations break reproducibility)
  3. to reproduce current build it require using a directory which only root user can create on linux /Users/ (in case it can be reproduced on linux)
  4. fdroid.org builds are using /home/vagrant/ as path as they built using vagrant in regular user, and fdroid can use upstream APK directly only if it's reproducible in their build server.

the build process shouldn't write above full paths lines to output (no path at all or relative path to project root dir like src/main/native/libnunchuk/src/nunchukimpl.cpp)

this can be fixed by using -prefix-map options, details in: https://reproducible-builds.org/docs/build-path/

as current apk built with clang 9, it might require fixing first #4 (increase the ndk version used to latest supported) in case -fmacro-prefix-map should be used (which require clang > 10)
This was referenced Jan 4, 2023
Closed
Closed
@JayceLuong
Copy link
Collaborator

I updated ndk version to latest, could you show me how to fix the issue related to leak the build path

@emanuelb
Copy link
Author

emanuelb commented Jan 7, 2023

Add -ffile-prefix-map to the clang invocations such as -ffile-prefix-map=${pwd}=. (instead of . a path like /src can be used too) and instead of pwd a variable that will point to local nunchuk-android-nativesdk (in case during the compilation command the current directory can be different) such as (examples of the content the variable should have in different setups)
/Users/khacthong.le/Documents/Personal/nunchuk-android-nativesdk/src/main/native
or
/home/appuser/app/nunchuk/nunchuk-android-nativesdk/src/main/native

for more details about the option: https://reproducible-builds.org/docs/build-path/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@emanuelb @JayceLuong