commit 761b0dbabd8fd14e8d9149634b52869f0c68375b Author: David Fifield david@bamsoftware.com Date: Mon Dec 19 13:10:04 2016 -0800
Bug 20735: Add snowflake pt to alpha Linux builds
* Snowflake depends on go-webrtc, which in turn depends on libwebrtc, which adds significantly to the build. webrtc is special, having its own build system that brings in lots of Chromium dependencies.
* Further, building cgo reproducibly requires go 1.7.3 and a compiler that supports the following flags,
-gno-record-gcc-switches -fdebug-prefix-map=$WORK=/tmp/go-build --- Bundle-Data/PTConfigs/bridge_prefs.js | 2 + .../PTConfigs/linux/torrc-defaults-appendix | 3 + gitian/Makefile | 5 +- gitian/check-prerequisites.sh | 8 +- .../linux/gitian-pluggable-transports.yml | 79 +++++++++++++ gitian/descriptors/linux/gitian-webrtc.yml | 125 +++++++++++++++++++++ gitian/fetch-inputs.sh | 28 +++++ gitian/mkbundle-linux.sh | 48 +++++--- gitian/verify-tags.sh | 6 + gitian/versions | 6 + gitian/versions.alpha | 6 + gitian/versions.beta | 5 + gitian/versions.nightly | 6 + 13 files changed, 309 insertions(+), 18 deletions(-)
diff --git a/Bundle-Data/PTConfigs/bridge_prefs.js b/Bundle-Data/PTConfigs/bridge_prefs.js index 6831555..bd92585 100644 --- a/Bundle-Data/PTConfigs/bridge_prefs.js +++ b/Bundle-Data/PTConfigs/bridge_prefs.js @@ -38,3 +38,5 @@ pref("extensions.torlauncher.default_bridge.obfs4.20", "obfs4 85.17.30.79:443 FC
pref("extensions.torlauncher.default_bridge.meek-amazon.1", "meek 0.0.2.0:2 B9E7141C594AF25699E0079C1F0146F409495296 url=https://d2zfqthxsdq309.cloudfront.net/ front=a0.awsstatic.com"); pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:3 A2C13B7DFCAB1CBF3A884B6EB99A98067AB6EF44 url=https://az786092.vo.msecnd.net/ front=ajax.aspnetcdn.com"); + +pref("extensions.torlauncher.default_bridge.snowflake.1", "snowflake 0.0.3.0:1 B05EC36590AC0374F0E4D36DDA77908FD59D97F3"); diff --git a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix index c79efde..7fbf63c 100644 --- a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix +++ b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix @@ -6,3 +6,6 @@ ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/Plugg
## meek configuration ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client + +## snowflake configuration +ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowflake-client -url https://snowflake-reg.appspot.com/ -front www.google.com -ice stun:stun.l.google.com:19302 diff --git a/gitian/Makefile b/gitian/Makefile index 5694cbf..666dc53 100644 --- a/gitian/Makefile +++ b/gitian/Makefile @@ -101,7 +101,7 @@ prep-alpha: ./check-prerequisites.sh $(TORSOCKS) ./fetch-inputs.sh ../../gitian-builder/inputs/ versions.alpha
-clean: clean-utils clean-tor clean-browser clean-pt clean-sandbox clean-bundle +clean: clean-utils clean-tor clean-browser clean-webrtc clean-pt clean-sandbox clean-bundle rm -f ../../gitian-builder/inputs/*.yml rm -f ../../gitian-builder/inputs/bundle.inputs rm -f ../../gitian-builder/inputs/versions* @@ -120,6 +120,9 @@ clean-browser: clean-bundle rm -f ../../gitian-builder/inputs/tor-browser-win* rm -f ../../gitian-builder/inputs/mar-tools-*
+clean-webrtc: clean-bundle + rm -f ../../gitian-builder/inputs/webrtc-*-gbuilt.zip + clean-pt: clean-bundle rm -f ../../gitian-builder/inputs/pluggable-transports*
diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh index 858fd4d..530e160 100755 --- a/gitian/check-prerequisites.sh +++ b/gitian/check-prerequisites.sh @@ -17,7 +17,7 @@ then VERSION=`cat /etc/issue | grep -Eo '[0-9]{2}' | head -1` if [ "$VERSION" -ge "14" ]; then - dpkg -s ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring torsocks tor 2>/dev/null >/dev/null + dpkg -s ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring curl pkg-config libgtk2.0-dev libglib2.0-dev torsocks tor 2>/dev/null >/dev/null
if [ $? -ne 0 ]; then @@ -25,7 +25,7 @@ then echo echo "Please run:" echo " sudo apt-get install torsocks tor" - echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring" + echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring curl pkg-config libgtk2.0-dev libglib2.0-dev" exit 1 fi else @@ -34,7 +34,7 @@ then fi elif [ $DISTRO = "Debian" ]; then - dpkg -s ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip torsocks tor python-cheetah debootstrap parted kpartx rsync 2>/dev/null >/dev/null + dpkg -s ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip python-cheetah debootstrap parted kpartx rsync curl pkg-config libgtk2.0-dev libglib2.0-dev torsocks tor 2>/dev/null >/dev/null
if [ $? -ne 0 ]; then @@ -42,7 +42,7 @@ then echo echo "Please run" echo " sudo apt-get install torsocks tor" - echo " sudo torsocks apt-get install ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip python-cheetah debootstrap parted kpartx rsync" + echo " sudo torsocks apt-get install ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip python-cheetah debootstrap parted kpartx rsync curl pkg-config libgtk2.0-dev libglib2.0-dev" exit 1 fi else diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml index c790a9f..ecf49de 100644 --- a/gitian/descriptors/linux/gitian-pluggable-transports.yml +++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml @@ -12,6 +12,8 @@ packages: - "python-dev" - "zip" - "hardening-wrapper" +- "pkg-config" +- "libx11-dev" reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "https://git.torproject.org/pluggable-transports/pyptlib.git" @@ -38,6 +40,12 @@ remotes: "dir": "goxnet" - "url": "https://git.torproject.org/pluggable-transports/obfs4.git" "dir": "obfs4" +- "url": "https://github.com/keroserene/go-webrtc.git" + "dir": "go-webrtc" +- "url": "https://git.torproject.org/pluggable-transports/snowflake.git" + "dir": "snowflake" +- "url": "https://github.com/dchest/uniuri.git" + "dir": "uniuri" files: - "pycrypto.tar.gz" - "argparse.tar.gz" @@ -52,6 +60,12 @@ files: - "openssl-linux64-utils.zip" - "go-linux32-utils.zip" - "go-linux64-utils.zip" +- "binutils-linux32-utils.zip" +- "binutils-linux64-utils.zip" +- "gcc-linux32-utils.zip" +- "gcc-linux64-utils.zip" +- "webrtc-linux32-gbuilt.zip" +- "webrtc-linux64-gbuilt.zip" script: | INSTDIR="$HOME/install" PTDIR="$INSTDIR/Tor/PluggableTransports" @@ -78,6 +92,35 @@ script: | # FTE only needs libgmp.so.10 and no libgmpxx anymore. cp $INSTDIR/gmp/lib/libgmp.so.10 $INSTDIR/Tor
+ # Preparing Binutils and GCC for webrtc + unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip + # Make sure gold is used with the hardening wrapper for full RELRO, see + # #13031. + cd $INSTDIR/binutils/bin + rm ld + cp /usr/bin/hardened-ld ./ + mv ld.gold ld.gold.real + ln -sf hardened-ld ld.gold + ln -sf ld.gold ld + cd ~/build + unzip -d $INSTDIR gcc-linux$GBUILD_BITS-utils.zip + # Make sure we use the hardening wrapper when compiling Tor Browser. + cd $INSTDIR/gcc/bin + cp /usr/bin/hardened-cc ./ + mv gcc gcc.real + mv c++ c++.real + ln -sf hardened-cc gcc + ln -sf hardened-cc c++ + cd ~/build + export PATH=$INSTDIR/gcc/bin:$INSTDIR/binutils/bin:$PATH + ARCH="" + if [ $GBUILD_BITS == "64" ]; + then + ARCH="64" + fi + # Make sure our GCC gets properly used. + export LD_LIBRARY_PATH=$INSTDIR/gcc/lib$ARCH + # Building pyptlib cd pyptlib find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" @@ -216,6 +259,14 @@ script: | go install github.com/dchest/siphash cd ..
+ # Building go uniuri + cd uniuri + find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" + mkdir -p "$GOPATH/src/github.com/dchest/" + ln -sf "$PWD" "$GOPATH/src/github.com/dchest/uniuri" + go install github.com/dchest/uniuri + cd .. + # Building golang.org/x/crypto (obfs4proxy > 0.0.3 || Go >= 1.4) cd goxcrypto find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" @@ -244,6 +295,34 @@ script: | cp -a obfs4proxy $PTDIR cd ../..
+ unzip webrtc-linux$GBUILD_BITS-gbuilt.zip + + # Building go-webrtc + cd go-webrtc + # Replace the prebuilt webrtc library with our own one. + rm -rf include/ lib/ + ln -sf ../webrtc/{include,lib} . + find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" + mkdir -p "$GOPATH/src/github.com/keroserene/" + ln -sf "$PWD" "$GOPATH/src/github.com/keroserene/go-webrtc" + # The go-webrtc package sets _GLIBCXX_USE_CXX11_ABI=0 for compatibility with + # the prebuilt libwebrtc-magic.a libraries. Since we build our own + # libwebrtc-magic.a with the C++11 ABI, we have to undo that setting here, + # using CGO_CXXFLAGS. + CGO_CXXFLAGS=-D_GLIBCXX_USE_CXX11_ABI=1 go install github.com/keroserene/go-webrtc + cd .. + + # Building snowflake + cd snowflake + find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" + cd client + go build -ldflags '-s' + cp -a client $PTDIR/snowflake-client + cd .. + mkdir -p $INSTDIR/Docs/snowflake + cp -a README.md LICENSE $INSTDIR/Docs/snowflake + cd .. + # Grabbing the results and making sure timestamps don't spoil them cd $INSTDIR ~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/ diff --git a/gitian/descriptors/linux/gitian-webrtc.yml b/gitian/descriptors/linux/gitian-webrtc.yml new file mode 100644 index 0000000..ba654c5 --- /dev/null +++ b/gitian/descriptors/linux/gitian-webrtc.yml @@ -0,0 +1,125 @@ +--- +name: "webrtc-linux" +distro: "debian" +suites: +- "wheezy" +architectures: +- "i386" +- "amd64" +packages: +- "unzip" +- "zip" +- "hardening-wrapper" +- "libasound2-dev" +- "libexpat1-dev" +- "libudev-dev" +- "libx11-dev" +- "libxext-dev" +- "libxrandr-dev" +- "default-jre-headless" +- "default-jdk" +reference_datetime: "2000-01-01 00:00:00" +remotes: +- "url": "https://chromium.googlesource.com/chromium/tools/depot_tools.git" + "dir": "depot_tools" +files: +- "dzip.sh" +- "binutils-linux32-utils.zip" +- "binutils-linux64-utils.zip" +- "gcc-linux32-utils.zip" +- "gcc-linux64-utils.zip" +- "webrtc.tar.gz" +script: | + INSTDIR="$HOME/install" + export REFERENCE_DATETIME + export TZ=UTC + export LC_ALL=C + umask 0022 + # + mkdir -p $OUTDIR/ + + # Config options for hardening-wrapper + export DEB_BUILD_HARDENING=1 + export DEB_BUILD_HARDENING_STACKPROTECTOR=1 + export DEB_BUILD_HARDENING_FORTIFY=1 + export DEB_BUILD_HARDENING_FORMAT=1 + export DEB_BUILD_HARDENING_PIE=1 + + # Preparing Binutils and GCC for webrtc + unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip + # Make sure gold is used with the hardening wrapper for full RELRO, see + # #13031. + cd $INSTDIR/binutils/bin + rm ld + cp /usr/bin/hardened-ld ./ + mv ld.gold ld.gold.real + ln -sf hardened-ld ld.gold + ln -sf ld.gold ld + cd ~/build + unzip -d $INSTDIR gcc-linux$GBUILD_BITS-utils.zip + # Make sure we use the hardening wrapper when compiling Tor Browser. + cd $INSTDIR/gcc/bin + cp /usr/bin/hardened-cc ./ + mv gcc gcc.real + mv c++ c++.real + ln -sf hardened-cc gcc + ln -sf hardened-cc c++ + cd ~/build + export PATH=$INSTDIR/gcc/bin:$INSTDIR/binutils/bin:$PATH + ARCH="" + if [ $GBUILD_BITS == "64" ]; + then + ARCH="64" + fi + # Make sure our GCC gets properly used. + export LD_LIBRARY_PATH=$INSTDIR/gcc/lib$ARCH + + # Setting up depot_tools + # https://dev.chromium.org/developers/how-tos/install-depot-tools + export PATH="$PATH:$PWD/depot_tools" + # Disable automatic updating. + export DEPOT_TOOLS_UPDATE=0 + + # Building webrtc + tar xaf webrtc.tar.gz + cd webrtc/src + export GYP_CROSSCOMPILE=1 + export GYP_DEFINES="OS=linux target_arch=$(if [ $GBUILD_BITS = 32 ]; then echo ia32; else echo x64; fi)" + # Do not use bundled utilities. + GYP_DEFINES+=" clang=0 host_clang=0 use_sysroot=0" + GYP_DEFINES+=" linux_use_bundled_gold=0 linux_use_gold_flags=0 linux_use_bundled_binutils=0" + # Avoid some dependencies. Some of these don't seem to work fully; for + # example even with use_alsa=0 we need libasound2-dev. + GYP_DEFINES+=" use_x11=0 use_gtk=0 use_gconf=0 use_alsa=0 use_pulseaudio=0 use_libpci=0 include_internal_audio_device=0 enabled_libjingle_device_manager=0" + # examples and tests also bring in dependencies. + GYP_DEFINES+=" include_examples=0 include_tests=0" + # embedded=1 is supposed to turn of various features; see + # https://bugs.chromium.org/p/chromium/issues/detail?id=318413. + GYP_DEFINES+=" embedded=1" + GYP_DEFINES+=" werror=" + JAVA_HOME=/usr/lib/jvm/default-java webrtc/build/gyp_webrtc.py + ninja -C out/Release + # Run ninja once more, without include_tests=0, in order to build just the + # FakeAudioCaptureModule that go-webrtc uses. + GYP_DEFINES="$(echo "$GYP_DEFINES" | sed -e 's/include_tests=0//g')" + JAVA_HOME=/usr/lib/jvm/default-java webrtc/build/gyp_webrtc.py + ninja -C out/Release obj/webrtc/api/test/peerconnection_unittests.fakeaudiocapturemodule.o + # https://github.com/keroserene/go-webrtc/issues/23#issuecomment-175312648 + # dump_syms_regtest.o is actually an executable, not an object file. If not + # excluded, it results in the error: + # libwebrtc-linux-386-magic.a(dump_syms_regtest.o): unsupported ELF file type 2 + ar crs libwebrtc-magic.a $(find . -name '*.o' -not -name '*.main.o' -not -name 'dump_syms_regtest.o' | sort) + cd ../.. + + # Grabbing the result + cd $INSTDIR + mkdir -p webrtc/include webrtc/lib + cp -f $HOME/build/webrtc/src/libwebrtc-magic.a webrtc/lib/libwebrtc-linux-$(if [ $GBUILD_BITS = 32 ]; then echo 386; else echo amd64; fi)-magic.a + INCLUDE_DIR="$PWD/webrtc/include" + (cd $HOME/build/webrtc/src && for h in $(find talk/ webrtc/ -type f -name '*.h'); do + mkdir -p "$INCLUDE_DIR/$(dirname $h)" + cp -f "$h" "$INCLUDE_DIR/$h" + done) + + ~/build/dzip.sh webrtc-linux$GBUILD_BITS-gbuilt.zip webrtc + cp webrtc-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/ diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index b3d5c26..729e492 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -277,6 +277,7 @@ tor-browser https://git.torproject.org/tor-browser.git $TORBR cmake https://cmake.org/cmake.git $CMAKE_TAG llvm https://github.com/llvm-mirror/llvm $LLVM_TAG clang https://github.com/llvm-mirror/clang $CLANG_TAG +libcxx https://github.com/llvm-mirror/libcxx $LIBCXX_TAG mingw-w64-git http://git.code.sf.net/p/mingw-w64/mingw-w64 $MINGW_TAG pyptlib https://git.torproject.org/pluggable-transports/pyptlib.git $PYPTLIB_TAG obfsproxy https://git.torproject.org/pluggable-transports/obfsproxy.git $OBFSPROXY_TAG @@ -296,6 +297,10 @@ noto-fonts https://github.com/googlei18n/noto-fonts $NOTOFONTS_TAG errors https://github.com/pkg/errors $ERRORS_TAG gb https://github.com/constabulary/gb $GB_TAG sandbox https://git.schwanenlied.me/yawning/sandboxed-tor-browser $SANDBOX_TAG +depot_tools https://chromium.googlesource.com/chromium/tools/depot_tools.git $DEPOT_TOOLS_TAG +go-webrtc https://github.com/keroserene/go-webrtc $GO_WEBRTC_TAG +snowflake https://git.torproject.org/pluggable-transports/snowflake.git $SNOWFLAKE_TAG +uniuri https://github.com/dchest/uniuri $UNIURI_TAG EOF
# HTTPS-Everywhere is special, too. We need to initialize the git submodules and @@ -305,5 +310,28 @@ git submodule init git submodule update cd ..
+# WebRTC is special, having its own build system that brings in lots of Chromium dependencies. +# https://webrtc.org/native-code/development/ +# depot_tools must have been downloaded before running this code. +dir=webrtc +PATH="$PATH:$PWD/depot_tools" +# GYP_CROSSCOMPILE=1 and GYP_DEFINES="use_x11=0" prevent probing for certain dependencies. +# Use --no-history because the whole checkout with history is about 12 GB. +export GYP_CROSSCOMPILE=1 +export GYP_DEFINES="use_x11=0" +mkdir -p "$dir" +cd "$dir" +if [ ! -d "src" ]; +then + # "fetch" is part of depot_tools. + fetch --nohooks --no-history webrtc +fi +# "gclient" is part of depot_tools. This download takes a long time the first time. +# JAVA_HOME is needed in a hook for libjingle. The readlink line tries to find the current JRE. +# default-java comes from the package default-jdk-headless. +JAVA_HOME=/usr/lib/jvm/default-java gclient sync --with_branch_heads --no-history -r $WEBRTC_TAG +cd .. +tar --exclude .git -czf webrtc.tar.gz webrtc + exit 0
diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index 27cccd0..f1da2e0 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -114,7 +114,7 @@ if [ ! -f inputs/binutils-$BINUTILS_VER-linux32-utils.zip -o \ ! -f inputs/go-$GO_VER-linux64-utils.zip ]; then echo - echo "****** Starting Utilities Component of Linux Bundle (1/6 for Linux) ******" + echo "****** Starting Utilities Component of Linux Bundle (1/7 for Linux) ******" echo
./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libevent=$LIBEVENT_TAG $DESCRIPTOR_DIR/linux/gitian-utils.yml @@ -142,7 +142,7 @@ then #cp -a result/utils-linux-res.yml inputs/ else echo - echo "****** SKIPPING already built Utilities Component of Linux Bundle (1/6 for Linux) ******" + echo "****** SKIPPING already built Utilities Component of Linux Bundle (1/7 for Linux) ******" echo # We might have built the utilities in the past but maybe the links are # pointing to the wrong version. Refresh them. @@ -166,7 +166,7 @@ if [ ! -f inputs/tor-linux32-gbuilt.zip -o \ ! -f inputs/tor-linux64-gbuilt.zip ]; then echo - echo "****** Starting Tor Component of Linux Bundle (2/6 for Linux) ******" + echo "****** Starting Tor Component of Linux Bundle (2/7 for Linux) ******" echo
./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor=$TOR_TAG $DESCRIPTOR_DIR/linux/gitian-tor.yml @@ -181,7 +181,7 @@ then #cp -a result/tor-linux-res.yml inputs/ else echo - echo "****** SKIPPING already built Tor Component of Linux Bundle (2/6 for Linux) ******" + echo "****** SKIPPING already built Tor Component of Linux Bundle (2/7 for Linux) ******" echo fi
@@ -190,7 +190,7 @@ if [ ! -f inputs/tor-browser-linux32-gbuilt.zip -o \ ! -f inputs/tor-browser-linux64-gbuilt.zip ]; then echo - echo "****** Starting TorBrowser Component of Linux Bundle (3/6 for Linux) ******" + echo "****** Starting TorBrowser Component of Linux Bundle (3/7 for Linux) ******" echo
./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor-browser=$TORBROWSER_TAG,faketime=$FAKETIME_TAG $DESCRIPTOR_DIR/linux/gitian-firefox.yml @@ -206,7 +206,29 @@ then #cp -a result/torbrowser-linux-res.yml inputs/ else echo - echo "****** SKIPPING already built TorBrowser Component of Linux Bundle (3/6 for Linux) ******" + echo "****** SKIPPING already built TorBrowser Component of Linux Bundle (3/7 for Linux) ******" + echo +fi + +if [ ! -f inputs/webrtc-linux32-gbuilt.zip -o \ + ! -f inputs/webrtc-linux64-gbuilt.zip ]; +then + echo + echo "****** Starting WebRTC Component of Linux Bundle (4/7 for Linux) ******" + echo + + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit depot_tools=$DEPOT_TOOLS_TAG $DESCRIPTOR_DIR/linux/gitian-webrtc.yml + if [ $? -ne 0 ]; + then + #mv var/build.log ./webrtc-fail-linux.log.`date +%Y%m%d%H%M%S` + exit 1 + fi + + cp -a build/out/webrtc-linux*-gbuilt.zip inputs/ + #cp -a result/webrtc-linux-res.yml inputs/ +else + echo + echo "****** SKIPPING already built WebRTC Component of Linux Bundle (4/7 for Linux) ******" echo fi
@@ -214,10 +236,10 @@ if [ ! -f inputs/pluggable-transports-linux32-gbuilt.zip -o \ ! -f inputs/pluggable-transports-linux64-gbuilt.zip ]; then echo - echo "****** Starting Pluggable Transports Component of Linux Bundle (4/6 for Linux) ******" + echo "****** Starting Pluggable Transports Component of Linux Bundle (5/7 for Linux) ******" echo
- ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG,ed25519=$GOED25519_TAG,siphash=$GOSIPHASH_TAG,goxcrypto=$GO_X_CRYPTO_TAG,goxnet=$GO_X_NET_TAG,obfs4=$OBFS4_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG,ed25519=$GOED25519_TAG,siphash=$GOSIPHASH_TAG,goxcrypto=$GO_X_CRYPTO_TAG,goxnet=$GO_X_NET_TAG,obfs4=$OBFS4_TAG,go-webrtc=$GO_WEBRTC_TAG,snowflake=$SNOWFLAKE_TAG,uniuri=$UNIURI_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml if [ $? -ne 0 ]; then #mv var/build.log ./pluggable-transports-fail-linux.log.`date +%Y%m%d%H%M%S` @@ -228,7 +250,7 @@ then #cp -a result/pluggable-transports-linux-res.yml inputs/ else echo - echo "****** SKIPPING already built Pluggable Transports Component of Linux Bundle (4/6 for Linux) ******" + echo "****** SKIPPING already built Pluggable Transports Component of Linux Bundle (5/7 for Linux) ******" echo fi
@@ -243,7 +265,7 @@ if [ ! -f inputs/sandbox-$SB_TAG-linux32.zip -o \ ! -f inputs/sandbox-$SB_TAG-linux64.zip ]; then echo - echo "****** Starting Sandbox Component of Linux Bundle (5/6 for Linux) ******" + echo "****** Starting Sandbox Component of Linux Bundle (6/7 for Linux) ******" echo
./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit errors=$ERRORS_TAG,gb=$GB_TAG,sandbox=$SANDBOX_TAG $DESCRIPTOR_DIR/linux/gitian-sandbox.yml @@ -256,14 +278,14 @@ then #cp -a result/sandbox-linux-res.yml inputs/ else echo - echo "****** SKIPPING already built Sandbox Component of Linux Bundle (5/6 for Linux) ******" + echo "****** SKIPPING already built Sandbox Component of Linux Bundle (6/7 for Linux) ******" echo fi
if [ ! -f inputs/bundle-linux.gbuilt ]; then echo - echo "****** Starting Bundling+Localization of Linux Bundle (6/6 for Linux) ******" + echo "****** Starting Bundling+Localization of Linux Bundle (7/7 for Linux) ******" echo
cd $WRAPPER_DIR && ./record-inputs.sh $VERSIONS_FILE && cd $GITIAN_DIR @@ -284,7 +306,7 @@ then touch inputs/bundle-linux.gbuilt else echo - echo "****** SKIPPING already built Bundling+Localization of Linux Bundle (6/6 for Linux) ******" + echo "****** SKIPPING already built Bundling+Localization of Linux Bundle (7/7 for Linux) ******" echo fi
diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index d95b0e0..368a990 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -111,6 +111,7 @@ while read dir commit; do done << EOF llvm $LLVM_TAG clang $CLANG_TAG +libcxx $LIBCXX_TAG mingw-w64-git $MINGW_TAG libdmg-hfsplus $LIBDMG_TAG libfte $LIBFTE_TAG @@ -122,6 +123,10 @@ siphash $GOSIPHASH_TAG goxcrypto $GO_X_CRYPTO_TAG goxnet $GO_X_NET_TAG noto-fonts $NOTOFONTS_TAG +depot_tools $DEPOT_TOOLS_TAG +go-webrtc $GO_WEBRTC_TAG +snowflake $SNOWFLAKE_TAG +uniuri $UNIURI_TAG EOF
# Verify signatures on signed packages @@ -154,6 +159,7 @@ do fi done
+# webrtc? Its fetch brings in sources from many repos.
cd "$INPUTS_DIR" verify_git "." "$WRAPPER_DIR/gpg/torbutton.gpg" "$GITIAN_TAG" diff --git a/gitian/versions b/gitian/versions index 81963bb..598a945 100755 --- a/gitian/versions +++ b/gitian/versions @@ -25,6 +25,7 @@ LIBEVENT_TAG=release-2.0.22-stable CMAKE_TAG=v2.8.12.2 LLVM_TAG=8f188e0ea735ac9383a65a0d1c846eb790c2ec74 # r247539 CLANG_TAG=592b43b609b42cffd1531a700c140e10766bf049 # r247539 +LIBCXX_TAG=af9a44f256be54de6874d1eefd1d282d0671c0cf # r247539 MINGW_TAG=a0cd5afeb60be3be0860e9a203314c10485bb9b8 PYPTLIB_TAG=pyptlib-0.0.6 OBFSPROXY_TAG=obfsproxy-0.2.12 @@ -41,6 +42,11 @@ GO_X_CRYPTO_TAG=4ed45ec682102c643324fae5dff8dab085b6c300 GO_X_NET_TAG=7dbad50ab5b31073856416cdcfeb2796d682f844 OBFS4_TAG=obfs4proxy-0.0.5 NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2 +DEPOT_TOOLS_TAG=28216cd14b44716db5c83634afbdc6e90492652b +WEBRTC_TAG=f33698296719f956497d2dbff81b5080864a8804 # https://chromium.googlesource.com/external/webrtc.git/+/refs/branch-heads/52 +GO_WEBRTC_TAG=69c5ca70533142494d145b43ef2f46ca94715557 +SNOWFLAKE_TAG=6cecd31fd896eb26e64ad8bab8a9ea510ec3b21d +UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a
GITIAN_TAG=tor-browser-builder-4-1
diff --git a/gitian/versions.alpha b/gitian/versions.alpha index a8a08c1..14ed662 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -25,6 +25,7 @@ LIBEVENT_TAG=release-2.0.22-stable CMAKE_TAG=v2.8.12.2 LLVM_TAG=8f188e0ea735ac9383a65a0d1c846eb790c2ec74 # r247539 CLANG_TAG=592b43b609b42cffd1531a700c140e10766bf049 # r247539 +LIBCXX_TAG=af9a44f256be54de6874d1eefd1d282d0671c0cf # r247539 MINGW_TAG=a0cd5afeb60be3be0860e9a203314c10485bb9b8 PYPTLIB_TAG=pyptlib-0.0.6 OBFSPROXY_TAG=obfsproxy-0.2.12 @@ -44,6 +45,11 @@ NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2 ERRORS_TAG=248dadf4e9068a0b3e79f02ed0a610d935de5302 GB_TAG=06cc925cce6592e922dcc4839a8b44feb384e71e SANDBOX_TAG=sandboxed-tor-browser-0.0.2 +DEPOT_TOOLS_TAG=28216cd14b44716db5c83634afbdc6e90492652b +WEBRTC_TAG=f33698296719f956497d2dbff81b5080864a8804 # https://chromium.googlesource.com/external/webrtc.git/+/refs/branch-heads/52 +GO_WEBRTC_TAG=69c5ca70533142494d145b43ef2f46ca94715557 +SNOWFLAKE_TAG=6cecd31fd896eb26e64ad8bab8a9ea510ec3b21d +UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a
GITIAN_TAG=tor-browser-builder-4-2
diff --git a/gitian/versions.beta b/gitian/versions.beta index 577b802..b1342b9 100755 --- a/gitian/versions.beta +++ b/gitian/versions.beta @@ -29,6 +29,11 @@ TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0 GOPTLIB_TAG=0.2 MEEK_TAG=0.25 NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2 +DEPOT_TOOLS_TAG=28216cd14b44716db5c83634afbdc6e90492652b +WEBRTC_TAG=f33698296719f956497d2dbff81b5080864a8804 # https://chromium.googlesource.com/external/webrtc.git/+/refs/branch-heads/52 +GO_WEBRTC_TAG=69c5ca70533142494d145b43ef2f46ca94715557 +SNOWFLAKE_TAG=6cecd31fd896eb26e64ad8bab8a9ea510ec3b21d +UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a
GITIAN_TAG=tor-browser-builder-3.x-6
diff --git a/gitian/versions.nightly b/gitian/versions.nightly index c661b0e..1b1b346 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -32,6 +32,7 @@ LIBEVENT_TAG=release-2.0.22-stable CMAKE_TAG=v2.8.12.2 LLVM_TAG=8f188e0ea735ac9383a65a0d1c846eb790c2ec74 # r247539 CLANG_TAG=592b43b609b42cffd1531a700c140e10766bf049 # r247539 +LIBCXX_TAG=af9a44f256be54de6874d1eefd1d282d0671c0cf # r247539 MINGW_TAG=a0cd5afeb60be3be0860e9a203314c10485bb9b8 PYPTLIB_TAG=master OBFSPROXY_TAG=master @@ -51,6 +52,11 @@ NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2 ERRORS_TAG=248dadf4e9068a0b3e79f02ed0a610d935de5302 GB_TAG=06cc925cce6592e922dcc4839a8b44feb384e71e SANDBOX_TAG=master +DEPOT_TOOLS_TAG=master +WEBRTC_TAG=f33698296719f956497d2dbff81b5080864a8804 # https://chromium.googlesource.com/external/webrtc.git/+/refs/branch-heads/52 +GO_WEBRTC_TAG=master +SNOWFLAKE_TAG=master +UNIURI_TAG=master
GITIAN_TAG=tor-browser-builder-4
tor-commits@lists.torproject.org