JeremyRand
/
tor-browser-build


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409
							# vim: filetype=yaml sw=2
debug: '[% GET ! ENV.RBM_NO_DEBUG %]'
compress_tar: gz
output_dir: "out/[% project %]"
tmp_dir: '[% c("basedir") %]/tmp'
build_log: '[% GET ENV.RBM_LOGS_DIR ? ENV.RBM_LOGS_DIR : "logs" %]/[% project %][% IF c("var/osname") %]-[% c("var/osname") %][% END %].log'

pkg_type: build

# buildconf contains build options that the user can change in rbm.local.conf
# When adding a new option to buildconf, a default value should be defined
# in var/build_id, so that changing this option does not affect the build_id.
buildconf:
  num_procs: '[% GET ENV.RBM_NUM_PROCS ? ENV.RBM_NUM_PROCS : "4" %]'
  git_signtag_opt: '-s'

var:
  torbrowser_version: '8.0a7'
  torbrowser_build: 'build1'
  torbrowser_incremental_from:
    - 8.0a6
  project_name: tor-browser
  multi_lingual: 0
  build_mar: 1
  # By default, we sort the list of installed packages. This allows sharing
  # containers with identical list of packages, even if they are not listed
  # in the same order. In the cases where the installation order is
  # important, sort_deps should be set to 0.
  sort_deps: 1
  build_id: '[% sha256(c("var/build_id_txt", { buildconf => { num_procs => 4 } })).substr(0, 6) %]'
  build_id_txt: |
    [% c("version") %]
    [% IF c("git_hash") || c("hg_hash"); GET c("abbrev"); END; %]
    [% IF c("var/container/use_container") -%]
    [% c("var/container/suite") %]
    [% c("var/container/arch") %]
    [% END -%]
    input_files: [% c("input_files_id") %]
    build:
    [% c("build", { filename => 'f', output_dir => '/out' }) %]
  container:
    dir: '[% c("rbm_tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]'
    user: rbm
  input_files_list: |
    [% FOREACH file IN c("input_files_by_name").keys.sort -%]
    [% c("input_files_by_name/" _ file) %]
    [% END -%]

  faketime: "faketime -f \"[% USE date; GET date.format(c('timestamp'), format = '%Y-%m-%d %H:%M:%S') %]\""
  touch: "[% USE date %]touch -m -t [% date.format(c('timestamp'), format = '%Y%m%d%H%M') %]"

  locale_ja: ja
  locales:
    - ar
    - de
    - es-ES
    - fa
    - fr
    - it
    - '[% c("var/locale_ja") %]'
    - ko
    - nl
    - pl
    - pt-BR
    - ru
    - tr
    - vi
    - zh-CN

  sign_build: '[% ENV.RBM_SIGN_BUILD %]'
  sign_build_gpg_opts: '[% ENV.RBM_GPG_OPTS %]'

  rezip: |
    rezip_tmpdir=$(mktemp -d)
    mkdir -p "$rezip_tmpdir/z"
    unzip -d "$rezip_tmpdir/z" -- [% c("rezip_file") %] || [ $? -lt 3 ]
    pushd "$rezip_tmpdir/z"
    [% c("zip", {
      zip_src => [ '.' ],
      zip_args => '$rezip_tmpdir/new.zip',
    }) %]
    popd
    mv -f -- "$rezip_tmpdir/new.zip" [% c("rezip_file") %]
    rm -Rf "$rezip_tmpdir"

  set_default_env: |
    set -e
    [% FOREACH env = c('ENV') -%]
    export [% env.key %]="[% env.value %]"
    [% END -%]
    rootdir=$(pwd)
    export SHELL=/bin/bash
    export HOME=$rootdir
    umask 0022

  DOCSDIR_project: '[% project %]'
  set_PTDIR_DOCSDIR: |
    PTDIR="$distdir/TorBrowser/Tor/PluggableTransports"
    DOCSDIR="$distdir/TorBrowser/Docs/[% c("var/DOCSDIR_project") %]"

targets:
  notarget: linux-x86_64
  noint:
    debug: 0

  release:
    var:
      release: 1
      channel: release
  alpha:
    var:
      alpha: 1
      channel: alpha
  nightly:
    fetch: 1
    var:
      nightly: 1
      channel: nightly
      torbrowser_version: tbb-nightly

  torbrowser-testbuild:
    - testbuild
    - alpha
  testbuild:
    var:
      # To make build faster, don't build any locale
      locales: []
      # Don't create mar files to save time
      build_mar: 0

  torbrowser-linux-x86_64:
    - linux-x86_64
    - linux
  torbrowser-linux-x86_64-debug:
    - linux-debug
    - linux-x86_64
    - linux
  torbrowser-linux-i686:
    - linux-i686
    - linux
  torbrowser-linux-arm:
    - linux-arm
    - linux
  linux-x86_64:
    arch: x86_64
    var:
      linux-x86_64: 1
      osname: linux-x86_64
      container:
        arch: amd64
  linux-i686:
    arch: i686
    var:
      linux-i686: 1
      osname: linux-i686
      container:
        arch: i386
      setarch: |
        if test -z "$RBM_SETARCH"
        then
           export RBM_SETARCH=1
           exec setarch i686 ./build
        fi
  linux-arm:
    arch: arm
    var:
      linux-arm: 1
      osname: linux-arm
      crosstarget: arm-linux-gnueabihf
      container:
        arch: amd64
  linux:
    var:
      linux: 1
      compiler: gcc
      # We only build snowflake for linux and osx on the alpha and nightly
      # channels for now.
      snowflake: '[% c("var/alpha") || c("var/nightly") %]'
      fteproxy: 1
      container:
        suite: wheezy
      deps:
        - build-essential
        - python
        - bison
        - hardening-wrapper
        - automake
        - libtool
        - zip
        - unzip
  linux-debug:
    var:
      asan: 1

  torbrowser-windows-i686:
    - windows-i686
    - windows
  torbrowser-windows-x86_64:
    - windows-x86_64
    - windows
  windows-x86_64:
    arch: x86_64
    var:
      windows-x86_64: 1
      osname: windows-x86_64
      container:
        arch: amd64
      faketime_path: /usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
  windows-i686:
    arch: i686
    var:
      windows-i686: 1
      osname: windows-i686
      container:
        arch: i386
      faketime_path: /usr/lib/i386-linux-gnu/faketime/libfaketime.so.1
      setarch: |
        if test -z "$RBM_SETARCH"
        then
           export RBM_SETARCH=1
           exec setarch i686 ./build
        fi
      fteproxy: 1
  windows:
    var:
      windows: 1
      container:
        suite: jessie
      configure_opt: '--host=[% c("arch") %]-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]"'
      CFLAGS: '[% c("var/flag_mwindows") %] -fstack-protector-strong -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security'
      LDFLAGS: '[% c("var/flag_mwindows") %] -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$gcclibs'
      flag_mwindows: '-mwindows'
      compiler: mingw-w64
      deps:
        - build-essential
        - python
        - bison
        - automake
        - libtool
        - zip
        - unzip

  torbrowser-osx-x86_64:
    - osx-x86_64
  osx-x86_64:
    arch: x86_64
    var:
      osx: 1
      osname: osx-x86_64
      container:
        suite: jessie
        arch: amd64
      compiler: 'macosx-toolchain'
      configure_opt: '--host=x86_64-apple-darwin10 CC="x86_64-apple-darwin10-clang [% c("var/FLAGS") %]" CXX="x86_64-apple-darwin10-clang++ [% c("var/FLAGS") %]"'
      FLAGS: "-target x86_64-apple-darwin10 -mlinker-version=136 -B $cctoolsdir -isysroot $sysrootdir"
      LDFLAGS: "-Wl,-syslibroot,$sysrootdir -Wl,-dead_strip -Wl,-pie"
      locale_ja: ja-JP-mac
      # We only build snowflake for linux and osx on the alpha and nightly
      # channels for now.
      snowflake: '[% c("var/alpha") || c("var/nightly") %]'
      deps:
        - build-essential
        - python
        - bison
        - automake
        - libtool
        - zip
        - unzip
      faketime_path: /usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
      set_PTDIR_DOCSDIR: |
        PTDIR="$distdir/Contents/MacOS/Tor/PluggableTransports"
        DOCSDIR="$distdir/Contents/Resources/TorBrowser/Docs/[% c("var/DOCSDIR_project") %]"

  # The no_build_id target can be useful if you want to quickly display
  # a build template or other option but don't want to spend time to
  # compute the various build ids
  no_build_id:
    # The defaut timestamp value will use the commit time of the
    # selected commit for the project, which will require cloning the
    # git repository if it is not present. When we use the no_build_id
    # target to display a script, we usually don't care about such
    # details, so we set timestamp to 0 to avoid unnecessary cloning.
    timestamp: 0
    var:
      build_id: 1


# change the default gpg_wrapper to allow git tag signed using an
# expired key.
# https://bugs.torproject.org/19737
gpg_wrapper: |
  #!/bin/bash
  export LC_ALL=C
  [%
      IF c('gpg_keyring');
          SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), path(c('gpg_keyring_dir'))) _ ' --no-default-keyring';
      END;
  -%]
  # git >= 2.10.0-rc0 is calling gpg with 5 args. See #20757
  if ( [ $# -eq 4 ] && [ "$1" = '--status-fd=1' ] \
      && [ "$2" = '--verify' ] ) \
      || ( [ $# -eq 5 ] && [ "$1" = '--status-fd=1' ] \
           && [ "$2" = '--keyid-format=long' ] && [ "$3" = '--verify' ] )
  then
        [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@" | sed 's/^\[GNUPG:\] EXPKEYSIG /\[GNUPG:\] GOODSIG /'
        exit ${PIPESTATUS[0]}
  else
        exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@"
  fi

remote_start: '[% IF c("var/container/use_container") %][% c("runc/remote_start") %][% END %]'
remote_exec: '[% IF c("var/container/use_container") %][% c("runc/remote_exec") %][% END %]'
remote_put: '[% IF c("var/container/use_container") %][% c("runc/remote_put") %][% END %]'
remote_get: '[% IF c("var/container/use_container") %][% c("runc/remote_get") %][% END %]'
remote_finish: '[% IF c("var/container/use_container") %][% c("runc/remote_finish") %][% END %]'

runc:
  remote_start: |
    #!/bin/sh
    set -e
    if [ $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'* | wc -l) -ne 1 ]
    then
      echo "Can't find container image in input files" >&2
      ls -l '[% c("remote_srcdir") %]' >&2
      exit 1
    fi
    mkdir -p '[% c("var/container/dir") %]'/rootfs/rbm
    sudo tar -C '[% c("var/container/dir") %]'/rootfs -xf $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'*)
    [% SET user = c("var/container/user") -%]
    [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'id ' _ user
        _ ' >/dev/null 2>&1 || adduser -m ' _ user _ ' || useradd -m ' _ user }) %]

  remote_exec: |
    #!/bin/sh
    set -e
    [% IF c("interactive") -%]
      echo Container directory: [% shell_quote(c("var/container/dir")) %]
    [% END -%]
    mkdir -p '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/rbm
    echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/cmd
    echo [% shell_quote(c('exec_cmd')) %] >> '[% c("var/container/dir") %]'/rootfs/rbm/cmd
    echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/run
    [% IF c('exec_as_root'); SET user = 'root'; ELSE; SET user = c("var/container/user", { error_if_undef => 1 }); END; %]
    echo 'su - [% user %] -c /rbm/cmd' >> '[% c("var/container/dir") %]'/rootfs/rbm/run
    chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/cmd
    chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/run
    cat > '[% c("var/container/dir") %]'/config.json << EOF
    [% INCLUDE 'runc-config.json' %]
    EOF
    sudo runc [% IF c("var_p/runc100") %]run[% ELSE %]start[% END %] -b '[% c("var/container/dir") %]' rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %] [% IF c("runc_hide_stderr") %]2>/dev/null[% END %]

  remote_put: |
    #!/bin/sh
    set -e
    [%
      SET src = shell_quote(c('put_src', { error_if_undef => 1 }));
      SET dst = shell_quote(c('put_dst', { error_if_undef => 1 }));
    -%]
    sudo mkdir -p '[% c("var/container/dir") %]'/rootfs/[% dst %]
    sudo cp -aP [% src %] '[% c("var/container/dir") %]'/rootfs/[% dst %]
    # On Ubuntu, the /root/.profile file contains a `mesg n` line which is
    # producing some `stdin: is not a tty` messages. To hide them, we hide
    # stderr from this part by setting runc_hide_stderr.
    [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'chown -R ' _ c("var/container/user") _ ' ' _ dst, runc_hide_stderr => 1 }) %]

  remote_get: |
    #!/bin/sh
    set -e
    [%
      SET src = shell_quote(c('get_src', { error_if_undef => 1 }));
      SET dst = shell_quote(c('get_dst', { error_if_undef => 1 }));
    -%]
    mkdir -p [% dst %]
    srcdir='[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/[% src %]
    sudo chown -R $(whoami) "$srcdir"
    if [ $(ls -1 "$srcdir"/* 2> /dev/null | wc -l) -gt 0 ]
    then
      mv -f "$srcdir"/* [% dst %]/
    fi

  remote_finish: |
    #!/bin/sh
    set -e
    sudo rm -Rf '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs '[% c("var/container/dir", { error_if_undef => 1 }) %]'/config.json
    rmdir '[% c("var/container/dir") %]'

ENV:
  TZ: UTC
  LC_ALL: C
--- |
  # This part of the file contains options written in perl
  use IO::CaptureOutput qw(capture_exec);
  (
    var_p => {
      # runc100 is true if we are using runc >= 1.0.0
      # we assume that any version that is not 0.1.1 is >= 1.0.0
      runc100 => sub {
        my ($out) = capture_exec('sudo', 'runc', '--version');
        return !($out =~ m/^runc version 0.1.1/);
      },
      # runc_spec100 is true if runc spec is exactly 1.0.0
      # We will need to update this when there is a new spec version available
      runc_spec100 => sub {
        my ($out) = capture_exec('sudo', 'runc', '--version');
        return $out =~ m/^spec: 1\.0\.0$/m;
      },
    },
  )