commit 0577db3360a23ad4d8c518c1804110a446fbcb9f
Author: Mike Perry <mikeperry-git(a)torproject.org>
Date: Sat Jun 29 17:23:47 2013 -0700
Make a deterministic tar wrapper and improve the zip wrappers.
Resulting file permissions inside the archive seem to vary arbitrarily between
build machines, even though we set umask. What's up with that?
---
gitian/build-helpers/dtar.sh | 11 +++++++++++
gitian/build-helpers/dzip.sh | 3 +++
gitian/build-helpers/re-dzip.sh | 4 ++--
gitian/descriptors/linux/gitian-bundle.yml | 13 +++++--------
gitian/descriptors/mac/gitian-bundle.yml | 8 ++------
gitian/descriptors/windows/gitian-bundle.yml | 8 ++------
6 files changed, 25 insertions(+), 22 deletions(-)
diff --git a/gitian/build-helpers/dtar.sh b/gitian/build-helpers/dtar.sh
new file mode 100755
index 0000000..bc2d89c
--- /dev/null
+++ b/gitian/build-helpers/dtar.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+# Crappy deterministic tar wrapper
+export LC_ALL=C
+
+TARFILE=$1
+shift
+
+find $@ -executable -exec chmod 700 {} \;
+find $@ ! -executable -exec chmod 600 {} \;
+
+tar --no-recursion -Jcvf $TARFILE `find $@ | sort`
diff --git a/gitian/build-helpers/dzip.sh b/gitian/build-helpers/dzip.sh
index 5f20abf..2e38c89 100755
--- a/gitian/build-helpers/dzip.sh
+++ b/gitian/build-helpers/dzip.sh
@@ -5,4 +5,7 @@ export LC_ALL=C
ZIPFILE=$1
shift
+find $@ -executable -exec chmod 700 {} \;
+find $@ ! -executable -exec chmod 600 {} \;
+
find $@ | sort | zip $ZIPOPTS -X -@ $ZIPFILE
diff --git a/gitian/build-helpers/re-dzip.sh b/gitian/build-helpers/re-dzip.sh
index 78d1d8d..656e225 100755
--- a/gitian/build-helpers/re-dzip.sh
+++ b/gitian/build-helpers/re-dzip.sh
@@ -7,8 +7,8 @@ ZIPFILE=`basename $1`
mkdir tmp_dzip
cd tmp_dzip
unzip ../$1
-find . -type f -exec chmod 644 {} \;
-find . -type d -exec chmod 755 {} \;
+find . -executable -exec chmod 700 {} \;
+find . ! -executable -exec chmod 600 {} \;
find . | sort | zip $ZIPOPTS -X -@ $ZIPFILE
mv $ZIPFILE ../$1
cd ..
diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml
index f570a5d..bb030f6 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -33,6 +33,7 @@ files:
- "noscript(a)noscript.net.xpi"
- "uriloader(a)pdf.js.xpi"
- "dzip.sh"
+- "dtar.sh"
- "bare-version"
- "bundle.inputs"
- "versions"
@@ -56,24 +57,20 @@ script: |
cd tor-launcher
make clean
make package
+ # FIXME: Switch to re-dzip.sh here?
mkdir pkg/tmp
cd pkg/tmp
unzip ../*.xpi
- # FIXME: is there a better way to fix these input umask permissions??
- find . -type f -exec chmod 644 {} \;
- find . -type d -exec chmod 755 {} \;
~/build/dzip.sh ../../../tor-browser/Data/profile/extensions/tor-launcher(a)torproject.org.xpi .
cd ../../../
#
cd torbutton
mkdir -p pkg
./makexpi.sh
+ # FIXME: Switch to re-dzip.sh here?
mkdir pkg/tmp
cd pkg/tmp
unzip ../*.xpi
- # FIXME: is there a better way to fix these input umask permissions??
- find . -type f -exec chmod 644 {} \;
- find . -type d -exec chmod 755 {} \;
~/build/dzip.sh ../../../tor-browser/Data/profile/extensions/torbutton(a)torproject.org.xpi .
cd ../../../
#
@@ -114,7 +111,7 @@ script: |
cd ../../../
#7z a -sfx tor-browser.exe tor-browser_en-US
#mv tor-browser.exe $OUTDIR/tor-browser-linux${GBUILD_BITS}_en-US.7z-selfextract
- tar --no-recursion -Jcvf $OUTDIR/tor-browser-linux${GBUILD_BITS}-${TORBROWSER_VERSION}_en-US.tar.xz `find tor-browser_en-US | sort`
+ ~/build/dtar.sh $OUTDIR/tor-browser-linux${GBUILD_BITS}-${TORBROWSER_VERSION}_en-US.tar.xz tor-browser_en-US
rm -rf tor-browser_en-US
#
unzip linux-langpacks.zip
@@ -135,7 +132,7 @@ script: |
#7z a -sfx tor-browser.exe tor-browser_$LANG
#mv tor-browser.exe $OUTDIR/tor-browser-linux${GBUILD_BITS}_$LANG.7z-selfextract
- tar --no-recursion -Jcvf $OUTDIR/tor-browser-linux${GBUILD_BITS}-${TORBROWSER_VERSION}_$LANG.tar.xz `find tor-browser_$LANG | sort`
+ ~/build/dtar.sh $OUTDIR/tor-browser-linux${GBUILD_BITS}-${TORBROWSER_VERSION}_$LANG.tar.xz tor-browser_$LANG
rm -rf tor-browser_$LANG
cd linux-langpacks
diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml
index 1871ff9..eadd5c6 100644
--- a/gitian/descriptors/mac/gitian-bundle.yml
+++ b/gitian/descriptors/mac/gitian-bundle.yml
@@ -51,13 +51,11 @@ script: |
cd tor-launcher
make clean
make package
+ # FIXME: Switch to re-dzip.sh here?
mkdir pkg/tmp
cd pkg/tmp
unzip ../*.xpi
rm ../*.xpi
- # FIXME: is there a better way to fix these input umask permissions??
- find . -type f -exec chmod 644 {} \;
- find . -type d -exec chmod 755 {} \;
~/build/dzip.sh ../tor-launcher(a)torproject.org.xpi .
mv ../tor-launcher(a)torproject.org.xpi ../../../TorBrowserBundle.app/Library/"Application Support"/Firefox/Profiles/profile/extensions/tor-launcher(a)torproject.org.xpi
cd ../../../
@@ -65,13 +63,11 @@ script: |
cd torbutton
mkdir -p pkg
./makexpi.sh
+ # FIXME: Switch to re-dzip.sh here?
mkdir pkg/tmp
cd pkg/tmp
unzip ../*.xpi
rm ../*.xpi
- # FIXME: is there a better way to fix these input umask permissions??
- find . -type f -exec chmod 644 {} \;
- find . -type d -exec chmod 755 {} \;
~/build/dzip.sh ../torbutton(a)torproject.org.xpi .
mv ../torbutton(a)torproject.org.xpi ../../../TorBrowserBundle.app/Library/"Application Support"/Firefox/Profiles/profile/extensions/torbutton(a)torproject.org.xpi
cd ../../../
diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml
index c4a686b..97bb9d9 100644
--- a/gitian/descriptors/windows/gitian-bundle.yml
+++ b/gitian/descriptors/windows/gitian-bundle.yml
@@ -52,13 +52,11 @@ script: |
cd tor-launcher
make clean
make package
+ # FIXME: Switch to re-dzip.sh here?
mkdir pkg/tmp
cd pkg/tmp
unzip ../*.xpi
rm ../*.xpi
- # FIXME: is there a better way to fix these input umask permissions??
- find . -type f -exec chmod 644 {} \;
- find . -type d -exec chmod 755 {} \;
~/build/dzip.sh ../tor-launcher(a)torproject.org.xpi .
mv ../tor-launcher(a)torproject.org.xpi ../../../tbb-windows-installer/"Tor Browser"/FirefoxPortable/Data/profile/extensions/tor-launcher(a)torproject.org.xpi
cd ../../../
@@ -66,12 +64,10 @@ script: |
cd torbutton
mkdir -p pkg/tmp
./makexpi.sh
+ # FIXME: Switch to re-dzip.sh here?
cd pkg/tmp
unzip ../*.xpi
rm ../*.xpi
- # FIXME: is there a better way to fix these input umask permissions??
- find . -type f -exec chmod 644 {} \;
- find . -type d -exec chmod 755 {} \;
~/build/dzip.sh ../torbutton(a)torproject.org.xpi .
mv ../torbutton(a)torproject.org.xpi ../../../tbb-windows-installer/"Tor Browser"/FirefoxPortable/Data/profile/extensions/torbutton(a)torproject.org.xpi
cd ../../../