JeremyRand
/
tor-browser-build


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322
							#!/bin/bash
[% c("var/set_default_env") -%]
[% IF ! c("var/linux-cross") %]
  [% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %]
[% END %]
mkdir -p /var/tmp/dist
distdir=/var/tmp/dist/[% project %]
mkdir -p /var/tmp/build
mkdir -p [% dest_dir _ '/' _ c('filename') %]

[% IF c("var/windows") %]
  # Setting up fxc2
  tar -C /var/tmp/dist -xf [% c('input_files_by_name/fxc2') %]
  export PATH="/var/tmp/dist/fxc2/bin:$PATH"
  # fxc2 requires Wine.
  export WINEARCH=[% IF c("var/windows-x86_64") %]win64[% ELSE %]win32[% END %]
  export HOME=/var/tmp/home
  mkdir -p $HOME
  WINEROOT=$HOME/.wine/drive_c
  wine wineboot -i
  # Setting up stack protector support
  tar -C /var/tmp/dist -xf [% c('input_files_by_name/mingw-w64') %]
  cp /var/tmp/dist/mingw-w64/gcclibs/{libssp.a,libssp_nonshared.a} /var/tmp/dist/mingw-w64-clang/[% c("arch") %]-w64-mingw32/lib/
[% END -%]

tar -C /var/tmp/dist -xf [% c('input_files_by_name/rust') %]
[% IF c("var/linux-cross") %]
  # rustup expects Wheezy openssl, so we provide it here
  export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/var/tmp/dist/rust/lib_host"
[% END %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/cbindgen') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/nasm') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/python') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/node') %]
export PATH="/var/tmp/dist/rust/bin:/var/tmp/dist/cbindgen:/var/tmp/dist/nasm/bin:/var/tmp/dist/python/bin:/var/tmp/dist/node/bin:$PATH"
tar -C /var/tmp/dist -xf [% c('input_files_by_name/clang') %]
export LLVM_CONFIG="/var/tmp/dist/clang/bin/llvm-config"

[% IF c("var/linux") || c("var/android") %]
  tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/binutils') %]
  export PATH="/var/tmp/dist/binutils/bin:$PATH"
  # Use clang for everything on Linux and Android now if we don't build with
  # ASan.
  [% IF ! c("var/asan") -%]
    export PATH="/var/tmp/dist/clang/bin:$PATH"
  [% END -%]
[% END -%]

tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz

[% IF c("var/osx") %]
  mkdir -p "$distdir/Tor Browser.app/Contents/MacOS"
[% ELSE %]
  mkdir -p $distdir/Browser
[% END %]

cd /var/tmp/build/[% project %]-[% c("version") %]
mv -f $rootdir/[% c('input_files_by_name/mozconfig') %] .mozconfig
[% IF c("var/asan") -%]
  mv -f .mozconfig-asan .mozconfig
  # Without disabling LSan our build is blowing up:
  # https://bugs.torproject.org/10599#comment:52
  export ASAN_OPTIONS="detect_leaks=0"
[% END -%]

[% IF c("var/android") %]
  export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64
  gradle_repo=/var/tmp/dist/gradle-dependencies
  export GRADLE_MAVEN_REPOSITORIES="file://$gradle_repo"
  export GRADLE_FLAGS="--no-daemon --offline"
  # Move Gradle Repo to hard-coded location. This location is embedded in the file
  # chrome/toolkit/content/global/buildconfig.html so needs to be standard for reproducibility
  mv $rootdir/[% c('input_files_by_name/gradle-dependencies') %] $gradle_repo
  cp -r $gradle_repo/m2/* $gradle_repo
  # Move Android library dependencies so they will be included in the apk during the build
  cp $rootdir/[% c('input_files_by_name/topl') %]/* mobile/android/app
  cp $rootdir/[% c('input_files_by_name/tor-android-service') %]/* mobile/android/app
  # Move emulator to location that firefox build expects
  mkdir /var/tmp/dist/android-toolchain/android-sdk-linux/emulator
  cp /var/tmp/dist/android-toolchain/android-sdk-linux/tools/emulator /var/tmp/dist/android-toolchain/android-sdk-linux/emulator

  # Prepare building the multi-locale .apk including our own strings
  mkdir -p /var/tmp/dist/locales
  tar -C /var/tmp/dist/locales -xf $rootdir/[% c('input_files_by_name/firefox-locale-bundle') %]
  tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/tba-translation') %]
[% END %]

eval $(perl $rootdir/get-moz-build-date [% c("var/copyright_year") %] [% c("var/torbrowser_version") %])
if [ -z $MOZ_BUILD_DATE ]
then
    echo "MOZ_BUILD_DATE is not set"
    exit 1
fi

[% IF c("var/windows") %]
  # Make sure widl is not inserting random timestamps, see #21837.
  export WIDL_TIME_OVERRIDE="0"
  patch -p1 < $rootdir/nsis-uninstall.patch
  # Make sure we link without inserting timestamps in general.
  export LDFLAGS="-Wl,--no-insert-timestamp"
[% END -%]

[% IF c("var/linux-arm") %]
  patch -p1 < $rootdir/linux-arm-neon.patch
  patch -p1 < $rootdir/linux-arm-wasm.patch
[% END %]

[% IF c("var/namecoin") %]
  patch -p1 < $rootdir/namecoin-etld.patch
[% END -%]

[% IF ! c("var/android") %]
  # Place a copy of the Tor Launcher sources under browser/extensions
  tar -C browser/extensions -xf $rootdir/[% c('input_files_by_name/tor-launcher') %]
[% END -%]

[% IF c("var/namecoin") %]
  pushd toolkit/torproject/torbutton
  patch -p1 < $rootdir/namecoin-torbutton.patch
  popd
[% END %]

[% IF c("var/nightly") -%]
  # Add nightly mar signing key (#33403)
  cp $rootdir/nightly-marsigner.der toolkit/mozapps/update/updater/nightly_aurora_level3_primary.der
  cp $rootdir/nightly-marsigner.der toolkit/mozapps/update/updater/nightly_aurora_level3_secondary.der
  # Set app.update.url for nightly (#33402)
  sed -i 's|pref("app\.update\.url",.*|pref("app.update.url", "https://nightlies.tbb.torproject.org/nightly-updates/updates/nightly-[% c("var/osname") %]/%CHANNEL%/%BUILD_TARGET%/%VERSION%/%LOCALE%");|' browser/app/profile/firefox.js
[% END -%]

rm -f configure
rm -f js/src/configure

# Android does not support --enable-bundled-fonts option
./mach configure --with-tor-browser-version=[% c("var/torbrowser_version") %] --with-distribution-id=org.torproject --enable-update-channel=[% c("var/channel") %] [% IF ! c("var/android") %]--enable-bundled-fonts[% END -%] --with-branding=[% c("var/branding_directory") %]

./mach build --verbose

[% IF c("var/android") %]
  # Building a multi-locale .apk
  [% FOREACH lang = c('var/locales');
     SET lang = tmpl(lang);
     # mk is unavailable on mobile.
     NEXT IF lang == 'mk'; %]
    # Copy our torbrowser_strings.dtd at the right place
    cp /var/tmp/dist/tba-translation/[% lang %]/torbrowser_strings.dtd /var/tmp/dist/locales/[% lang %]/mobile/android/base/
    ./mach build chrome-[% lang %];
  [% END %]
  # Include localization for all available locales.
  # mk is excluded above because Mozilla does not provide mk localization.
  # mk is included here because we may have localization for torbutton.
  export MOZ_CHROME_MULTILOCALE='[% tmpl(c('var/locales').join(' ')) %]'
  ./mach android assemble-app
  AB_CD=multi ./mach package
  # Copy the result over and return. There is nothing more to do for mobile.
  cp obj-*/dist/*unsigned-unaligned.apk [% dest_dir _ '/' _ c('filename') %]/tor-browser-unsigned-unaligned.apk
  [% RETURN %]
[% END %]

./mach build stage-package

[% IF c("var/osx") %]
  cp -a obj-macos/dist/firefox/* $distdir
  # Remove firefox-bin (we don't use it, see ticket #10126)
  rm -f "$distdir/Tor Browser.app/Contents/MacOS/firefox-bin"

  # Adjust the Info.plist file
  INFO_PLIST="$distdir/Tor Browser.app/Contents/Info.plist"
  mv "$INFO_PLIST" tmp.plist
  python $rootdir/fix-info-plist.py '[% c("var/torbrowser_version") %]' '[% c("var/copyright_year") %]' < tmp.plist > "$INFO_PLIST"
  rm -f tmp.plist
[% END %]

[% IF c("var/linux") %]
  [% IF c("var/linux-x86_64") %]
    cp obj-*/testing/geckodriver/x86_64-unknown-linux-gnu/release/geckodriver $distdir
  [% END %]
  cp -a obj-*/dist/firefox/* $distdir/Browser/
  # Remove firefox-bin (we don't use it, see ticket #10126)
  rm -f $distdir/Browser/firefox-bin
  # TODO: There goes FIPS-140.. We could upload these somewhere unique and
  # subsequent builds could test to see if they've been uploaded before...
  # But let's find out if it actually matters first..
  rm -f $distdir/Browser/*.chk
  # Replace firefox by a wrapper script (#25485)
  mv $distdir/Browser/firefox $distdir/Browser/firefox.real
  mv $rootdir/start-firefox $distdir/Browser/firefox
  chmod 755 $distdir/Browser/firefox
[% END %]

[% IF c("var/windows") %]
  cp -a obj-*/dist/firefox/* $distdir/Browser/
  cp -a /var/tmp/dist/fxc2/bin/d3dcompiler_47.dll $distdir/Browser
[% END %]
[% IF c("var/linux-cross") -%]
  #cp -a /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/libssp.so* $distdir/Browser
[% END %]

# Make MAR-based update tools available for use during the bundle phase.
# Note that mar and mbsdiff are standalone tools, compiled for the build
# host's architecture.  We also include signmar, certutil, and the libraries
# they require; these utilities and libraries are built for the target
# architecture.
MARTOOLS=$distdir/mar-tools
mkdir -p $MARTOOLS
cp -p config/createprecomplete.py $MARTOOLS/
cp -p tools/update-packaging/*.sh $MARTOOLS/
cp -p obj-*/dist/host/bin/mar $MARTOOLS/
cp -p obj-*/dist/host/bin/mbsdiff $MARTOOLS/
[% IF c("var/linux") || c("var/osx") %]
  cp -p obj-*/dist/bin/signmar $MARTOOLS/
  cp -p obj-*/dist/bin/certutil $MARTOOLS/
  cp -p obj-*/dist/bin/modutil $MARTOOLS/
  cp -p obj-*/dist/bin/pk12util $MARTOOLS/
  cp -p obj-*/dist/bin/shlibsign $MARTOOLS/
  [% IF c("var/linux") %]
    NSS_LIBS="libfreeblpriv3.so libmozsqlite3.so libnss3.so libnssckbi.so libnssdbm3.so libnssutil3.so libsmime3.so libsoftokn3.so libssl3.so"
    NSPR_LIBS="libnspr4.so libplc4.so libplds4.so"
  [% ELSE %]
    NSS_LIBS="libfreebl3.dylib libmozglue.dylib libnss3.dylib libnssckbi.dylib libnssdbm3.dylib libsoftokn3.dylib"
    # No NSPR_LIBS for macOS
    NSPR_LIBS=""
  [% END %]
  for LIB in $NSS_LIBS $NSPR_LIBS; do
    cp -p obj-*/dist/bin/$LIB $MARTOOLS/
  done
[% END %]
[% IF c("var/windows") %]
  cp -p obj-*/dist/bin/signmar.exe $MARTOOLS/
  cp -p obj-*/dist/bin/certutil.exe $MARTOOLS/
  cp -p obj-*/dist/bin/modutil.exe $MARTOOLS/
  cp -p obj-*/dist/bin/pk12util.exe $MARTOOLS/
  cp -p obj-*/dist/bin/shlibsign.exe $MARTOOLS/
  NSS_LIBS="freebl3.dll mozglue.dll nss3.dll nssckbi.dll nssdbm3.dll softokn3.dll"
  for LIB in $NSS_LIBS; do
      cp -p obj-*/dist/bin/$LIB $MARTOOLS/
  done
[% END %]

cd $distdir

[% IF c("var/linux-x86_64") %]
  # No need for an unstripped geckodriver
  strip geckodriver
  mkdir -p $distdir/Debug/Browser/gtk2

  [% IF c("var/linux-cross") %]
    TARGET_OBJCOPY=[% c("var/crosstarget") %]-objcopy
    TARGET_STRIP=[% c("var/crosstarget") %]-strip
  [% ELSE %]
    TARGET_OBJCOPY=objcopy
    TARGET_STRIP=strip
  [% END %]

  # Strip and generate debuginfo for the firefox binary that we keep, all *.so
  # files, the plugin-container, and the updater (see ticket #10126)
  for LIB in Browser/*.so Browser/gtk2/*.so Browser/firefox.real Browser/plugin-container Browser/updater
  do
      $TARGET_OBJCOPY --only-keep-debug $LIB Debug/$LIB
      $TARGET_STRIP $LIB
      $TARGET_OBJCOPY --add-gnu-debuglink=./Debug/$LIB $LIB
  done
[% END %]

# Re-zipping the omni.ja files is not needed to make them reproductible,
# however if we don't re-zip them, the files become corrupt when we
# update them using 'zip' and firefox will silently fail to load some
# parts.
[% IF c("var/windows") || c("var/linux") %]
  [% c("var/rezip", { rezip_file => 'Browser/omni.ja' }) %]
  [% c("var/rezip", { rezip_file => 'Browser/browser/omni.ja' }) %]
[% ELSIF c("var/osx") %]
  [% c("var/rezip", { rezip_file => '"Tor Browser.app/Contents/Resources/omni.ja"' }) %]
  [% c("var/rezip", { rezip_file => '"Tor Browser.app/Contents/Resources/browser/omni.ja"' }) %]
[% END %]

[%
IF c("var/osx");
  SET browserdir='"Tor Browser.app/Contents"';
ELSE;
  SET browserdir='Browser';
END;
%]

[% IF c("var/linux") %]
  [% IF c("var/linux-cross") %]
    clang++ --target=[% c("var/crosstarget") %] $rootdir/abicheck.cc -o Browser/abicheck
  [% ELSE %]
    /var/tmp/dist/gcc/bin/g++ $rootdir/abicheck.cc -o Browser/abicheck
  [% END %]
[% END %]

[% c('tar', {
        tar_src => [ browserdir ],
        tar_args => '-czf ' _ dest_dir _ '/' _ c('filename') _ '/tor-browser.tar.gz',
    }) %]

[% IF c("var/linux-x86_64") %]
[% c('tar', {
        tar_src => [ 'Debug' ],
        tar_args => '-cJf ' _ dest_dir _ '/' _ c('filename') _ '/tor-browser-debug.tar.xz',
    }) %]
[% c('tar', {
        tar_src => [ 'geckodriver' ],
        tar_args => '-cJf ' _ dest_dir _ '/' _ c('filename') _ '/geckodriver-linux64.tar.xz',
    }) %]
[% END %]

[% c('zip', {
        zip_src => [ 'mar-tools' ],
        zip_args => dest_dir _ '/' _ c('filename') _ '/' _ c('var/martools_filename'),
    }) %]

[% IF c("var/build_infos_json") -%]
  cat > "[% dest_dir _ '/' _ c('filename') _ '/build-infos.json' %]" << EOF_BUILDINFOS
  {
      "firefox_platform_version" : "[% c("var/firefox_platform_version") %]",
      "firefox_buildid" : "$MOZ_BUILD_DATE"
  }
EOF_BUILDINFOS
[% END -%]