tor-browser-build/projects/firefox/build

#!/bin/bash
[% c("var/set_default_env") -%]
[% IF ! c("var/linux-cross") %]
  [% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %]
[% END %]
[% IF c("var/linux-ppc64le") %]
  [% pc(c('var/compiler'), 'var/setup', {
    compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')),
    hardened_gcc => 0
  }) %]

  [% pc('gcc', 'var/setup', {
    compiler_tarfile => c('input_files_by_name/' _ 'gcc-host'),
    hardened_gcc => 0,
    target => [ c('var/channel'), 'torbrowser-linux-x86_64' ]
  }) %]

  # GCC's cc1 expects Jessie libmpfr; we feed it a symlink to Buster's instead
  # as a stupid compat cludge.  TODO: Maybe copy in the actual Jessie version
  # from the GCC build container?
  mkdir -p /var/tmp/dist/libmpfr
  ln -s -T /usr/lib/x86_64-linux-gnu/libmpfr.so.6 /var/tmp/dist/libmpfr/libmpfr.so.4
  export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/var/tmp/dist/libmpfr"

  # Required for fontconfig
  cp -a /usr/include/fontconfig /var/tmp/dist/gcc-cross/[% c('var/crosstarget') %]/include/fontconfig
  cp /usr/lib/[% c('var/crosstarget') %]/libfontconfig.* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  # Required for X
  cp -a /usr/include/X11 /var/tmp/dist/gcc-cross/[% c('var/crosstarget') %]/include/X11
  cp /usr/lib/[% c('var/crosstarget') %]/libX11.* /usr/lib/[% c('var/crosstarget') %]/libX11-xcb.* /usr/lib/[% c('var/crosstarget') %]/libxcb.* /usr/lib/[% c('var/crosstarget') %]/libxcb-shm.* /usr/lib/[% c('var/crosstarget') %]/libXext.* /usr/lib/[% c('var/crosstarget') %]/libXt.* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  # Required for wayland
  cp -a /usr/include/wayland-*.h /var/tmp/dist/gcc-cross/[% c('var/crosstarget') %]/include/
  cp /usr/lib/[% c('var/crosstarget') %]/libwayland-*.* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  # Required for xkbcommon
  cp -a /usr/include/xkbcommon /var/tmp/dist/gcc-cross/[% c('var/crosstarget') %]/include/xkbcommon
  cp /usr/lib/[% c('var/crosstarget') %]/libxkbcommon.* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  # Required for xcb
  cp -a /usr/include/xcb /var/tmp/dist/gcc-cross/[% c('var/crosstarget') %]/include/xcb
  cp /usr/lib/[% c('var/crosstarget') %]/libxcb.* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  # Required for zlib
  cp /usr/lib/[% c('var/crosstarget') %]/libz.* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  cp /lib/[% c('var/crosstarget') %]/libz.* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
[% END %]
mkdir -p /var/tmp/dist
distdir=/var/tmp/dist/[% project %]
mkdir -p /var/tmp/build
mkdir -p [% dest_dir _ '/' _ c('filename') %]

[% IF c("var/windows") %]
  # Setting up fxc2
  tar -C /var/tmp/dist -xf [% c('input_files_by_name/fxc2') %]
  export PATH="/var/tmp/dist/fxc2/bin:$PATH"
  # Setting up stack protector support
  tar -C /var/tmp/dist -xf [% c('input_files_by_name/mingw-w64') %]
  cp /var/tmp/dist/mingw-w64/gcclibs/{libssp.a,libssp_nonshared.a} /var/tmp/dist/mingw-w64-clang/[% c("arch") %]-w64-mingw32/lib/
[% END -%]

tar -C /var/tmp/dist -xf [% c('input_files_by_name/rust') %]
[% IF c("var/linux-cross") %]
  # Rust expects Jessie OpenSSL, so we provide it here
  export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/var/tmp/dist/rust/lib_host"
[% END %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/cbindgen') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/nasm') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/node') %]
export PATH="/var/tmp/dist/rust/bin:/var/tmp/dist/cbindgen:/var/tmp/dist/nasm/bin:/var/tmp/dist/node/bin:$PATH"
tar -C /var/tmp/dist -xf [% c('input_files_by_name/clang') %]
[% IF c("var/linux-cross") && ! c("var/linux-ppc64le") %]
  # clang expects self-built libstdc++, so we provide it here
  tar -C /var/tmp/dist -xf [% c('input_files_by_name/gcc-host') %]
  export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/var/tmp/dist/gcc/lib64:/var/tmp/dist/gcc/lib32"
[% END %]
export LLVM_CONFIG="/var/tmp/dist/clang/bin/llvm-config"

[% IF c("var/linux") %]
  tar -C /var/tmp/dist -xf [% c('input_files_by_name/python') %]
  export PATH="/var/tmp/dist/python/bin:$PATH"
  tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/binutils') %]
  export PATH="/var/tmp/dist/binutils/bin:$PATH"
  # Use clang for everything on Linux now if we don't build with ASan.
  [% IF ! c("var/asan") -%]
    export PATH="/var/tmp/dist/clang/bin:$PATH"
  [% END -%]
  [% IF c("var/linux-i686") %]
    # Exporting `PKG_CONFIG_PATH` in the mozconfig file is causing build
    # breakage in Rust code. It seems that environment variable is not passed
    # down properly in that case. Thus, we set it here in the build script.
    export PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:/usr/lib/i386-linux-gnu/pkgconfig"
  [% END -%]
[% END -%]

[% IF c("var/rlbox") -%]
  tar -C /var/tmp/dist -xf [% c('input_files_by_name/wasi-sysroot') %]
  # XXX: We need the libclang_rt.builtins-wasm32.a in our clang lib directory.
  # Copy it over.
  # https://searchfox.org/mozilla-central/source/build/build-clang/build-clang.py#890,
  # include it directly in our clang
  rtdir=/var/tmp/dist/clang/lib/clang/[% pc("clang", "version") %]/lib/wasi
  [% IF c("var/osx") -%]
    rtdir=/var/tmp/dist/macosx-toolchain/clang/lib/clang/[% pc("clang", "version") %]/lib/wasi
  [% END-%]
  mkdir -p $rtdir
  cp /var/tmp/dist/wasi-sysroot/lib/clang/11.0.0/lib/wasi/libclang_rt.builtins-wasm32.a $rtdir
  tar -C /var/tmp/dist -xf [% c('input_files_by_name/lucetc') %]
  export PATH="/var/tmp/dist/lucetc/bin:$PATH"
  export WASM_SANDBOXED_LIBRARIES=graphite,ogg
  export WASI_SYSROOT=/var/tmp/dist/wasi-sysroot/share/wasi-sysroot
[% END -%]

tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz

[% IF c("var/osx") %]
  mkdir -p "$distdir/Tor Browser.app/Contents/MacOS"
[% ELSE %]
  mkdir -p $distdir/Browser
[% END %]

cd /var/tmp/build/[% project %]-[% c("version") %]
mv -f $rootdir/[% c('input_files_by_name/mozconfig') %] .mozconfig
[% IF c("var/asan") -%]
  # Without disabling LSan our build is blowing up:
  # https://bugs.torproject.org/10599#comment:52
  export ASAN_OPTIONS="detect_leaks=0"
[% END -%]

eval $(perl $rootdir/get-moz-build-date [% c("var/copyright_year") %] [% c("var/torbrowser_version") %])
if [ -z $MOZ_BUILD_DATE ]
then
    echo "MOZ_BUILD_DATE is not set"
    exit 1
fi

[% IF c("var/windows") %]
  # Make sure widl is not inserting random timestamps, see #21837.
  export WIDL_TIME_OVERRIDE="0"
  patch -p1 < $rootdir/nsis-uninstall.patch
  # mingw-w64 does not support SEH on 32bit systems. Be explicit about that.
  export LDFLAGS="[% c('var/flag_noSEH') %]"
[% END -%]

[% IF c("var/linux-arm") %]
  patch -p1 < $rootdir/linux-arm-neon.patch
[% END %]

[% IF c("var/namecoin") %]
  patch -p1 < $rootdir/namecoin-etld.patch
[% END -%]

# Place a copy of the Tor Launcher sources under browser/extensions
tar -C browser/extensions -xf $rootdir/[% c('input_files_by_name/tor-launcher') %]

[% IF c("var/namecoin") %]
  pushd toolkit/torproject/torbutton
  patch -p1 < $rootdir/namecoin-torbutton.patch
  popd
[% END %]

[% IF c("var/nightly") -%]
  # Set update url for nightly (#33402 / #40033)
  sed -i 's|^URL=https://aus1\.torproject\.org/.*|URL=https://nightlies.tbb.torproject.org/nightly-updates/updates/nightly-[% c("var/osname") %]/%CHANNEL%/%BUILD_TARGET%/%VERSION%/%LOCALE%|' build/application.ini.in
[% END -%]

[% IF c("var/linux-ppc64le") %]
  cp -a js/src/ctypes/libffi /var/tmp/build/libffi
  pushd /var/tmp/build/libffi

  ./configure --host=[% c('var/crosstarget') %]
  # Always errors on this step, but still produces the .so files we want.
  make || true

  cp /var/tmp/build/libffi/powerpc64le-unknown-linux-gnu/include/*.h /var/tmp/dist/gcc-cross/[% c('var/crosstarget') %]/include/
  cp /var/tmp/build/libffi/powerpc64le-unknown-linux-gnu/.libs/* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/

  popd
[% END %]

rm -f configure
rm -f js/src/configure

export MACH_USE_SYSTEM_PYTHON=1

# Android does not support --enable-bundled-fonts option
./mach configure --with-tor-browser-version=[% c("var/torbrowser_version") %] --with-distribution-id=org.torproject --enable-update-channel=[% c("var/channel") %] --enable-bundled-fonts --with-branding=[% c("var/branding_directory") %]

./mach build --verbose
./mach build stage-package

[% IF c("var/osx") %]
  cp -a obj-macos/dist/firefox/* $distdir
  # Remove firefox-bin (we don't use it, see ticket #10126)
  rm -f "$distdir/Tor Browser.app/Contents/MacOS/firefox-bin"

  # Adjust the Info.plist file
  INFO_PLIST="$distdir/Tor Browser.app/Contents/Info.plist"
  mv "$INFO_PLIST" tmp.plist
  python3 $rootdir/fix-info-plist.py '[% c("var/torbrowser_version") %]' '[% c("var/copyright_year") %]' < tmp.plist > "$INFO_PLIST"
  rm -f tmp.plist
[% END %]

[% IF c("var/linux") %]
  [% IF c("var/linux-x86_64") && !c("var/asan") %]
    cp obj-*/testing/geckodriver/x86_64-unknown-linux-gnu/release/geckodriver $distdir
  [% END %]
  cp -a obj-*/dist/firefox/* $distdir/Browser/
  # Remove firefox-bin (we don't use it, see ticket #10126)
  rm -f $distdir/Browser/firefox-bin
  # TODO: There goes FIPS-140.. We could upload these somewhere unique and
  # subsequent builds could test to see if they've been uploaded before...
  # But let's find out if it actually matters first..
  rm -f $distdir/Browser/*.chk
  # Replace firefox by a wrapper script (#25485)
  mv $distdir/Browser/firefox $distdir/Browser/firefox.real
  mv $rootdir/start-firefox $distdir/Browser/firefox
  chmod 755 $distdir/Browser/firefox
[% END %]

[% IF c("var/windows") %]
  cp -a obj-*/dist/firefox/* $distdir/Browser/
  [% IF c("var/windows-i686") %]
    cp -a /var/tmp/dist/fxc2/bin/d3dcompiler_47_32.dll $distdir/Browser/d3dcompiler_47.dll
  [% ELSE %]
    cp -a /var/tmp/dist/fxc2/bin/d3dcompiler_47.dll $distdir/Browser
  [% END %]
[% END %]
[% IF c("var/linux-ppc64le") -%]
  cp -a /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib64/libssp.so* $distdir/Browser
  cp -a /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/libffi.so* $distdir/Browser
  cp $distdir/Browser/libffi.so $distdir/Browser/libffi.so.6
[% END %]

# Make MAR-based update tools available for use during the bundle phase.
# Note that mar and mbsdiff are standalone tools, compiled for the build
# host's architecture.  We also include signmar, certutil, and the libraries
# they require; these utilities and libraries are built for the target
# architecture.
MARTOOLS=$distdir/mar-tools
mkdir -p $MARTOOLS
cp -p config/createprecomplete.py $MARTOOLS/
cp -p tools/update-packaging/*.sh $MARTOOLS/
cp -p obj-*/dist/host/bin/mar $MARTOOLS/
cp -p obj-*/dist/host/bin/mbsdiff $MARTOOLS/
[% IF c("var/linux") || c("var/osx") %]
  cp -p obj-*/dist/bin/signmar $MARTOOLS/
  cp -p obj-*/dist/bin/certutil $MARTOOLS/
  cp -p obj-*/dist/bin/modutil $MARTOOLS/
  cp -p obj-*/dist/bin/pk12util $MARTOOLS/
  cp -p obj-*/dist/bin/shlibsign $MARTOOLS/
  [% IF c("var/linux") %]
    NSS_LIBS="libfreeblpriv3.so libmozsqlite3.so libnss3.so libnssckbi.so libnssutil3.so libsmime3.so libsoftokn3.so libssl3.so"
    NSPR_LIBS="libnspr4.so libplc4.so libplds4.so"
  [% ELSE %]
    NSS_LIBS="libfreebl3.dylib libmozglue.dylib libnss3.dylib libnssckbi.dylib libsoftokn3.dylib"
    # No NSPR_LIBS for macOS
    NSPR_LIBS=""
  [% END %]
  for LIB in $NSS_LIBS $NSPR_LIBS; do
    cp -p obj-*/dist/bin/$LIB $MARTOOLS/
  done
[% END %]
[% IF c("var/windows") %]
  cp -p obj-*/dist/bin/signmar.exe $MARTOOLS/
  cp -p obj-*/dist/bin/certutil.exe $MARTOOLS/
  cp -p obj-*/dist/bin/modutil.exe $MARTOOLS/
  cp -p obj-*/dist/bin/pk12util.exe $MARTOOLS/
  cp -p obj-*/dist/bin/shlibsign.exe $MARTOOLS/
  NSS_LIBS="freebl3.dll mozglue.dll nss3.dll nssckbi.dll softokn3.dll"
  for LIB in $NSS_LIBS; do
      cp -p obj-*/dist/bin/$LIB $MARTOOLS/
  done
[% END %]

cd $distdir

[% IF c("var/linux-x86_64") %]
  [% IF !c("var/asan") %]
    # No need for an unstripped geckodriver
    strip geckodriver
  [% END %]
  mkdir -p $distdir/Debug/Browser

  [% IF c("var/linux-cross") %]
    TARGET_OBJCOPY=[% c("var/crosstarget") %]-objcopy
    TARGET_STRIP=[% c("var/crosstarget") %]-strip
  [% ELSE %]
    TARGET_OBJCOPY=objcopy
    TARGET_STRIP=strip
  [% END %]

  # Strip and generate debuginfo for the firefox binary that we keep, all *.so
  # files, the plugin-container, and the updater (see ticket #10126)
  for LIB in Browser/*.so Browser/firefox.real Browser/plugin-container Browser/updater
  do
      $TARGET_OBJCOPY --only-keep-debug $LIB Debug/$LIB
      $TARGET_STRIP $LIB
      $TARGET_OBJCOPY --add-gnu-debuglink=./Debug/$LIB $LIB
  done
[% END %]

# Re-zipping the omni.ja files is not needed to make them reproductible,
# however if we don't re-zip them, the files become corrupt when we
# update them using 'zip' and firefox will silently fail to load some
# parts.
[% IF c("var/windows") || c("var/linux") %]
  [% c("var/rezip", { rezip_file => 'Browser/omni.ja' }) %]
  [% c("var/rezip", { rezip_file => 'Browser/browser/omni.ja' }) %]
[% ELSIF c("var/osx") %]
  [% c("var/rezip", { rezip_file => '"Tor Browser.app/Contents/Resources/omni.ja"' }) %]
  [% c("var/rezip", { rezip_file => '"Tor Browser.app/Contents/Resources/browser/omni.ja"' }) %]
[% END %]

[%
IF c("var/osx");
  SET browserdir='"Tor Browser.app/Contents"';
ELSE;
  SET browserdir='Browser';
END;
%]

[% IF c("var/linux") %]
  # TODO: abicheck doesn't work on linux-cross yet
  [% IF ! c("var/linux-cross") %]
    /var/tmp/dist/gcc/bin/g++ $rootdir/abicheck.cc -o Browser/abicheck -std=c++17
  [% END %]
[% END %]

[% c('tar', {
        tar_src => [ browserdir ],
        tar_args => '-czf ' _ dest_dir _ '/' _ c('filename') _ '/tor-browser.tar.gz',
    }) %]

[% IF c("var/linux-x86_64") %]
[% c('tar', {
        tar_src => [ 'Debug' ],
        tar_args => '-cJf ' _ dest_dir _ '/' _ c('filename') _ '/tor-browser-debug.tar.xz',
    }) %]
  [% IF !c("var/asan") %]
    [% c('tar', {
            tar_src => [ 'geckodriver' ],
            tar_args => '-cJf ' _ dest_dir _ '/' _ c('filename') _ '/geckodriver-linux64.tar.xz',
        }) %]
  [% END %]
[% END %]

[% c('zip', {
        zip_src => [ 'mar-tools' ],
        zip_args => dest_dir _ '/' _ c('filename') _ '/' _ c('var/martools_filename'),
    }) %]

[% IF c("var/build_infos_json") -%]
  cat > "[% dest_dir _ '/' _ c('filename') _ '/build-infos.json' %]" << EOF_BUILDINFOS
  {
      "firefox_platform_version" : "[% c("var/firefox_platform_version") %]",
      "firefox_buildid" : "$MOZ_BUILD_DATE"
  }
EOF_BUILDINFOS
[% END -%]