Add a script that can be used to verify Tor releases on jcenter

204b810f · Torsten Grote · ee6d39b5 · 204b810f · 204b810f · 204b810f
Verified Commit 204b810f authored 6 years ago by Torsten Grote
--- a/build-tor.py
+++ b/build-tor.py
 #!/usr/bin/env python3
-import json
 import os
 import sys
-from collections import OrderedDict
 from shutil import move, copy, rmtree
 from subprocess import check_call
-from utils import get_sha256, fail
+from utils import REPO_DIR, get_sha256, fail, get_build_versions, get_final_file_name, get_version
 NDK_DIR = 'android-ndk'
-REPO_DIR = 'tor-android'
 def main():
-    if len(sys.argv) > 2:
+    # get Tor version from command or show usage information
-        fail("Usage: %s [Tor version tag]" % sys.argv[0])
+    version = get_version()
-    tag = sys.argv[1] if len(sys.argv) > 1 else None
    # get Tor version and versions of its dependencies
-    versions = get_build_versions(tag)
+    versions = get_build_versions(version)
+    print("Building Tor %s" % versions['tor'])
    # setup Android NDK
    setup_android_ndk(versions)
@@ -38,7 +35,7 @@ def main():
    file_list = ['tor_arm_pie.zip', 'tor_arm.zip', 'tor_x86_pie.zip', 'tor_x86.zip', 'geoip.zip']
    for filename in file_list:
        reset_time(os.path.join(REPO_DIR, filename))  # make file times deterministic before zipping
-    zip_name = 'tor-android-%s.zip' % versions['tor'].split('-')[1]
+    zip_name = get_final_file_name(versions)
    check_call(['zip', '-D', '-X', zip_name] + file_list, cwd=REPO_DIR)
    # print hashes for debug purposes
@@ -47,19 +44,6 @@ def main():
        print("%s: %s" % (file, sha256hash))
-def get_build_versions(tag):
-    # load Tor versions and their dependencies
-    with open('tor-versions.json', 'r') as f:
-        versions = json.load(f, object_pairs_hook=OrderedDict)
-    if tag is None:
-        # take top-most Tor version
-        tag = next(iter(versions))
-    print("Building Tor %s" % versions[tag]['tor'])
-    return versions[tag]
 def setup_android_ndk(versions):
    if os.path.isdir(NDK_DIR):
        # check that we are using the correct NDK

--- a/utils.py
+++ b/utils.py
 #!/usr/bin/env python3
 import hashlib
+import json
 import sys
+from collections import OrderedDict
+REPO_DIR = 'tor-android'
+def get_version():
+    if len(sys.argv) > 2:
+        fail("Usage: %s [Tor version tag]" % sys.argv[0])
+    return sys.argv[1] if len(sys.argv) > 1 else None
+def get_build_versions(tag):
+    # load Tor versions and their dependencies
+    with open('tor-versions.json', 'r') as f:
+        versions = json.load(f, object_pairs_hook=OrderedDict)
+    if tag is None:
+        # take top-most Tor version
+        tag = next(iter(versions))
+    return versions[tag]
 def fail(msg=""):
@@ -16,3 +36,7 @@ def get_sha256(filename, block_size=65536):
        for block in iter(lambda: f.read(block_size), b''):
            sha256.update(block)
    return sha256.hexdigest()
+def get_final_file_name(versions):
+    return 'tor-android-%s.zip' % versions['tor'].split('-')[1]
--- a/verify-tor.py
+++ b/verify-tor.py
+#!/usr/bin/env python3
+import os
+import sys
+from subprocess import check_call, CalledProcessError
+from utils import REPO_DIR, get_sha256, fail, get_build_versions, get_final_file_name, get_version
+def main():
+    # get Tor version from command or show usage information
+    version = get_version()
+    # get Tor version and versions of its dependencies
+    versions = get_build_versions(version)
+    # download reference binary
+    file_name = get_final_file_name(versions)
+    try:
+        # try downloading from jcenter
+        check_call(['wget', '--no-verbose', get_url(versions), '-O', file_name])
+    except CalledProcessError:
+        # try fallback to bintray
+        print("Warning: Download from jcenter failed. Trying bintray directly...")
+        check_call(['wget', '--no-verbose', get_url(versions, fallback=True), '-O', file_name])
+    # check if Tor was already build
+    build_file_name = os.path.join(REPO_DIR, file_name)
+    if not os.path.isfile(build_file_name):
+        # build Tor
+        if version is None:
+            check_call(['./build-tor.py'])
+        else:
+            check_call(['./build-tor.py', version])
+    # calculate hashes for both files
+    reference_hash = get_sha256(file_name)
+    build_hash = get_sha256(build_file_name)
+    print("Reference sha256: %s" % reference_hash)
+    print("Build sha256:     %s" % build_hash)
+    # compare hashes
+    if reference_hash == build_hash:
+        print("Tor version %s was successfully verified! \o/" % versions['tor'])
+        sys.exit(0)
+    else:
+        fail("Hashes do not match :(")
+def get_url(versions, fallback=False):
+    version = versions['tor'].split('-')[1]
+    file = get_final_file_name(versions)
+    if not fallback:
+        return "https://jcenter.bintray.com/org/briarproject/tor-android/%s/%s" % (version, file)
+    else:
+        return "https://dl.bintray.com/briarproject/org.briarproject/org/briarproject/tor-android" \
+               "/%s/%s" % (version, file)
+if __name__ == "__main__":
+    main()