config 7.7 KB
Newer Older
amnesia's avatar
amnesia committed
1
#! /bin/sh
2
# automatically run by "lb config"
amnesia's avatar
amnesia committed
3

4
5
set -e
set -u
6
7
set -x

intrigeri's avatar
intrigeri committed
8
. "$(dirname "$0")/scripts/utils.sh"
9

10
11
12
. config/amnesia
if [ -e config/amnesia.local ] ; then
   . config/amnesia.local
amnesia's avatar
amnesia committed
13
fi
14

15
16
17
if [ -n "${SOURCE_DATE_EPOCH}" ]; then
    CURRENT_EPOCH="$(date --utc +%s)"
    if [ "${SOURCE_DATE_EPOCH}" -gt "${CURRENT_EPOCH}" ]; then
18
        fatal "SOURCE_DATE_EPOCH is set before the current time. Exiting."
19
    fi
anonym's avatar
anonym committed
20
else
21
    fatal "SOURCE_DATE_EPOCH is not set. Exiting."
22
23
fi

24
# get git branch or tag so we can set the basename appropriately.
25
26
27
GIT_BRANCH="$(git_current_branch)"
if [ -n "${GIT_BRANCH}" ]; then
    CLEAN_GIT_BRANCH=$(echo "$GIT_BRANCH" | sed 's,/,_,g')
28
29
30
31
32
    if [ -n "${FEATURE_BRANCH_GIT_COMMIT:-}" ]; then
        GIT_SHORT_ID="$(git rev-parse --short ${FEATURE_BRANCH_GIT_COMMIT})"
    else
        GIT_SHORT_ID="$(git_current_commit --short)"
    fi
33
34
35
    BASE_BRANCH_PART=''
    if [ "${GIT_BRANCH}" != "$(base_branch)" ]; then
        CLEAN_GIT_BASE_BRANCH=$(base_branch | sed 's,/,_,g')
intrigeri's avatar
intrigeri committed
36
        GIT_BASE_BRANCH_SHORT_ID="$(git rev-parse --verify --short "$(git_base_branch_head)")"
37
38
        BASE_BRANCH_PART="+${CLEAN_GIT_BASE_BRANCH}@${GIT_BASE_BRANCH_SHORT_ID}"
    fi
39
    BUILD_BASENAME="tails-amd64-${CLEAN_GIT_BRANCH}@${GIT_SHORT_ID}${BASE_BRANCH_PART}-${AMNESIA_NOW}"
40
41
42
else
    if git_on_a_tag; then
        CLEAN_GIT_TAG=$(git_current_tag | tr '/-' '_~')
43
	BUILD_BASENAME="tails-amd64-${CLEAN_GIT_TAG}"
44
45
46
47
48
49
50
51
    else
	# this shouldn't reasonably happen (e.g. only if you checkout a
        # tag, remove the tag and then build)
	fatal "Neither a Git branch nor a tag, exiting."
    fi
fi

# save variables that lb build needs
52
53
mkdir -p tmp
echo "BUILD_BASENAME='${BUILD_BASENAME}'" > tmp/build_environment
amnesia's avatar
amnesia committed
54

55
56
# sanity checks
if grep -qs -E '^Pin:\s+release\s+.*a=' config/chroot_apt/preferences ; then
57
58
    fatal "Found unsupported a= syntax in config/chroot_apt/preferences," \
          "use n= instead. Exiting."
59
fi
60
61
if grep -qs -E '^Pin:\s+release\s+.*o=Debian Backports' \
	config/chroot_apt/preferences ; then
62
63
    fatal "Found unsupported 'o=Debian Backports' syntax," \
          "in config/chroot_apt/preferences. Use o=Debian instead. Exiting."
64
fi
intrigeri's avatar
intrigeri committed
65
if [ "$(dpkg --print-architecture)" != amd64 ] ; then
66
    fatal "Only amd64 build systems are supported"
67
fi
68

69
70
71
72
73

# space-separated list of additional packages debootstrap installs
#  - gnupg: needed by apt-key, not installed by default anymore on Buster
export LB_BOOTSTRAP_INCLUDE="gnupg"

74
# init variables
75
RUN_LB_CONFIG="lb config noauto"
amnesia's avatar
amnesia committed
76

77
# init config/ with defaults for the target distribution
78
$RUN_LB_CONFIG --distribution buster "${@}"
amnesia's avatar
amnesia committed
79

80
# set up everything for time-based snapshots:
81
if [ -n "${APT_SNAPSHOTS_SERIALS:-}" ]; then
82
    echo "I: Fixing 'latest' APT snapshots serials to: '${APT_SNAPSHOTS_SERIALS}'."
83
    apt-snapshots-serials prepare-build "${APT_SNAPSHOTS_SERIALS}"
84
else
intrigeri's avatar
intrigeri committed
85
    apt-snapshots-serials prepare-build
86
fi
87
88
89
# record what APT snapshots this build is going to use, so that one
# can try to reproduce it more reliably
JENKINS_ENV_PROPERTIES=tails-build-env.list
intrigeri's avatar
intrigeri committed
90
91
92
93
94
{
    echo "# This file is in Java property file format"
    echo "# (https://en.wikipedia.org/wiki/.properties)"
    echo "APT_SNAPSHOTS_SERIALS = $(apt-snapshots-serials cat-json tmp/APT_snapshots.d)"
} >> "$JENKINS_ENV_PROPERTIES"
95

96
97
DEBIAN_MIRROR="$(apt-mirror debian)"
DEBIAN_SECURITY_MIRROR="$(apt-mirror debian-security)"
98
99
TORPROJECT_MIRROR="$(apt-mirror torproject)"

100
101
102
[ -n "$DEBIAN_MIRROR" ]          || fatal "\$DEBIAN_MIRROR is empty"
[ -n "$DEBIAN_SECURITY_MIRROR" ] || fatal "\$DEBIAN_SECURITY_MIRROR is empty"
[ -n "$TORPROJECT_MIRROR" ]      || fatal "\$TORPROJECT_MIRROR is empty"
103

104
105
106
perl -pi \
     -E \
       "s|^(deb(?:-src)?\s+)https?://ftp[.]us[.]debian[.]org/debian/?(\s+)|\$1$DEBIAN_MIRROR\$2| ; \
107
        s|^(deb(?:-src)?\s+)https?://security[.]debian[.]org/debian-security/?(\s+)|\$1$DEBIAN_SECURITY_MIRROR\$2| ; \
108
109
        s|^(deb(?:-src)?\s+)https?://deb[.]torproject[.]org/torproject[.]org/?(\s+)|\$1$TORPROJECT_MIRROR\$2|" \
    config/chroot_sources/*.chroot \
110
    || fatal "APT mirror substitution failed with exit code $?"
111

amnesia's avatar
amnesia committed
112
# set Amnesia's general options
113
$RUN_LB_CONFIG \
114
   --verbose \
115
   --apt-recommends false \
116
   --architecture amd64 \
Tails developers's avatar
Tails developers committed
117
   --backports false \
118
   --binary-images iso \
119
   --binary-indices false \
120
121
122
123
   --cache          false \
   --cache-indices  false \
   --cache-packages false \
   --cache-stages   false \
124
   --checksums none \
amnesia's avatar
amnesia committed
125
   --bootappend-live "${AMNESIA_APPEND}" \
Cyril Brulebois's avatar
Cyril Brulebois committed
126
   --bootstrap debootstrap \
127
   --bootstrap-config buster \
128
   --archive-areas "main contrib non-free" \
129
   --includes none \
130
   --iso-application="The Amnesic Incognito Live System" \
131
   --iso-publisher="https://tails.boum.org/" \
amnesia's avatar
amnesia committed
132
   --iso-volume="TAILS ${AMNESIA_FULL_VERSION}" \
133
   --linux-flavours amd64 \
amnesia's avatar
amnesia committed
134
   --memtest none \
135
136
137
138
139
   --mirror-binary              "$DEBIAN_MIRROR" \
   --mirror-bootstrap           "$DEBIAN_MIRROR" \
   --mirror-chroot              "$DEBIAN_MIRROR" \
   --mirror-binary-security     "$DEBIAN_SECURITY_MIRROR" \
   --mirror-chroot-security     "$DEBIAN_SECURITY_MIRROR" \
140
141
   --packages-lists none \
   --tasks none \
intrigeri's avatar
intrigeri committed
142
   --linux-packages="linux-image-${KERNEL_VERSION}" \
143
   --syslinux-menu vesamenu \
T(A)ILS developers's avatar
T(A)ILS developers committed
144
   --syslinux-splash data/splash.png \
amnesia's avatar
amnesia committed
145
   --syslinux-timeout 4 \
146
   --initramfs=live-boot \
147
   "${@}"
amnesia's avatar
amnesia committed
148

149
150
151
152
install -d config/chroot_local-includes/etc/amnesia/

# environment
TAILS_WIKI_SUPPORTED_LANGUAGES="$(ikiwiki-supported-languages ikiwiki.setup)"
153
154
[ -n "$TAILS_WIKI_SUPPORTED_LANGUAGES" ] \
   || fatal "\$TAILS_WIKI_SUPPORTED_LANGUAGES is empty"
155
156
157
echo "TAILS_WIKI_SUPPORTED_LANGUAGES='${TAILS_WIKI_SUPPORTED_LANGUAGES}'" \
   >> config/chroot_local-includes/etc/amnesia/environment

amnesia's avatar
amnesia committed
158
# version
159
echo "${AMNESIA_FULL_VERSION}" > config/chroot_local-includes/etc/amnesia/version
160
if git rev-list HEAD >/dev/null 2>&1; then
161
162
   git rev-list HEAD | head -n 1 >> config/chroot_local-includes/etc/amnesia/version
fi
intrigeri's avatar
intrigeri committed
163
echo "live-build: $(dpkg-query -W -f='${Version}\n' live-build)" \
164
   >> config/chroot_local-includes/etc/amnesia/version
165
166
167
168
# os-release
cat >> config/chroot_local-includes/etc/os-release <<EOF
TAILS_PRODUCT_NAME="Tails"
TAILS_VERSION_ID="$AMNESIA_VERSION"
169
TAILS_DISTRIBUTION="$TAILS_DISTRIBUTION"
170
EOF
171
172
# If you update the following regexp, also update it in
# config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/UpgradeDescriptionFile/Generate.pm
173
174
175
if echo "$AMNESIA_VERSION" | grep -qs -E '~(alpha|beta|rc)[0-9]*$' ; then
    echo 'TAILS_CHANNEL="alpha"' >> config/chroot_local-includes/etc/os-release
fi
176
177

# changelog
178
cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog
179

180
# custom APT sources
181
182
tails-custom-apt-sources > config/chroot_sources/tails.chroot \
   || fatal "tails-custom-apt-sources failed with exit code $?"
Cyril Brulebois's avatar
Cyril Brulebois committed
183

184
185
186
187
188
189
190
191
# tails-transform-mirror-url and its dependencies
install -m 0755 \
   submodules/mirror-pool-dispatcher/bin/tails-transform-mirror-url \
   config/chroot_local-includes/usr/local/bin/
install -m 0755 -d config/chroot_local-includes/usr/local/lib/nodejs
install -m 0755 \
   submodules/mirror-pool-dispatcher/lib/js/mirror-dispatcher.js \
   config/chroot_local-includes/usr/local/lib/nodejs/
192

193
194
195
196
197
198
199
200
# save the original file, shipped by the debootstrap package,
# so we can always apply our debian-common.patch to the original
# version
if ! [ -e /usr/share/debootstrap/scripts/debian-common.bak ]; then
   cp -a /usr/share/debootstrap/scripts/debian-common \
         /usr/share/debootstrap/scripts/debian-common.bak
fi
# customize debootstrap with some APT magic to log downloads
201
patch \
202
203
204
205
    --output=/usr/share/debootstrap/scripts/debian-common \
    /usr/share/debootstrap/scripts/debian-common.bak \
    data/debootstrap/scripts/debian-common.patch
sed -i "s,%%topdir%%,$(pwd)," /usr/share/debootstrap/scripts/debian-common
206
207
208

# Make the python library available in Tails
install -d -m 2777 config/chroot_local-includes/tmp/