config 8.31 KB
Newer Older
amnesia's avatar
amnesia committed
1
#! /bin/sh
2
# automatically run by "lb config"
amnesia's avatar
amnesia committed
3

4 5
set -e
set -u
6 7
set -x

8 9
. "$(dirname $0)/scripts/utils.sh"

10 11 12
. config/amnesia
if [ -e config/amnesia.local ] ; then
   . config/amnesia.local
amnesia's avatar
amnesia committed
13
fi
14

15 16 17
if [ -n "${SOURCE_DATE_EPOCH}" ]; then
    CURRENT_EPOCH="$(date --utc +%s)"
    if [ "${SOURCE_DATE_EPOCH}" -gt "${CURRENT_EPOCH}" ]; then
18
        fatal "SOURCE_DATE_EPOCH is set before the current time. Exiting."
19
    fi
anonym's avatar
anonym committed
20
else
21
    fatal "SOURCE_DATE_EPOCH is not set. Exiting."
22 23
fi

24 25 26 27 28 29 30
# get git branch or tag so we can set the basename appropriately, i.e.:
# * if we build from a tag: tails-$ARCH-$TAG.iso
# * otherwise:              tails-$ARCH-$BRANCH-$VERSION-$TIME-$COMMIT.iso
GIT_BRANCH="$(git_current_branch)"
if [ -n "${GIT_BRANCH}" ]; then
    CLEAN_GIT_BRANCH=$(echo "$GIT_BRANCH" | sed 's,/,_,g')
    GIT_SHORT_ID="$(git_current_commit --short)"
31
    BUILD_BASENAME="tails-amd64-${CLEAN_GIT_BRANCH}-${AMNESIA_VERSION}-${AMNESIA_NOW}-${GIT_SHORT_ID}"
32 33 34
else
    if git_on_a_tag; then
        CLEAN_GIT_TAG=$(git_current_tag | tr '/-' '_~')
35
	BUILD_BASENAME="tails-amd64-${CLEAN_GIT_TAG}"
36 37 38 39 40 41 42 43 44 45
    else
	# this shouldn't reasonably happen (e.g. only if you checkout a
        # tag, remove the tag and then build)
	fatal "Neither a Git branch nor a tag, exiting."
    fi
fi

GIT_BASE_BRANCH=$(base_branch) \
    || fatal "GIT_BASE_BRANCH could not be guessed."

46
if [ "${TAILS_MERGE_BASE_BRANCH:-}" = 1 ] && \
47
       ! git_on_a_tag && [ "$GIT_BRANCH" != "$GIT_BASE_BRANCH" ] ; then
48 49
    [ -n "${BASE_BRANCH_GIT_COMMIT}" ] \
        || fatal "Base branch's top commit is not set."
50

51 52
    echo "I: Merging base branch ${GIT_BASE_BRANCH}" \
         "(at commit ${BASE_BRANCH_GIT_COMMIT})..."
53
    faketime -f "${SOURCE_DATE_FAKETIME}" \
54
        git merge --no-edit "${BASE_BRANCH_GIT_COMMIT}" \
55
	    || fatal "Failed to merge base branch."
56 57 58 59
    git submodule update --init

    # Adjust BUILD_BASENAME to embed the base branch name and its top commit
    CLEAN_GIT_BASE_BRANCH=$(echo "$GIT_BASE_BRANCH" | sed 's,/,_,g')
60
    GIT_BASE_BRANCH_SHORT_ID=$(git rev-parse --verify --short "${BASE_BRANCH_GIT_COMMIT}")
61 62 63 64 65 66 67
    [ -n "${GIT_BASE_BRANCH_SHORT_ID}" ] \
        || fatal "Base branch's top commit short ID could not be guessed."
    BUILD_BASENAME="${BUILD_BASENAME}+${CLEAN_GIT_BASE_BRANCH}"
    BUILD_BASENAME="${BUILD_BASENAME}@${GIT_BASE_BRANCH_SHORT_ID}"
fi

# save variables that lb build needs
68 69
mkdir -p tmp
echo "BUILD_BASENAME='${BUILD_BASENAME}'" > tmp/build_environment
amnesia's avatar
amnesia committed
70

71 72
# sanity checks
if grep -qs -E '^Pin:\s+release\s+.*a=' config/chroot_apt/preferences ; then
73 74
    fatal "Found unsupported a= syntax in config/chroot_apt/preferences," \
          "use n= instead. Exiting."
75
fi
76 77
if grep -qs -E '^Pin:\s+release\s+.*o=Debian Backports' \
	config/chroot_apt/preferences ; then
78 79
    fatal "Found unsupported 'o=Debian Backports' syntax," \
          "in config/chroot_apt/preferences. Use o=Debian instead. Exiting."
80
fi
81
if [ $(dpkg --print-architecture) != amd64 ] ; then
82
    fatal "Only amd64 build systems are supported"
83
fi
84

85 86 87 88 89

# space-separated list of additional packages debootstrap installs
#  - gnupg: needed by apt-key, not installed by default anymore on Buster
export LB_BOOTSTRAP_INCLUDE="gnupg"

90
# init variables
91
RUN_LB_CONFIG="lb config noauto"
amnesia's avatar
amnesia committed
92

93
# init config/ with defaults for the target distribution
anonym's avatar
anonym committed
94
$RUN_LB_CONFIG --distribution buster ${@}
amnesia's avatar
amnesia committed
95

96
# set up everything for time-based snapshots:
97
if [ -n "${APT_SNAPSHOTS_SERIALS:-}" ]; then
98
    echo "I: Fixing 'latest' APT snapshots serials to: '${APT_SNAPSHOTS_SERIALS}'."
99
    apt-snapshots-serials prepare-build "${APT_SNAPSHOTS_SERIALS}"
100
else
intrigeri's avatar
intrigeri committed
101
    apt-snapshots-serials prepare-build
102
fi
103 104 105 106 107 108 109
# record what APT snapshots this build is going to use, so that one
# can try to reproduce it more reliably
JENKINS_ENV_PROPERTIES=tails-build-env.list
echo "# This file is in Java property file format"   >> "$JENKINS_ENV_PROPERTIES"
echo "# (https://en.wikipedia.org/wiki/.properties)" >> "$JENKINS_ENV_PROPERTIES"
echo "APT_SNAPSHOTS_SERIALS = $(apt-snapshots-serials cat-json tmp/APT_snapshots.d)" \
   >> "$JENKINS_ENV_PROPERTIES"
110

111 112
DEBIAN_MIRROR="$(apt-mirror debian)"
DEBIAN_SECURITY_MIRROR="$(apt-mirror debian-security)"
113 114
TORPROJECT_MIRROR="$(apt-mirror torproject)"

115 116 117
[ -n "$DEBIAN_MIRROR" ]          || fatal "\$DEBIAN_MIRROR is empty"
[ -n "$DEBIAN_SECURITY_MIRROR" ] || fatal "\$DEBIAN_SECURITY_MIRROR is empty"
[ -n "$TORPROJECT_MIRROR" ]      || fatal "\$TORPROJECT_MIRROR is empty"
118

119 120 121
perl -pi \
     -E \
       "s|^(deb(?:-src)?\s+)https?://ftp[.]us[.]debian[.]org/debian/?(\s+)|\$1$DEBIAN_MIRROR\$2| ; \
122
        s|^(deb(?:-src)?\s+)https?://security[.]debian[.]org/debian-security/?(\s+)|\$1$DEBIAN_SECURITY_MIRROR\$2| ; \
123 124
        s|^(deb(?:-src)?\s+)https?://deb[.]torproject[.]org/torproject[.]org/?(\s+)|\$1$TORPROJECT_MIRROR\$2|" \
    config/chroot_sources/*.chroot \
125
    || fatal "APT mirror substitution failed with exit code $?"
126

amnesia's avatar
amnesia committed
127
# set Amnesia's general options
128
$RUN_LB_CONFIG \
129
   --verbose \
130
   --apt-recommends false \
131
   --architecture amd64 \
Tails developers's avatar
Tails developers committed
132
   --backports false \
133
   --binary-images iso \
134
   --binary-indices false \
135 136 137 138
   --cache          false \
   --cache-indices  false \
   --cache-packages false \
   --cache-stages   false \
139
   --checksums none \
amnesia's avatar
amnesia committed
140
   --bootappend-live "${AMNESIA_APPEND}" \
Cyril Brulebois's avatar
Cyril Brulebois committed
141
   --bootstrap debootstrap \
142
   --bootstrap-config buster \
143
   --archive-areas "main contrib non-free" \
144
   --includes none \
145
   --iso-application="The Amnesic Incognito Live System" \
146
   --iso-publisher="https://tails.boum.org/" \
amnesia's avatar
amnesia committed
147
   --iso-volume="TAILS ${AMNESIA_FULL_VERSION}" \
148
   --linux-flavours amd64 \
amnesia's avatar
amnesia committed
149
   --memtest none \
150 151 152 153 154
   --mirror-binary              "$DEBIAN_MIRROR" \
   --mirror-bootstrap           "$DEBIAN_MIRROR" \
   --mirror-chroot              "$DEBIAN_MIRROR" \
   --mirror-binary-security     "$DEBIAN_SECURITY_MIRROR" \
   --mirror-chroot-security     "$DEBIAN_SECURITY_MIRROR" \
155 156
   --packages-lists none \
   --tasks none \
intrigeri's avatar
intrigeri committed
157
   --linux-packages="linux-image-${KERNEL_VERSION}" \
158
   --syslinux-menu vesamenu \
T(A)ILS developers's avatar
T(A)ILS developers committed
159
   --syslinux-splash data/splash.png \
amnesia's avatar
amnesia committed
160
   --syslinux-timeout 4 \
161
   --initramfs=live-boot \
amnesia's avatar
amnesia committed
162 163
   ${@}

164 165 166 167
install -d config/chroot_local-includes/etc/amnesia/

# environment
TAILS_WIKI_SUPPORTED_LANGUAGES="$(ikiwiki-supported-languages ikiwiki.setup)"
168 169
[ -n "$TAILS_WIKI_SUPPORTED_LANGUAGES" ] \
   || fatal "\$TAILS_WIKI_SUPPORTED_LANGUAGES is empty"
170 171 172
echo "TAILS_WIKI_SUPPORTED_LANGUAGES='${TAILS_WIKI_SUPPORTED_LANGUAGES}'" \
   >> config/chroot_local-includes/etc/amnesia/environment

amnesia's avatar
amnesia committed
173
# version
174
echo "${AMNESIA_FULL_VERSION}" > config/chroot_local-includes/etc/amnesia/version
amnesia's avatar
amnesia committed
175
if git rev-list HEAD 2>&1 >/dev/null; then
176 177
   git rev-list HEAD | head -n 1 >> config/chroot_local-includes/etc/amnesia/version
fi
178 179
echo "live-build: `dpkg-query -W -f='${Version}\n' live-build`" \
   >> config/chroot_local-includes/etc/amnesia/version
180 181 182 183
# os-release
cat >> config/chroot_local-includes/etc/os-release <<EOF
TAILS_PRODUCT_NAME="Tails"
TAILS_VERSION_ID="$AMNESIA_VERSION"
184
TAILS_DISTRIBUTION="$TAILS_DISTRIBUTION"
185
EOF
186 187 188
if echo "$AMNESIA_VERSION" | grep -qs -E '~(alpha|beta|rc)[0-9]*$' ; then
    echo 'TAILS_CHANNEL="alpha"' >> config/chroot_local-includes/etc/os-release
fi
189 190

# changelog
191
cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog
192

193
# custom APT sources
194 195
tails-custom-apt-sources > config/chroot_sources/tails.chroot \
   || fatal "tails-custom-apt-sources failed with exit code $?"
Cyril Brulebois's avatar
Cyril Brulebois committed
196

197 198 199 200 201 202 203 204
# tails-transform-mirror-url and its dependencies
install -m 0755 \
   submodules/mirror-pool-dispatcher/bin/tails-transform-mirror-url \
   config/chroot_local-includes/usr/local/bin/
install -m 0755 -d config/chroot_local-includes/usr/local/lib/nodejs
install -m 0755 \
   submodules/mirror-pool-dispatcher/lib/js/mirror-dispatcher.js \
   config/chroot_local-includes/usr/local/lib/nodejs/
205

206 207 208 209 210 211 212 213
# save the original file, shipped by the debootstrap package,
# so we can always apply our debian-common.patch to the original
# version
if ! [ -e /usr/share/debootstrap/scripts/debian-common.bak ]; then
   cp -a /usr/share/debootstrap/scripts/debian-common \
         /usr/share/debootstrap/scripts/debian-common.bak
fi
# customize debootstrap with some APT magic to log downloads
214
patch \
215 216 217 218
    --output=/usr/share/debootstrap/scripts/debian-common \
    /usr/share/debootstrap/scripts/debian-common.bak \
    data/debootstrap/scripts/debian-common.patch
sed -i "s,%%topdir%%,$(pwd)," /usr/share/debootstrap/scripts/debian-common
219 220 221

# Make the python library available in Tails
install -d -m 2777 config/chroot_local-includes/tmp/