Skip to content
Snippets Groups Projects
Commit 5b7ed6c2 authored by akwizgran's avatar akwizgran
Browse files

Merge branch 'obfsproxy-0.0.9' into 'master'

Obfsproxy 0.0.9

See merge request !1
parents 8374877b a61ea7e5
No related branches found
No related tags found
1 merge request!1Obfsproxy 0.0.9
Pipeline #3022 failed
...@@ -24,13 +24,15 @@ build: ...@@ -24,13 +24,15 @@ build:
test: test:
stage: test stage: test
script: script:
- docker run -v `pwd`:/opt/go-reproducer ${TEST_IMAGE} /bin/bash -c "./build-obfs4proxy.py 0.0.7 && ./verify-obfs4proxy.py 0.0.7" - docker run -v `pwd`:/opt/go-reproducer ${TEST_IMAGE} /bin/bash -c "./build-obfs4proxy.py 0.0.9 && ./verify-obfs4proxy.py 0.0.9"
allow_failure: true
artifacts: artifacts:
paths: paths:
- obfs4proxy-*.zip - obfs4proxy-*.zip
- obfs4proxy-*.pom - obfs4proxy-*.pom
- obfs4proxy-*-sources.jar - obfs4proxy-*-sources.jar
expire_in: 1 week expire_in: 1 week
when: always
except: except:
- tags - tags
...@@ -44,6 +46,7 @@ test_tag: ...@@ -44,6 +46,7 @@ test_tag:
- obfs4proxy-*.pom - obfs4proxy-*.pom
- obfs4proxy-*-sources.jar - obfs4proxy-*-sources.jar
expire_in: 1 week expire_in: 1 week
when: always
only: only:
- tags - tags
...@@ -53,5 +56,6 @@ release: ...@@ -53,5 +56,6 @@ release:
- docker pull $TEST_IMAGE - docker pull $TEST_IMAGE
- docker tag $TEST_IMAGE $RELEASE_IMAGE - docker tag $TEST_IMAGE $RELEASE_IMAGE
- docker push $RELEASE_IMAGE - docker push $RELEASE_IMAGE
when: on_success
only: only:
- master - master
...@@ -7,8 +7,9 @@ from utils import get_build_versions, ex, get_sha256, fail, zip_files, get_final ...@@ -7,8 +7,9 @@ from utils import get_build_versions, ex, get_sha256, fail, zip_files, get_final
get_sources_file_name, get_pom_file_name, reset_time, get_obfs4_version, check_go_version, \ get_sources_file_name, get_pom_file_name, reset_time, get_obfs4_version, check_go_version, \
get_version, GO_PATH, GO_ROOT, NDK_DIR get_version, GO_PATH, GO_ROOT, NDK_DIR
REPO_DIR = 'obfs4' REPO_DIR = '/tmp/obfs4' # This needs to be always the same path, otherwise breaks reproducibility
GO_FLAGS = ['-asmflags', '-trimpath', '-o', 'obfs4proxy'] OUTPUT_FILE = os.path.abspath(os.path.join(os.path.curdir, 'obfs4proxy'))
GO_FLAGS = ['-asmflags', '-trimpath', '-o', OUTPUT_FILE]
def main(): def main():
...@@ -25,8 +26,8 @@ def main(): ...@@ -25,8 +26,8 @@ def main():
# Install Android NDK # Install Android NDK
install_android_ndk(tool_version) install_android_ndk(tool_version)
# Fetch and checkout dependencies at specific version # Checkout source at specific version
checkout_source_repos(versions) checkout_source_repo(versions)
# Build for various Android versions and create package # Build for various Android versions and create package
build_android(versions) build_android(versions)
...@@ -45,6 +46,7 @@ def install_go(tool_version, versions): ...@@ -45,6 +46,7 @@ def install_go(tool_version, versions):
go_bin_path = os.path.join(GO_ROOT, 'bin') go_bin_path = os.path.join(GO_ROOT, 'bin')
os.environ['GOPATH'] = GO_PATH os.environ['GOPATH'] = GO_PATH
os.environ['PATH'] = go_bin_path + os.pathsep + os.getenv('PATH') os.environ['PATH'] = go_bin_path + os.pathsep + os.getenv('PATH')
os.environ['GO111MODULE'] = 'on'
check_go_version(versions) check_go_version(versions)
...@@ -53,36 +55,23 @@ def install_android_ndk(tool_version): ...@@ -53,36 +55,23 @@ def install_android_ndk(tool_version):
os.environ['ANDROID_NDK_HOME'] = os.path.abspath(NDK_DIR) os.environ['ANDROID_NDK_HOME'] = os.path.abspath(NDK_DIR)
def checkout_source_repos(versions): def checkout_source_repo(versions):
# download dependencies if os.path.isdir(REPO_DIR):
ex(['go', 'get', '-d', versions['obfs4']['go-get']]) # get latest commits and tags from remote
check_call(['git', 'fetch', 'origin'], cwd=REPO_DIR)
else:
# clone repo
check_call(['git', 'clone', versions['repo_url'], REPO_DIR])
# find dependencies # checkout version
go_src = os.path.join(GO_PATH, 'src') print("Checking out %s" % versions['revision'])
dependencies = [] check_call(['git', 'checkout', '-f', versions['revision']], cwd=REPO_DIR)
for root, dirs, files in os.walk(go_src):
if root.endswith("/.git"):
dependencies.append(os.path.split(root)[0])
# checkout specific versions # undo all changes
for dependency in dependencies: check_call(['git', 'reset', '--hard'], cwd=REPO_DIR)
# get version (commit or tag)
key = os.path.split(dependency)[1]
try:
version = versions['obfs4']['versions'][key]
except KeyError as e:
fail("Version for dependency '%s' missing." % key)
raise e
# checkout commit or tag # clean all untracked files and directories (-d) from repo
print("Checking out %s in %s" % (version, dependency)) check_call(['git', 'clean', '-dffx'], cwd=REPO_DIR)
check_call(['git', 'checkout', '-f', version], cwd=dependency)
# undo all changes
check_call(['git', 'reset', '--hard'], cwd=dependency)
# clean all untracked files and directories (-d) from repo
check_call(['git', 'clean', '-dffx'], cwd=dependency)
def build_android(versions): def build_android(versions):
...@@ -119,9 +108,8 @@ def build_android_arch(versions, env, tool, ndk_arch, pie): ...@@ -119,9 +108,8 @@ def build_android_arch(versions, env, tool, ndk_arch, pie):
build_mode = "pie" if pie else "exe" build_mode = "pie" if pie else "exe"
extldflags = " -extldflags=-pie" if pie else "" extldflags = " -extldflags=-pie" if pie else ""
ex(['go', 'clean', versions['obfs4']['go-get']]) ex(['go', 'build', '-buildmode=%s' % build_mode, '-ldflags', '-w -s' + extldflags] + GO_FLAGS +
ex(['go', 'build', '-buildmode=%s' % build_mode, '-ldflags', [os.path.join('.', versions['build_path'])], env=env, cwd=REPO_DIR)
'-w -s' + extldflags] + GO_FLAGS + [versions['obfs4']['go-get']], env=env)
pie_suffix = '_pie' if pie else '' pie_suffix = '_pie' if pie else ''
zip_files(['obfs4proxy'], 'obfs4proxy_%s%s.zip' % (ndk_arch, pie_suffix)) zip_files(['obfs4proxy'], 'obfs4proxy_%s%s.zip' % (ndk_arch, pie_suffix))
...@@ -129,8 +117,10 @@ def build_android_arch(versions, env, tool, ndk_arch, pie): ...@@ -129,8 +117,10 @@ def build_android_arch(versions, env, tool, ndk_arch, pie):
def build_linux(versions): def build_linux(versions):
ex(['go', 'clean', versions['obfs4']['go-get']]) env = os.environ.copy()
ex(['go', 'build', '-ldflags', '-w -s'] + GO_FLAGS + [versions['obfs4']['go-get']]) env['CGO_ENABLED'] = "0"
build_path = os.path.join('.', versions['build_path'])
ex(['go', 'build', '-ldflags', '-w -s'] + GO_FLAGS + [build_path], env=env, cwd=REPO_DIR)
zip_files(['obfs4proxy'], 'obfs4proxy_linux-x86_64.zip') zip_files(['obfs4proxy'], 'obfs4proxy_linux-x86_64.zip')
os.remove('obfs4proxy') os.remove('obfs4proxy')
...@@ -160,14 +150,17 @@ def package(versions, file_list, android): ...@@ -160,14 +150,17 @@ def package(versions, file_list, android):
def create_sources_jar(versions): def create_sources_jar(versions):
# clean all untracked files and directories (-d) from repo
check_call(['git', 'clean', '-dffx'], cwd=REPO_DIR)
# vendorize dependencies
ex(['go', 'mod', 'vendor'], cwd=REPO_DIR)
jar_files = [] jar_files = []
go_src = os.path.join(GO_PATH, 'src') for file in glob(os.path.join(REPO_DIR, '*')):
for file in glob(os.path.join(go_src, '*')):
reset_time(file) reset_time(file)
jar_files.append(os.path.relpath(file, go_src)) jar_files.append(os.path.relpath(file, REPO_DIR))
jar_file = get_sources_file_name(versions) jar_file = get_sources_file_name(versions)
jar_path = os.path.abspath(jar_file) jar_path = os.path.abspath(jar_file)
check_call(['jar', 'cf', jar_path] + jar_files, cwd=go_src) check_call(['jar', 'cf', jar_path] + jar_files, cwd=REPO_DIR)
return jar_file return jar_file
......
...@@ -3,7 +3,7 @@ set -e ...@@ -3,7 +3,7 @@ set -e
set -x set -x
# use snapshot repos for deterministic package versions # use snapshot repos for deterministic package versions
DATE="20181017T120000Z" DATE="20190206T120000Z"
cat << EOF > /etc/apt/sources.list cat << EOF > /etc/apt/sources.list
deb http://snapshot.debian.org/archive/debian/${DATE}/ stretch main deb http://snapshot.debian.org/archive/debian/${DATE}/ stretch main
deb http://snapshot.debian.org/archive/debian-security/${DATE}/ stretch/updates main deb http://snapshot.debian.org/archive/debian-security/${DATE}/ stretch/updates main
......
...@@ -43,9 +43,9 @@ def check_go_version(versions): ...@@ -43,9 +43,9 @@ def check_go_version(versions):
fail("You need Go version %s to reproduce this binary" % versions['go']['version']) fail("You need Go version %s to reproduce this binary" % versions['go']['version'])
def ex(args, env=None): def ex(args, env=None, cwd=None):
print("+ %s" % " ".join(args)) print("+ %s" % " ".join(args))
check_call(args, env=env) check_call(args, env=env, cwd=cwd)
def fail(msg=""): def fail(msg=""):
...@@ -68,11 +68,15 @@ def reset_time(file_name): ...@@ -68,11 +68,15 @@ def reset_time(file_name):
def zip_files(files, zip_name): def zip_files(files, zip_name):
for file_name in files: for file_name in files:
reset_time(file_name) reset_time(file_name)
# use deterministic permissions to prevent differences in zip files
os.chmod(file_name, 0o755)
sha256hash = get_sha256(file_name)
print("Hash before zipping %s: %s" % (file_name, sha256hash))
ex(['zip', '-D', '-X', zip_name] + files) ex(['zip', '-D', '-X', zip_name] + files)
def get_obfs4_version(versions): def get_obfs4_version(versions):
version = versions['obfs4']['versions']['obfs4.git'] version = versions['revision']
if '-' in version: if '-' in version:
return version.split('-')[1] return version.split('-')[1]
return version return version
......
{ {
"obfs4proxy": { "obfs4proxy": {
"0.0.7": { "0.0.9": {
"obfs4": { "repo_url": "https://git.torproject.org/pluggable-transports/obfs4.git",
"go-get": "git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy", "revision": "obfs4proxy-0.0.9",
"versions": { "build_path": "obfs4proxy",
"obfs4.git": "obfs4proxy-0.0.7",
"goptlib.git": "7d56ec4f381e",
"crypto": "0c41d7ab0a0e",
"net": "49bb7cea24b1",
"siphash": "v1.2.0",
"ed25519": "5312a6153412"
}
},
"go": { "go": {
"version": "go1.11.1", "version": "go1.11.5",
"sha256": "558f8c169ae215e25b81421596e8de7572bd3ba824b79add22fba6e284db1117" "sha256": "bc1ef02bb1668835db1390a2e478dcbccb5dd16911691af9d75184bbe5aa943e"
}, },
"ndk": { "ndk": {
"url": "https://dl.google.com/android/repository/android-ndk-r18-linux-x86_64.zip", "url": "https://dl.google.com/android/repository/android-ndk-r18-linux-x86_64.zip",
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment