[tor-commits] [tor-browser-bundle/hardened-builds] Bug 20147: (re-)dzip.sh: various improvements

gk at torproject.org gk at torproject.org
Fri Dec 9 08:25:19 UTC 2016


commit 3efcbb345fb2cb701226d3c9c659457e7b6ef7bc
Author: Rusty Bird <rustybird at openmailbox.org>
Date:   Thu Dec 8 17:18:12 2016 +0000

    Bug 20147: (re-)dzip.sh: various improvements
    
    - Don't ignore errors (except unzip exit status 1 or 2)
    - Quote $@ and $1
    - Work with absolute filenames and filenames starting with a dash
    - Pass many files per chmod invocation (much faster)
    - Pass $UNZIPOPTS, like $ZIPOPTS
    - Reuse dzip.sh in re-dzip.sh
    
    The (re)generated zip files are identical.
---
 gitian/build-helpers/dzip.sh    | 17 ++++++++---------
 gitian/build-helpers/re-dzip.sh | 23 ++++++++++-------------
 2 files changed, 18 insertions(+), 22 deletions(-)

diff --git a/gitian/build-helpers/dzip.sh b/gitian/build-helpers/dzip.sh
index 5772c8b..64fcdca 100755
--- a/gitian/build-helpers/dzip.sh
+++ b/gitian/build-helpers/dzip.sh
@@ -1,14 +1,13 @@
-#!/bin/sh
+#!/bin/sh -e
 # Crappy deterministic zip wrapper
 export LC_ALL=C
 
-ZIPFILE=$1
+ZIPFILE=${1:?}
 shift
 
-[ -n "$REFERENCE_DATETIME" ] && \
-	find $@ -exec touch --date="$REFERENCE_DATETIME" {} \;
-
-find $@ -executable -exec chmod 700 {} \;
-find $@ ! -executable -exec chmod 600 {} \;
-
-find $@ | sort | zip $ZIPOPTS -X -@ "$ZIPFILE"
+if [ -n "$REFERENCE_DATETIME" ]; then
+	find "$@" -exec touch --date="$REFERENCE_DATETIME" -- {} +
+fi
+find "$@"   -executable -exec chmod 700 {} +
+find "$@" ! -executable -exec chmod 600 {} +
+find "$@" | sort | zip $ZIPOPTS -X -@ "$ZIPFILE"
diff --git a/gitian/build-helpers/re-dzip.sh b/gitian/build-helpers/re-dzip.sh
index 27828e9..8e8abbf 100755
--- a/gitian/build-helpers/re-dzip.sh
+++ b/gitian/build-helpers/re-dzip.sh
@@ -1,17 +1,14 @@
-#!/bin/sh
+#!/bin/sh -e
 # Crappy deterministic zip repackager
 export LC_ALL=C
 
-ZIPFILE=`basename $1`
+ZIPFILE_BASENAME=$(basename -- "${1:?}")
+TEMPDIR=tmp-re-dzip-$$
+RE_DZIP=$(readlink -f -- "$(which -- "$0")")
+PATH=$PATH:$(dirname "$RE_DZIP")
 
-mkdir tmp_dzip
-cd tmp_dzip
-unzip ../$1
-[ -n "$REFERENCE_DATETIME" ] && \
-	find . -exec touch --date="$REFERENCE_DATETIME" {} \;
-find . -executable -exec chmod 700 {} \;
-find . ! -executable -exec chmod 600 {} \;
-find . | sort | zip $ZIPOPTS -X -@ $ZIPFILE
-mv $ZIPFILE ../$1
-cd ..
-rm -rf tmp_dzip
+mkdir "$TEMPDIR"
+unzip $UNZIPOPTS -d "$TEMPDIR" -- "$1" || [ $? -lt 3 ]
+(cd "$TEMPDIR"; dzip.sh ./"$ZIPFILE_BASENAME" .)
+mv -- "$TEMPDIR"/"$ZIPFILE_BASENAME" "$1"
+rm -rf "$TEMPDIR"



More information about the tor-commits mailing list