shtripok
/
tor-browser-build
fork de JeremyRand/tor-browser-build


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368
							#!/bin/bash
[% c("var/setarch") -%]
[% c("var/set_default_env") -%]
[% IF c("var/windows") -%]
  [% pc('gcc', 'var/setup', { compiler_tarfile => c('input_files_by_name/gcc') }) %]
  # We need a link to our GCC, otherwise the system cc gets used which points to
  # /usr/bin/gcc.
  ln -s gcc /var/tmp/dist/gcc/bin/cc
[% END -%]
[% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %]
[% IF c("var/linux-cross") -%]
  [% pc('gcc', 'var/setup', {
    compiler_tarfile => c('input_files_by_name/' _ 'gcc-host'),
    target => [ c('var/channel'), 'torbrowser-linux-x86_64' ]
  }) %]

  # Work around missing libraries.  Maybe there's a better way?
  crossdepsdir=/var/tmp/dist/cross-deps-chroot
  mkdir -p $crossdepsdir
  pushd $crossdepsdir
  apt-get --option "APT::Architecture=[% c("var/arch_debian") %]" download $(apt-rdepends libgtk2.0-dev:[% c("var/arch_debian") %] libgtk-3-dev:[% c("var/arch_debian") %] libdbus-glib-1-dev:[% c("var/arch_debian") %] libxt-dev:[% c("var/arch_debian") %] libpulse-dev:[% c("var/arch_debian") %] libgconf2-dev:[% c("var/arch_debian") %] libx11-xcb-dev:[% c("var/arch_debian") %] libmpc2:[% c("var/arch_debian") %]|grep -v "^ "|grep -v "debconf-2.0"|grep -v "gsettings-backend"|grep -v "libc-dev"|grep -v "libz-dev")
  for PACKAGE in ./*.deb; do
    dpkg -x $PACKAGE ./
  done
  popd
  cp --archive --no-clobber $crossdepsdir/usr/include/* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/include/
  cp --archive --no-clobber $crossdepsdir/usr/lib/[% c("var/crosstarget") %]/lib*.so* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  cp --archive --no-clobber $crossdepsdir/lib/[% c("var/crosstarget") %]/libuuid.so* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  cp --archive --no-clobber $crossdepsdir/lib/[% c("var/crosstarget") %]/libselinux.so* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  cp --archive --no-clobber $crossdepsdir/lib/[% c("var/crosstarget") %]/ld-linux.so* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  # Workaround for: /usr/bin/ld.gold.real: error: cannot open /var/tmp/dist/gcc-cross/lib/gcc/[% c("var/crosstarget") %]/6.4.0/../../../../[% c("var/crosstarget") %]/lib/libglib-2.0.so: No such file or directory
  cp --archive --no-clobber $crossdepsdir/lib/[% c("var/crosstarget") %]/libglib*.so* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  cp --archive $crossdepsdir/lib/[% c("var/crosstarget") %]/libglib-2.0.so.0 /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/libglib-2.0.so
  cp --archive --no-clobber $crossdepsdir/lib/[% c("var/crosstarget") %]/libdbus*.so* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  cp --archive $crossdepsdir/lib/[% c("var/crosstarget") %]/libdbus-1.so.3 /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/libdbus-1.so
  cp --archive --no-clobber $crossdepsdir/lib/[% c("var/crosstarget") %]/libz*.so* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  cp --archive $crossdepsdir/lib/[% c("var/crosstarget") %]/libz.so.1 /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/libz.so
  cp --archive --no-clobber $crossdepsdir/lib/[% c("var/crosstarget") %]/libpng12*.so* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  cp --archive $crossdepsdir/lib/[% c("var/crosstarget") %]/libpng12.so.0 /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/libpng12.so
  cp --archive --no-clobber $crossdepsdir/lib/[% c("var/crosstarget") %]/libpcre.so* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  cp --archive $crossdepsdir/lib/[% c("var/crosstarget") %]/libpcre.so.3 /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/libpcre.so
  cp --archive --no-clobber $crossdepsdir/lib/[% c("var/crosstarget") %]/libexpat.so* /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/
  cp --archive $crossdepsdir/lib/[% c("var/crosstarget") %]/libexpat.so.1 /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/libexpat.so

[% END -%]
distdir=/var/tmp/dist/[% project %]
mkdir -p /var/tmp/build
mkdir -p [% dest_dir _ '/' _ c('filename') %]

[% IF c("var/windows") -%]
  mingwdir=/var/tmp/dist/mingw-w64
  mkdir -p $mingwdir/helpers

  cat > $mingwdir/helpers/[% c("arch") %]-w64-mingw32-g++ << 'EOF'
#!/bin/sh
/var/tmp/dist/mingw-w64/bin/[% c("arch") %]-w64-mingw32-g++ [% c("var/LDFLAGS") %] [% c("var/CFLAGS") %] "$@"
EOF

  cat > $mingwdir/helpers/[% c("arch") %]-w64-mingw32-gcc << 'EOF'
#!/bin/sh
/var/tmp/dist/mingw-w64/bin/[% c("arch") %]-w64-mingw32-gcc [% c("var/LDFLAGS") %] [% c("var/CFLAGS") %] "$@"
EOF

  cat > $mingwdir/helpers/[% c("arch") %]-w64-mingw32-ld << 'EOF'
#!/bin/sh
/var/tmp/dist/mingw-w64/bin/[% c("arch") %]-w64-mingw32-ld [% c("var/LDFLAGS") %] "$@"
EOF

  chmod +x $mingwdir/helpers/*
  export PATH="$mingwdir/helpers:$PATH"
[% END -%]

[% IF c("var/windows") %]
  # Unpack fxc2.
  mkdir -p /var/tmp/dist
  tar -C /var/tmp/dist -xf [% c('input_files_by_name/fxc2') %]
  fxcdir=/var/tmp/dist/fxc2/bin
  cp $mingwdir/[% c("arch") %]-w64-mingw32/bin/libwinpthread-1.dll $fxcdir
  export PATH="$fxcdir:$PATH"
  # fxc2 requires Wine.
  [% IF c("var/windows-x86_64") %]
    export WINEARCH=win64
  [% END %]
  export HOME=/var/tmp/home
  mkdir -p $HOME
  WINEROOT=$HOME/.wine/drive_c
  wine wineboot -i
[% END -%]

[% IF c("var/linux") %]
  mkdir -p /var/tmp/dist
  tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/binutils') %]
  export PATH="/var/tmp/dist/binutils/bin:$PATH"
[% END -%]

mkdir -p /var/tmp/dist
tar -C /var/tmp/dist -xf [% c('input_files_by_name/rust') %]
export PATH="/var/tmp/dist/rust/bin:$PATH"

[% IF c("var/linux") %]
  # Add llvm so stylo can build
  tar -C /var/tmp/dist -xf [% c('input_files_by_name/llvm') %]
  export LLVM_CONFIG="/var/tmp/dist/llvm/bin/llvm-config"
[% END -%]

tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz

[% IF c("var/osx") %]
  mkdir -p "$distdir/Tor Browser.app/Contents/MacOS"
[% ELSE %]
  mkdir -p $distdir/Browser
[% END %]

cd /var/tmp/build/[% project %]-[% c("version") %]
mv -f $rootdir/[% c('input_files_by_name/mozconfig') %] .mozconfig
[% IF c("var/asan") -%]
  mv -f .mozconfig-asan .mozconfig
  # Without disabling LSan our build is blowing up:
  # https://bugs.torproject.org/10599#comment:52
  export ASAN_OPTIONS="detect_leaks=0"
[% END -%]

[% IF c("var/android") %]
  gradle_repo=/var/tmp/dist/gradle-dependencies
  export GRADLE_MAVEN_REPOSITORIES="file://$gradle_repo"
  # Move Gradle Repo to hard-coded location. This location is embedded in the file
  # chrome/toolkit/content/global/buildconfig.html so needs to be standard for reproducibility
  mv $rootdir/[% c('input_files_by_name/gradle-dependencies') %] $gradle_repo
  cp -r $gradle_repo/plugins-release/* $gradle_repo
  cp -r $gradle_repo/maven2/* $gradle_repo
  # Move Android library dependencies so they will be included in the apk during the build
  cp $rootdir/[% c('input_files_by_name/topl') %]/* mobile/android/app
  cp $rootdir/[% c('input_files_by_name/tor-android-service') %]/* mobile/android/app
  # Apply patches
  patch -p1 < $rootdir/android-dependencies.patch

  # Prepare building the multi-locale .apk including our own strings
  mkdir -p /var/tmp/dist/locales
  tar -C /var/tmp/dist/locales -xf $rootdir/[% c('input_files_by_name/firefox-locale-bundle') %]
  tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/tba-translation') %]
[% END %]

eval $(perl $rootdir/get-moz-build-date [% c("var/copyright_year") %] [% c("var/torbrowser_version") %])
if [ -z $MOZ_BUILD_DATE ]
then
    echo "MOZ_BUILD_DATE is not set"
    exit 1
fi

[% IF c("var/windows") %]
  # FIXME
  # Ideally, using LDFLAGS (and e.g. DLLFLAGS for NSS) would be enough to get
  # all Firefox libraries linked against msvcr100. Alas, this does not hold for
  # NSPR. Without patching it we get a "missing entry points for _strcmpi in
  # msvcr100.dll". Now, this should be fixed in rev>=6179 as the def file there
  # contains a proper patch according to the mingw-w64 developers.
  # However, even with this patch the _strcmpi issue is still popping up,
  # probably due to a bug in our current linking setup. The small patch below
  # is therefore just a workaround which should get fixed but is at least
  # justified as the signature of _strcmpi and _stricmp is the same, see:
  # http://msdn.microsoft.com/en-us/library/k59z8dwe.aspx.
  sed 's/strcmpi/stricmp/' -i nsprpub/pr/src/linking/prlink.c
  export HOST_LDFLAGS=" "
  export LDFLAGS="-specs=/var/tmp/dist/mingw-w64/msvcr100.spec"
  # Our flags don't get passed to NSS. We need to do that manually using an
  # obscure one.
  export DLLFLAGS="-specs=/var/tmp/dist/mingw-w64/msvcr100.spec"

  # Make sure widl is not inserting random timestamps, see #21837.
  export WIDL_TIME_OVERRIDE="0"
[% END %]

[% IF c("var/osname") == "linux-i686" -%]
  export LDFLAGS=-m32
  export CFLAGS=-m32
  export CC='gcc -m32'
[% END -%]

[% IF c("var/windows") %]
  patch -p1 < $rootdir/nsis-uninstall.patch
[% END -%]

# Backporting a sec-high bugfix to ESR 60, but making sure it is only applied to
# mobile, as desktop ESR has not seen any testing with this mobile-related patch
[% IF c("var/android") %]
  patch -p1 < $rootdir/1527534.patch
[% END -%]

[% IF ! c("var/android") %]
  # Place a copy of the Tor Launcher sources under browser/extensions
  tar -C browser/extensions -xf $rootdir/[% c('input_files_by_name/tor-launcher') %]
[% END -%]

rm -f configure
rm -f js/src/configure

./mach configure --with-tor-browser-version=[% c("var/torbrowser_version") %] --with-distribution-id=org.torproject --enable-update-channel=[% c("var/torbrowser_update_channel") %] --enable-bundled-fonts --with-branding=[% c("var/branding_directory") %]
./mach build --verbose

[% IF c("var/android") %]
  # Building a multi-locale .apk
  [% FOREACH lang = c('var/locales');
     SET lang = tmpl(lang);
     # mk is unavailable on mobile.
     NEXT IF lang == 'mk'; %]
    # Copy our torbrowser_strings.dtd at the right place
    cp /var/tmp/dist/tba-translation/[% lang %]/torbrowser_strings.dtd /var/tmp/dist/locales/[% lang %]/mobile/android/base/
    ./mach build chrome-[% lang %];
  [% END %]
  export MOZ_CHROME_MULTILOCALE='[% tmpl(c('var/locales').join(' ')) %]'
  AB_CD=multi ./mach package
  # Copy the result over and return. There is nothing more to do for mobile.
  cp obj-*/dist/*unsigned-unaligned.apk [% dest_dir _ '/' _ c('filename') %]/tor-browser-unsigned-unaligned.apk
  [% RETURN %]
[% END %]

./mach build stage-package

[% IF c("var/osx") %]
  cp -a obj-macos/dist/firefox/* $distdir
  # Remove firefox-bin (we don't use it, see ticket #10126)
  rm -f "$distdir/Tor Browser.app/Contents/MacOS/firefox-bin"

  # Adjust the Info.plist file
  INFO_PLIST="$distdir/Tor Browser.app/Contents/Info.plist"
  mv "$INFO_PLIST" tmp.plist
  python $rootdir/fix-info-plist.py '[% c("var/torbrowser_version") %]' '[% c("var/copyright_year") %]' < tmp.plist > "$INFO_PLIST"
  rm -f tmp.plist
[% END %]

[% IF c("var/linux") %]
  cp -a obj-*/dist/firefox/* $distdir/Browser/
  # Remove firefox-bin (we don't use it, see ticket #10126)
  rm -f $distdir/Browser/firefox-bin
  # TODO: There goes FIPS-140.. We could upload these somewhere unique and
  # subsequent builds could test to see if they've been uploaded before...
  # But let's find out if it actually matters first..
  rm -f $distdir/Browser/*.chk
  # Replace firefox by a wrapper script (#25485)
  mv $distdir/Browser/firefox $distdir/Browser/firefox.real
  mv $rootdir/start-firefox $distdir/Browser/firefox
  chmod 755 $distdir/Browser/firefox
[% END %]

[% IF c("var/windows-x86_64") -%]
  mv $rootdir/msvcr100-x86_64.dll $rootdir/msvcr100.dll
[% END -%]
[% IF c("var/windows") %]
  cp -a obj-*/dist/firefox/* $distdir/Browser/
  cp -a $rootdir/msvcr100.dll $distdir/Browser
  cp -a $gcclibs/libssp-0.dll $distdir/Browser
  cp -a $fxcdir/d3dcompiler_47.dll $distdir/Browser
[% END %]
[% IF c("var/linux-cross") -%]
  cp -a /var/tmp/dist/gcc-cross/[% c("var/crosstarget") %]/lib/libssp.so* $distdir/Browser
[% END %]

# Make MAR-based update tools available for use during the bundle phase.
# Note that mar and mbsdiff are standalone tools, compiled for the build
# host's architecture.  We also include signmar, certutil, and the libraries
# they require; these utilities and libraries are built for the target
# architecture.
MARTOOLS=$distdir/mar-tools
mkdir -p $MARTOOLS
cp -p config/createprecomplete.py $MARTOOLS/
cp -p tools/update-packaging/*.sh $MARTOOLS/
cp -p obj-*/dist/host/bin/mar $MARTOOLS/
cp -p obj-*/dist/host/bin/mbsdiff $MARTOOLS/
[% IF c("var/linux") %]
  cp -p obj-*/modules/libmar/tool/signmar $MARTOOLS/
  cp -p obj-*/security/nss/cmd/certutil/certutil_certutil/certutil $MARTOOLS/
  cp -p obj-*/security/nss/cmd/modutil/modutil_modutil/modutil $MARTOOLS/
  cp -p obj-*/security/nss/cmd/pk12util/pk12util_pk12util/pk12util $MARTOOLS/
  cp -p obj-*/security/nss/cmd/shlibsign/shlibsign_shlibsign/shlibsign $MARTOOLS/
  NSS_LIBS="libfreeblpriv3.so libmozsqlite3.so libnss3.so libnssckbi.so libnssdbm3.so libnssutil3.so libsmime3.so libsoftokn3.so libssl3.so"
  NSPR_LIBS="libnspr4.so libplc4.so libplds4.so"
  for LIB in $NSS_LIBS $NSPR_LIBS; do
      cp -p obj-*/dist/bin/$LIB $MARTOOLS/
  done
[% END %]
[% IF c("var/osx") %]
  cp -p obj-*/modules/libmar/tool/signmar $MARTOOLS/
  cp -p obj-*/security/nss/cmd/certutil/certutil_certutil/certutil $MARTOOLS/
  cp -p obj-*/security/nss/cmd/modutil/modutil_modutil/modutil $MARTOOLS/
  cp -p obj-*/security/nss/cmd/pk12util/pk12util_pk12util/pk12util $MARTOOLS/
  cp -p obj-*/security/nss/cmd/shlibsign/shlibsign_shlibsign/shlibsign $MARTOOLS/
  NSS_LIBS="libfreebl3.dylib libmozglue.dylib libnss3.dylib libnssckbi.dylib libnssdbm3.dylib libsoftokn3.dylib"
  for LIB in $NSS_LIBS; do
      cp -p obj-*/dist/bin/$LIB $MARTOOLS/
  done
[% END %]
[% IF c("var/windows") %]
  cp -p obj-*/modules/libmar/tool/signmar.exe $MARTOOLS/
  cp -p obj-*/security/nss/cmd/certutil/certutil_certutil/certutil.exe $MARTOOLS/
  cp -p obj-*/security/nss/cmd/modutil/modutil_modutil/modutil.exe $MARTOOLS/
  cp -p obj-*/security/nss/cmd/pk12util/pk12util_pk12util/pk12util.exe $MARTOOLS/
  cp -p obj-*/security/nss/cmd/shlibsign/shlibsign_shlibsign/shlibsign.exe $MARTOOLS/
  NSS_LIBS="freebl3.dll mozglue.dll nss3.dll nssckbi.dll nssdbm3.dll softokn3.dll"
  for LIB in $NSS_LIBS; do
      cp -p obj-*/dist/bin/$LIB $MARTOOLS/
  done
  cp -a $rootdir/msvcr100.dll $MARTOOLS/
[% END %]

cd $distdir

[% IF c("var/linux") %]
  mkdir -p $distdir/Debug/Browser/gtk2

  [% IF c("var/linux-cross") %]
    TARGET_OBJCOPY=[% c("var/crosstarget") %]-objcopy
    TARGET_STRIP=[% c("var/crosstarget") %]-strip
  [% ELSE %]
    TARGET_OBJCOPY=objcopy
    TARGET_STRIP=strip
  [% END %]

  # Strip and generate debuginfo for the firefox binary that we keep, all *.so
  # files, the plugin-container, and the updater (see ticket #10126)
  for LIB in Browser/*.so Browser/gtk2/*.so Browser/firefox.real Browser/plugin-container Browser/updater
  do
      $TARGET_OBJCOPY --only-keep-debug $LIB Debug/$LIB
      $TARGET_STRIP $LIB
      $TARGET_OBJCOPY --add-gnu-debuglink=./Debug/$LIB $LIB
  done
[% END %]

# Re-zipping the omni.ja files is not needed to make them reproductible,
# however if we don't re-zip them, the files become corrupt when we
# update them using 'zip' and firefox will silently fail to load some
# parts.
[% IF c("var/windows") || c("var/linux") %]
  [% c("var/rezip", { rezip_file => 'Browser/omni.ja' }) %]
  [% c("var/rezip", { rezip_file => 'Browser/browser/omni.ja' }) %]
[% ELSIF c("var/osx") %]
  [% c("var/rezip", { rezip_file => '"Tor Browser.app/Contents/Resources/omni.ja"' }) %]
  [% c("var/rezip", { rezip_file => '"Tor Browser.app/Contents/Resources/browser/omni.ja"' }) %]
[% END %]

[%
IF c("var/osx");
  SET browserdir='"Tor Browser.app/Contents"';
ELSE;
  SET browserdir='Browser';
END;
%]

[% IF c("var/linux") %]
  /var/tmp/dist/gcc/bin/g++ $rootdir/abicheck.cc -o Browser/abicheck
[% END %]

[% c('tar', {
        tar_src => [ browserdir ],
        tar_args => '-czf ' _ dest_dir _ '/' _ c('filename') _ '/tor-browser.tar.gz',
    }) %]

[% IF c("var/linux") %]
[% c('tar', {
        tar_src => [ 'Debug' ],
        tar_args => '-cJf ' _ dest_dir _ '/' _ c('filename') _ '/tor-browser-debug.tar.xz',
    }) %]
[% END %]

[% c('zip', {
        zip_src => [ 'mar-tools' ],
        zip_args => dest_dir _ '/' _ c('filename') _ '/' _ c('var/martools_filename'),
    }) %]