commit f8a4557bb2a46f06e664e47a57a7065322dbbd35 Author: Georg Koppen gk@torproject.org Date: Tue Sep 8 15:18:17 2015 +0000
Bug 16909: Adapt to HTTPS-Everyhwere build changes
There are two changes that got made recently: 1) The extension ID got renamed due to conflicts on the AMO dashboard with the version hosted by Mozilla. 2) Translations moved to an own git submodule.
The first change is unproblematic. For the second one, however, we need to bump the mininmum Ubuntu version for the host operating system to 14.04. We want to initialize and update the submodules right while we are fetching the inputs and not during build time to be not dependent on network access during the bundling step. This fails on Ubuntu 12.04 due to an old git version (1.7.9.5) that uses abolute paths to locate submodules. As this path is not available on the build VM the build breaks. This does not affect Debian Wheezy (which ships with git 1.7.10.4) nor any later Debian version.
In order to make this change obvious for 12.04 users we include an Ubuntu version check in check-prerequisites.sh.
Additionally, we cleaned the bundling descriptors up to implement a proper solution for #10066 instead of working around that bug. --- gitian/README.build | 2 +- gitian/check-prerequisites.sh | 25 ++++++++++++++++--------- gitian/descriptors/linux/gitian-bundle.yml | 18 ++++++++++++------ gitian/descriptors/mac/gitian-bundle.yml | 18 ++++++++++++------ gitian/descriptors/windows/gitian-bundle.yml | 18 ++++++++++++------ gitian/fetch-inputs.sh | 9 ++++++++- gitian/versions | 2 +- gitian/versions.alpha | 2 +- gitian/versions.beta | 2 +- 9 files changed, 64 insertions(+), 32 deletions(-)
diff --git a/gitian/README.build b/gitian/README.build index 656dddd..f289791 100644 --- a/gitian/README.build +++ b/gitian/README.build @@ -1,6 +1,6 @@ QuickStart:
- On an Ubuntu 12.04+/Debian Wheezy+ machine or VM, run: + On an Ubuntu 14.04+/Debian Wheezy+ machine or VM, run:
$ make
diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh index 32c9b7b..cc16d0e 100755 --- a/gitian/check-prerequisites.sh +++ b/gitian/check-prerequisites.sh @@ -6,7 +6,7 @@ if [ ! -f /etc/debian_version ]; then echo "Gitian is dependent upon the Ubuntu Virtualization Tools." echo - echo "You need to run Ubuntu 12.04 LTS/Debian Wheezy or newer." + echo "You need to run Ubuntu 14.04 LTS/Debian Wheezy or newer." exit 1 fi
@@ -14,15 +14,22 @@ DISTRO=`cat /etc/issue | grep -Eo 'Ubuntu|Debian*'`
if [ $DISTRO = "Ubuntu" ]; then - dpkg -s ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null - - if [ $? -ne 0 ]; + VERSION=`cat /etc/issue | grep -Eo '[0-9]{2}' | head -1` + if [ "$VERSION" -ge "14" ]; then - echo "You are missing one or more Gitian build tool dependencies." - echo - echo "Please run:" - echo " sudo apt-get install torsocks tor" - echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion" + dpkg -s ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null + + if [ $? -ne 0 ]; + then + echo "You are missing one or more Gitian build tool dependencies." + echo + echo "Please run:" + echo " sudo apt-get install torsocks tor" + echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion" + exit 1 + fi + else + echo "Your Ubuntu is too old. You need Ubuntu 14.04 LTS or newer to build Tor Browser with Gitian." exit 1 fi elif [ $DISTRO = "Debian" ]; diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index afb632e..a8f8d51 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -66,7 +66,7 @@ script: | umask 0022 # mkdir -p $OUTDIR/ - mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org + mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff@eff.org mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/Caches mkdir -p tor-browser/Browser/TorBrowser/Docs/sources/ @@ -100,10 +100,16 @@ script: | cd ../../../ # cd https-everywhere - # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in - # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066 - rm -f .git/refs/heads/master - ./makexpi.sh + # We are invoking the build script with a particular tag to avoid #10066. This + # does not work for nightlies as there is no "master" tag in that sense. But + # we don't need to care about that as we don't need reproducibility for + # nightly builds. + if [ $HTTPSE_TAG != "master" ]; + then + ./makexpi.sh $HTTPSE_TAG + else + ./makexpi.sh + fi # Since 5.0.2 a .xpi for AMO is built, too. We don't need it. rm ./pkg/*-amo.xpi cp pkg/*.xpi ../tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi @@ -112,7 +118,7 @@ script: | cp *.xpi tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/ cd tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions mv noscript@noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - cd https-everywhere@eff.org/ + cd https-everywhere-eff@eff.org/ unzip ../https-everywhere@eff.org.xpi rm ../https-everywhere@eff.org.xpi cd ~/build diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index da441a2..bd54f0d 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -74,7 +74,7 @@ script: | MARTOOLS=~/build/mar-tools # mkdir -p $OUTDIR/ - mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org + mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff@eff.org mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/Caches mkdir -p $TORBROWSER_NAME.app/TorBrowser/Docs/sources @@ -102,10 +102,16 @@ script: | cd ../../../ # cd https-everywhere - # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in - # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066 - rm -f .git/refs/heads/master - ./makexpi.sh + # We are invoking the build script with a particular tag to avoid #10066. This + # does not work for nightlies as there is no "master" tag in that sense. But + # we don't need to care about that as we don't need reproducibility for + # nightly builds. + if [ $HTTPSE_TAG != "master" ]; + then + ./makexpi.sh $HTTPSE_TAG + else + ./makexpi.sh + fi # Since 5.0.2 a .xpi for AMO is built, too. We don't need it. rm ./pkg/*-amo.xpi cp pkg/*.xpi ../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi @@ -114,7 +120,7 @@ script: | cp *.xpi ./$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/ cd $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/ mv noscript@noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - cd https-everywhere@eff.org + cd https-everywhere-eff@eff.org unzip ../https-everywhere@eff.org.xpi rm ../https-everywhere@eff.org.xpi cd ~/build/ diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml index d4ae0fa..b821528 100644 --- a/gitian/descriptors/windows/gitian-bundle.yml +++ b/gitian/descriptors/windows/gitian-bundle.yml @@ -65,7 +65,7 @@ script: | MARTOOLS=~/build/mar-tools # mkdir -p $OUTDIR/ - mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org + mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff@eff.org mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/Caches mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Docs/sources @@ -90,10 +90,16 @@ script: | cd ../../../ # cd https-everywhere - # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in - # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066 - rm -f .git/refs/heads/master - ./makexpi.sh + # We are invoking the build script with a particular tag to avoid #10066. This + # does not work for nightlies as there is no "master" tag in that sense. But + # we don't need to care about that as we don't need reproducibility for + # nightly builds. + if [ $HTTPSE_TAG != "master" ]; + then + ./makexpi.sh $HTTPSE_TAG + else + ./makexpi.sh + fi # Since 5.0.2 a .xpi for AMO is built, too. We don't need it. rm ./pkg/*-amo.xpi cp ./pkg/*.xpi ../tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi @@ -102,7 +108,7 @@ script: | cp *.xpi tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions cd tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions mv noscript@noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - cd https-everywhere@eff.org + cd https-everywhere-eff@eff.org unzip ../https-everywhere@eff.org.xpi rm ../https-everywhere@eff.org.xpi cd ~/build/ diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index 42efa33..22162b0 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -162,7 +162,7 @@ do get "${!PACKAGE}" "${!URL}" done
-# NoScript and HTTPS-Everywhere are magikal and special: +# NoScript is magikal and special: wget -U "" -N ${NOSCRIPT_URL}
# Verify packages with weak or no signatures via direct sha256 check @@ -281,5 +281,12 @@ obfs4 https://git.torproject.org/pluggable-transports/obfs4.git noto-fonts https://github.com/googlei18n/noto-fonts $NOTOFONTS_TAG EOF
+# HTTPS-Everywhere is special, too. We need to initialize the git submodules and +# update them here. Otherwise it would happen during the build. +cd https-everywhere +git submodule init +git submodule update +cd .. + exit 0
diff --git a/gitian/versions b/gitian/versions index b833342..70801b2 100755 --- a/gitian/versions +++ b/gitian/versions @@ -16,7 +16,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-5.0-1-build2 TOR_TAG=tor-0.2.6.10 TORLAUNCHER_TAG=0.2.7.7 TORBUTTON_TAG=1.9.3.2 -HTTPSE_TAG=5.0.7 +HTTPSE_TAG=5.1.0 NSIS_TAG=v0.3 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable diff --git a/gitian/versions.alpha b/gitian/versions.alpha index f37b98a..679da18 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -15,7 +15,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-5.5-2-build2 TOR_TAG=tor-0.2.7.2-alpha TORLAUNCHER_TAG=0.2.7.7 TORBUTTON_TAG=1.9.3.3 -HTTPSE_TAG=5.0.7 +HTTPSE_TAG=5.1.0 NSIS_TAG=v0.3 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable diff --git a/gitian/versions.beta b/gitian/versions.beta index c2143a0..8c4cfa9 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -15,7 +15,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-1-build4 TOR_TAG=tor-0.2.4.21 TORLAUNCHER_TAG=0.2.5.4 TORBUTTON_TAG=1.6.9.0 -HTTPSE_TAG=5.0.2 +HTTPSE_TAG=5.1.0 NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable