We have received the Mozilla Open Source Support award in order to make Tails ISO images build reproducibly. This project was on our roadmap for 2017 and with the release of Tails 3.3 we are proud to present one of the world's first reproducible ISO images of a Linux operating system.
When we write software, we do this using programming languages which a human can read and understand. This is called the _source code_. One can imagine source code much like a very precise recipe. Such a recipe describes an exact procedure: which ingredients and which amount of ingredients do you need? How should they be mixed together at which temperature should they be cooked or baked? The recipe will even describe the expected outcome: how the meal should look and taste like.
When we generate a Tails ISO image, our source code and the Debian packages we include are assembled into a binary ISO image, much like when the ingredients of the recipe are mixed together, one obtains the meal. The amounts and ingredients of this meal cannot be easily reverse engineered. The result of *our* cooking process is a Tails ISO image which users download and install onto a USB stick.
We, chefs and aides in the kitchen (Tails developers and contributors), provide you, our users, with several means to verify that this ISO image is indeed the one we want you to download, either using our Firefox add-on which does this verification automatically for you or by using our OpenPGP signature. Both of these verification methods simply tell you that the ISO image is the image which we want you to download: That the meal you get is indeed the meal that you've ordered, and not a meal which has been poisoned or exchanged by an evil waiter (such as a download mirror).
However, even with such sophisticated verification methods, it is still impossible to trace back the meal to the recipe: Does the meal contain only the ingredients it is supposed to contain? Or could unauthorized personnel have broken into the kitchen at night, and then poisoned the ingredients and made the oven cook at 50 degrees higher than displayed? In other words, could a malicious entity have compromised our build machines? That's what reproducible builds help verify and protect against.
> Reproducible builds are a set of software development practices that create > a verifiable path from human readable source code to the binary code used > by computers. *(quoted from https://reproducible-builds.org/)*
At Tails, we have worked during a year to implement such a set of practices. This makes it now possible to compare ISO images built by multiple parties from the same source code and Debian packages, and to ensure that they all result in exactly the same ISO image.
Or again, using our cooking metaphor: Several of us will cook the meal, compare that we all cooked the same meal and only once we're sure about that, we will deliver it to you.
This does not change anything in the way you download and install Tails, and you don't have to make additional verifications. It simply helps trust that the Tails ISO image that we distribute is indeed coming from the source code and Debian packages it is meant to be made of.With reproducible Tails, it only takes one knowledgeable person to build Tails and compare with the ISO image the Tails project distributes to uncover some kinds of backdoors.
And by the way, not only our ISO images are now reproducible, but so are our incremental upgrades. And you are benefiting from this improvement without even noticing :)
Besides Mozilla's Open Source Support and the Reproducible Builds community that provided critical help where we strongly needed it, we'd also like to thank all members of our community who helped us test this process. You giving us a hand is much appreciated!