Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
briar
go-reproducer
Commits
8374877b
Verified
Commit
8374877b
authored
Oct 19, 2018
by
Torsten Grote
Browse files
Add verification script and verify on CI runs as well
parent
74958ca2
Pipeline
#2583
passed with stages
in 10 minutes and 7 seconds
Changes
6
Pipelines
3
Hide whitespace changes
Inline
Side-by-side
.gitignore
View file @
8374877b
...
...
@@ -8,4 +8,5 @@
/obfs4proxy*.zip
/obfs4proxy*.pom
/obfs4proxy*.jar
/obfs4
\ No newline at end of file
/obfs4
/reference
\ No newline at end of file
.gitlab-ci.yml
View file @
8374877b
...
...
@@ -21,10 +21,10 @@ build:
-
docker build -t ${TEST_IMAGE} .
-
docker push $TEST_IMAGE
test
_build
:
test
:
stage
:
test
script
:
-
docker run -v `pwd`:/opt/go-reproducer ${TEST_IMAGE} /bin/bash -c "./build-obfs4proxy.py"
-
docker run -v `pwd`:/opt/go-reproducer ${TEST_IMAGE} /bin/bash -c "./build-obfs4proxy.py
0.0.7 && ./verify-obfs4proxy.py 0.0.7
"
artifacts
:
paths
:
-
obfs4proxy-*.zip
...
...
@@ -34,6 +34,19 @@ test_build:
except
:
-
tags
test_tag
:
stage
:
test
script
:
-
docker run -v `pwd`:/opt/go-reproducer ${TEST_IMAGE} /bin/bash -c "./verify-obfs4proxy.py ${CI_BUILD_REF_NAME}"
artifacts
:
paths
:
-
obfs4proxy-*.zip
-
obfs4proxy-*.pom
-
obfs4proxy-*-sources.jar
expire_in
:
1 week
only
:
-
tags
release
:
stage
:
release
script
:
...
...
Dockerfile
View file @
8374877b
...
...
@@ -12,7 +12,8 @@ ADD versions.json ./
ADD
utils.py ./
ADD
template.pom ./
ADD
template-android.pom ./
ADD
verify-*.py ./
RUN
./install.sh
CMD
./
build
-obfs4proxy.py
CMD
./
verify
-obfs4proxy.py
README.md
View file @
8374877b
...
...
@@ -5,6 +5,11 @@ used by [Briar](https://briar.app) (such as obfs4proxy)
were built exactly from the public source code
and no modifications (such as backdoors) were added.
Current packages:
*
https://bintray.com/briarproject/org.briarproject/obfs4proxy
*
https://bintray.com/briarproject/org.briarproject/obfs4proxy-android
More information about these so called reproducible builds is available at
[
reproducible-builds.org
](
https://reproducible-builds.org/
)
.
...
...
@@ -23,6 +28,10 @@ If this command does not work,
please
[
install Docker
](
https://docs.docker.com/install/
)
and continue once it is installed.
Note: While not guaranteed to work,
it
*might*
also be possible to perform the steps below
without Docker on a Debian stable system.
### Using our pre-built image
If you trust that our pre-built Docker image was built exactly from
*its*
source,
...
...
install.sh
View file @
8374877b
...
...
@@ -20,7 +20,6 @@ echo "path-exclude=/usr/share/doc/*" >> /etc/dpkg/dpkg.cfg.d/01_nodoc
# install dependencies
./install-dependencies.sh
#./install-dependencies-verification.sh
# clean up for smaller image size
apt-get
-y
autoremove
--purge
...
...
verify-obfs4proxy.py
0 → 100755
View file @
8374877b
#!/usr/bin/env python3
import
os
import
sys
from
subprocess
import
check_call
,
CalledProcessError
from
utils
import
get_sha256
,
fail
,
get_build_versions
,
get_final_file_name
,
\
get_version
,
get_obfs4_version
def
main
():
# get version from command or show usage information
version
=
get_version
()
verified
=
verify
(
version
,
for_android
=
False
)
verified_android
=
verify
(
version
,
for_android
=
True
)
if
verified
and
verified_android
:
sys
.
exit
(
0
)
else
:
sys
.
exit
(
1
)
def
verify
(
version
,
for_android
):
# get version and versions of its dependencies
tool_version
,
versions
=
get_build_versions
(
'obfs4proxy'
,
version
)
# download reference binary
file_name
=
get_final_file_name
(
versions
,
for_android
)
os
.
makedirs
(
'reference'
,
exist_ok
=
True
)
reference_file_name
=
os
.
path
.
join
(
'reference'
,
file_name
)
try
:
# try downloading from jcenter
check_call
([
'wget'
,
'--no-verbose'
,
get_url
(
versions
,
for_android
),
'-O'
,
reference_file_name
])
except
CalledProcessError
:
# try fallback to bintray
print
(
"Warning: Download from jcenter failed. Trying bintray directly..."
)
check_call
([
'wget'
,
'--no-verbose'
,
get_url
(
versions
,
for_android
,
fallback
=
True
),
'-O'
,
reference_file_name
])
# check if it was already build
if
not
os
.
path
.
isfile
(
file_name
):
# build it first
if
version
is
None
:
check_call
([
'./build-obfs4proxy.py'
])
else
:
check_call
([
'./build-obfs4proxy.py'
,
version
])
# calculate hashes for both files
reference_hash
=
get_sha256
(
reference_file_name
)
build_hash
=
get_sha256
(
file_name
)
print
(
"Reference sha256: %s"
%
reference_hash
)
print
(
"Build sha256: %s"
%
build_hash
)
# compare hashes
suffix
=
" for Android"
if
for_android
else
""
if
reference_hash
==
build_hash
:
print
(
"obfs4proxy%s version %s was successfully verified! \o/"
%
(
suffix
,
tool_version
))
return
True
else
:
print
(
"Hashes for obfs4proxy%s version %s do not match! :("
%
(
suffix
,
tool_version
))
return
False
def
get_url
(
versions
,
for_android
,
fallback
=
False
):
version
=
get_obfs4_version
(
versions
)
directory
=
"obfs4proxy-android"
if
for_android
else
"obfs4proxy"
file
=
get_final_file_name
(
versions
,
for_android
)
if
not
fallback
:
return
"https://jcenter.bintray.com/org/briarproject/%s/%s/%s"
%
(
directory
,
version
,
file
)
else
:
return
"https://dl.bintray.com/briarproject/org.briarproject/org/briarproject/%s/%s/%s"
%
\
(
directory
,
version
,
file
)
if
__name__
==
"__main__"
:
main
()
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment