[tor-commits] [Git][tpo/applications/tor-browser-build][main] Bug 40744: Ensure reproducibility with HFS DMG
Pier Angelo Vendrame (@pierov)
git at gitlab.torproject.org
Wed Jan 18 08:26:50 UTC 2023
Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
d4aa558e by Pier Angelo Vendrame at 2023-01-18T09:26:22+01:00
Bug 40744: Ensure reproducibility with HFS DMG
- - - - -
8 changed files:
- projects/browser/ddmg.sh
- projects/hfsplus-tools/build
- projects/hfsplus-tools/config
- projects/hfsplus-tools/only-newfs_include.diff → projects/hfsplus-tools/newfs_hfs.diff
- projects/libdmg-hfsplus/build
- projects/libdmg-hfsplus/config
- + projects/libdmg-hfsplus/libdmg.patch
- tools/signing/ddmg.sh
Changes:
=====================================
projects/browser/ddmg.sh
=====================================
@@ -1,3 +1,6 @@
+#!/bin/bash
+set -e
+
[% SET src = c('dmg_src', { error_if_undef => 1 }) -%]
find [% src %] -executable -exec chmod 0755 {} \;
find [% src %] ! -executable -exec chmod 0644 {} \;
@@ -18,7 +21,14 @@ newfs_hfs -v "[% c("var/Project_Name") %]" "\$hfsfile"
pushd [% src %]
-hfsplus "\$hfsfile" addall .
+find -type d -mindepth 1 | sed -e 's/^\.\///' | sort | while read dirname; do
+ hfsplus "\$hfsfile" mkdir "/\$dirname"
+ hfsplus "\$hfsfile" chmod 0755 "/\$dirname"
+done
+find -type f | sed -e 's/^\.\///' | sort | while read filename; do
+ hfsplus "\$hfsfile" add "\$filename" "/\$filename"
+ hfsplus "\$hfsfile" chmod \$(stat --format '0%a' "\$filename") "/\$filename"
+done
# hfsplus does not play well with dangling links
hfsplus "\$hfsfile" symlink /Applications /Applications
# Show the volume icon
=====================================
projects/hfsplus-tools/build
=====================================
@@ -8,7 +8,7 @@ export PATH="/var/tmp/dist/clang/bin:$PATH"
tar -xf diskdev_cmds-[% c("version") %].tar.gz
cd diskdev_cmds-[% c("version") %]
-patch -p1 < $rootdir/only-newfs_include.diff
+patch -p1 < $rootdir/newfs_hfs.diff
make -j[% c("num_procs") %]
=====================================
projects/hfsplus-tools/config
=====================================
@@ -16,6 +16,7 @@ input_files:
# The project uses a flag that is not supported by GCC
- name: clang
project: clang
- # Build only newfs (we do not care of fsck), and remove a header that does not
- # exist on Linux (at that path) and is not required on Linux either.
- - filename: only-newfs_include.diff
+ # Build only newfs (we do not care of fsck), remove a header that does not
+ # exist on Linux (at that path) and is not required on Linux either, and make
+ # the UUID deterministic.
+ - filename: newfs_hfs.diff
=====================================
projects/hfsplus-tools/only-newfs_include.diff → projects/hfsplus-tools/newfs_hfs.diff
=====================================
@@ -1,18 +1,18 @@
diff '--color=auto' -Naur diskdev_cmds-540.1.linux3_orig/Makefile diskdev_cmds-540.1.linux3/Makefile
---- diskdev_cmds-540.1.linux3_orig/Makefile 2023-01-13 10:01:32.474525600 +0100
-+++ diskdev_cmds-540.1.linux3/Makefile 2023-01-13 10:01:50.346876760 +0100
+--- diskdev_cmds-540.1.linux3_orig/Makefile 2023-01-17 11:36:56.341279443 +0100
++++ diskdev_cmds-540.1.linux3/Makefile 2023-01-17 11:44:12.496479981 +0100
@@ -3,7 +3,7 @@
CC := clang
CFLAGS := -g3 -Wall -fblocks -I$(PWD)/BlocksRunTime -I$(PWD)/include -DDEBUG_BUILD=0 -D_FILE_OFFSET_BITS=64 -D LINUX=1 -D BSD=1 -D VERSION=\"$(VERSION)\"
LDFLAGS := -Wl,--build-id -L$(PWD)/BlocksRunTime
-SUBDIRS := BlocksRunTime newfs_hfs.tproj fsck_hfs.tproj
+SUBDIRS := newfs_hfs.tproj
-
+
all clean:
for d in $(SUBDIRS); do $(MAKE) -C $$d -f Makefile.lnx $@; done
diff '--color=auto' -Naur diskdev_cmds-540.1.linux3_orig/newfs_hfs.tproj/makehfs.c diskdev_cmds-540.1.linux3/newfs_hfs.tproj/makehfs.c
---- diskdev_cmds-540.1.linux3_orig/newfs_hfs.tproj/makehfs.c 2023-01-13 10:01:32.474525600 +0100
-+++ diskdev_cmds-540.1.linux3/newfs_hfs.tproj/makehfs.c 2023-01-13 10:02:07.899221800 +0100
+--- diskdev_cmds-540.1.linux3_orig/newfs_hfs.tproj/makehfs.c 2023-01-17 11:36:56.341279443 +0100
++++ diskdev_cmds-540.1.linux3/newfs_hfs.tproj/makehfs.c 2023-01-17 11:58:15.972059719 +0100
@@ -38,8 +38,8 @@
#endif
#include <sys/errno.h>
@@ -22,4 +22,17 @@ diff '--color=auto' -Naur diskdev_cmds-540.1.linux3_orig/newfs_hfs.tproj/makehfs
+#include <sys/sysctl.h>
#include <sys/vmmeter.h>
#endif
-
+
+@@ -571,8 +571,10 @@
+ /* Adjust free blocks to reflect everything we have allocated. */
+ hp->freeBlocks -= blocksUsed;
+
+- /* Generate and write UUID for the HFS+ disk */
+- GenerateVolumeUUID(&newVolumeUUID);
++ /* Use a deterministic UUID for reproducibility */
++ memset(&newVolumeUUID, 0, sizeof(newVolumeUUID));
++ strncpy(&newVolumeUUID, defaults->volumeName, sizeof(newVolumeUUID));
++
+ finderInfoUUIDPtr = (VolumeUUID *)(&hp->finderInfo[24]);
+ finderInfoUUIDPtr->v.high = OSSwapHostToBigInt32(newVolumeUUID.v.high);
+ finderInfoUUIDPtr->v.low = OSSwapHostToBigInt32(newVolumeUUID.v.low);
=====================================
projects/libdmg-hfsplus/build
=====================================
@@ -9,6 +9,7 @@ export PATH="/var/tmp/dist/ninja:/var/tmp/dist/cmake/bin:$PATH"
mkdir /var/tmp/build
tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
cd /var/tmp/build/[% project %]-[% c('version') %]
+patch -p1 < "$rootdir/libdmg.patch"
cmake . -GNinja -DCMAKE_BUILD_TYPE=Release
ninja -j[% c("num_procs") %] -v
=====================================
projects/libdmg-hfsplus/config
=====================================
@@ -16,3 +16,4 @@ input_files:
project: cmake
- name: ninja
project: ninja
+ - filename: libdmg.patch
=====================================
projects/libdmg-hfsplus/libdmg.patch
=====================================
@@ -0,0 +1,39 @@
+From d1a5eca891f32103ccda80ee75e158dfc7ece70d Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at torproject.org>
+Date: Thu, 6 Mar 2014 19:47:05 -0800
+Subject: [PATCH] Memset a UDIF header to ensure archive reproducibility.
+
+Some of the struct padding and fields contained unitialized memory, which
+caused two successive invocations to produce archives that differed in some
+bytes.
+---
+ dmg/dmglib.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/dmg/dmglib.c b/dmg/dmglib.c
+index f481b1f..b74e50b 100644
+--- a/dmg/dmglib.c
++++ b/dmg/dmglib.c
+@@ -108,7 +108,8 @@ int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut) {
+ ChecksumToken dataForkToken;
+
+ UDIFResourceFile koly;
+-
++ memset(&koly, 0, sizeof(koly));
++
+ off_t plistOffset;
+ uint32_t plistSize;
+ uint32_t dataForkChecksum;
+@@ -284,7 +285,8 @@ int convertToDMG(AbstractFile* abstractIn, AbstractFile* abstractOut) {
+ uint64_t numSectors;
+
+ UDIFResourceFile koly;
+-
++ memset(&koly, 0, sizeof(koly));
++
+ char partitionName[512];
+
+ off_t fileLength;
+--
+1.8.1.2
+
=====================================
tools/signing/ddmg.sh
=====================================
@@ -42,7 +42,14 @@ cd $src_dir
# add it back again with the special command to do so.
rm -f Applications
-hfsplus "$hfsfile" addall .
+find -type d -mindepth 1 | sed -e 's/^\.\///' | sort | while read dirname; do
+ hfsplus "$hfsfile" mkdir "/$dirname"
+ hfsplus "$hfsfile" chmod 0755 "/$dirname"
+done
+find -type f | sed -e 's/^\.\///' | sort | while read filename; do
+ hfsplus "$hfsfile" add "$filename" "/$filename"
+ hfsplus "$hfsfile" chmod $(stat --format '0%a' "$filename") "/$filename"
+done
hfsplus "$hfsfile" symlink /Applications /Applications
# Show the volume icon
hfsplus "$hfsfile" attr / C
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d4aa558e21cc4014923887a316cf4771ea0d11bb
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/d4aa558e21cc4014923887a316cf4771ea0d11bb
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20230118/eab53b0d/attachment-0001.htm>
More information about the tor-commits
mailing list