config 6.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131
  1. # vim: filetype=yaml sw=2
  2. filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %]-[% c("version") %].tar.gz'
  3. version: 1
  4. pkg_type: build
  5. var:
  6. ubuntu_version: 18.04.1
  7. container:
  8. use_container: 1
  9. # We need CAP_SYS_ADMIN for debootstrap to work
  10. CAP_SYS_ADMIN: 1
  11. pre: |
  12. #!/bin/sh
  13. set -e
  14. export DEBIAN_FRONTEND=noninteractive
  15. # Bug 29158: install fixed packages for apt vulnerability (CVE-2019-3462)
  16. dpkg -i ./apt_1.6.6ubuntu0.1_amd64.deb ./libapt-pkg5.0_1.6.6ubuntu0.1_amd64.deb
  17. apt-get update -y -q
  18. apt-get install -y -q debian-archive-keyring ubuntu-keyring debootstrap
  19. debootstrap --arch=[% c("var/container/arch") %] [% c("var/container/debootstrap_opt") %] [% c("var/container/suite") %] base-image [% c("var/container/debootstrap_mirror") %]
  20. [% IF c("var/apt_package_filename") || c("var/apt_utils_package_filename") || c("var/libapt_inst_package_filename") || c("var/libapt_pkg_package_filename") -%]
  21. mkdir ./base-image/apt-update
  22. mv [% c("var/apt_package_filename") %] [% c("var/apt_utils_package_filename") %] \
  23. [% c("var/libapt_inst_package_filename") %] [% c("var/libapt_pkg_package_filename") %] \
  24. ./base-image/apt-update
  25. mount proc ./base-image/proc -t proc
  26. mount sysfs ./base-image/sys -t sysfs
  27. chroot ./base-image dpkg -i -R /apt-update
  28. umount ./base-image/proc
  29. umount ./base-image/sys
  30. [% END -%]
  31. [% IF c("var/minimal_apt_version") -%]
  32. apt_version=$(dpkg --admindir=$(pwd)/base-image/var/lib/dpkg -s apt | grep '^Version: ' | cut -d ' ' -f 2)
  33. echo "apt version: $apt_version"
  34. dpkg --compare-versions "$apt_version" ge '[% c("var/minimal_apt_version") %]'
  35. [% END -%]
  36. tar -C ./base-image -czf [% dest_dir %]/[% c("filename") %] .
  37. targets:
  38. wheezy-amd64:
  39. var:
  40. minimal_apt_version: '0.9.7.9+deb7u8'
  41. # https://deb.freexian.com/extended-lts/updates/ela-76-1-apt/
  42. apt_packages_baseurl: http://deb.freexian.com/extended-lts/pool/main/a/apt
  43. apt_package_filename: apt_0.9.7.9+deb7u8_amd64.deb
  44. apt_package_sha256sum: 83dcdb3f9c11df28b30b85bbb9dec341effbf36ee881a04dece3390082080761
  45. apt_utils_package_filename: apt-utils_0.9.7.9+deb7u8_amd64.deb
  46. apt_utils_package_sha256sum: 91a4d0ec92a32f13e3acb37f71546d48c51a0df25f3b9eb6a96b73dfc93a11ed
  47. libapt_inst_package_filename: libapt-inst1.5_0.9.7.9+deb7u8_amd64.deb
  48. libapt_inst_package_sha256sum: 181c9c21e1b33496b251fc76ba8ed04acbb8e23006909d27795bbc287eddd027
  49. libapt_pkg_package_filename: libapt-pkg4.12_0.9.7.9+deb7u8_amd64.deb
  50. libapt_pkg_package_sha256sum: b360dfb5a65ac2f7b81a2551d8a520ba2265785537d6d669869a159888b81999
  51. container:
  52. suite: wheezy
  53. arch: amd64
  54. jessie-amd64:
  55. var:
  56. minimal_apt_version: 1.0.9.8.5
  57. # https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html
  58. apt_packages_baseurl: http://security.debian.org/debian-security/pool/updates/main/a/apt
  59. apt_package_filename: apt_1.0.9.8.5_amd64.deb
  60. apt_package_sha256sum: 4078748632abc19836d045f80f9d6933326065ca1d47367909a0cf7f29e7dfe8
  61. apt_utils_package_filename: apt-utils_1.0.9.8.5_amd64.deb
  62. apt_utils_package_sha256sum: 87c55d9ccadcabd59674873c221357c774020c116afd978fb9df6d2d0303abf2
  63. libapt_inst_package_filename: libapt-inst1.5_1.0.9.8.5_amd64.deb
  64. libapt_inst_package_sha256sum: f9615532b1577b3d1455fa51839ce91765f2860eb3a6810fb5e0de0c87253030
  65. libapt_pkg_package_filename: libapt-pkg4.12_1.0.9.8.5_amd64.deb
  66. libapt_pkg_package_sha256sum: 295d9c69854a4cfbcb46001b09b853f5a098a04c986fc5ae01a0124c1c27e6bd
  67. container:
  68. suite: jessie
  69. arch: amd64
  70. jessie-i386:
  71. var:
  72. minimal_apt_version: 1.0.9.8.5
  73. # https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html
  74. apt_packages_baseurl: http://security.debian.org/debian-security/pool/updates/main/a/apt
  75. apt_package_filename: apt_1.0.9.8.5_i386.deb
  76. apt_package_sha256sum: 13c230e9c544b1e67a8da413046bf1728526372170533b1a23e70cc99c40a228
  77. apt_utils_package_filename: apt-utils_1.0.9.8.5_i386.deb
  78. apt_utils_package_sha256sum: 1a74b12c8bb6b3968a721f3aa96739073e4fe2ced9302792c533e21535bc9cf4
  79. libapt_inst_package_filename: libapt-inst1.5_1.0.9.8.5_i386.deb
  80. libapt_inst_package_sha256sum: 5791661dd4ade72b61086fefdc209bd1f76ac7b7c812d6d4ba951b1a6232f0b9
  81. libapt_pkg_package_filename: libapt-pkg4.12_1.0.9.8.5_i386.deb
  82. libapt_pkg_package_sha256sum: 201b6cf4625ed175e6a024ac1f7ca6c526ca79d859753c125b02cd69e26c349d
  83. container:
  84. suite: jessie
  85. arch: i386
  86. # Still needed to fix faketime issues in tor-browser for Android, see: #29453
  87. buster-amd64:
  88. var:
  89. minimal_apt_version: '1.8.0~alpha3.1'
  90. container:
  91. suite: buster
  92. arch: amd64
  93. stretch-amd64:
  94. var:
  95. minimal_apt_version: 1.4.9
  96. container:
  97. suite: stretch
  98. arch: amd64
  99. input_files:
  100. - URL: 'http://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
  101. filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
  102. sha256sum: ed76e649f65548a80b361b68011085ec4dde7bb762d667657acbef87765e1a12
  103. - URL: http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_1.6.6ubuntu0.1_amd64.deb
  104. sha256sum: df210f9e30cf9deba5fbe815203af854e5e77bdbbe0b96d0d1c0da46a6a8dd0a
  105. - URL: http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg5.0_1.6.6ubuntu0.1_amd64.deb
  106. sha256sum: 0a05a97b1e9b8d52ee8df040a14c5fabdebbb2c2235ac495db29df34f4c8cec3
  107. - URL: '[% c("var/apt_packages_baseurl") %]/[% c("var/apt_package_filename") %]'
  108. sha256sum: '[% c("var/apt_package_sha256sum") %]'
  109. enable: '[% c("var/apt_package_filename") %]'
  110. - URL: '[% c("var/apt_packages_baseurl") %]/[% c("var/apt_utils_package_filename") %]'
  111. sha256sum: '[% c("var/apt_utils_package_sha256sum") %]'
  112. enable: '[% c("var/apt_utils_package_filename") %]'
  113. - URL: '[% c("var/apt_packages_baseurl") %]/[% c("var/libapt_inst_package_filename") %]'
  114. sha256sum: '[% c("var/libapt_inst_package_sha256sum") %]'
  115. enable: '[% c("var/libapt_inst_package_filename") %]'
  116. - URL: '[% c("var/apt_packages_baseurl") %]/[% c("var/libapt_pkg_package_filename") %]'
  117. sha256sum: '[% c("var/libapt_pkg_package_sha256sum") %]'
  118. enable: '[% c("var/libapt_pkg_package_filename") %]'