[tbb-commits] [tor-browser-bundle/hardened-builds] Bug 20735: Add snowflake pt to alpha Linux builds
gk at torproject.org
gk at torproject.org
Thu Jan 5 12:02:24 UTC 2017
commit f78866cad71122fa851ebdf6c63053605c565826
Author: David Fifield <david at bamsoftware.com>
Date: Sat Apr 30 15:42:21 2016 -0700
Bug 20735: Add snowflake pt to alpha Linux builds
* Snowflake depends on go-webrtc, which in turn depends on libwebrtc,
which adds significantly to the build. webrtc is special, having its
own build system that brings in lots of Chromium dependencies.
* Further, building cgo reproducibly requires go 1.7.3 and a compiler
that supports the following flags,
-gno-record-gcc-switches
-fdebug-prefix-map=$WORK=/tmp/go-build
---
Bundle-Data/PTConfigs/bridge_prefs.js | 2 +
.../PTConfigs/linux/torrc-defaults-appendix | 3 +
gitian/Makefile | 5 +-
gitian/check-prerequisites.sh | 8 +-
.../linux/gitian-pluggable-transports.yml | 79 +++++++++++++
gitian/descriptors/linux/gitian-webrtc.yml | 125 +++++++++++++++++++++
gitian/fetch-inputs.sh | 28 +++++
gitian/mkbundle-linux.sh | 44 ++++++--
gitian/verify-tags.sh | 6 +
gitian/versions | 13 ++-
gitian/versions.alpha | 6 +
gitian/versions.beta | 5 +
gitian/versions.nightly | 6 +
13 files changed, 312 insertions(+), 18 deletions(-)
diff --git a/Bundle-Data/PTConfigs/bridge_prefs.js b/Bundle-Data/PTConfigs/bridge_prefs.js
index 6831555..bd92585 100644
--- a/Bundle-Data/PTConfigs/bridge_prefs.js
+++ b/Bundle-Data/PTConfigs/bridge_prefs.js
@@ -38,3 +38,5 @@ pref("extensions.torlauncher.default_bridge.obfs4.20", "obfs4 85.17.30.79:443 FC
pref("extensions.torlauncher.default_bridge.meek-amazon.1", "meek 0.0.2.0:2 B9E7141C594AF25699E0079C1F0146F409495296 url=https://d2zfqthxsdq309.cloudfront.net/ front=a0.awsstatic.com");
pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:3 A2C13B7DFCAB1CBF3A884B6EB99A98067AB6EF44 url=https://az786092.vo.msecnd.net/ front=ajax.aspnetcdn.com");
+
+pref("extensions.torlauncher.default_bridge.snowflake.1", "snowflake 0.0.3.0:1 B05EC36590AC0374F0E4D36DDA77908FD59D97F3");
diff --git a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
index c79efde..7fbf63c 100644
--- a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
+++ b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
@@ -6,3 +6,6 @@ ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/Plugg
## meek configuration
ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client
+
+## snowflake configuration
+ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowflake-client -url https://snowflake-reg.appspot.com/ -front www.google.com -ice stun:stun.l.google.com:19302
diff --git a/gitian/Makefile b/gitian/Makefile
index 1aac5ed..b321eab 100644
--- a/gitian/Makefile
+++ b/gitian/Makefile
@@ -93,7 +93,7 @@ prep-alpha:
$(TORSOCKS) ./fetch-inputs.sh ../../gitian-builder/inputs/ versions.alpha
-clean: clean-utils clean-tor clean-browser clean-pt clean-bundle
+clean: clean-utils clean-tor clean-browser clean-webrtc clean-pt clean-bundle
rm -f ../../gitian-builder/inputs/*.yml
rm -f ../../gitian-builder/inputs/bundle.inputs
rm -f ../../gitian-builder/inputs/versions*
@@ -112,6 +112,9 @@ clean-browser: clean-bundle
rm -f ../../gitian-builder/inputs/tor-browser-win*
rm -f ../../gitian-builder/inputs/mar-tools-*
+clean-webrtc: clean-bundle
+ rm -f ../../gitian-builder/inputs/webrtc-*-gbuilt.zip
+
clean-pt: clean-bundle
rm -f ../../gitian-builder/inputs/pluggable-transports*
diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh
index 858fd4d..530e160 100755
--- a/gitian/check-prerequisites.sh
+++ b/gitian/check-prerequisites.sh
@@ -17,7 +17,7 @@ then
VERSION=`cat /etc/issue | grep -Eo '[0-9]{2}' | head -1`
if [ "$VERSION" -ge "14" ];
then
- dpkg -s ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring torsocks tor 2>/dev/null >/dev/null
+ dpkg -s ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring curl pkg-config libgtk2.0-dev libglib2.0-dev torsocks tor 2>/dev/null >/dev/null
if [ $? -ne 0 ];
then
@@ -25,7 +25,7 @@ then
echo
echo "Please run:"
echo " sudo apt-get install torsocks tor"
- echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring"
+ echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring curl pkg-config libgtk2.0-dev libglib2.0-dev"
exit 1
fi
else
@@ -34,7 +34,7 @@ then
fi
elif [ $DISTRO = "Debian" ];
then
- dpkg -s ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip torsocks tor python-cheetah debootstrap parted kpartx rsync 2>/dev/null >/dev/null
+ dpkg -s ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip python-cheetah debootstrap parted kpartx rsync curl pkg-config libgtk2.0-dev libglib2.0-dev torsocks tor 2>/dev/null >/dev/null
if [ $? -ne 0 ];
then
@@ -42,7 +42,7 @@ then
echo
echo "Please run"
echo " sudo apt-get install torsocks tor"
- echo " sudo torsocks apt-get install ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip python-cheetah debootstrap parted kpartx rsync"
+ echo " sudo torsocks apt-get install ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip python-cheetah debootstrap parted kpartx rsync curl pkg-config libgtk2.0-dev libglib2.0-dev"
exit 1
fi
else
diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml
index 2793a76..31aa9bb 100644
--- a/gitian/descriptors/linux/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml
@@ -13,6 +13,8 @@ packages:
- "swig"
- "zip"
- "hardening-wrapper"
+- "pkg-config"
+- "libx11-dev"
reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://git.torproject.org/pluggable-transports/pyptlib.git"
@@ -39,6 +41,12 @@ remotes:
"dir": "goxnet"
- "url": "https://git.torproject.org/pluggable-transports/obfs4.git"
"dir": "obfs4"
+- "url": "https://github.com/keroserene/go-webrtc.git"
+ "dir": "go-webrtc"
+- "url": "https://git.torproject.org/pluggable-transports/snowflake.git"
+ "dir": "snowflake"
+- "url": "https://github.com/dchest/uniuri.git"
+ "dir": "uniuri"
files:
- "pycrypto.tar.gz"
- "argparse.tar.gz"
@@ -51,6 +59,12 @@ files:
- "dzip.sh"
- "gmp-linux64-utils.zip"
- "openssl-linux64-utils.zip"
+- "binutils-linux32-utils.zip"
+- "binutils-linux64-utils.zip"
+- "gcc-linux32-utils.zip"
+- "gcc-linux64-utils.zip"
+- "webrtc-linux32-gbuilt.zip"
+- "webrtc-linux64-gbuilt.zip"
script: |
INSTDIR="$HOME/install"
PTDIR="$INSTDIR/Tor/PluggableTransports"
@@ -73,6 +87,35 @@ script: |
# FTE only needs libgmp.so.10 and no libgmpxx anymore.
cp $INSTDIR/gmp/lib/libgmp.so.10 $INSTDIR/Tor
+ # Preparing Binutils and GCC for webrtc
+ unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip
+ # Make sure gold is used with the hardening wrapper for full RELRO, see
+ # #13031.
+ cd $INSTDIR/binutils/bin
+ rm ld
+ cp /usr/bin/hardened-ld ./
+ mv ld.gold ld.gold.real
+ ln -sf hardened-ld ld.gold
+ ln -sf ld.gold ld
+ cd ~/build
+ unzip -d $INSTDIR gcc-linux$GBUILD_BITS-utils.zip
+ # Make sure we use the hardening wrapper when compiling Tor Browser.
+ cd $INSTDIR/gcc/bin
+ cp /usr/bin/hardened-cc ./
+ mv gcc gcc.real
+ mv c++ c++.real
+ ln -sf hardened-cc gcc
+ ln -sf hardened-cc c++
+ cd ~/build
+ export PATH=$INSTDIR/gcc/bin:$INSTDIR/binutils/bin:$PATH
+ ARCH=""
+ if [ $GBUILD_BITS == "64" ];
+ then
+ ARCH="64"
+ fi
+ # Make sure our GCC gets properly used.
+ export LD_LIBRARY_PATH=$INSTDIR/gcc/lib$ARCH
+
# Building go 1.4.x
# This is needed to bootstrap the go that we actually use
# https://golang.org/doc/install/source#go14
@@ -231,6 +274,14 @@ script: |
go install github.com/dchest/siphash
cd ..
+ # Building go uniuri
+ cd uniuri
+ find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/github.com/dchest/"
+ ln -sf "$PWD" "$GOPATH/src/github.com/dchest/uniuri"
+ go install github.com/dchest/uniuri
+ cd ..
+
# Building golang.org/x/crypto (obfs4proxy > 0.0.3 || Go >= 1.4)
cd goxcrypto
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
@@ -259,6 +310,34 @@ script: |
cp -a obfs4proxy $PTDIR
cd ../..
+ unzip webrtc-linux$GBUILD_BITS-gbuilt.zip
+
+ # Building go-webrtc
+ cd go-webrtc
+ # Replace the prebuilt webrtc library with our own one.
+ rm -rf include/ lib/
+ ln -sf ../webrtc/{include,lib} .
+ find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
+ mkdir -p "$GOPATH/src/github.com/keroserene/"
+ ln -sf "$PWD" "$GOPATH/src/github.com/keroserene/go-webrtc"
+ # The go-webrtc package sets _GLIBCXX_USE_CXX11_ABI=0 for compatibility with
+ # the prebuilt libwebrtc-magic.a libraries. Since we build our own
+ # libwebrtc-magic.a with the C++11 ABI, we have to undo that setting here,
+ # using CGO_CXXFLAGS.
+ CGO_CXXFLAGS=-D_GLIBCXX_USE_CXX11_ABI=1 go install github.com/keroserene/go-webrtc
+ cd ..
+
+ # Building snowflake
+ cd snowflake
+ find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
+ cd client
+ go build -ldflags '-s'
+ cp -a client $PTDIR/snowflake-client
+ cd ..
+ mkdir -p $INSTDIR/Docs/snowflake
+ cp -a README.md LICENSE $INSTDIR/Docs/snowflake
+ cd ..
+
# Grabbing the results and making sure timestamps don't spoil them
cd $INSTDIR
~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/
diff --git a/gitian/descriptors/linux/gitian-webrtc.yml b/gitian/descriptors/linux/gitian-webrtc.yml
new file mode 100644
index 0000000..ba654c5
--- /dev/null
+++ b/gitian/descriptors/linux/gitian-webrtc.yml
@@ -0,0 +1,125 @@
+---
+name: "webrtc-linux"
+distro: "debian"
+suites:
+- "wheezy"
+architectures:
+- "i386"
+- "amd64"
+packages:
+- "unzip"
+- "zip"
+- "hardening-wrapper"
+- "libasound2-dev"
+- "libexpat1-dev"
+- "libudev-dev"
+- "libx11-dev"
+- "libxext-dev"
+- "libxrandr-dev"
+- "default-jre-headless"
+- "default-jdk"
+reference_datetime: "2000-01-01 00:00:00"
+remotes:
+- "url": "https://chromium.googlesource.com/chromium/tools/depot_tools.git"
+ "dir": "depot_tools"
+files:
+- "dzip.sh"
+- "binutils-linux32-utils.zip"
+- "binutils-linux64-utils.zip"
+- "gcc-linux32-utils.zip"
+- "gcc-linux64-utils.zip"
+- "webrtc.tar.gz"
+script: |
+ INSTDIR="$HOME/install"
+ export REFERENCE_DATETIME
+ export TZ=UTC
+ export LC_ALL=C
+ umask 0022
+ #
+ mkdir -p $OUTDIR/
+
+ # Config options for hardening-wrapper
+ export DEB_BUILD_HARDENING=1
+ export DEB_BUILD_HARDENING_STACKPROTECTOR=1
+ export DEB_BUILD_HARDENING_FORTIFY=1
+ export DEB_BUILD_HARDENING_FORMAT=1
+ export DEB_BUILD_HARDENING_PIE=1
+
+ # Preparing Binutils and GCC for webrtc
+ unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip
+ # Make sure gold is used with the hardening wrapper for full RELRO, see
+ # #13031.
+ cd $INSTDIR/binutils/bin
+ rm ld
+ cp /usr/bin/hardened-ld ./
+ mv ld.gold ld.gold.real
+ ln -sf hardened-ld ld.gold
+ ln -sf ld.gold ld
+ cd ~/build
+ unzip -d $INSTDIR gcc-linux$GBUILD_BITS-utils.zip
+ # Make sure we use the hardening wrapper when compiling Tor Browser.
+ cd $INSTDIR/gcc/bin
+ cp /usr/bin/hardened-cc ./
+ mv gcc gcc.real
+ mv c++ c++.real
+ ln -sf hardened-cc gcc
+ ln -sf hardened-cc c++
+ cd ~/build
+ export PATH=$INSTDIR/gcc/bin:$INSTDIR/binutils/bin:$PATH
+ ARCH=""
+ if [ $GBUILD_BITS == "64" ];
+ then
+ ARCH="64"
+ fi
+ # Make sure our GCC gets properly used.
+ export LD_LIBRARY_PATH=$INSTDIR/gcc/lib$ARCH
+
+ # Setting up depot_tools
+ # https://dev.chromium.org/developers/how-tos/install-depot-tools
+ export PATH="$PATH:$PWD/depot_tools"
+ # Disable automatic updating.
+ export DEPOT_TOOLS_UPDATE=0
+
+ # Building webrtc
+ tar xaf webrtc.tar.gz
+ cd webrtc/src
+ export GYP_CROSSCOMPILE=1
+ export GYP_DEFINES="OS=linux target_arch=$(if [ $GBUILD_BITS = 32 ]; then echo ia32; else echo x64; fi)"
+ # Do not use bundled utilities.
+ GYP_DEFINES+=" clang=0 host_clang=0 use_sysroot=0"
+ GYP_DEFINES+=" linux_use_bundled_gold=0 linux_use_gold_flags=0 linux_use_bundled_binutils=0"
+ # Avoid some dependencies. Some of these don't seem to work fully; for
+ # example even with use_alsa=0 we need libasound2-dev.
+ GYP_DEFINES+=" use_x11=0 use_gtk=0 use_gconf=0 use_alsa=0 use_pulseaudio=0 use_libpci=0 include_internal_audio_device=0 enabled_libjingle_device_manager=0"
+ # examples and tests also bring in dependencies.
+ GYP_DEFINES+=" include_examples=0 include_tests=0"
+ # embedded=1 is supposed to turn of various features; see
+ # https://bugs.chromium.org/p/chromium/issues/detail?id=318413.
+ GYP_DEFINES+=" embedded=1"
+ GYP_DEFINES+=" werror="
+ JAVA_HOME=/usr/lib/jvm/default-java webrtc/build/gyp_webrtc.py
+ ninja -C out/Release
+ # Run ninja once more, without include_tests=0, in order to build just the
+ # FakeAudioCaptureModule that go-webrtc uses.
+ GYP_DEFINES="$(echo "$GYP_DEFINES" | sed -e 's/include_tests=0//g')"
+ JAVA_HOME=/usr/lib/jvm/default-java webrtc/build/gyp_webrtc.py
+ ninja -C out/Release obj/webrtc/api/test/peerconnection_unittests.fakeaudiocapturemodule.o
+ # https://github.com/keroserene/go-webrtc/issues/23#issuecomment-175312648
+ # dump_syms_regtest.o is actually an executable, not an object file. If not
+ # excluded, it results in the error:
+ # libwebrtc-linux-386-magic.a(dump_syms_regtest.o): unsupported ELF file type 2
+ ar crs libwebrtc-magic.a $(find . -name '*.o' -not -name '*.main.o' -not -name 'dump_syms_regtest.o' | sort)
+ cd ../..
+
+ # Grabbing the result
+ cd $INSTDIR
+ mkdir -p webrtc/include webrtc/lib
+ cp -f $HOME/build/webrtc/src/libwebrtc-magic.a webrtc/lib/libwebrtc-linux-$(if [ $GBUILD_BITS = 32 ]; then echo 386; else echo amd64; fi)-magic.a
+ INCLUDE_DIR="$PWD/webrtc/include"
+ (cd $HOME/build/webrtc/src && for h in $(find talk/ webrtc/ -type f -name '*.h'); do
+ mkdir -p "$INCLUDE_DIR/$(dirname $h)"
+ cp -f "$h" "$INCLUDE_DIR/$h"
+ done)
+
+ ~/build/dzip.sh webrtc-linux$GBUILD_BITS-gbuilt.zip webrtc
+ cp webrtc-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index 65ebc11..01ec802 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -273,6 +273,7 @@ https-everywhere https://git.torproject.org/https-everywhere.git $HTTPSE_TA
torbutton https://git.torproject.org/torbutton.git $TORBUTTON_TAG
tor-launcher https://git.torproject.org/tor-launcher.git $TORLAUNCHER_TAG
tor-browser https://git.torproject.org/tor-browser.git $TORBROWSER_TAG
+libcxx https://github.com/llvm-mirror/libcxx $LIBCXX_TAG
mingw-w64-git http://git.code.sf.net/p/mingw-w64/mingw-w64 $MINGW_TAG
pyptlib https://git.torproject.org/pluggable-transports/pyptlib.git $PYPTLIB_TAG
obfsproxy https://git.torproject.org/pluggable-transports/obfsproxy.git $OBFSPROXY_TAG
@@ -290,6 +291,10 @@ goxnet https://go.googlesource.com/net $GO_X_NET_TAG
obfs4 https://git.torproject.org/pluggable-transports/obfs4.git $OBFS4_TAG
noto-fonts https://github.com/googlei18n/noto-fonts $NOTOFONTS_TAG
selfrando https://github.com/immunant/selfrando.git $SELFRANDO_TAG
+depot_tools https://chromium.googlesource.com/chromium/tools/depot_tools.git $DEPOT_TOOLS_TAG
+go-webrtc https://github.com/keroserene/go-webrtc $GO_WEBRTC_TAG
+snowflake https://git.torproject.org/pluggable-transports/snowflake.git $SNOWFLAKE_TAG
+uniuri https://github.com/dchest/uniuri $UNIURI_TAG
EOF
# HTTPS-Everywhere is special, too. We need to initialize the git submodules and
@@ -299,5 +304,28 @@ git submodule init
git submodule update
cd ..
+# WebRTC is special, having its own build system that brings in lots of Chromium dependencies.
+# https://webrtc.org/native-code/development/
+# depot_tools must have been downloaded before running this code.
+dir=webrtc
+PATH="$PATH:$PWD/depot_tools"
+# GYP_CROSSCOMPILE=1 and GYP_DEFINES="use_x11=0" prevent probing for certain dependencies.
+# Use --no-history because the whole checkout with history is about 12 GB.
+export GYP_CROSSCOMPILE=1
+export GYP_DEFINES="use_x11=0"
+mkdir -p "$dir"
+cd "$dir"
+if [ ! -d "src" ];
+then
+ # "fetch" is part of depot_tools.
+ fetch --nohooks --no-history webrtc
+fi
+# "gclient" is part of depot_tools. This download takes a long time the first time.
+# JAVA_HOME is needed in a hook for libjingle. The readlink line tries to find the current JRE.
+# default-java comes from the package default-jdk-headless.
+JAVA_HOME=/usr/lib/jvm/default-java gclient sync --with_branch_heads --no-history -r $WEBRTC_TAG
+cd ..
+tar --exclude .git -czf webrtc.tar.gz webrtc
+
exit 0
diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh
index 48aac24..e5be697 100755
--- a/gitian/mkbundle-linux.sh
+++ b/gitian/mkbundle-linux.sh
@@ -108,7 +108,7 @@ if [ ! -f inputs/binutils-$BINUTILS_VER-linux64-utils.zip -o \
! -f inputs/self-rando-utils.zip ];
then
echo
- echo "****** Starting Utilities Component of Linux Bundle (1/5 for Linux) ******"
+ echo "****** Starting Utilities Component of Linux Bundle (1/6 for Linux) ******"
echo
./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libevent=$LIBEVENT_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-utils.yml
@@ -129,7 +129,7 @@ then
#cp -a result/utils-linux-res.yml inputs/
else
echo
- echo "****** SKIPPING already built Utilities Component of Linux Bundle (1/5 for Linux) ******"
+ echo "****** SKIPPING already built Utilities Component of Linux Bundle (1/6 for Linux) ******"
echo
# We might have built the utilities in the past but maybe the links are
# pointing to the wrong version. Refresh them.
@@ -145,7 +145,7 @@ fi
if [ ! -f inputs/tor-linux64-gbuilt.zip ];
then
echo
- echo "****** Starting Tor Component of Linux Bundle (2/5 for Linux) ******"
+ echo "****** Starting Tor Component of Linux Bundle (2/6 for Linux) ******"
echo
./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor=$TOR_TAG $DESCRIPTOR_DIR/linux/gitian-tor.yml
@@ -160,14 +160,14 @@ then
#cp -a result/tor-linux-res.yml inputs/
else
echo
- echo "****** SKIPPING already built Tor Component of Linux Bundle (2/5 for Linux) ******"
+ echo "****** SKIPPING already built Tor Component of Linux Bundle (2/6 for Linux) ******"
echo
fi
if [ ! -f inputs/tor-browser-linux64-gbuilt.zip ];
then
echo
- echo "****** Starting TorBrowser Component of Linux Bundle (3/5 for Linux) ******"
+ echo "****** Starting TorBrowser Component of Linux Bundle (3/6 for Linux) ******"
echo
./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor-browser=$TORBROWSER_TAG,faketime=$FAKETIME_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-firefox.yml
@@ -183,17 +183,39 @@ then
#cp -a result/torbrowser-linux-res.yml inputs/
else
echo
- echo "****** SKIPPING already built TorBrowser Component of Linux Bundle (3/5 for Linux) ******"
+ echo "****** SKIPPING already built TorBrowser Component of Linux Bundle (3/6 for Linux) ******"
+ echo
+fi
+
+if [ ! -f inputs/webrtc-linux32-gbuilt.zip -o \
+ ! -f inputs/webrtc-linux64-gbuilt.zip ];
+then
+ echo
+ echo "****** Starting WebRTC Component of Linux Bundle (4/6 for Linux) ******"
+ echo
+
+ ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit depot_tools=$DEPOT_TOOLS_TAG $DESCRIPTOR_DIR/linux/gitian-webrtc.yml
+ if [ $? -ne 0 ];
+ then
+ #mv var/build.log ./webrtc-fail-linux.log.`date +%Y%m%d%H%M%S`
+ exit 1
+ fi
+
+ cp -a build/out/webrtc-linux*-gbuilt.zip inputs/
+ #cp -a result/webrtc-linux-res.yml inputs/
+else
+ echo
+ echo "****** SKIPPING already built WebRTC Component of Linux Bundle (4/6 for Linux) ******"
echo
fi
if [ ! -f inputs/pluggable-transports-linux64-gbuilt.zip ];
then
echo
- echo "****** Starting Pluggable Transports Component of Linux Bundle (4/5 for Linux) ******"
+ echo "****** Starting Pluggable Transports Component of Linux Bundle (5/6 for Linux) ******"
echo
- ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG,ed25519=$GOED25519_TAG,siphash=$GOSIPHASH_TAG,goxcrypto=$GO_X_CRYPTO_TAG,goxnet=$GO_X_NET_TAG,obfs4=$OBFS4_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml
+ ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG,ed25519=$GOED25519_TAG,siphash=$GOSIPHASH_TAG,goxcrypto=$GO_X_CRYPTO_TAG,goxnet=$GO_X_NET_TAG,obfs4=$OBFS4_TAG,go-webrtc=$GO_WEBRTC_TAG,snowflake=$SNOWFLAKE_TAG,uniuri=$UNIURI_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml
if [ $? -ne 0 ];
then
#mv var/build.log ./pluggable-transports-fail-linux.log.`date +%Y%m%d%H%M%S`
@@ -204,14 +226,14 @@ then
#cp -a result/pluggable-transports-linux-res.yml inputs/
else
echo
- echo "****** SKIPPING already built Pluggable Transports Component of Linux Bundle (4/5 for Linux) ******"
+ echo "****** SKIPPING already built Pluggable Transports Component of Linux Bundle (5/6 for Linux) ******"
echo
fi
if [ ! -f inputs/bundle-linux.gbuilt ];
then
echo
- echo "****** Starting Bundling+Localization of Linux Bundle (5/5 for Linux) ******"
+ echo "****** Starting Bundling+Localization of Linux Bundle (6/6 for Linux) ******"
echo
cd $WRAPPER_DIR && ./record-inputs.sh $VERSIONS_FILE && cd $GITIAN_DIR
@@ -231,7 +253,7 @@ then
touch inputs/bundle-linux.gbuilt
else
echo
- echo "****** SKIPPING already built Bundling+Localization of Linux Bundle (5/5 for Linux) ******"
+ echo "****** SKIPPING already built Bundling+Localization of Linux Bundle (6/6 for Linux) ******"
echo
fi
diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh
index b7c45c4..575901b 100755
--- a/gitian/verify-tags.sh
+++ b/gitian/verify-tags.sh
@@ -108,6 +108,7 @@ EOF
while read dir commit; do
check_git_hash "$dir" "$commit"
done << EOF
+libcxx $LIBCXX_TAG
mingw-w64-git $MINGW_TAG
libdmg-hfsplus $LIBDMG_TAG
libfte $LIBFTE_TAG
@@ -120,6 +121,10 @@ goxcrypto $GO_X_CRYPTO_TAG
goxnet $GO_X_NET_TAG
noto-fonts $NOTOFONTS_TAG
selfrando $SELFRANDO_TAG
+depot_tools $DEPOT_TOOLS_TAG
+go-webrtc $GO_WEBRTC_TAG
+snowflake $SNOWFLAKE_TAG
+uniuri $UNIURI_TAG
EOF
# Verify signatures on signed packages
@@ -152,6 +157,7 @@ do
fi
done
+# webrtc? Its fetch brings in sources from many repos.
cd "$INPUTS_DIR"
verify_git "." "$WRAPPER_DIR/gpg/torbutton.gpg" "$GITIAN_TAG"
diff --git a/gitian/versions b/gitian/versions
index 3b84b63..1b88910 100755
--- a/gitian/versions
+++ b/gitian/versions
@@ -19,8 +19,12 @@ TORBUTTON_TAG=1.9.3.2
HTTPSE_TAG=5.1.0
NSIS_TAG=v0.3
ZLIB_TAG=v1.2.8
-LIBEVENT_TAG=release-2.0.21-stable
-MINGW_TAG=a883b47a45ff74ced41dfbd9f748d5c2c61f3c01 # due to bug 1156131
+LIBEVENT_TAG=release-2.0.22-stable
+CMAKE_TAG=v2.8.12.2
+LLVM_TAG=8f188e0ea735ac9383a65a0d1c846eb790c2ec74 # r247539
+CLANG_TAG=592b43b609b42cffd1531a700c140e10766bf049 # r247539
+LIBCXX_TAG=af9a44f256be54de6874d1eefd1d282d0671c0cf # r247539
+MINGW_TAG=a0cd5afeb60be3be0860e9a203314c10485bb9b8
PYPTLIB_TAG=pyptlib-0.0.6
OBFSPROXY_TAG=obfsproxy-0.2.12
FLASHPROXY_TAG=1.6
@@ -37,6 +41,11 @@ GO_X_CRYPTO_TAG=4ed45ec682102c643324fae5dff8dab085b6c300
GO_X_NET_TAG=7dbad50ab5b31073856416cdcfeb2796d682f844
OBFS4_TAG=obfs4proxy-0.0.5
NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2
+DEPOT_TOOLS_TAG=28216cd14b44716db5c83634afbdc6e90492652b
+WEBRTC_TAG=f33698296719f956497d2dbff81b5080864a8804 # https://chromium.googlesource.com/external/webrtc.git/+/refs/branch-heads/52
+GO_WEBRTC_TAG=69c5ca70533142494d145b43ef2f46ca94715557
+SNOWFLAKE_TAG=6cecd31fd896eb26e64ad8bab8a9ea510ec3b21d
+UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a
GITIAN_TAG=tor-browser-builder-3.x-8
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index f553468..d9ce0cb 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -29,6 +29,7 @@ LIBEVENT_TAG=release-2.0.22-stable
CMAKE_TAG=v2.8.12.2
LLVM_TAG=8f188e0ea735ac9383a65a0d1c846eb790c2ec74 # r247539
CLANG_TAG=592b43b609b42cffd1531a700c140e10766bf049 # r247539
+LIBCXX_TAG=af9a44f256be54de6874d1eefd1d282d0671c0cf # r247539
MINGW_TAG=a0cd5afeb60be3be0860e9a203314c10485bb9b8
PYPTLIB_TAG=pyptlib-0.0.6
OBFSPROXY_TAG=obfsproxy-0.2.12
@@ -46,6 +47,11 @@ GO_X_NET_TAG=7dbad50ab5b31073856416cdcfeb2796d682f844
OBFS4_TAG=obfs4proxy-0.0.5
NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2
SELFRANDO_TAG=44ac0df8c0e8eb291f2d913e2dd147000bf54863
+DEPOT_TOOLS_TAG=28216cd14b44716db5c83634afbdc6e90492652b
+WEBRTC_TAG=f33698296719f956497d2dbff81b5080864a8804 # https://chromium.googlesource.com/external/webrtc.git/+/refs/branch-heads/52
+GO_WEBRTC_TAG=69c5ca70533142494d145b43ef2f46ca94715557
+SNOWFLAKE_TAG=6cecd31fd896eb26e64ad8bab8a9ea510ec3b21d
+UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a
GITIAN_TAG=tor-browser-builder-4-1
diff --git a/gitian/versions.beta b/gitian/versions.beta
index 2bcde03..a9c988e 100755
--- a/gitian/versions.beta
+++ b/gitian/versions.beta
@@ -30,6 +30,11 @@ TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0
GOPTLIB_TAG=0.2
MEEK_TAG=0.25
NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2
+DEPOT_TOOLS_TAG=28216cd14b44716db5c83634afbdc6e90492652b
+WEBRTC_TAG=f33698296719f956497d2dbff81b5080864a8804 # https://chromium.googlesource.com/external/webrtc.git/+/refs/branch-heads/52
+GO_WEBRTC_TAG=69c5ca70533142494d145b43ef2f46ca94715557
+SNOWFLAKE_TAG=6cecd31fd896eb26e64ad8bab8a9ea510ec3b21d
+UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a
GITIAN_TAG=tor-browser-builder-3.x-6
diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index d606efc..ad3f017 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -32,6 +32,7 @@ LIBEVENT_TAG=release-2.0.22-stable
CMAKE_TAG=v2.8.12.2
LLVM_TAG=8f188e0ea735ac9383a65a0d1c846eb790c2ec74 # r247539
CLANG_TAG=592b43b609b42cffd1531a700c140e10766bf049 # r247539
+LIBCXX_TAG=af9a44f256be54de6874d1eefd1d282d0671c0cf # r247539
MINGW_TAG=a0cd5afeb60be3be0860e9a203314c10485bb9b8
PYPTLIB_TAG=master
OBFSPROXY_TAG=master
@@ -49,6 +50,11 @@ GO_X_NET_TAG=master
OBFS4_TAG=master
NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2
SELFRANDO_TAG=44ac0df8c0e8eb291f2d913e2dd147000bf54863
+DEPOT_TOOLS_TAG=master
+WEBRTC_TAG=f33698296719f956497d2dbff81b5080864a8804 # https://chromium.googlesource.com/external/webrtc.git/+/refs/branch-heads/52
+GO_WEBRTC_TAG=master
+SNOWFLAKE_TAG=master
+UNIURI_TAG=master
GITIAN_TAG=tor-browser-builder-4
More information about the tbb-commits
mailing list