Commit 8a89f505 authored by akwizgran's avatar akwizgran

Merge branch 'three-five' into 'master'

Add tor-0.3.5.7

See merge request !6
parents fb24162e 2f7db459
Pipeline #3042 passed with stages
in 42 minutes and 17 seconds
......@@ -24,14 +24,29 @@ build:
test_build:
stage: test
script:
- docker run ${TEST_IMAGE} /bin/bash -c "./build-tor.py && ./verify-tor.py"
- docker run -v `pwd`:/opt/tor-reproducer ${TEST_IMAGE} /bin/bash -c "./build-tor.py && ./verify-tor.py"
artifacts:
paths:
- tor-*.zip
- tor-*.pom
- tor-*-sources.jar
expire_in: 1 week
when: always
allow_failure: true
except:
- tags
test_tag:
stage: test
script:
- docker run ${TEST_IMAGE} ./verify-tor.py ${CI_BUILD_REF_NAME}
- docker run -v `pwd`:/opt/tor-reproducer ${TEST_IMAGE} ./verify-tor.py ${CI_BUILD_REF_NAME}
artifacts:
paths:
- tor-*.zip
- tor-*.pom
- tor-*-sources.jar
expire_in: 1 week
when: always
only:
- tags
......@@ -41,5 +56,6 @@ release:
- docker pull $TEST_IMAGE
- docker tag $TEST_IMAGE $RELEASE_IMAGE
- docker push $RELEASE_IMAGE
when: on_success
only:
- master
......@@ -27,7 +27,7 @@ and continue once it is installed.
If you trust that our pre-built Docker image was build exactly from *its* source,
you can use it for faster verification.
If not, you can read the next section to learn how to build the image yourself.
Then you are only trusting the official `debian:stable` which is out of our control.
Then you are only trusting the official `debian:stable` image which is out of our control.
Otherwise, you can skip the next section and move directly to *Run the verification*.
......@@ -43,7 +43,7 @@ Build our Docker image:
### Run the verification
To verify a specific version of Tor for Android, run
To verify a specific version of Tor, run
docker run briar/tor-reproducer:latest ./verify-tor.py [version]
......@@ -60,7 +60,7 @@ In case there is an issue with the verification of an old build,
this *might* be caused by an update of the container.
You can try to use the original container by running:
docker run briar/tor-reproducer:[version] ./build-tor.py [version]
docker run briar/tor-reproducer:[version] ./verify-tor.py [version]
There should be a tag with the name `[version]` in this repository
that you could be used to reproduce the old container.
......@@ -68,6 +68,6 @@ Note that this will not work if the issue is caused by an updated Debian package
### Only build Tor
To build a specific version of Tor for Android, run
To build a specific version of Tor, run
docker run briar/tor-reproducer:latest ./verify-tor.py [version]
\ No newline at end of file
docker run briar/tor-reproducer:latest ./build-tor.py [version]
\ No newline at end of file
......@@ -25,6 +25,9 @@ def main():
# clone and checkout tor-android repo based on tor-versions.json
prepare_tor_android_repo(versions)
# create sources jar before building
jar_name = create_sources_jar(versions)
# build Tor for various platforms and architectures
build()
build_android()
......@@ -33,7 +36,7 @@ def main():
geoip_path = os.path.join(REPO_DIR, 'geoip')
copy(os.path.join(EXT_DIR, 'tor', 'src', 'config', 'geoip'), geoip_path)
reset_time(geoip_path)
check_call(['zip', '-X', 'geoip.zip', 'geoip'], cwd=REPO_DIR)
check_call(['zip', '-X', '../geoip.zip', 'geoip'], cwd=REPO_DIR)
# zip binaries together
file_list = ['tor_linux-x86_64.zip', 'geoip.zip']
......@@ -47,18 +50,13 @@ def main():
pom_name = create_pom_file(versions)
pom_name_android = create_pom_file(versions, android=True)
# create sources jar
jar_name = create_sources_jar(versions)
jar_name_android = get_sources_file_name(versions, android=True)
copy(os.path.join(REPO_DIR, jar_name), os.path.join(REPO_DIR, jar_name_android))
# print hashes for debug purposes
for file in file_list + [zip_name, jar_name, pom_name]:
sha256hash = get_sha256(os.path.join(REPO_DIR, file))
sha256hash = get_sha256(file)
print("%s: %s" % (file, sha256hash))
print("Android:")
for file in file_list_android + [zip_name_android, jar_name_android, pom_name_android]:
sha256hash = get_sha256(os.path.join(REPO_DIR, file))
for file in file_list_android + [zip_name_android, pom_name_android]:
sha256hash = get_sha256(file)
print("%s: %s" % (file, sha256hash))
......@@ -171,7 +169,7 @@ def build_android_arch(name):
tor_path = os.path.join(REPO_DIR, 'tor')
reset_time(tor_path)
print("Sha256 hash of tor before zipping %s: %s" % (name, get_sha256(tor_path)))
check_call(['zip', '-X', name, 'tor'], cwd=REPO_DIR)
check_call(['zip', '-X', '../' + name, 'tor'], cwd=REPO_DIR)
def build(name='tor_linux-x86_64.zip'):
......@@ -231,14 +229,14 @@ def build(name='tor_linux-x86_64.zip'):
check_call(['strip', '-D', 'tor'], cwd=REPO_DIR)
reset_time(tor_path)
print("Sha256 hash of tor before zipping %s: %s" % (name, get_sha256(tor_path)))
check_call(['zip', '-X', name, 'tor'], cwd=REPO_DIR)
check_call(['zip', '-X', '../' + name, 'tor'], cwd=REPO_DIR)
def pack(versions, file_list, android=False):
for filename in file_list:
reset_time(os.path.join(REPO_DIR, filename)) # make file times deterministic before zipping
reset_time(filename) # make file times deterministic before zipping
zip_name = get_final_file_name(versions, android)
check_call(['zip', '-D', '-X', zip_name] + file_list, cwd=REPO_DIR)
check_call(['zip', '-D', '-X', zip_name] + file_list)
return zip_name
......@@ -247,15 +245,16 @@ def reset_time(filename):
def create_sources_jar(versions):
check_call(['git', 'clean', '-dfx'], cwd=EXT_DIR)
jar_files = []
for root, dir_names, filenames in os.walk(EXT_DIR):
for f in filenames:
if '/.git' in root:
continue
jar_files.append(os.path.join(root, f))
for file in jar_files:
reset_time(file)
jar_name = get_sources_file_name(versions)
jar_path = os.path.abspath(os.path.join(REPO_DIR, jar_name))
jar_path = os.path.abspath(jar_name)
rel_paths = [os.path.relpath(f, EXT_DIR) for f in sorted(jar_files)]
check_call(['jar', 'cf', jar_path] + rel_paths, cwd=EXT_DIR)
return jar_name
......@@ -266,7 +265,7 @@ def create_pom_file(versions, android=False):
pom_name = get_pom_file_name(versions, android)
template = 'template-android.pom' if android else 'template.pom'
with open(template, 'rt') as infile:
with open(os.path.join(REPO_DIR, pom_name), 'wt') as outfile:
with open(pom_name, 'wt') as outfile:
for line in infile:
outfile.write(line.replace('VERSION', tor_version))
return pom_name
......
{
"0.3.5.7": {
"tor": "tor-0.3.5.7",
"libevent": "release-2.1.8-stable",
"openssl": "OpenSSL_1_0_2q",
"xz": "v5.2.4",
"zlib": "v1.2.11",
"zstd": "v1.3.8",
"tor-android": "8eb128aa63b97e139bc845a9426b406245770096",
"tor_android_repo_url": "https://github.com/n8fr8/tor-android",
"ndk": {
"url": "https://dl.google.com/android/repository/android-ndk-r15c-linux-x86_64.zip",
"revision": "15.2.4203891",
"sha256": "f01788946733bf6294a36727b99366a18369904eb068a599dde8cca2c1d2ba3c"
}
},
"0.3.4.8": {
"tor": "tor-0.3.4.8",
"libevent": "release-2.0.22-stable",
......
......@@ -3,9 +3,11 @@ import os
import sys
from subprocess import check_call, CalledProcessError
from utils import REPO_DIR, get_sha256, fail, get_build_versions, get_final_file_name, \
from utils import REPO_DIR, get_sha256, get_build_versions, get_final_file_name, \
get_version, get_tor_version
REF_DIR = "reference"
def main():
# get Tor version from command or show usage information
......@@ -22,19 +24,20 @@ def verify(version, for_android):
versions = get_build_versions(version)
# download reference binary
os.makedirs(REF_DIR, exist_ok=True)
file_name = get_final_file_name(versions, for_android)
ref_file = os.path.join(REF_DIR, file_name)
try:
# try downloading from jcenter
check_call(['wget', '--no-verbose', get_url(versions, for_android), '-O', file_name])
check_call(['wget', '--no-verbose', get_url(versions, for_android), '-O', ref_file])
except CalledProcessError:
# try fallback to bintray
print("Warning: Download from jcenter failed. Trying bintray directly...")
check_call(['wget', '--no-verbose', get_url(versions, for_android, fallback=True), '-O',
file_name])
ref_file])
# check if Tor was already build
build_file_name = os.path.join(REPO_DIR, file_name)
if not os.path.isfile(build_file_name):
if not os.path.isfile(file_name):
# build Tor
if version is None:
check_call(['./build-tor.py'])
......@@ -42,8 +45,8 @@ def verify(version, for_android):
check_call(['./build-tor.py', version])
# calculate hashes for both files
reference_hash = get_sha256(file_name)
build_hash = get_sha256(build_file_name)
reference_hash = get_sha256(ref_file)
build_hash = get_sha256(file_name)
print("Reference sha256: %s" % reference_hash)
print("Build sha256: %s" % build_hash)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment