[tor-dev] Building meek-server with Go 1.11.5
Matthew Finkel
matthew.finkel at gmail.com
Sun Jan 27 03:52:00 UTC 2019
Attached is a script for building meek-server. I used this for
completing #29171. The newest version of Go is only available in Sid and
Buster[0], so this script creates a Buster environment and installs the
dependencies.
The script assumes debootstrap and sudo are installed (and you have
necessary privilege). As of today, a Debian Buster system should create
a reproducible binary with a SHA-256 digest
6e242798f861308083e54bc0ca3989a03b0818475e9b6df4589ced10c7e3aadc
(confirmed over multi-path builds).
This is simply an FYI, in case anyone else want so to use it.
- Matt
[0] https://security-tracker.debian.org/tracker/source-package/golang-1.11
-------------- next part --------------
#!/bin/sh
set -e
set -x
if [ -z "${ROOTDIR}" ]; then
ROOTDIR=meekserver_chroot
fi
if [ -z "${VIA_TOR}" ]; then
VIA_TOR=0
fi
if [ -z "${PROXY}" ]; then
PROXY="127.0.0.1:9050"
fi
if [ -z "${RELEASE}" ]; then
RELEASE="buster"
fi
sudo debootstrap --verbose --variant=buildd "${RELEASE}" ${ROOTDIR}
sudo mount -t proc proc ${ROOTDIR}/proc/
sudo mount -t tmpfs dev ${ROOTDIR}/dev
sudo mount -t sysfs sys ${ROOTDIR}/sys/
sudo mkdir ${ROOTDIR}/dev/pts
sudo mkdir ${ROOTDIR}/dev/shm
sudo touch ${ROOTDIR}/dev/null
sudo mount -t tmpfs shm ${ROOTDIR}/dev/shm
sudo mount -t devpts devpts ${ROOTDIR}/dev/pts
sudo mount --bind /dev/null ${ROOTDIR}/dev/null
if [ "${VIA_TOR}" -ne "0" ]; then
apt-get download apt-transport-tor/"${RELEASE}"
sudo mv apt-transport-tor_*.deb ${ROOTDIR}/
echo "Acquire::tor::proxy \"socks5h://${PROXY}\";" | sudo tee ${ROOTDIR}/etc/apt/apt.conf.d/01tor
echo "deb tor+http://vwakviie2ienjx6t.onion/debian ${RELEASE} main" | sudo tee ${ROOTDIR}/etc/apt/sources.list
fi
cat > setup_chroot <<EOF
#!/bin/sh
set -e
if [ "${VIA_TOR}" -ne "0" ]; then
dpkg -i apt-transport-tor_*.deb
fi
apt-get update
apt-get install -y golang-go
apt-get install -y git-core
apt-get install -y golang-golang-x-crypto-dev
useradd -m meek_builder
if [ "${VIA_TOR}" -ne "0" ]; then
su -l -c 'git config --global http.proxy "socks5h://meek_${RELEASE}_git:1234@${PROXY}"' meek_builder
fi
su -l -c 'git clone https://git.torproject.org/pluggable-transports/meek.git' meek_builder
su -l -c 'GOPATH="\${HOME}/go" go get git.torproject.org/pluggable-transports/goptlib.git' meek_builder
echo 'export GOPATH="/usr/share/gocode/:\${HOME}/go"' >> /home/meek_builder/.profile
EOF
chmod 700 setup_chroot
sudo mv setup_chroot ${ROOTDIR}/
sudo chroot ${ROOTDIR}/ /setup_chroot
sudo umount ${ROOTDIR}/dev/null ${ROOTDIR}/dev/pts ${ROOTDIR}/dev/shm
sudo umount ${ROOTDIR}/sys/ ${ROOTDIR}/dev ${ROOTDIR}/proc/
echo Building...
################ BUILD ##################
#sudo unshare -n chroot ${ROOTDIR}/ su -c 'sh -c "cd ${HOME}/meek/meek-server/ && go build"' meek_builder
sudo unshare -n \
chroot ${ROOTDIR}/ \
su -l -c \
sh -c 'cd ${HOME}/meek/meek-server/ && GOPATH="/usr/share/gocode/:${HOME}/go" go build' \
meek_builder
echo "6e242798f861308083e54bc0ca3989a03b0818475e9b6df4589ced10c7e3aadc meekserver_chroot/home/meek_builder/meek/meek-server/meek-server" | sha256sum -c
#########################################
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20190127/ab54c6a2/attachment.sig>
More information about the tor-dev
mailing list