[tor-commits] [tor-browser-build/master] Revert "Bug 31130: Use Debian 10 for our Android container images"
boklm at torproject.org
boklm at torproject.org
Mon Dec 16 13:49:42 UTC 2019
commit 2d7921cd17c52fe2a16d0a3dc19235d0d48fa575
Author: Nicolas Vigier <boklm at torproject.org>
Date: Mon Dec 16 14:47:58 2019 +0100
Revert "Bug 31130: Use Debian 10 for our Android container images"
This reverts commit 26be3f16054b7d9b1c4c6cf0332d90f92511fc3e.
This commit causes the android builds to fail. See #32761.
---
projects/debootstrap-image/config | 17 ++++++++---------
projects/firefox/build | 1 -
projects/firefox/config | 5 +++++
projects/https-everywhere/config | 1 -
projects/tor-android-service/config | 6 ++++++
projects/tor-browser/build.android | 2 +-
projects/tor-browser/config | 1 +
projects/tor-onion-proxy-library/config | 6 ++++++
rbm.conf | 13 ++-----------
9 files changed, 29 insertions(+), 23 deletions(-)
diff --git a/projects/debootstrap-image/config b/projects/debootstrap-image/config
index f7b9e57..a50cbf1 100644
--- a/projects/debootstrap-image/config
+++ b/projects/debootstrap-image/config
@@ -4,7 +4,7 @@ version: 2
pkg_type: build
var:
- ubuntu_version: 19.10
+ ubuntu_version: 18.04.1
container:
use_container: 1
@@ -15,6 +15,8 @@ pre: |
#!/bin/sh
set -e
export DEBIAN_FRONTEND=noninteractive
+ # Bug 29158: install fixed packages for apt vulnerability (CVE-2019-3462)
+ dpkg -i ./apt_1.6.6ubuntu0.1_amd64.deb ./libapt-pkg5.0_1.6.6ubuntu0.1_amd64.deb
apt-get update -y -q
apt-get install -y -q debian-archive-keyring ubuntu-keyring debootstrap
debootstrap --arch=[% c("var/container/arch") %] [% c("var/container/debootstrap_opt") %] [% c("var/container/suite") %] base-image [% c("var/container/debootstrap_mirror") %]
@@ -63,17 +65,14 @@ targets:
suite: stretch
arch: amd64
- buster-amd64:
- var:
- minimal_apt_version: 1.8.2
- container:
- suite: buster
- arch: amd64
-
input_files:
- URL: 'http://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
- sha256sum: eedcb1dc0ccc86b59eb1f89960c322a2ba3ed3e0323a20a1da8bcc0e6f100f4f
+ sha256sum: ed76e649f65548a80b361b68011085ec4dde7bb762d667657acbef87765e1a12
+ - URL: http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_1.6.6ubuntu0.1_amd64.deb
+ sha256sum: df210f9e30cf9deba5fbe815203af854e5e77bdbbe0b96d0d1c0da46a6a8dd0a
+ - URL: http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg5.0_1.6.6ubuntu0.1_amd64.deb
+ sha256sum: 0a05a97b1e9b8d52ee8df040a14c5fabdebbb2c2235ac495db29df34f4c8cec3
- URL: '[% c("var/apt_packages_baseurl") %]/[% c("var/apt_package_filename") %]'
sha256sum: '[% c("var/apt_package_sha256sum") %]'
enable: '[% c("var/apt_package_filename") %]'
diff --git a/projects/firefox/build b/projects/firefox/build
index 067453d..5179634 100644
--- a/projects/firefox/build
+++ b/projects/firefox/build
@@ -57,7 +57,6 @@ mv -f $rootdir/[% c('input_files_by_name/mozconfig') %] .mozconfig
[% END -%]
[% IF c("var/android") %]
- export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64
gradle_repo=/var/tmp/dist/gradle-dependencies
export GRADLE_MAVEN_REPOSITORIES="file://$gradle_repo"
export GRADLE_FLAGS="--no-daemon --offline"
diff --git a/projects/firefox/config b/projects/firefox/config
index 2c7c037..c6f840b 100644
--- a/projects/firefox/config
+++ b/projects/firefox/config
@@ -54,6 +54,11 @@ targets:
var:
branding_directory: '[% IF c("var/android") %]mobile/android[% ELSE %]browser[% END %]/branding/nightly'
+ android:
+ var:
+ arch_deps:
+ - openjdk-8-jdk
+
linux:
var:
post_pkginst: |
diff --git a/projects/https-everywhere/config b/projects/https-everywhere/config
index c66d7fe..1bc6f98 100644
--- a/projects/https-everywhere/config
+++ b/projects/https-everywhere/config
@@ -27,7 +27,6 @@ var:
- rsync
- zip
- unzip
- pre_pkginst: ''
input_files:
- project: container-image
diff --git a/projects/tor-android-service/config b/projects/tor-android-service/config
index 4a07c87..9d7bc84 100644
--- a/projects/tor-android-service/config
+++ b/projects/tor-android-service/config
@@ -13,6 +13,12 @@ var:
# this should be updated when the list of gradle dependencies is changed
gradle_dependencies_version: 3
+targets:
+ android:
+ var:
+ arch_deps:
+ - openjdk-8-jdk
+
input_files:
- project: container-image
- name: '[% c("var/compiler") %]'
diff --git a/projects/tor-browser/build.android b/projects/tor-browser/build.android
index 751db11..f8f3a8d 100644
--- a/projects/tor-browser/build.android
+++ b/projects/tor-browser/build.android
@@ -55,4 +55,4 @@ cd tmp
}) %]
# Sign a QA build. This apk is not a debug version and doesn't contain a debug flag in the manifest
-java -jar /usr/lib/android-sdk/build-tools/debian/apksigner.jar sign --verbose --min-sdk-version [% c("var/android_min_api") %] --ks $rootdir/android-qa.keystore --out $qa_apk --in $apk --ks-key-alias androidqakey --key-pass pass:android --ks-pass pass:android
+java -jar /usr/share/apksigner/apksigner.jar sign --verbose --min-sdk-version [% c("var/android_min_api") %] --ks $rootdir/android-qa.keystore --out $qa_apk --in $apk --ks-key-alias androidqakey --key-pass pass:android --ks-pass pass:android
diff --git a/projects/tor-browser/config b/projects/tor-browser/config
index 4a26049..819ebad 100644
--- a/projects/tor-browser/config
+++ b/projects/tor-browser/config
@@ -45,6 +45,7 @@ targets:
build: '[% INCLUDE build.android %]'
var:
arch_deps:
+ - openjdk-8-jdk
- apksigner
input_files:
diff --git a/projects/tor-onion-proxy-library/config b/projects/tor-onion-proxy-library/config
index 0849623..ff3432c 100644
--- a/projects/tor-onion-proxy-library/config
+++ b/projects/tor-onion-proxy-library/config
@@ -15,6 +15,12 @@ var:
# this should be updated when the list of gradle dependencies is changed
gradle_dependencies_version: 3
+targets:
+ android:
+ var:
+ arch_deps:
+ - openjdk-8-jdk
+
input_files:
- project: container-image
- name: '[% c("var/compiler") %]'
diff --git a/rbm.conf b/rbm.conf
index f94cf4a..0fe7acb 100644
--- a/rbm.conf
+++ b/rbm.conf
@@ -236,7 +236,7 @@ targets:
CC: '$ANDROID_NDK_HOME/[% c("var/toolchain_arch") %]/bin/clang'
CXX: '$ANDROID_NDK_HOME/[% c("var/toolchain_arch") %]/bin/clang++'
container:
- suite: buster
+ suite: stretch
arch: amd64
deps:
- build-essential
@@ -245,16 +245,7 @@ targets:
- libtool
- zip
- unzip
- pre_pkginst: |
- SNAPSHOT_VERSION=20191201T212855Z
- OPENJDK_URL=https://snapshot.debian.org/archive/debian/$SNAPSHOT_VERSION/pool/main/o/openjdk-8
- JDK_VERSION=8u232-b09-1~deb9u1_amd64
- apt-get install -y -q wget ca-certificates-java
- wget $OPENJDK_URL/openjdk-8-jdk-headless_$JDK_VERSION.deb
- wget $OPENJDK_URL/openjdk-8-jre-headless_$JDK_VERSION.deb
- echo 92b4f8fb77d793a86e0b03b3b0750592b40a26a5d75956d10dd984a7b3aad4c9 openjdk-8-jdk-headless_$JDK_VERSION.deb | sha256sum -c
- echo 84bf52b6cce20ead08b0d5b9fd9b81b4aa3da385ca951b313fe11d5cb1aa4d17 openjdk-8-jre-headless_$JDK_VERSION.deb | sha256sum -c
- dpkg -i ./openjdk-8-jre-headless_$JDK_VERSION.deb ./openjdk-8-jdk-headless_$JDK_VERSION.deb
+
torbrowser-linux-x86_64:
- linux-x86_64
- linux
More information about the tor-commits
mailing list