commit c05a7a15155304ede2dbb16cc63f9696ddb8fcd5 Author: Georg Koppen <gk@torproject.org> Date: Tue Sep 8 15:18:17 2015 +0000 Bug 16909: Adapt to HTTPS-Everyhwere build changes There are two changes that got made recently: 1) The extension ID got renamed due to conflicts on the AMO dashboard with the version hosted by Mozilla. 2) Translations moved to an own git submodule. The first change is unproblematic. For the second one, however, we need to bump the mininmum Ubuntu version for the host operating system to 14.04. We want to initialize and update the submodules right while we are fetching the inputs and not during build time to be not dependent on network access during the bundling step. This fails on Ubuntu 12.04 due to an old git version (1.7.9.5) that uses abolute paths to locate submodules. As this path is not available on the build VM the build breaks. This does not affect Debian Wheezy (which ships with git 1.7.10.4) nor any later Debian version. In order to make this change obvious for 12.04 users we include an Ubuntu version check in check-prerequisites.sh. Additionally, we cleaned the bundling descriptors up to implement a proper solution for #10066 instead of working around that bug. --- gitian/README.build | 2 +- gitian/check-prerequisites.sh | 25 ++++++++++++++++--------- gitian/descriptors/linux/gitian-bundle.yml | 18 ++++++++++++------ gitian/descriptors/mac/gitian-bundle.yml | 18 ++++++++++++------ gitian/descriptors/windows/gitian-bundle.yml | 18 ++++++++++++------ gitian/fetch-inputs.sh | 9 ++++++++- gitian/versions.alpha | 2 +- gitian/versions.beta | 2 +- 8 files changed, 63 insertions(+), 31 deletions(-) diff --git a/gitian/README.build b/gitian/README.build index 656dddd..f289791 100644 --- a/gitian/README.build +++ b/gitian/README.build @@ -1,6 +1,6 @@ QuickStart: - On an Ubuntu 12.04+/Debian Wheezy+ machine or VM, run: + On an Ubuntu 14.04+/Debian Wheezy+ machine or VM, run: $ make diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh index 8518ffe..bd027a3 100755 --- a/gitian/check-prerequisites.sh +++ b/gitian/check-prerequisites.sh @@ -6,7 +6,7 @@ if [ ! -f /etc/debian_version ]; then echo "Gitian is dependent upon the Ubuntu Virtualization Tools." echo - echo "You need to run Ubuntu 12.04 LTS/Debian Wheezy or newer." + echo "You need to run Ubuntu 14.04 LTS/Debian Wheezy or newer." exit 1 fi @@ -14,15 +14,22 @@ DISTRO=`cat /etc/issue | grep -Eo 'Ubuntu|Debian*'` if [ $DISTRO = "Ubuntu" ]; then - dpkg -s ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null - - if [ $? -ne 0 ]; + VERSION=`cat /etc/issue | grep -Eo '[0-9]{2}' | head -1` + if [ "$VERSION" -ge "14" ]; then - echo "You are missing one or more Gitian build tool dependencies." - echo - echo "Please run:" - echo " sudo apt-get install torsocks tor" - echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion" + dpkg -s ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null + + if [ $? -ne 0 ]; + then + echo "You are missing one or more Gitian build tool dependencies." + echo + echo "Please run:" + echo " sudo apt-get install torsocks tor" + echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion" + exit 1 + fi + else + echo "Your Ubuntu is too old. You need Ubuntu 14.04 LTS or newer to build Tor Browser with Gitian." exit 1 fi elif [ $DISTRO = "Debian" ]; diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml index d3774cd..4767623 100644 --- a/gitian/descriptors/linux/gitian-bundle.yml +++ b/gitian/descriptors/linux/gitian-bundle.yml @@ -63,7 +63,7 @@ script: | umask 0022 # mkdir -p $OUTDIR/ - mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org + mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff@eff.org mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/Caches mkdir -p tor-browser/Browser/TorBrowser/Docs/sources/ @@ -97,10 +97,16 @@ script: | cd ../../../ # cd https-everywhere - # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in - # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066 - rm -f .git/refs/heads/master - ./makexpi.sh + # We are invoking the build script with a particular tag to avoid #10066. This + # does not work for nightlies as there is no "master" tag in that sense. But + # we don't need to care about that as we don't need reproducibility for + # nightly builds. + if [ $HTTPSE_TAG != "master" ]; + then + ./makexpi.sh $HTTPSE_TAG + else + ./makexpi.sh + fi # Since 5.0.2 a .xpi for AMO is built, too. We don't need it. rm ./pkg/*-amo.xpi cp pkg/*.xpi ../tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi @@ -109,7 +115,7 @@ script: | cp *.xpi tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/ cd tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions mv noscript@noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - cd https-everywhere@eff.org/ + cd https-everywhere-eff@eff.org/ unzip ../https-everywhere@eff.org.xpi rm ../https-everywhere@eff.org.xpi cd ~/build diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index be404ce..bfe9899 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -72,7 +72,7 @@ script: | MARTOOLS=~/build/mar-tools # mkdir -p $OUTDIR/ - mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org + mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff@eff.org mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/Caches mkdir -p $TORBROWSER_NAME.app/TorBrowser/Docs/sources @@ -100,10 +100,16 @@ script: | cd ../../../ # cd https-everywhere - # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in - # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066 - rm -f .git/refs/heads/master - ./makexpi.sh + # We are invoking the build script with a particular tag to avoid #10066. This + # does not work for nightlies as there is no "master" tag in that sense. But + # we don't need to care about that as we don't need reproducibility for + # nightly builds. + if [ $HTTPSE_TAG != "master" ]; + then + ./makexpi.sh $HTTPSE_TAG + else + ./makexpi.sh + fi # Since 5.0.2 a .xpi for AMO is built, too. We don't need it. rm ./pkg/*-amo.xpi cp pkg/*.xpi ../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi @@ -112,7 +118,7 @@ script: | cp *.xpi ./$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/ cd $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/ mv noscript@noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - cd https-everywhere@eff.org + cd https-everywhere-eff@eff.org unzip ../https-everywhere@eff.org.xpi rm ../https-everywhere@eff.org.xpi cd ~/build/ diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml index 2fe0c2f..3ab73c3 100644 --- a/gitian/descriptors/windows/gitian-bundle.yml +++ b/gitian/descriptors/windows/gitian-bundle.yml @@ -63,7 +63,7 @@ script: | MARTOOLS=~/build/mar-tools # mkdir -p $OUTDIR/ - mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org + mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff@eff.org mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/Caches mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Docs/sources @@ -88,10 +88,16 @@ script: | cd ../../../ # cd https-everywhere - # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in - # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066 - rm -f .git/refs/heads/master - ./makexpi.sh + # We are invoking the build script with a particular tag to avoid #10066. This + # does not work for nightlies as there is no "master" tag in that sense. But + # we don't need to care about that as we don't need reproducibility for + # nightly builds. + if [ $HTTPSE_TAG != "master" ]; + then + ./makexpi.sh $HTTPSE_TAG + else + ./makexpi.sh + fi # Since 5.0.2 a .xpi for AMO is built, too. We don't need it. rm ./pkg/*-amo.xpi cp ./pkg/*.xpi ../tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere@eff.org.xpi @@ -100,7 +106,7 @@ script: | cp *.xpi tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions cd tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions mv noscript@noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi - cd https-everywhere@eff.org + cd https-everywhere-eff@eff.org unzip ../https-everywhere@eff.org.xpi rm ../https-everywhere@eff.org.xpi cd ~/build/ diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index 2a5bd16..b00cabd 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -162,7 +162,7 @@ do get "${!PACKAGE}" "${!URL}" done -# NoScript and HTTPS-Everywhere are magikal and special: +# NoScript is magikal and special: wget -U "" -N ${NOSCRIPT_URL} # Verify packages with weak or no signatures via direct sha256 check @@ -260,5 +260,12 @@ goxnet https://go.googlesource.com/net $GO_X_NET_TAG obfs4 https://git.torproject.org/pluggable-transports/obfs4.git $OBFS4_TAG EOF +# HTTPS-Everywhere is special, too. We need to initialize the git submodules and +# update them here. Otherwise it would happen during the build. +cd https-everywhere +git submodule init +git submodule update +cd .. + exit 0 diff --git a/gitian/versions.alpha b/gitian/versions.alpha index a0d64c7..0889489 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -12,7 +12,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-5.5-1-build1 TOR_TAG=tor-0.2.7.2-alpha TORLAUNCHER_TAG=0.2.7.7 TORBUTTON_TAG=1.9.3.3 -HTTPSE_TAG=5.0.7 +HTTPSE_TAG=5.1.0 NSIS_TAG=v0.3 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable diff --git a/gitian/versions.beta b/gitian/versions.beta index d743c89..b666ee6 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -12,7 +12,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-1-build4 TOR_TAG=tor-0.2.4.21 TORLAUNCHER_TAG=0.2.5.4 TORBUTTON_TAG=1.6.9.0 -HTTPSE_TAG=5.0.2 +HTTPSE_TAG=5.1.0 NSIS_TAG=v0.1 ZLIB_TAG=v1.2.8 LIBEVENT_TAG=release-2.0.21-stable