Author

Topic: need to check that binaries are generated from the exact source code (Read 1422 times)

newbie
Activity: 33
Merit: 0
Good hearing that, BlueMatt.
hero member
Activity: 755
Merit: 515
Cool!

Does that also work for the Windows version? (whose users are the biggest consumers of binaries, probably)
Yes, hopefully crosscompiling via MinGW will be used for the Windows version (it works now, but needs to be implemented in the new build process).  However, AFAIK its not doable for Mac.  If anyone knows of a way to do deterministic building, please contact me or devrandom.
hero member
Activity: 812
Merit: 1022
No Maps for These Territories
Cool!

Does that also work for the Windows version? (whose users are the biggest consumers of binaries, probably)
hero member
Activity: 755
Merit: 515
He makes a good point and it is going to be fixed in 0.4.0.  For the next release, there will be a build script (put together by devrandom) which builds bitcoin deterministically and signs the results meaning 1. anyone can build bitcoin and get the exact same binary as a result and 2. the releases are made by having trusted developers sign the results so that no central authority has "the keys" to everyone's binaries.  All this said, you can currently audit the build as Gavin posts ec2 instances on each release which you can bootup and build bitcoin/check the system (if you have an EC2 account). 
hero member
Activity: 812
Merit: 1022
No Maps for These Territories
You're right, that makes sense.

But speaking from experience, it will be very difficult though to exactly reproduce a compilation environment. Getting the same targets is incredibly hard. A small unrelated difference in a .h file in some vague dependency can have impact on the optimisation process resulting in slightly different executable.

For some compilers, even the time and date (of the source files) and who knows, phase of the moon could matter Tongue

You could package the build environment as a VMWare/Virtualbox image and distribute that. But that'd only be legal for Linux. Also, how can you be sure that hasn't been tampered with. Hmm...

Edit: another solution would be to completely implement the bitcoin client in a readable language such as Python, that doesn't need a compile chain. Verifying is then a piece of cake. But where do you get the Python interpreter from...

Short story: just compile it yourself with your own trusted tools, ignore the posted binaries

newbie
Activity: 33
Merit: 0
I think what he's trying to say is that a random user can compile the program and say "Hey, i added X feature to bitcoin, try it!".

While in fact it had code that copies wallet.dat and send it to a remote server for someone else's use or directly sending the coins to a 'new' address.
No, I'm talking about the main version of bitcoin. You can't know that the person who compiled it didn't modify the code a bit just before doing so.
full member
Activity: 126
Merit: 100
I think what he's trying to say is that a random user can compile the program and say "Hey, i added X feature to bitcoin, try it!".

While in fact it had code that copies wallet.dat and send it to a remote server for someone else's use or directly sending the coins to a 'new' address.
newbie
Activity: 33
Merit: 0
But if you went through all those steps to check the binary, you have built it yourself. So why not build it from source in the first place?


We would not be checking it for ourselves but for all the other people using bitcoin.
Maybe you are using the precompiled version. How do you know it doesn't have a backdoor? You don't! because nobody is checking.
hero member
Activity: 812
Merit: 1022
No Maps for These Territories
But if you went through all those steps to check the binary, you have built it yourself. So why not build it from source in the first place?

newbie
Activity: 33
Merit: 0
There is obviously a need to check that the bitcoin binary is indeed produced by building the source code which has (hopefully) been thoroughly checked. Otherwise someone could potentially introduce a backdoor to for instance steal bitcoins. This is especially important since I suppose most people using bitcoins do not bother with compiling it and as we gather more users, there will be more and more people using the precompiled binary.

To quote the README.md file:
Quote
The master branch is regularly built and tested (by who? need people willing to be quality assurance testers), and periodically pushed to the subversion repo to become the official, stable, released bitcoin.

In order to check the binary we need to be able to reproduce it exactly from the source. For that, we need to know the exact version of the compiler used, the exact version of the libraries used, a script that reproduces every step of the building process (modifications to the makefile, stripping debug symbols, ...), and anything else that I may have forgotten.
So please, whoever is in charge of creating the compiled packages (Gavin Anderson?), give us all the information needed to check them.
Jump to: