[tor-browser-bundle/master] Make a deterministic tar wrapper and improve the zip wrappers.

29 Jun 2013

commit 0577db3360a23ad4d8c518c1804110a446fbcb9f
Author: Mike Perry <mikeperry-git@torproject.org>
Date:   Sat Jun 29 17:23:47 2013 -0700

    Make a deterministic tar wrapper and improve the zip wrappers.
    
    Resulting file permissions inside the archive seem to vary arbitrarily between
    build machines, even though we set umask. What's up with that?
---
 gitian/build-helpers/dtar.sh                 |   11 +++++++++++
 gitian/build-helpers/dzip.sh                 |    3 +++
 gitian/build-helpers/re-dzip.sh              |    4 ++--
 gitian/descriptors/linux/gitian-bundle.yml   |   13 +++++--------
 gitian/descriptors/mac/gitian-bundle.yml     |    8 ++------
 gitian/descriptors/windows/gitian-bundle.yml |    8 ++------
 6 files changed, 25 insertions(+), 22 deletions(-)

diff --git a/gitian/build-helpers/dtar.sh b/gitian/build-helpers/dtar.sh
new file mode 100755
index 0000000..bc2d89c
--- /dev/null
+++ b/gitian/build-helpers/dtar.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+# Crappy deterministic tar wrapper
+export LC_ALL=C
+
+TARFILE=$1
+shift
+
+find $@ -executable -exec chmod 700 {} \;
+find $@ ! -executable -exec chmod 600 {} \;
+
+tar --no-recursion -Jcvf $TARFILE `find $@ | sort`
diff --git a/gitian/build-helpers/dzip.sh b/gitian/build-helpers/dzip.sh
index 5f20abf..2e38c89 100755
--- a/gitian/build-helpers/dzip.sh
+++ b/gitian/build-helpers/dzip.sh
@@ -5,4 +5,7 @@ export LC_ALL=C
 ZIPFILE=$1
 shift
 
+find $@ -executable -exec chmod 700 {} \;
+find $@ ! -executable -exec chmod 600 {} \;
+
 find $@ | sort | zip $ZIPOPTS -X -@ $ZIPFILE
diff --git a/gitian/build-helpers/re-dzip.sh b/gitian/build-helpers/re-dzip.sh
index 78d1d8d..656e225 100755
--- a/gitian/build-helpers/re-dzip.sh
+++ b/gitian/build-helpers/re-dzip.sh
@@ -7,8 +7,8 @@ ZIPFILE=`basename $1`
 mkdir tmp_dzip
 cd tmp_dzip
 unzip ../$1
-find . -type f -exec chmod 644 {} \;
-find . -type d -exec chmod 755 {} \;
+find . -executable -exec chmod 700 {} \;
+find . ! -executable -exec chmod 600 {} \;
 find . | sort | zip $ZIPOPTS -X -@ $ZIPFILE
 mv $ZIPFILE ../$1
 cd ..
diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml
index f570a5d..bb030f6 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -33,6 +33,7 @@ files:
 - "noscript@noscript.net.xpi"
 - "uriloader@pdf.js.xpi"
 - "dzip.sh"
+- "dtar.sh"
 - "bare-version"
 - "bundle.inputs"
 - "versions"
@@ -56,24 +57,20 @@ script: |
   cd tor-launcher
   make clean
   make package
+  # FIXME: Switch to re-dzip.sh here?
   mkdir pkg/tmp
   cd pkg/tmp
   unzip ../*.xpi
-  # FIXME: is there a better way to fix these input umask permissions??
-  find . -type f -exec chmod 644 {} \;
-  find . -type d -exec chmod 755 {} \;
   ~/build/dzip.sh ../../../tor-browser/Data/profile/extensions/tor-launcher@torproject.org.xpi .
   cd ../../../
   #
   cd torbutton
   mkdir -p pkg
   ./makexpi.sh
+  # FIXME: Switch to re-dzip.sh here?
   mkdir pkg/tmp
   cd pkg/tmp
   unzip ../*.xpi
-  # FIXME: is there a better way to fix these input umask permissions??
-  find . -type f -exec chmod 644 {} \;
-  find . -type d -exec chmod 755 {} \;
   ~/build/dzip.sh ../../../tor-browser/Data/profile/extensions/torbutton@torproject.org.xpi .
   cd ../../../
   #
@@ -114,7 +111,7 @@ script: |
   cd ../../../
   #7z a -sfx tor-browser.exe tor-browser_en-US
   #mv tor-browser.exe $OUTDIR/tor-browser-linux${GBUILD_BITS}_en-US.7z-selfextract
-  tar --no-recursion -Jcvf $OUTDIR/tor-browser-linux${GBUILD_BITS}-${TORBROWSER_VERSION}_en-US.tar.xz `find tor-browser_en-US | sort`
+  ~/build/dtar.sh $OUTDIR/tor-browser-linux${GBUILD_BITS}-${TORBROWSER_VERSION}_en-US.tar.xz tor-browser_en-US
   rm -rf tor-browser_en-US
   #
   unzip linux-langpacks.zip
@@ -135,7 +132,7 @@ script: |
 
     #7z a -sfx tor-browser.exe tor-browser_$LANG
     #mv tor-browser.exe $OUTDIR/tor-browser-linux${GBUILD_BITS}_$LANG.7z-selfextract
-    tar --no-recursion -Jcvf $OUTDIR/tor-browser-linux${GBUILD_BITS}-${TORBROWSER_VERSION}_$LANG.tar.xz `find tor-browser_$LANG | sort`
+    ~/build/dtar.sh $OUTDIR/tor-browser-linux${GBUILD_BITS}-${TORBROWSER_VERSION}_$LANG.tar.xz tor-browser_$LANG
 
     rm -rf tor-browser_$LANG
     cd linux-langpacks
diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml
index 1871ff9..eadd5c6 100644
--- a/gitian/descriptors/mac/gitian-bundle.yml
+++ b/gitian/descriptors/mac/gitian-bundle.yml
@@ -51,13 +51,11 @@ script: |
   cd tor-launcher
   make clean
   make package
+  # FIXME: Switch to re-dzip.sh here?
   mkdir pkg/tmp
   cd pkg/tmp
   unzip ../*.xpi
   rm ../*.xpi
-  # FIXME: is there a better way to fix these input umask permissions??
-  find . -type f -exec chmod 644 {} \;
-  find . -type d -exec chmod 755 {} \;
   ~/build/dzip.sh ../tor-launcher@torproject.org.xpi .
   mv ../tor-launcher@torproject.org.xpi ../../../TorBrowserBundle.app/Library/"Application Support"/Firefox/Profiles/profile/extensions/tor-launcher@torproject.org.xpi
   cd ../../../
@@ -65,13 +63,11 @@ script: |
   cd torbutton
   mkdir -p pkg
   ./makexpi.sh
+  # FIXME: Switch to re-dzip.sh here?
   mkdir pkg/tmp
   cd pkg/tmp
   unzip ../*.xpi
   rm ../*.xpi
-  # FIXME: is there a better way to fix these input umask permissions??
-  find . -type f -exec chmod 644 {} \;
-  find . -type d -exec chmod 755 {} \;
   ~/build/dzip.sh ../torbutton@torproject.org.xpi .
   mv ../torbutton@torproject.org.xpi ../../../TorBrowserBundle.app/Library/"Application Support"/Firefox/Profiles/profile/extensions/torbutton@torproject.org.xpi
   cd ../../../
diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml
index c4a686b..97bb9d9 100644
--- a/gitian/descriptors/windows/gitian-bundle.yml
+++ b/gitian/descriptors/windows/gitian-bundle.yml
@@ -52,13 +52,11 @@ script: |
   cd tor-launcher
   make clean
   make package
+  # FIXME: Switch to re-dzip.sh here?
   mkdir pkg/tmp
   cd pkg/tmp
   unzip ../*.xpi
   rm ../*.xpi
-  # FIXME: is there a better way to fix these input umask permissions??
-  find . -type f -exec chmod 644 {} \;
-  find . -type d -exec chmod 755 {} \;
   ~/build/dzip.sh ../tor-launcher@torproject.org.xpi .
   mv ../tor-launcher@torproject.org.xpi ../../../tbb-windows-installer/"Tor Browser"/FirefoxPortable/Data/profile/extensions/tor-launcher@torproject.org.xpi
   cd ../../../
@@ -66,12 +64,10 @@ script: |
   cd torbutton
   mkdir -p pkg/tmp
   ./makexpi.sh
+  # FIXME: Switch to re-dzip.sh here?
   cd pkg/tmp
   unzip ../*.xpi
   rm ../*.xpi
-  # FIXME: is there a better way to fix these input umask permissions??
-  find . -type f -exec chmod 644 {} \;
-  find . -type d -exec chmod 755 {} \;
   ~/build/dzip.sh ../torbutton@torproject.org.xpi .
   mv ../torbutton@torproject.org.xpi ../../../tbb-windows-installer/"Tor Browser"/FirefoxPortable/Data/profile/extensions/torbutton@torproject.org.xpi
   cd ../../../

    

mikeperry＠torproject.org

tags

participants (1)