[tor-commits] [tor-browser-bundle/master] Bug 4261: Make uncompressed DMG creation reproducible.

mikeperry at torproject.org mikeperry at torproject.org
Fri Mar 7 07:24:17 UTC 2014 

commit 82f061f118519c318ddf0aaa7dc4fcbd8290536e
Author: Mike Perry <mikeperry-git at torproject.org>
Date:   Sun Mar 2 14:21:30 2014 -0800

    Bug 4261: Make uncompressed DMG creation reproducible.
    
    genisoimage was non-deterministic, and libdmg was using unitialized memory in
    a stack struct.
---
 gitian/build-helpers/ddmg.sh             |   25 +++++++------------
 gitian/descriptors/mac/gitian-bundle.yml |    6 +++++
 gitian/patches/libdmg.patch              |   39 ++++++++++++++++++++++++++++++
 3 files changed, 54 insertions(+), 16 deletions(-)

diff --git a/gitian/build-helpers/ddmg.sh b/gitian/build-helpers/ddmg.sh
index f9f54da..468d6be 100755
--- a/gitian/build-helpers/ddmg.sh
+++ b/gitian/build-helpers/ddmg.sh
@@ -5,24 +5,17 @@ export LC_ALL=C
 DMGFILE=$1
 shift
 
-# Attempt to normalize inode ordering..
-# XXX: the genisoimage -path-list argument seems broken
-mkdir -p ~/build/tmp/dmg
+find $@ -executable -exec chmod 700 {} \;
+find $@ ! -executable -exec chmod 600 {} \;
+
 cd $@
-for i in `find . | sort`
-do
-  if [ -d $i ];
-  then
-    mkdir -p ~/build/tmp/dmg/$i
-  else
-    cp --parents -d --preserve=all $i ~/build/tmp/dmg/
-  fi
-done
+find . -type f | sed -e 's/^\.\///' | sort | xargs -i echo "{}={}" > ~/build/filelist.txt
+find . -type l | sed -e 's/^\.\///' | sort | xargs -i echo "{}={}" >> ~/build/filelist.txt
+
+mkisofs -D -V "Tor Browser" -no-pad -R -apple -o ~/build/tbb-uncompressed.dmg -path-list ~/build/filelist.txt -graft-points -dir-mode 0700 -new-dir-mode 0700
 
-find ~/build/tmp/dmg -executable -exec chmod 700 {} \;
-find ~/build/tmp/dmg ! -executable -exec chmod 600 {} \;
+cd ~/build
 
-genisoimage -D -V "Tor Browser" -no-pad -R -apple -o tbb-uncompressed.dmg ~/build/tmp/dmg/
 ~/build/libdmg-hfsplus/dmg/dmg dmg tbb-uncompressed.dmg $DMGFILE
 rm tbb-uncompressed.dmg
-rm -rf ~/build/tmp/dmg/
+rm ~/build/filelist.txt
diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml
index 63c0a96..55a6777 100644
--- a/gitian/descriptors/mac/gitian-bundle.yml
+++ b/gitian/descriptors/mac/gitian-bundle.yml
@@ -41,6 +41,7 @@ files:
 - "noscript at noscript.net.xpi"
 - "dzip.sh"
 - "ddmg.sh"
+- "libdmg.patch"
 - "bare-version"
 - "bundle.inputs"
 - "versions"
@@ -141,6 +142,7 @@ script: |
   #
   # Set up DMG skeleton
   cd libdmg-hfsplus
+  git am ~/build/libdmg.patch
   cmake CMakeLists.txt
   cd dmg
   make
@@ -162,6 +164,10 @@ script: |
     ~/build/dzip.sh $OUTDIR/TorBrowserBundle-${TORBROWSER_VERSION}-osx${GBUILD_BITS}_en-US.zip ${TORBROWSER_NAME}_en-US.app
    rm -rf ~/build/${TORBROWSER_NAME}_en-US.app
   else
+   # XXX: We need to insert these placeholders because otherwise mkisofs won't
+   # include these otherwise empty dirs:
+   touch ~/build/$TORBROWSER_NAME.app/Data/Browser/Caches/placeholder.txt
+   touch ~/build/$TORBROWSER_NAME.app/Contents/MacOS/TorBrowser.app/Contents/MacOS/browser/defaults/preferences/placeholder.txt
    cp -a ~/build/$TORBROWSER_NAME.app ~/build/dmg/$TORBROWSER_APP.app
     ~/build/ddmg.sh $OUTDIR/TorBrowser-${TORBROWSER_VERSION}-osx${GBUILD_BITS}_en-US.dmg ~/build/dmg
    rm -rf ~/build/dmg/$TORBROWSER_APP.app
diff --git a/gitian/patches/libdmg.patch b/gitian/patches/libdmg.patch
new file mode 100644
index 0000000..a84ac3e
--- /dev/null
+++ b/gitian/patches/libdmg.patch
@@ -0,0 +1,39 @@
+From d1a5eca891f32103ccda80ee75e158dfc7ece70d Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at torproject.org>
+Date: Thu, 6 Mar 2014 19:47:05 -0800
+Subject: [PATCH] Memset a UDIF header to ensure archive reproducibility.
+
+Some of the struct padding and fields contained unitialized memory, which
+caused two successive invocations to produce archives that differed in some
+bytes.
+---
+ dmg/dmglib.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/dmg/dmglib.c b/dmg/dmglib.c
+index f481b1f..b74e50b 100644
+--- a/dmg/dmglib.c
++++ b/dmg/dmglib.c
+@@ -108,7 +108,8 @@ int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut) {
+ 	ChecksumToken dataForkToken;
+ 	
+ 	UDIFResourceFile koly;
+-	
++	memset(&koly, 0, sizeof(koly));
++
+ 	off_t plistOffset;
+ 	uint32_t plistSize;
+ 	uint32_t dataForkChecksum;
+@@ -284,7 +285,8 @@ int convertToDMG(AbstractFile* abstractIn, AbstractFile* abstractOut) {
+ 	uint64_t numSectors;
+ 	
+ 	UDIFResourceFile koly;
+-	
++	memset(&koly, 0, sizeof(koly));
++
+ 	char partitionName[512];
+ 	
+ 	off_t fileLength;
+-- 
+1.8.1.2
+

More information about the tor-commits mailing list