[tor-commits] [tor-browser-bundle/maint-5.0] Bug 16909: Adapt to HTTPS-Everyhwere build changes

gk at torproject.org gk at torproject.org
Thu Dec 10 10:23:26 UTC 2015


commit c05a7a15155304ede2dbb16cc63f9696ddb8fcd5
Author: Georg Koppen <gk at torproject.org>
Date:   Tue Sep 8 15:18:17 2015 +0000

    Bug 16909: Adapt to HTTPS-Everyhwere build changes
    
    There are two changes that got made recently:
    1) The extension ID got renamed due to conflicts on the AMO dashboard
       with the version hosted by Mozilla.
    2) Translations moved to an own git submodule.
    
    The first change is unproblematic. For the second one, however, we need
    to bump the mininmum Ubuntu version for the host operating system to
    14.04. We want to initialize and update the submodules right while we
    are fetching the inputs and not during build time to be not dependent
    on network access during the bundling step. This fails on Ubuntu 12.04
    due to an old git version (1.7.9.5) that uses abolute paths to locate
    submodules. As this path is not available on the build VM the build
    breaks. This does not affect Debian Wheezy (which ships with
    git 1.7.10.4) nor any later Debian version.
    
    In order to make this change obvious for 12.04 users we include an
    Ubuntu version check in check-prerequisites.sh.
    
    Additionally, we cleaned the bundling descriptors up to implement a
    proper solution for #10066 instead of working around that bug.
---
 gitian/README.build                          |    2 +-
 gitian/check-prerequisites.sh                |   25 ++++++++++++++++---------
 gitian/descriptors/linux/gitian-bundle.yml   |   18 ++++++++++++------
 gitian/descriptors/mac/gitian-bundle.yml     |   18 ++++++++++++------
 gitian/descriptors/windows/gitian-bundle.yml |   18 ++++++++++++------
 gitian/fetch-inputs.sh                       |    9 ++++++++-
 gitian/versions.alpha                        |    2 +-
 gitian/versions.beta                         |    2 +-
 8 files changed, 63 insertions(+), 31 deletions(-)

diff --git a/gitian/README.build b/gitian/README.build
index 656dddd..f289791 100644
--- a/gitian/README.build
+++ b/gitian/README.build
@@ -1,6 +1,6 @@
 QuickStart:
 
- On an Ubuntu 12.04+/Debian Wheezy+ machine or VM, run:
+ On an Ubuntu 14.04+/Debian Wheezy+ machine or VM, run:
 
  $ make
 
diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh
index 8518ffe..bd027a3 100755
--- a/gitian/check-prerequisites.sh
+++ b/gitian/check-prerequisites.sh
@@ -6,7 +6,7 @@ if [ ! -f /etc/debian_version ];
 then
   echo "Gitian is dependent upon the Ubuntu Virtualization Tools."
   echo
-  echo "You need to run Ubuntu 12.04 LTS/Debian Wheezy or newer."
+  echo "You need to run Ubuntu 14.04 LTS/Debian Wheezy or newer."
   exit 1
 fi
 
@@ -14,15 +14,22 @@ DISTRO=`cat /etc/issue | grep -Eo 'Ubuntu|Debian*'`
 
 if [ $DISTRO = "Ubuntu" ];
 then
-  dpkg -s ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null
-
-  if [ $? -ne 0 ];
+  VERSION=`cat /etc/issue | grep -Eo '[0-9]{2}' | head -1`
+  if [ "$VERSION" -ge "14" ];
   then
-    echo "You are missing one or more Gitian build tool dependencies."
-    echo
-    echo "Please run:"
-    echo " sudo apt-get install torsocks tor"
-    echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion"
+    dpkg -s ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null
+
+    if [ $? -ne 0 ];
+    then
+      echo "You are missing one or more Gitian build tool dependencies."
+      echo
+      echo "Please run:"
+      echo " sudo apt-get install torsocks tor"
+      echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion"
+      exit 1
+    fi
+  else
+    echo "Your Ubuntu is too old. You need Ubuntu 14.04 LTS or newer to build Tor Browser with Gitian."
     exit 1
   fi
 elif [ $DISTRO = "Debian" ];
diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml
index d3774cd..4767623 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -63,7 +63,7 @@ script: |
   umask 0022
   #
   mkdir -p $OUTDIR/
-  mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere at eff.org
+  mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff at eff.org
   mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions
   mkdir -p tor-browser/Browser/TorBrowser/Data/Browser/Caches
   mkdir -p tor-browser/Browser/TorBrowser/Docs/sources/
@@ -97,10 +97,16 @@ script: |
   cd ../../../
   #
   cd https-everywhere
-  # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
-  # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
-  rm -f .git/refs/heads/master
-  ./makexpi.sh
+  # We are invoking the build script with a particular tag to avoid #10066. This
+  # does not work for nightlies as there is no "master" tag in that sense. But
+  # we don't need to care about that as we don't need reproducibility for
+  # nightly builds.
+  if [ $HTTPSE_TAG != "master" ];
+  then
+    ./makexpi.sh $HTTPSE_TAG
+  else
+    ./makexpi.sh
+  fi
   # Since 5.0.2 a .xpi for AMO is built, too. We don't need it.
   rm ./pkg/*-amo.xpi
   cp pkg/*.xpi ../tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere at eff.org.xpi
@@ -109,7 +115,7 @@ script: |
   cp *.xpi tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions/
   cd tor-browser/Browser/TorBrowser/Data/Browser/profile.default/extensions
   mv noscript at noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
-  cd https-everywhere at eff.org/
+  cd https-everywhere-eff at eff.org/
   unzip ../https-everywhere at eff.org.xpi
   rm ../https-everywhere at eff.org.xpi
   cd ~/build
diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml
index be404ce..bfe9899 100644
--- a/gitian/descriptors/mac/gitian-bundle.yml
+++ b/gitian/descriptors/mac/gitian-bundle.yml
@@ -72,7 +72,7 @@ script: |
   MARTOOLS=~/build/mar-tools
   #
   mkdir -p $OUTDIR/
-  mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere at eff.org
+  mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff at eff.org
   mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.meek-http-helper/extensions
   mkdir -p $TORBROWSER_NAME.app/TorBrowser/Data/Browser/Caches
   mkdir -p $TORBROWSER_NAME.app/TorBrowser/Docs/sources
@@ -100,10 +100,16 @@ script: |
   cd ../../../
   #
   cd https-everywhere
-  # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
-  # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
-  rm -f .git/refs/heads/master
-  ./makexpi.sh
+   # We are invoking the build script with a particular tag to avoid #10066. This
+  # does not work for nightlies as there is no "master" tag in that sense. But
+  # we don't need to care about that as we don't need reproducibility for
+  # nightly builds.
+  if [ $HTTPSE_TAG != "master" ];
+  then
+    ./makexpi.sh $HTTPSE_TAG
+  else
+    ./makexpi.sh
+  fi
   # Since 5.0.2 a .xpi for AMO is built, too. We don't need it.
   rm ./pkg/*-amo.xpi
   cp pkg/*.xpi ../$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere at eff.org.xpi
@@ -112,7 +118,7 @@ script: |
   cp *.xpi ./$TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/
   cd $TORBROWSER_NAME.app/TorBrowser/Data/Browser/profile.default/extensions/
   mv noscript at noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
-  cd https-everywhere at eff.org
+  cd https-everywhere-eff at eff.org
   unzip ../https-everywhere at eff.org.xpi
   rm ../https-everywhere at eff.org.xpi
   cd ~/build/
diff --git a/gitian/descriptors/windows/gitian-bundle.yml b/gitian/descriptors/windows/gitian-bundle.yml
index 2fe0c2f..3ab73c3 100644
--- a/gitian/descriptors/windows/gitian-bundle.yml
+++ b/gitian/descriptors/windows/gitian-bundle.yml
@@ -63,7 +63,7 @@ script: |
   MARTOOLS=~/build/mar-tools
   #
   mkdir -p $OUTDIR/
-  mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere at eff.org
+  mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff at eff.org
   mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.meek-http-helper/extensions
   mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/Caches
   mkdir -p tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Docs/sources
@@ -88,10 +88,16 @@ script: |
   cd ../../../
   #
   cd https-everywhere
-  # XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
-  # makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
-  rm -f .git/refs/heads/master
-  ./makexpi.sh
+  # We are invoking the build script with a particular tag to avoid #10066. This
+  # does not work for nightlies as there is no "master" tag in that sense. But
+  # we don't need to care about that as we don't need reproducibility for
+  # nightly builds.
+  if [ $HTTPSE_TAG != "master" ];
+  then
+    ./makexpi.sh $HTTPSE_TAG
+  else
+    ./makexpi.sh
+  fi
   # Since 5.0.2 a .xpi for AMO is built, too. We don't need it.
   rm ./pkg/*-amo.xpi
   cp ./pkg/*.xpi ../tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere at eff.org.xpi
@@ -100,7 +106,7 @@ script: |
   cp *.xpi tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions
   cd tbb-windows-installer/"Tor Browser"/Browser/TorBrowser/Data/Browser/profile.default/extensions
   mv noscript at noscript.net.xpi {73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
-  cd https-everywhere at eff.org
+  cd https-everywhere-eff at eff.org
   unzip ../https-everywhere at eff.org.xpi
   rm ../https-everywhere at eff.org.xpi
   cd ~/build/
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index 2a5bd16..b00cabd 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -162,7 +162,7 @@ do
   get "${!PACKAGE}" "${!URL}"
 done
 
-# NoScript and HTTPS-Everywhere are magikal and special:
+# NoScript is magikal and special:
 wget -U "" -N ${NOSCRIPT_URL}
 
 # Verify packages with weak or no signatures via direct sha256 check
@@ -260,5 +260,12 @@ goxnet                https://go.googlesource.com/net  $GO_X_NET_TAG
 obfs4                 https://git.torproject.org/pluggable-transports/obfs4.git $OBFS4_TAG
 EOF
 
+# HTTPS-Everywhere is special, too. We need to initialize the git submodules and
+# update them here. Otherwise it would happen during the build.
+cd https-everywhere
+git submodule init
+git submodule update
+cd ..
+
 exit 0
 
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index a0d64c7..0889489 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -12,7 +12,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-5.5-1-build1
 TOR_TAG=tor-0.2.7.2-alpha
 TORLAUNCHER_TAG=0.2.7.7
 TORBUTTON_TAG=1.9.3.3
-HTTPSE_TAG=5.0.7
+HTTPSE_TAG=5.1.0
 NSIS_TAG=v0.3
 ZLIB_TAG=v1.2.8
 LIBEVENT_TAG=release-2.0.21-stable
diff --git a/gitian/versions.beta b/gitian/versions.beta
index d743c89..b666ee6 100755
--- a/gitian/versions.beta
+++ b/gitian/versions.beta
@@ -12,7 +12,7 @@ TORBROWSER_TAG=tor-browser-${FIREFOX_VERSION}-1-build4
 TOR_TAG=tor-0.2.4.21
 TORLAUNCHER_TAG=0.2.5.4
 TORBUTTON_TAG=1.6.9.0
-HTTPSE_TAG=5.0.2
+HTTPSE_TAG=5.1.0
 NSIS_TAG=v0.1
 ZLIB_TAG=v1.2.8
 LIBEVENT_TAG=release-2.0.21-stable





More information about the tor-commits mailing list