build 5.88 KB
Newer Older
1
#!/bin/bash
amnesia's avatar
amnesia committed
2

3
4
set -e
set -u
intrigeri's avatar
intrigeri committed
5
set -x
amnesia's avatar
amnesia committed
6

anonym's avatar
anonym committed
7
. "$(dirname $0)/scripts/utils.sh"
8

9
# get $BUILD_BASENAME
10
. tmp/build_environment
11

amnesia's avatar
amnesia committed
12
13
umask 022

14
15
### functions

16
17
18
19
20
21
22
23
syslinux_utils_upstream_version () {
   dpkg-query -W -f='${Version}\n' syslinux-utils | \
       # drop epoch
       sed -e 's,.*:,,' | \
       # drop +dfsg and everything that follows
       sed -e 's,\+dfsg.*,,'
}

24
25
26
27
28
29
30
print_iso_size () {
   local isofile="$1"
   [ -f "$isofile" ] || return 23
   size=$(stat --printf='%s' "$isofile")
   echo "The ISO is ${size} bytes large."
}

31
32
### Main

33
# we require building from git
34
35
git rev-parse --is-inside-work-tree &> /dev/null \
   || fatal "${PWD} is not a Git tree."
36

37
38
39
. config/amnesia
if [ -e config/amnesia.local ] ; then
   . config/amnesia.local
amnesia's avatar
amnesia committed
40
41
42
43
44
fi

# a clean starting point
rm -rf cache/stages_rootfs

45
# get LB_BINARY_IMAGES
46
47
. config/binary

48
# get LB_ARCHITECTURE and LB_DISTRIBUTION
49
. config/bootstrap
50

51
# save variables that are needed by chroot_local-hooks
52
echo "KERNEL_VERSION=${KERNEL_VERSION}" \
53
   >> config/chroot_local-includes/usr/share/tails/build/variables
54
echo "KERNEL_SOURCE_VERSION=${KERNEL_SOURCE_VERSION}" \
55
56
   >> config/chroot_local-includes/usr/share/tails/build/variables
echo "LB_DISTRIBUTION=${LB_DISTRIBUTION}" >> config/chroot_local-includes/usr/share/tails/build/variables
57
58
59
60
echo "POTFILES_DOT_IN='$(
         /bin/grep -E --no-filename '[^ #]*\.in$' po/POTFILES.in \
       | sed -e 's,^config/chroot_local-includes,,' | tr "\n" ' '
   )'" \
61
   >> config/chroot_local-includes/usr/share/tails/build/variables
62

63
64
# fix permissions on some source files that will be copied as is to the chroot.
# they may be wrong, e.g. if the Git repository was cloned with a strict umask.
65
chown    0:0   config/chroot_local-includes/etc/resolv.conf
66
chmod -R go+rX config/binary_local-includes/
67
chmod -R go+rX config/chroot_local-includes/etc
68
chmod    0440  config/chroot_local-includes/etc/sudoers.d/*
69
70
71
chmod    go+rX config/chroot_local-includes/lib
chmod    go+rX config/chroot_local-includes/lib/live
chmod -R go+rx config/chroot_local-includes/lib/live/config
72
chmod    go+rX config/chroot_local-includes/lib/live/mount
73
chmod -R go+rX config/chroot_local-includes/lib/systemd
74
chmod    go+rX config/chroot_local-includes/live
75
76
77
chmod -R go+rX config/chroot_local-includes/usr
chmod -R go+rx config/chroot_local-includes/usr/local/bin
chmod -R go+rx config/chroot_local-includes/usr/local/sbin
78
chmod -R go+rX config/chroot_local-includes/usr/share/doc
79
chmod -R go+rX config/chroot_local-includes/var
80
81
chmod -R go+rX config/chroot_apt
chmod -R go+rX config/chroot_sources
82

83
# normalize file timestamps
84
85
86
find \
   config/binary_local-includes \
   config/chroot_local-includes \
87
   wiki/src \
88
   -exec touch --date="@$SOURCE_DATE_EPOCH" '{}' \;
89

90
# build the image
amnesia's avatar
amnesia committed
91

92
# we need /debootstrap/deburis to build a manifest of used packages:
93
DEBOOTSTRAP_OPTIONS="${DEBOOTSTRAP_OPTIONS:-} --keep-debootstrap-dir"
94

95
# we're not ready for merged-/usr yet: Debian#843461, Tails#11903
96
DEBOOTSTRAP_OPTIONS="${DEBOOTSTRAP_OPTIONS:-} --no-merged-usr"
97

98
99
100
101
# use our own APT repository's key:
DEBOOTSTRAP_GNUPG_HOMEDIR=$(mktemp -d)
gpg --homedir "$DEBOOTSTRAP_GNUPG_HOMEDIR" \
    --import config/chroot_sources/tails.chroot.gpg
102
103
104
105
106
107
108
109
if [ -e "$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.gpg" ]; then
    DEBOOTSTRAP_GNUPG_KEYRING="$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.gpg"
elif [ -e "$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.kbx" ]; then
    DEBOOTSTRAP_GNUPG_KEYRING="$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.kbx"
else
   fatal "No debootstrap GnuPG keyring was created."
fi
DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --keyring=$DEBOOTSTRAP_GNUPG_KEYRING"
110
111

export DEBOOTSTRAP_OPTIONS
112

113
: ${MKSQUASHFS_OPTIONS:='-comp xz -Xbcj x86 -b 1024K -Xdict-size 1024K -no-exports'}
114
MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -wildcards -ef chroot/usr/share/tails/build/mksquashfs-excludes"
115
export MKSQUASHFS_OPTIONS
116

117
# build the doc wiki
elouann's avatar
elouann committed
118
./build-website
119
120
121
122

# refresh translations of our programs
./refresh-translations || fatal "refresh-translations failed ($?)."

123
case "$LB_BINARY_IMAGES" in
124
   iso)
125
126
127
128
129
130
131
132
133
134
      which isohybrid >/dev/null || fatal 'Cannot find isohybrid in $PATH'
      installed_syslinux_utils_upstream_version="$(syslinux_utils_upstream_version)"
      if dpkg --compare-versions \
	   "$installed_syslinux_utils_upstream_version" \
	   'lt' \
	   "$REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION" ; then
	  fatal \
	      "syslinux-utils '${installed_syslinux_utils_upstream_version}' is installed, " \
	      "while we need at least '${REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION}'."
      fi
135
      ;;
136
   *)
137
      fatal "Image type ${LB_BINARY_IMAGES} is not supported."
138
139
      ;;
esac
140
BUILD_ISO_FILENAME="${BUILD_BASENAME}.iso"
141
142
143
144
BUILD_MANIFEST="${BUILD_BASENAME}.build-manifest"
BUILD_APT_SOURCES="${BUILD_BASENAME}.apt-sources"
BUILD_PACKAGES="${BUILD_BASENAME}.packages"
BUILD_LOG="${BUILD_BASENAME}.buildlog"
145
BUILD_USB_IMAGE_FILENAME="${BUILD_BASENAME}.img"
amnesia's avatar
amnesia committed
146

147
148
149
150
151
152
# Clone all output, from this point on, to the log file
exec >  >(tee -a "$BUILD_LOG")
trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
exec 2> >(tee -a "$BUILD_LOG" >&2)
trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM

153
154
155
156
157
158
159
160
161
(
   echo "Mirrors:"
   apt-mirror debian
   apt-mirror debian-security
   apt-mirror torproject
   echo "Additional sources:"
   cat config/chroot_sources/*.chroot
) > "$BUILD_APT_SOURCES"

162
echo "Building ISO image ${BUILD_ISO_FILENAME}..."
163
time lb build noauto ${@}
164
165
166
167
[ -e binary.iso ] || fatal "lb build failed ($?)."

echo "ISO image was successfully created"
print_iso_size binary.iso
168

169
170
171
172
173
echo "Hybriding it..."
isohybrid $AMNESIA_ISOHYBRID_OPTS binary.iso || fatal "isohybrid failed"
print_iso_size binary.iso
truncate -s %2048 binary.iso
print_iso_size binary.iso
174

175
176
177
echo "Renaming generated files..."
mv -i binary.iso "${BUILD_ISO_FILENAME}"
mv -i binary.packages "${BUILD_PACKAGES}"
178
179

echo "Generating build manifest..."
180
generate-build-manifest chroot/debootstrap "${BUILD_MANIFEST}"
181

182
echo "Creating USB image ${BUILD_USB_IMAGE_FILENAME}..."
183
create-usb-image-from-iso "${BUILD_ISO_FILENAME}"