[Whonix-devel] [Pkg-privacy-maintainers] Mixed kloak anti keystroke / mice deanonymization tool package or better two separate packages?

Patrick Schleizer patrick-mailinglists at whonix.org
Fri Jan 20 17:22:00 CET 2017


Hi Ulrike!

u:
>> kloak is an anti keystroke deanonymization tool. [1]
>> [1] https://github.com/vmonaco/kloak
> 
> Looks cool.
> 
> I only had a quick look at the packaging, but I did not look in detail,
> so forgive me any stupid questions.

Your welcome, you noticed a valid issue that is now fixed.

> In the Debian packaging you are currently using faketime
> (https://github.com/vmonaco/kloak/blob/master/debian/gain-root-command)
> I never had to package anything that way, so I wonder if the aim here is
> to make this package reproducible? If yes, this might be worth a read:
> https://wiki.debian.org/ReproducibleBuilds/TimestampsProposal#Last-resort_using_faketime
> and https://reproducible-builds.org/docs/timestamps/ (using
> SOURCE_DATE_EPOCH).
> 
> And I wonder why you would need to call fakeroot that way? Is this for a
> local build, instead of a build in a chroot?
> 
> But maybe I misunderstand the use of the gain-root-command file though.

Yes, faketime was used to make the package reproducible. But since
stretch this is no longer required. I just now submitted a pull request
to remove the cruft. [1] (The package is lintian --pedantic clean and
reproducible on my local machine in so far as it always has the same
hash sum, but I haven't used rebuild.sh yet.)

Cheers,
Patrick

[1] https://github.com/vmonaco/kloak/pull/9



More information about the Whonix-devel mailing list