Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Binary release from github #774

Open
fph opened this issue Feb 16, 2025 · 5 comments
Open

Binary release from github #774

fph opened this issue Feb 16, 2025 · 5 comments
Assignees
@devzbysiu

Comments

@fph
Copy link

fph commented Feb 16, 2025

Would it be possible to set up a build process on Github, and release a .deb / .rpm package directly in the Github release? This would allow a security-concerned user to install your package without trusting your binary repositories and your build (which as far as I understand is not reproducible.
@devzbysiu
Copy link
Contributor

Hi, regarding having the build process on GitHub, there was a discussion about this, but it was decided no to do it this way. We have self-hosted CI solution that gives us full control during build and the produced packages are also signed.

Regarding reproducible builds, we actually have a reproducible build on our CI. Please keep in mind that the build process on CI and building manually from GitHub repository is a different process.

If you prefer to have full control here, then you can build the app on your own following the instructions here.

Let us know in case of any further questions

@fph
Copy link
Author

fph commented Feb 17, 2025
edited
Loading

Thanks. What do you mean with "Please keep in mind that the build process on CI and building manually from GitHub repository is a different process"? Do they not produce the same files byte-by-byte? If so, are there instructions to reproduce the build in your repositories byte-by-byte?

@devzbysiu
Copy link
Contributor

So basically there are proprietary parts and protocols we don't want to have open-sourced, e.g. NordWhisper, remote configuration libraries and others. These libraries won't be linked to the final application when build from source so it's not possible to have an artifact that is byte-by-byte as the app we have in repositories

@fph
Copy link
Author

fph commented Feb 18, 2025

Is it at least possible to use only the open source Github code to connect to your VPN, or are these proprietary extensions required? There was a big announcement stating that the Linux client is open source, but now you are writing that there are proprietary parts. This seems problematic. I would like to use my open source VPN client without having to run untrusted binaries; is there a way to do that?

@devzbysiu
Copy link
Contributor

Hi, sorry for the delayed response. Yes, it's totally possible. We are maintaining two "types" of build - one, the internal, with proprietary parts and second - public build from source, without proprietary parts. You can build from source and you'll have fully working application which is able to connect to our servers.
You'll loose the functionality of the proprietary libraries, but feature-wise it's only NordWhisper protocol right now

@devzbysiu devzbysiu self-assigned this Feb 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@devzbysiu devzbysiu

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fph @devzbysiu