[tor-commits] [tor-browser-bundle/master] Bug 16909: Adapt to HTTPS-Everyhwere build changes
gk at torproject.org
gk at torproject.org
Fri Sep 11 07:51:48 UTC 2015
commit f8a4557bb2a46f06e664e47a57a7065322dbbd35
Author: Georg Koppen <gk at torproject.org>
Date: Tue Sep 8 15:18:17 2015 +0000
Bug 16909: Adapt to HTTPS-Everyhwere build changes
There are two changes that got made recently:
1) The extension ID got renamed due to conflicts on the AMO dashboard
with the version hosted by Mozilla.
2) Translations moved to an own git submodule.
The first change is unproblematic. For the second one, however, we need
to bump the mininmum Ubuntu version for the host operating system to
14.04. We want to initialize and update the submodules right while we
are fetching the inputs and not during build time to be not dependent
on network access during the bundling step. This fails on Ubuntu 12.04
due to an old git version (1.7.9.5) that uses abolute paths to locate
submodules. As this path is not available on the build VM the build
breaks. This does not affect Debian Wheezy (which ships with
git 1.7.10.4) nor any later Debian version.
In order to make this change obvious for 12.04 users we include an
Ubuntu version check in check-prerequisites.sh.
Additionally, we cleaned the bundling descriptors up to implement a
proper solution for #10066 instead of working around that bug.
---
gitian/README.build | 2 +-
gitian/check-prerequisites.sh | 25 ++++++++++++++++---------
gitian/descriptors/linux/gitian-bundle.yml | 18 ++++++++++++------
gitian/descriptors/mac/gitian-bundle.yml | 18 ++++++++++++------
gitian/descriptors/windows/gitian-bundle.yml | 18 ++++++++++++------
gitian/fetch-inputs.sh | 9 ++++++++-
gitian/versions | 2 +-
gitian/versions.alpha | 2 +-
gitian/versions.beta | 2 +-
9 files changed, 64 insertions(+), 32 deletions(-)
diff --git a/gitian/README.build b/gitian/README.build
index 656dddd..f289791 100644
--- a/gitian/README.build
+++ b/gitian/README.build
@@ -1,6 +1,6 @@
QuickStart:
- On an Ubuntu 12.04+/Debian Wheezy+ machine or VM, run:
+ On an Ubuntu 14.04+/Debian Wheezy+ machine or VM, run:
$ make
diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh
index 32c9b7b..cc16d0e 100755
--- a/gitian/check-prerequisites.sh
+++ b/gitian/check-prerequisites.sh
@@ -6,7 +6,7 @@ if [ ! -f /etc/debian_version ];
then
echo "Gitian is dependent upon the Ubuntu Virtualization Tools."
echo
- echo "You need to run Ubuntu 12.04 LTS/Debian Wheezy or newer."
+ echo "You need to run Ubuntu 14.04 LTS/Debian Wheezy or newer."
exit 1
fi
@@ -14,15 +14,22 @@ DISTRO=`cat /etc/issue | grep -Eo 'Ubuntu|Debian*'`
if [ $DISTRO = "Ubuntu" ];
then
- dpkg -s ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null
-
- if [ $? -ne 0 ];
+ VERSION=`cat /etc/issue | grep -Eo '[0-9]{2}' | head -1`
+ if [ "$VERSION" -ge "14" ];
then
- echo "You are missing one or more Gitian build tool dependencies."
- echo
- echo "Please run:"
- echo " sudo apt-get install torsocks tor"
- echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion"
+ dpkg -s ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null
+
+ if [ $? -ne 0 ];
+ then
+ echo "You are missing one or more Gitian build tool dependencies."
+ echo
+ echo "Please run:"
+ echo " sudo apt-get install torsocks tor"
+ echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion"
+ exit 1
+ fi
+ else
+ echo "Your Ubuntu is too old. You need Ubuntu 14.04 LTS or newer to build Tor Browser with Gitian."
exit 1
fi
elif [ $DISTRO = "Debian" ];
diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml
index afb632e..a8f8d51 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -66,7 +66,7 @@ script: |
umask 0022
#
mkdir -p $OUTDIR/
- mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere at eff.org
+ mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff at eff.org
mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions
mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/Caches
mkdir -p tor-browser/Browser/TorBrowser/Docs/sources/
@@ -100,10 +100,16 @@ script: |
cd ../../../
#
cd https-everywhere
- # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
- # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
- rm -f .git/refs/heads/master
- ./makexpi.sh
+ # We are invoking the build script with a particular tag to avoid #10066. This
+ # does not work for nightlies as there is no "master" tag in that sense. But
+ # we don't need to care about that as we don't need reproducibility for
+ # nightly builds.
+ if [ $HTTPSE_TAG != "master" ];
+ then
+ ./makexpi.sh $HTTPSE_TAG
+ else
+ ./makexpi.sh
+ fi
# Since 5.0.2 a .xpi for AMO is built, too. We don't need it.
rm ./pkg/*-amo.xpi
cp pkg/*.xpi ../tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere at eff.org.xpi
@@ -112,7 +118,7 @@ script: |
cp *.xpi tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/
cd tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions
mv noscript at noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- cd https-everywhere at eff.org/
+ cd https-everywhere-eff at eff.org/
unzip ../https-everywhere at eff.org.xpi
rm ../https-everywhere at eff.org.xpi
cd ~/build
diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml
index da441a2..bd54f0d 100644
--- a/gitian/descriptors/mac/gitian-bundle.yml
+++ b/gitian/descriptors/mac/gitian-bundle.yml
@@ -74,7 +74,7 @@ script: |
MARTOOLS=~/build/mar-tools
#
mkdir -p $OUTDIR/
- mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere at eff.org
+ mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff at eff.org
mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions
mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/Caches
mkdir -p $TORBROWSER_NAME.app/TorBrowser/Docs/sources
@@ -102,10 +102,16 @@ script: |
cd ../../../
#
cd https-everywhere
- # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
- # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
- rm -f .git/refs/heads/master
- ./makexpi.sh
+ # We are invoking the build script with a particular tag to avoid #10066. This
+ # does not work for nightlies as there is no "master" tag in that sense. But
+ # we don't need to care about that as we don't need reproducibility for
+ # nightly builds.
+ if [ $HTTPSE_TAG != "master" ];
+ then
+ ./makexpi.sh $HTTPSE_TAG
+ else
+ ./makexpi.sh
+ fi
# Since 5.0.2 a .xpi for AMO is built, too. We don't need it.
rm ./pkg/*-amo.xpi
cp pkg/*.xpi ../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere at eff.org.xpi
@@ -114,7 +120,7 @@ script: |
cp *.xpi ./$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/
cd $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/
mv noscript at noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- cd https-everywhere at eff.org
+ cd https-everywhere-eff at eff.org
unzip ../https-everywhere at eff.org.xpi
rm ../https-everywhere at eff.org.xpi
cd ~/build/
diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml
index d4ae0fa..b821528 100644
--- a/gitian/descriptors/windows/gitian-bundle.yml
+++ b/gitian/descriptors/windows/gitian-bundle.yml
@@ -65,7 +65,7 @@ script: |
MARTOOLS=~/build/mar-tools
#
mkdir -p $OUTDIR/
- mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere at eff.org
+ mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff at eff.org
mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions
mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/Caches
mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Docs/sources
@@ -90,10 +90,16 @@ script: |
cd ../../../
#
cd https-everywhere
- # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
- # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
- rm -f .git/refs/heads/master
- ./makexpi.sh
+ # We are invoking the build script with a particular tag to avoid #10066. This
+ # does not work for nightlies as there is no "master" tag in that sense. But
+ # we don't need to care about that as we don't need reproducibility for
+ # nightly builds.
+ if [ $HTTPSE_TAG != "master" ];
+ then
+ ./makexpi.sh $HTTPSE_TAG
+ else
+ ./makexpi.sh
+ fi
# Since 5.0.2 a .xpi for AMO is built, too. We don't need it.
rm ./pkg/*-amo.xpi
cp ./pkg/*.xpi ../tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere at eff.org.xpi
@@ -102,7 +108,7 @@ script: |
cp *.xpi tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions
cd tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions
mv noscript at noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- cd https-everywhere at eff.org
+ cd https-everywhere-eff at eff.org
unzip ../https-everywhere at eff.org.xpi
rm ../https-everywhere at eff.org.xpi
cd ~/build/
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index 42efa33..22162b0 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -162,7 +162,7 @@ do
get "${!PACKAGE}" "${!URL}"
done
-# NoScript and HTTPS-Everywhere are magikal and special:
+# NoScript is magikal and special:
wget -U "" -N ${NOSCRIPT_URL}
# Verify packages with weak or no signatures via direct sha256 check
@@ -281,5 +281,12 @@ obfs4 https://git.torproject.org/pluggable-transports/obfs4.git
noto-fonts https://github.com/googlei18n/noto-fonts $NOTOFONTS_TAG
EOF
+# HTTPS-Everywhere is special, too. We need to initialize the git submodules and
+# update them here. Otherwise it would happen during the build.
+cd https-everywhere
+git submodule init
+git submodule update
+cd ..
+
exit 0
diff --git a/gitian/versions b/gitian/versions
index b833342..70801b2 100755
--- a/gitian/versions
+++ b/gitian/versions
@@ -16,7 +16,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-5.0-1-build2
TOR_TAG=tor-0.2.6.10
TORLAUNCHER_TAG=0.2.7.7
TORBUTTON_TAG=1.9.3.2
-HTTPSE_TAG=5.0.7
+HTTPSE_TAG=5.1.0
NSIS_TAG=v0.3
ZLIB_TAG=v1.2.8
LIBEVENT_TAG=release-2.0.21-stable
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index f37b98a..679da18 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -15,7 +15,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-5.5-2-build2
TOR_TAG=tor-0.2.7.2-alpha
TORLAUNCHER_TAG=0.2.7.7
TORBUTTON_TAG=1.9.3.3
-HTTPSE_TAG=5.0.7
+HTTPSE_TAG=5.1.0
NSIS_TAG=v0.3
ZLIB_TAG=v1.2.8
LIBEVENT_TAG=release-2.0.21-stable
diff --git a/gitian/versions.beta b/gitian/versions.beta
index c2143a0..8c4cfa9 100755
--- a/gitian/versions.beta
+++ b/gitian/versions.beta
@@ -15,7 +15,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-1-build4
TOR_TAG=tor-0.2.4.21
TORLAUNCHER_TAG=0.2.5.4
TORBUTTON_TAG=1.6.9.0
-HTTPSE_TAG=5.0.2
+HTTPSE_TAG=5.1.0
NSIS_TAG=v0.1
ZLIB_TAG=v1.2.8
LIBEVENT_TAG=release-2.0.21-stable
More information about the tor-commits
mailing list