[tor-commits] [tor-browser-bundle/master] Bug 4261: Make uncompressed DMG creation reproducible.
mikeperry at torproject.org
mikeperry at torproject.org
Fri Mar 7 07:24:17 UTC 2014
commit 82f061f118519c318ddf0aaa7dc4fcbd8290536e
Author: Mike Perry <mikeperry-git at torproject.org>
Date: Sun Mar 2 14:21:30 2014 -0800
Bug 4261: Make uncompressed DMG creation reproducible.
genisoimage was non-deterministic, and libdmg was using unitialized memory in
a stack struct.
---
gitian/build-helpers/ddmg.sh | 25 +++++++------------
gitian/descriptors/mac/gitian-bundle.yml | 6 +++++
gitian/patches/libdmg.patch | 39 ++++++++++++++++++++++++++++++
3 files changed, 54 insertions(+), 16 deletions(-)
diff --git a/gitian/build-helpers/ddmg.sh b/gitian/build-helpers/ddmg.sh
index f9f54da..468d6be 100755
--- a/gitian/build-helpers/ddmg.sh
+++ b/gitian/build-helpers/ddmg.sh
@@ -5,24 +5,17 @@ export LC_ALL=C
DMGFILE=$1
shift
-# Attempt to normalize inode ordering..
-# XXX: the genisoimage -path-list argument seems broken
-mkdir -p ~/build/tmp/dmg
+find $@ -executable -exec chmod 700 {} \;
+find $@ ! -executable -exec chmod 600 {} \;
+
cd $@
-for i in `find . | sort`
-do
- if [ -d $i ];
- then
- mkdir -p ~/build/tmp/dmg/$i
- else
- cp --parents -d --preserve=all $i ~/build/tmp/dmg/
- fi
-done
+find . -type f | sed -e 's/^\.\///' | sort | xargs -i echo "{}={}" > ~/build/filelist.txt
+find . -type l | sed -e 's/^\.\///' | sort | xargs -i echo "{}={}" >> ~/build/filelist.txt
+
+mkisofs -D -V "Tor Browser" -no-pad -R -apple -o ~/build/tbb-uncompressed.dmg -path-list ~/build/filelist.txt -graft-points -dir-mode 0700 -new-dir-mode 0700
-find ~/build/tmp/dmg -executable -exec chmod 700 {} \;
-find ~/build/tmp/dmg ! -executable -exec chmod 600 {} \;
+cd ~/build
-genisoimage -D -V "Tor Browser" -no-pad -R -apple -o tbb-uncompressed.dmg ~/build/tmp/dmg/
~/build/libdmg-hfsplus/dmg/dmg dmg tbb-uncompressed.dmg $DMGFILE
rm tbb-uncompressed.dmg
-rm -rf ~/build/tmp/dmg/
+rm ~/build/filelist.txt
diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml
index 63c0a96..55a6777 100644
--- a/gitian/descriptors/mac/gitian-bundle.yml
+++ b/gitian/descriptors/mac/gitian-bundle.yml
@@ -41,6 +41,7 @@ files:
- "noscript at noscript.net.xpi"
- "dzip.sh"
- "ddmg.sh"
+- "libdmg.patch"
- "bare-version"
- "bundle.inputs"
- "versions"
@@ -141,6 +142,7 @@ script: |
#
# Set up DMG skeleton
cd libdmg-hfsplus
+ git am ~/build/libdmg.patch
cmake CMakeLists.txt
cd dmg
make
@@ -162,6 +164,10 @@ script: |
~/build/dzip.sh $OUTDIR/TorBrowserBundle-${TORBROWSER_VERSION}-osx${GBUILD_BITS}_en-US.zip ${TORBROWSER_NAME}_en-US.app
rm -rf ~/build/${TORBROWSER_NAME}_en-US.app
else
+ # XXX: We need to insert these placeholders because otherwise mkisofs won't
+ # include these otherwise empty dirs:
+ touch ~/build/$TORBROWSER_NAME.app/Data/Browser/Caches/placeholder.txt
+ touch ~/build/$TORBROWSER_NAME.app/Contents/MacOS/TorBrowser.app/Contents/MacOS/browser/defaults/preferences/placeholder.txt
cp -a ~/build/$TORBROWSER_NAME.app ~/build/dmg/$TORBROWSER_APP.app
~/build/ddmg.sh $OUTDIR/TorBrowser-${TORBROWSER_VERSION}-osx${GBUILD_BITS}_en-US.dmg ~/build/dmg
rm -rf ~/build/dmg/$TORBROWSER_APP.app
diff --git a/gitian/patches/libdmg.patch b/gitian/patches/libdmg.patch
new file mode 100644
index 0000000..a84ac3e
--- /dev/null
+++ b/gitian/patches/libdmg.patch
@@ -0,0 +1,39 @@
+From d1a5eca891f32103ccda80ee75e158dfc7ece70d Mon Sep 17 00:00:00 2001
+From: Mike Perry <mikeperry-git at torproject.org>
+Date: Thu, 6 Mar 2014 19:47:05 -0800
+Subject: [PATCH] Memset a UDIF header to ensure archive reproducibility.
+
+Some of the struct padding and fields contained unitialized memory, which
+caused two successive invocations to produce archives that differed in some
+bytes.
+---
+ dmg/dmglib.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/dmg/dmglib.c b/dmg/dmglib.c
+index f481b1f..b74e50b 100644
+--- a/dmg/dmglib.c
++++ b/dmg/dmglib.c
+@@ -108,7 +108,8 @@ int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut) {
+ ChecksumToken dataForkToken;
+
+ UDIFResourceFile koly;
+-
++ memset(&koly, 0, sizeof(koly));
++
+ off_t plistOffset;
+ uint32_t plistSize;
+ uint32_t dataForkChecksum;
+@@ -284,7 +285,8 @@ int convertToDMG(AbstractFile* abstractIn, AbstractFile* abstractOut) {
+ uint64_t numSectors;
+
+ UDIFResourceFile koly;
+-
++ memset(&koly, 0, sizeof(koly));
++
+ char partitionName[512];
+
+ off_t fileLength;
+--
+1.8.1.2
+
More information about the tor-commits
mailing list