[tor-commits] [tor-browser-bundle/hardened-builds] Bug 20660: use mar-tools from the release's directory
gk at torproject.org
gk at torproject.org
Tue Dec 6 15:18:23 UTC 2016
commit 1a8db0805c7532a3be2b8d524fe50956f7709d64
Author: Nicolas Vigier <boklm at torproject.org>
Date: Tue Dec 6 16:00:10 2016 +0100
Bug 20660: use mar-tools from the release's directory
---
gitian/check-prerequisites.sh | 2 +-
tools/update-responses/README.md | 12 ++++------
tools/update-responses/update_responses | 41 +++++++++++++++++++++------------
3 files changed, 32 insertions(+), 23 deletions(-)
diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh
index 6b88a90..858fd4d 100755
--- a/gitian/check-prerequisites.sh
+++ b/gitian/check-prerequisites.sh
@@ -68,7 +68,7 @@ then
exit 1
fi
-update_responses_pkg="libyaml-perl libfile-slurp-perl libxml-writer-perl libio-captureoutput-perl libfile-which-perl libparallel-forkmanager-perl libxml-libxml-perl libwww-perl libjson-perl"
+update_responses_pkg="libyaml-perl libfile-slurp-perl libxml-writer-perl libio-captureoutput-perl libparallel-forkmanager-perl libxml-libxml-perl libwww-perl libjson-perl"
missing_pkg=''
for pkg in $update_responses_pkg
do
diff --git a/tools/update-responses/README.md b/tools/update-responses/README.md
index 5440b0d..5209ed5 100644
--- a/tools/update-responses/README.md
+++ b/tools/update-responses/README.md
@@ -13,25 +13,23 @@ Dependencies
The following perl modules need to be installed to run the script:
FindBin YAML File::Slurp Digest::SHA XML::Writer File::Temp
- IO::CaptureOutput File::Which Parallel::ForkManager XML::LibXML
- LWP JSON
+ IO::CaptureOutput Parallel::ForkManager XML::LibXML LWP JSON
On Debian / Ubuntu you can install them with:
```
# apt-get install libfindbin-libs-perl libyaml-perl libfile-slurp-perl \
libdigest-sha-perl libxml-writer-perl \
- libio-captureoutput-perl libfile-which-perl \
- libparallel-forkmanager-perl libxml-libxml-perl \
- libwww-perl libjson-perl
+ libio-captureoutput-perl libparallel-forkmanager-perl \
+ libxml-libxml-perl libwww-perl libjson-perl
```
On Red Hat / Fedora you can install them with:
```
# for module in FindBin YAML File::Slurp Digest::SHA XML::Writer \
- File::Temp IO::CaptureOutput File::Which \
- Parallel::ForkManager XML::LibXML LWP JSON
+ File::Temp IO::CaptureOutput Parallel::ForkManager \
+ XML::LibXML LWP JSON
do yum install "perl($module)"; done
```
diff --git a/tools/update-responses/update_responses b/tools/update-responses/update_responses
index 1064a01..c776c7f 100755
--- a/tools/update-responses/update_responses
+++ b/tools/update-responses/update_responses
@@ -12,7 +12,6 @@ use Cwd;
use File::Copy;
use File::Temp;
use File::Find;
-use File::Which;
use POSIX qw(setlocale LC_ALL);
use IO::CaptureOutput qw(capture_exec);
use Parallel::ForkManager;
@@ -33,6 +32,8 @@ my %htdocsfiles;
my $releases_dir = $config->{releases_dir};
$releases_dir = "$FindBin::Bin/$releases_dir" unless $releases_dir =~ m/^\//;
my @check_errors;
+my $initPATH = $ENV{PATH};
+my $initLD_LIBRARY_PATH = $ENV{LD_LIBRARY_PATH};
sub exit_error {
print STDERR "Error: ", $_[0], "\n";
@@ -243,6 +244,7 @@ sub channel_to_version {
sub get_buildinfos {
my ($config, $version) = @_;
return if exists $config->{versions}{$version}{buildID};
+ extract_martools($version);
my $files = $config->{versions}{$version}{files};
foreach my $os (keys %$files) {
foreach my $lang (keys %{$files->{$os}}) {
@@ -378,12 +380,6 @@ sub write_downloads_json {
}
}
-sub check_deps {
- foreach my $bin (qw(bunzip2 mar mbsdiff make_incremental_update.sh)) {
- exit_error "Cannot find $bin in PATH" unless which($bin);
- }
-}
-
sub osname {
my ($osname) = capture_exec('uname', '-s');
my ($arch) = capture_exec('uname', '-m');
@@ -399,17 +395,18 @@ sub osname {
my $martools_tmpdir;
sub extract_martools {
+ my ($version) = @_;
my $osname = osname;
- my $marzip = "$FindBin::Bin/../../../gitian-builder/inputs/mar-tools-$osname.zip";
+ my $marzip = "$releases_dir/$version/mar-tools-$osname.zip";
$martools_tmpdir = File::Temp->newdir();
my $old_cwd = getcwd;
chdir $martools_tmpdir;
my (undef, undef, $success) = capture_exec('unzip', $marzip);
chdir $old_cwd;
exit_error "Error extracting $marzip" unless $success;
- $ENV{PATH} .= ":$martools_tmpdir/mar-tools";
- if ($ENV{LD_LIBRARY_PATH}) {
- $ENV{LD_LIBRARY_PATH} .= ":$martools_tmpdir/mar-tools";
+ $ENV{PATH} = "$martools_tmpdir/mar-tools:$initPATH";
+ if ($initLD_LIBRARY_PATH) {
+ $ENV{LD_LIBRARY_PATH} = "$initLD_LIBRARY_PATH:$martools_tmpdir/mar-tools";
} else {
$ENV{LD_LIBRARY_PATH} = "$martools_tmpdir/mar-tools";
}
@@ -519,6 +516,23 @@ sub download_version {
move "$tmpdir/sha256sums-unsigned-build.txt", "$destdir/sha256sums-unsigned-build.txt";
my %sums = map { chomp; reverse split ' ', $_ }
read_file "$destdir/sha256sums-unsigned-build.txt";
+
+ my $martools = 'mar-tools-' . osname . '.zip';
+ exit_error "Error downloading $urldir/$martools\n"
+ unless getstore("$urldir/$martools", "$tmpdir/$martools") == 200;
+ exit_error "Error downloading $urldir/$martools.asc\n"
+ unless getstore("$urldir/$martools.asc", "$tmpdir/$martools.asc") == 200;
+ if (system('gpg', '--no-default-keyring', '--keyring',
+ "$FindBin::Bin/$config->{download}{gpg_keyring}", '--verify',
+ "$tmpdir/$martools.asc", "$tmpdir/$martools")) {
+ exit_error "Error checking gpg signature for $version/$martools";
+ }
+ exit_error "Wrong checksum for $version/$martools"
+ unless $sums{$martools} eq sha256_hex(read_file("$tmpdir/$martools"));
+ move "$tmpdir/$martools", "$destdir/$martools";
+ move "$tmpdir/$martools.asc", "$destdir/$martools.asc";
+ extract_martools($version);
+
foreach my $file (sort grep { $_ =~ m/\.mar$/ } keys %sums) {
print "Downloading $file\n";
exit_error "Error downloading $urldir/$file\n"
@@ -580,7 +594,6 @@ my %actions = (
unless $config->{channels}{$channel};
$htdocsfiles{$channel} = { '.' => 1, '..' => 1 };
}
- extract_martools;
write_responses($config, @channels);
write_htaccess($config, @channels);
write_downloads_json($config, @channels);
@@ -588,9 +601,8 @@ my %actions = (
},
gen_incrementals => sub {
my ($config) = @_;
- extract_martools;
- check_deps;
foreach my $version (channel_to_version($config, @ARGV)) {
+ extract_martools($version);
get_version_files($config, $version);
create_incremental_mars_for_version($config, $version);
}
@@ -598,7 +610,6 @@ my %actions = (
download_missing_versions => sub {
my ($config) = @_;
my @channels = @ARGV ? @ARGV : keys %{$config->{channels}};
- extract_martools;
download_missing_versions($config, @channels);
},
check_update_responses_deployement => \&check_update_responses,
More information about the tor-commits
mailing list