Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits: d4aa558e by Pier Angelo Vendrame at 2023-01-18T09:26:22+01:00 Bug 40744: Ensure reproducibility with HFS DMG
- - - - -
8 changed files:
- projects/browser/ddmg.sh - projects/hfsplus-tools/build - projects/hfsplus-tools/config - projects/hfsplus-tools/only-newfs_include.diff → projects/hfsplus-tools/newfs_hfs.diff - projects/libdmg-hfsplus/build - projects/libdmg-hfsplus/config - + projects/libdmg-hfsplus/libdmg.patch - tools/signing/ddmg.sh
Changes:
===================================== projects/browser/ddmg.sh ===================================== @@ -1,3 +1,6 @@ +#!/bin/bash +set -e + [% SET src = c('dmg_src', { error_if_undef => 1 }) -%] find [% src %] -executable -exec chmod 0755 {} ; find [% src %] ! -executable -exec chmod 0644 {} ; @@ -18,7 +21,14 @@ newfs_hfs -v "[% c("var/Project_Name") %]" "$hfsfile"
pushd [% src %]
-hfsplus "$hfsfile" addall . +find -type d -mindepth 1 | sed -e 's/^.///' | sort | while read dirname; do + hfsplus "$hfsfile" mkdir "/$dirname" + hfsplus "$hfsfile" chmod 0755 "/$dirname" +done +find -type f | sed -e 's/^.///' | sort | while read filename; do + hfsplus "$hfsfile" add "$filename" "/$filename" + hfsplus "$hfsfile" chmod $(stat --format '0%a' "$filename") "/$filename" +done # hfsplus does not play well with dangling links hfsplus "$hfsfile" symlink /Applications /Applications # Show the volume icon
===================================== projects/hfsplus-tools/build ===================================== @@ -8,7 +8,7 @@ export PATH="/var/tmp/dist/clang/bin:$PATH" tar -xf diskdev_cmds-[% c("version") %].tar.gz cd diskdev_cmds-[% c("version") %]
-patch -p1 < $rootdir/only-newfs_include.diff +patch -p1 < $rootdir/newfs_hfs.diff
make -j[% c("num_procs") %]
===================================== projects/hfsplus-tools/config ===================================== @@ -16,6 +16,7 @@ input_files: # The project uses a flag that is not supported by GCC - name: clang project: clang - # Build only newfs (we do not care of fsck), and remove a header that does not - # exist on Linux (at that path) and is not required on Linux either. - - filename: only-newfs_include.diff + # Build only newfs (we do not care of fsck), remove a header that does not + # exist on Linux (at that path) and is not required on Linux either, and make + # the UUID deterministic. + - filename: newfs_hfs.diff
===================================== projects/hfsplus-tools/only-newfs_include.diff → projects/hfsplus-tools/newfs_hfs.diff ===================================== @@ -1,18 +1,18 @@ diff '--color=auto' -Naur diskdev_cmds-540.1.linux3_orig/Makefile diskdev_cmds-540.1.linux3/Makefile ---- diskdev_cmds-540.1.linux3_orig/Makefile 2023-01-13 10:01:32.474525600 +0100 -+++ diskdev_cmds-540.1.linux3/Makefile 2023-01-13 10:01:50.346876760 +0100 +--- diskdev_cmds-540.1.linux3_orig/Makefile 2023-01-17 11:36:56.341279443 +0100 ++++ diskdev_cmds-540.1.linux3/Makefile 2023-01-17 11:44:12.496479981 +0100 @@ -3,7 +3,7 @@ CC := clang CFLAGS := -g3 -Wall -fblocks -I$(PWD)/BlocksRunTime -I$(PWD)/include -DDEBUG_BUILD=0 -D_FILE_OFFSET_BITS=64 -D LINUX=1 -D BSD=1 -D VERSION="$(VERSION)" LDFLAGS := -Wl,--build-id -L$(PWD)/BlocksRunTime -SUBDIRS := BlocksRunTime newfs_hfs.tproj fsck_hfs.tproj +SUBDIRS := newfs_hfs.tproj - + all clean: for d in $(SUBDIRS); do $(MAKE) -C $$d -f Makefile.lnx $@; done diff '--color=auto' -Naur diskdev_cmds-540.1.linux3_orig/newfs_hfs.tproj/makehfs.c diskdev_cmds-540.1.linux3/newfs_hfs.tproj/makehfs.c ---- diskdev_cmds-540.1.linux3_orig/newfs_hfs.tproj/makehfs.c 2023-01-13 10:01:32.474525600 +0100 -+++ diskdev_cmds-540.1.linux3/newfs_hfs.tproj/makehfs.c 2023-01-13 10:02:07.899221800 +0100 +--- diskdev_cmds-540.1.linux3_orig/newfs_hfs.tproj/makehfs.c 2023-01-17 11:36:56.341279443 +0100 ++++ diskdev_cmds-540.1.linux3/newfs_hfs.tproj/makehfs.c 2023-01-17 11:58:15.972059719 +0100 @@ -38,8 +38,8 @@ #endif #include <sys/errno.h> @@ -22,4 +22,17 @@ diff '--color=auto' -Naur diskdev_cmds-540.1.linux3_orig/newfs_hfs.tproj/makehfs +#include <sys/sysctl.h> #include <sys/vmmeter.h> #endif - + +@@ -571,8 +571,10 @@ + /* Adjust free blocks to reflect everything we have allocated. */ + hp->freeBlocks -= blocksUsed; + +- /* Generate and write UUID for the HFS+ disk */ +- GenerateVolumeUUID(&newVolumeUUID); ++ /* Use a deterministic UUID for reproducibility */ ++ memset(&newVolumeUUID, 0, sizeof(newVolumeUUID)); ++ strncpy(&newVolumeUUID, defaults->volumeName, sizeof(newVolumeUUID)); ++ + finderInfoUUIDPtr = (VolumeUUID *)(&hp->finderInfo[24]); + finderInfoUUIDPtr->v.high = OSSwapHostToBigInt32(newVolumeUUID.v.high); + finderInfoUUIDPtr->v.low = OSSwapHostToBigInt32(newVolumeUUID.v.low);
===================================== projects/libdmg-hfsplus/build ===================================== @@ -9,6 +9,7 @@ export PATH="/var/tmp/dist/ninja:/var/tmp/dist/cmake/bin:$PATH" mkdir /var/tmp/build tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz cd /var/tmp/build/[% project %]-[% c('version') %] +patch -p1 < "$rootdir/libdmg.patch" cmake . -GNinja -DCMAKE_BUILD_TYPE=Release ninja -j[% c("num_procs") %] -v
===================================== projects/libdmg-hfsplus/config ===================================== @@ -16,3 +16,4 @@ input_files: project: cmake - name: ninja project: ninja + - filename: libdmg.patch
===================================== projects/libdmg-hfsplus/libdmg.patch ===================================== @@ -0,0 +1,39 @@ +From d1a5eca891f32103ccda80ee75e158dfc7ece70d Mon Sep 17 00:00:00 2001 +From: Mike Perry mikeperry-git@torproject.org +Date: Thu, 6 Mar 2014 19:47:05 -0800 +Subject: [PATCH] Memset a UDIF header to ensure archive reproducibility. + +Some of the struct padding and fields contained unitialized memory, which +caused two successive invocations to produce archives that differed in some +bytes. +--- + dmg/dmglib.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/dmg/dmglib.c b/dmg/dmglib.c +index f481b1f..b74e50b 100644 +--- a/dmg/dmglib.c ++++ b/dmg/dmglib.c +@@ -108,7 +108,8 @@ int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut) { + ChecksumToken dataForkToken; + + UDIFResourceFile koly; +- ++ memset(&koly, 0, sizeof(koly)); ++ + off_t plistOffset; + uint32_t plistSize; + uint32_t dataForkChecksum; +@@ -284,7 +285,8 @@ int convertToDMG(AbstractFile* abstractIn, AbstractFile* abstractOut) { + uint64_t numSectors; + + UDIFResourceFile koly; +- ++ memset(&koly, 0, sizeof(koly)); ++ + char partitionName[512]; + + off_t fileLength; +-- +1.8.1.2 +
===================================== tools/signing/ddmg.sh ===================================== @@ -42,7 +42,14 @@ cd $src_dir # add it back again with the special command to do so. rm -f Applications
-hfsplus "$hfsfile" addall . +find -type d -mindepth 1 | sed -e 's/^.///' | sort | while read dirname; do + hfsplus "$hfsfile" mkdir "/$dirname" + hfsplus "$hfsfile" chmod 0755 "/$dirname" +done +find -type f | sed -e 's/^.///' | sort | while read filename; do + hfsplus "$hfsfile" add "$filename" "/$filename" + hfsplus "$hfsfile" chmod $(stat --format '0%a' "$filename") "/$filename" +done hfsplus "$hfsfile" symlink /Applications /Applications # Show the volume icon hfsplus "$hfsfile" attr / C
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d4...