[tbb-commits] [tor-browser-build/master] Bug 31130: Use Debian 10 for our Android container images

sysrqb at torproject.org sysrqb at torproject.org
Thu Feb 20 21:26:32 UTC 2020


commit 196170812a1c8c0c3f05bf298aaefca8cde277e3
Author: sisbell <shane.isbell at gmail.com>
Date:   Tue Oct 22 10:21:32 2019 -0700

    Bug 31130: Use Debian 10 for our Android container images
---
 projects/debootstrap-image/config       | 17 +++++++++--------
 projects/firefox/build                  |  1 +
 projects/firefox/config                 |  5 -----
 projects/https-everywhere/config        |  1 +
 projects/tor-android-service/config     |  6 ------
 projects/tor-browser/build.android      |  2 +-
 projects/tor-browser/config             |  1 -
 projects/tor-onion-proxy-library/config |  6 ------
 rbm.conf                                | 13 ++++++++++++-
 9 files changed, 24 insertions(+), 28 deletions(-)

diff --git a/projects/debootstrap-image/config b/projects/debootstrap-image/config
index a50cbf1..f7b9e57 100644
--- a/projects/debootstrap-image/config
+++ b/projects/debootstrap-image/config
@@ -4,7 +4,7 @@ version: 2
 pkg_type: build
 
 var:
-  ubuntu_version: 18.04.1
+  ubuntu_version: 19.10
 
   container:
     use_container: 1
@@ -15,8 +15,6 @@ pre: |
   #!/bin/sh
   set -e
   export DEBIAN_FRONTEND=noninteractive
-  # Bug 29158: install fixed packages for apt vulnerability (CVE-2019-3462)
-  dpkg -i ./apt_1.6.6ubuntu0.1_amd64.deb ./libapt-pkg5.0_1.6.6ubuntu0.1_amd64.deb
   apt-get update -y -q
   apt-get install -y -q debian-archive-keyring ubuntu-keyring debootstrap
   debootstrap --arch=[% c("var/container/arch") %] [% c("var/container/debootstrap_opt") %] [% c("var/container/suite") %] base-image [% c("var/container/debootstrap_mirror") %]
@@ -65,14 +63,17 @@ targets:
         suite: stretch
         arch: amd64
 
+  buster-amd64:
+    var:
+      minimal_apt_version: 1.8.2
+      container:
+        suite: buster
+        arch: amd64
+
 input_files:
   - URL: 'http://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
     filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
-    sha256sum: ed76e649f65548a80b361b68011085ec4dde7bb762d667657acbef87765e1a12
-  - URL: http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_1.6.6ubuntu0.1_amd64.deb
-    sha256sum: df210f9e30cf9deba5fbe815203af854e5e77bdbbe0b96d0d1c0da46a6a8dd0a
-  - URL: http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg5.0_1.6.6ubuntu0.1_amd64.deb
-    sha256sum: 0a05a97b1e9b8d52ee8df040a14c5fabdebbb2c2235ac495db29df34f4c8cec3
+    sha256sum: eedcb1dc0ccc86b59eb1f89960c322a2ba3ed3e0323a20a1da8bcc0e6f100f4f
   - URL: '[% c("var/apt_packages_baseurl") %]/[% c("var/apt_package_filename") %]'
     sha256sum: '[% c("var/apt_package_sha256sum") %]'
     enable: '[% c("var/apt_package_filename") %]'
diff --git a/projects/firefox/build b/projects/firefox/build
index c334854..800a0c4 100644
--- a/projects/firefox/build
+++ b/projects/firefox/build
@@ -57,6 +57,7 @@ mv -f $rootdir/[% c('input_files_by_name/mozconfig') %] .mozconfig
 [% END -%]
 
 [% IF c("var/android") %]
+  export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64
   gradle_repo=/var/tmp/dist/gradle-dependencies
   export GRADLE_MAVEN_REPOSITORIES="file://$gradle_repo"
   export GRADLE_FLAGS="--no-daemon --offline"
diff --git a/projects/firefox/config b/projects/firefox/config
index d9b9edb..45a33a0 100644
--- a/projects/firefox/config
+++ b/projects/firefox/config
@@ -54,11 +54,6 @@ targets:
     var:
       branding_directory: '[% IF c("var/android") %]mobile/android[% ELSE %]browser[% END %]/branding/nightly'
 
-  android:
-    var:
-      arch_deps:
-        - openjdk-8-jdk
-
   linux:
     var:
       post_pkginst: |
diff --git a/projects/https-everywhere/config b/projects/https-everywhere/config
index 1bc6f98..c66d7fe 100644
--- a/projects/https-everywhere/config
+++ b/projects/https-everywhere/config
@@ -27,6 +27,7 @@ var:
     - rsync
     - zip
     - unzip
+  pre_pkginst: ''
 
 input_files:
   - project: container-image
diff --git a/projects/tor-android-service/config b/projects/tor-android-service/config
index ca68d7b..c2994b7 100644
--- a/projects/tor-android-service/config
+++ b/projects/tor-android-service/config
@@ -13,12 +13,6 @@ var:
   # this should be updated when the list of gradle dependencies is changed
   gradle_dependencies_version: 3
 
-targets:
-  android:
-    var:
-      arch_deps:
-        - openjdk-8-jdk
-
 input_files:
   - project: container-image
   - name: '[% c("var/compiler") %]'
diff --git a/projects/tor-browser/build.android b/projects/tor-browser/build.android
index f8f3a8d..751db11 100644
--- a/projects/tor-browser/build.android
+++ b/projects/tor-browser/build.android
@@ -55,4 +55,4 @@ cd tmp
    }) %]
 
 # Sign a QA build. This apk is not a debug version and doesn't contain a debug flag in the manifest
-java -jar /usr/share/apksigner/apksigner.jar sign --verbose --min-sdk-version [% c("var/android_min_api") %] --ks $rootdir/android-qa.keystore --out $qa_apk --in $apk --ks-key-alias androidqakey --key-pass pass:android --ks-pass pass:android
+java -jar /usr/lib/android-sdk/build-tools/debian/apksigner.jar sign --verbose --min-sdk-version [% c("var/android_min_api") %] --ks $rootdir/android-qa.keystore --out $qa_apk --in $apk --ks-key-alias androidqakey --key-pass pass:android --ks-pass pass:android
diff --git a/projects/tor-browser/config b/projects/tor-browser/config
index 7fd61a9..eaacff7 100644
--- a/projects/tor-browser/config
+++ b/projects/tor-browser/config
@@ -46,7 +46,6 @@ targets:
     build: '[% INCLUDE build.android %]'
     var:
       arch_deps:
-        - openjdk-8-jdk
         - apksigner
 
 input_files:
diff --git a/projects/tor-onion-proxy-library/config b/projects/tor-onion-proxy-library/config
index d76949d..c682078 100644
--- a/projects/tor-onion-proxy-library/config
+++ b/projects/tor-onion-proxy-library/config
@@ -15,12 +15,6 @@ var:
   # this should be updated when the list of gradle dependencies is changed
   gradle_dependencies_version: 3
 
-targets:
-  android:
-    var:
-      arch_deps:
-        - openjdk-8-jdk
-
 input_files:
   - project: container-image
   - name: '[% c("var/compiler") %]'
diff --git a/rbm.conf b/rbm.conf
index 32da3c6..f5f35c1 100644
--- a/rbm.conf
+++ b/rbm.conf
@@ -236,7 +236,7 @@ targets:
       CC: '$ANDROID_NDK_HOME/[% c("var/toolchain_arch") %]/bin/clang'
       CXX: '$ANDROID_NDK_HOME/[% c("var/toolchain_arch") %]/bin/clang++'
       container:
-        suite: stretch
+        suite: buster
         arch: amd64
       deps:
         - build-essential
@@ -245,7 +245,18 @@ targets:
         - libtool
         - zip
         - unzip
+        - libtinfo5
 
+      pre_pkginst: |
+          SNAPSHOT_VERSION=20191201T212855Z
+          OPENJDK_URL=https://snapshot.debian.org/archive/debian/$SNAPSHOT_VERSION/pool/main/o/openjdk-8
+          JDK_VERSION=8u232-b09-1~deb9u1_amd64
+          apt-get install -y -q wget ca-certificates-java
+          wget $OPENJDK_URL/openjdk-8-jdk-headless_$JDK_VERSION.deb
+          wget $OPENJDK_URL/openjdk-8-jre-headless_$JDK_VERSION.deb
+          echo 92b4f8fb77d793a86e0b03b3b0750592b40a26a5d75956d10dd984a7b3aad4c9 openjdk-8-jdk-headless_$JDK_VERSION.deb | sha256sum -c
+          echo 84bf52b6cce20ead08b0d5b9fd9b81b4aa3da385ca951b313fe11d5cb1aa4d17 openjdk-8-jre-headless_$JDK_VERSION.deb | sha256sum -c
+          dpkg -i ./openjdk-8-jre-headless_$JDK_VERSION.deb ./openjdk-8-jdk-headless_$JDK_VERSION.deb
   torbrowser-linux-x86_64:
     - linux-x86_64
     - linux





More information about the tbb-commits mailing list