auto/config

   1 #! /bin/sh
   2 # automatically run by "lb config"
   3
   4 set -e
   5 set -u
   6 set -x
   7
   8 . "$(dirname $0)/scripts/utils.sh"
   9
  10 . config/amnesia
  11 if [ -e config/amnesia.local ] ; then
  12    . config/amnesia.local
  13 fi
  14
  15 if [ -n "${SOURCE_DATE_EPOCH}" ]; then
  16     CURRENT_EPOCH="$(date --utc +%s)"
  17     if [ "${SOURCE_DATE_EPOCH}" -gt "${CURRENT_EPOCH}" ]; then
  18         fatal "SOURCE_DATE_EPOCH is set before the current time. Exiting."
  19     fi
  20 else
  21     fatal "SOURCE_DATE_EPOCH is not set. Exiting."
  22 fi
  23
  24 # get git branch or tag so we can set the basename appropriately, i.e.:
  25 # * if we build from a tag: tails-$ARCH-$TAG.iso
  26 # * otherwise:              tails-$ARCH-$BRANCH-$VERSION-$TIME-$COMMIT.iso
  27 GIT_BRANCH="$(git_current_branch)"
  28 if [ -n "${GIT_BRANCH}" ]; then
  29     CLEAN_GIT_BRANCH=$(echo "$GIT_BRANCH" | sed 's,/,_,g')
  30     GIT_SHORT_ID="$(git_current_commit --short)"
  31     BUILD_BASENAME="tails-amd64-${CLEAN_GIT_BRANCH}-${AMNESIA_VERSION}-${AMNESIA_NOW}-${GIT_SHORT_ID}"
  32 else
  33     if git_on_a_tag; then
  34         CLEAN_GIT_TAG=$(git_current_tag | tr '/-' '_~')
  35         BUILD_BASENAME="tails-amd64-${CLEAN_GIT_TAG}"
  36     else
  37         # this shouldn't reasonably happen (e.g. only if you checkout a
  38         # tag, remove the tag and then build)
  39         fatal "Neither a Git branch nor a tag, exiting."
  40     fi
  41 fi
  42
  43 GIT_BASE_BRANCH=$(base_branch) \
  44     || fatal "GIT_BASE_BRANCH could not be guessed."
  45
  46 if [ "${TAILS_MERGE_BASE_BRANCH:-}" = 1 ] && \
  47        ! git_on_a_tag && [ "$GIT_BRANCH" != "$GIT_BASE_BRANCH" ] ; then
  48     [ -n "${BASE_BRANCH_GIT_COMMIT}" ] \
  49         || fatal "Base branch's top commit is not set."
  50
  51     echo "I: Merging base branch ${GIT_BASE_BRANCH}" \
  52          "(at commit ${BASE_BRANCH_GIT_COMMIT})..."
  53     faketime -f "${SOURCE_DATE_FAKETIME}" \
  54         git merge --no-edit "${BASE_BRANCH_GIT_COMMIT}" \
  55             || fatal "Failed to merge base branch."
  56     git submodule update --init
  57
  58     # Adjust BUILD_BASENAME to embed the base branch name and its top commit
  59     CLEAN_GIT_BASE_BRANCH=$(echo "$GIT_BASE_BRANCH" | sed 's,/,_,g')
  60     GIT_BASE_BRANCH_SHORT_ID=$(git rev-parse --verify --short "${BASE_BRANCH_GIT_COMMIT}")
  61     [ -n "${GIT_BASE_BRANCH_SHORT_ID}" ] \
  62         || fatal "Base branch's top commit short ID could not be guessed."
  63     BUILD_BASENAME="${BUILD_BASENAME}+${CLEAN_GIT_BASE_BRANCH}"
  64     BUILD_BASENAME="${BUILD_BASENAME}@${GIT_BASE_BRANCH_SHORT_ID}"
  65 fi
  66
  67 # save variables that lb build needs
  68 mkdir -p tmp
  69 echo "BUILD_BASENAME='${BUILD_BASENAME}'" > tmp/build_environment
  70
  71 # sanity checks
  72 if grep -qs -E '^Pin:\s+release\s+.*a=' config/chroot_apt/preferences ; then
  73     fatal "Found unsupported a= syntax in config/chroot_apt/preferences," \
  74           "use n= instead. Exiting."
  75 fi
  76 if grep -qs -E '^Pin:\s+release\s+.*o=Debian Backports' \
  77         config/chroot_apt/preferences ; then
  78     fatal "Found unsupported 'o=Debian Backports' syntax," \
  79           "in config/chroot_apt/preferences. Use o=Debian instead. Exiting."
  80 fi
  81 if [ $(dpkg --print-architecture) != amd64 ] ; then
  82     fatal "Only amd64 build systems are supported"
  83 fi
  84
  85
  86 # space-separated list of additional packages debootstrap installs
  87 #  - gnupg: needed by apt-key, not installed by default anymore on Buster
  88 export LB_BOOTSTRAP_INCLUDE="gnupg"
  89
  90 # init variables
  91 RUN_LB_CONFIG="lb config noauto"
  92
  93 # init config/ with defaults for the target distribution
  94 $RUN_LB_CONFIG --distribution buster "${@}"
  95
  96 # set up everything for time-based snapshots:
  97 if [ -n "${APT_SNAPSHOTS_SERIALS:-}" ]; then
  98     echo "I: Fixing 'latest' APT snapshots serials to: '${APT_SNAPSHOTS_SERIALS}'."
  99     apt-snapshots-serials prepare-build "${APT_SNAPSHOTS_SERIALS}"
 100 else
 101     apt-snapshots-serials prepare-build
 102 fi
 103 # record what APT snapshots this build is going to use, so that one
 104 # can try to reproduce it more reliably
 105 JENKINS_ENV_PROPERTIES=tails-build-env.list
 106 echo "# This file is in Java property file format"   >> "$JENKINS_ENV_PROPERTIES"
 107 echo "# (https://en.wikipedia.org/wiki/.properties)" >> "$JENKINS_ENV_PROPERTIES"
 108 echo "APT_SNAPSHOTS_SERIALS = $(apt-snapshots-serials cat-json tmp/APT_snapshots.d)" \
 109    >> "$JENKINS_ENV_PROPERTIES"
 110
 111 DEBIAN_MIRROR="$(apt-mirror debian)"
 112 DEBIAN_SECURITY_MIRROR="$(apt-mirror debian-security)"
 113 TORPROJECT_MIRROR="$(apt-mirror torproject)"
 114
 115 [ -n "$DEBIAN_MIRROR" ]          || fatal "\$DEBIAN_MIRROR is empty"
 116 [ -n "$DEBIAN_SECURITY_MIRROR" ] || fatal "\$DEBIAN_SECURITY_MIRROR is empty"
 117 [ -n "$TORPROJECT_MIRROR" ]      || fatal "\$TORPROJECT_MIRROR is empty"
 118
 119 perl -pi \
 120      -E \
 121        "s|^(deb(?:-src)?\s+)https?://ftp[.]us[.]debian[.]org/debian/?(\s+)|\$1$DEBIAN_MIRROR\$2| ; \
 122         s|^(deb(?:-src)?\s+)https?://security[.]debian[.]org/debian-security/?(\s+)|\$1$DEBIAN_SECURITY_MIRROR\$2| ; \
 123         s|^(deb(?:-src)?\s+)https?://deb[.]torproject[.]org/torproject[.]org/?(\s+)|\$1$TORPROJECT_MIRROR\$2|" \
 124     config/chroot_sources/*.chroot \
 125     || fatal "APT mirror substitution failed with exit code $?"
 126
 127 # set Amnesia's general options
 128 $RUN_LB_CONFIG \
 129    --verbose \
 130    --apt-recommends false \
 131    --architecture amd64 \
 132    --backports false \
 133    --binary-images iso \
 134    --binary-indices false \
 135    --cache          false \
 136    --cache-indices  false \
 137    --cache-packages false \
 138    --cache-stages   false \
 139    --checksums none \
 140    --bootappend-live "${AMNESIA_APPEND}" \
 141    --bootstrap debootstrap \
 142    --bootstrap-config buster \
 143    --archive-areas "main contrib non-free" \
 144    --includes none \
 145    --iso-application="The Amnesic Incognito Live System" \
 146    --iso-publisher="https://tails.boum.org/" \
 147    --iso-volume="TAILS ${AMNESIA_FULL_VERSION}" \
 148    --linux-flavours amd64 \
 149    --memtest none \
 150    --mirror-binary              "$DEBIAN_MIRROR" \
 151    --mirror-bootstrap           "$DEBIAN_MIRROR" \
 152    --mirror-chroot              "$DEBIAN_MIRROR" \
 153    --mirror-binary-security     "$DEBIAN_SECURITY_MIRROR" \
 154    --mirror-chroot-security     "$DEBIAN_SECURITY_MIRROR" \
 155    --packages-lists none \
 156    --tasks none \
 157    --linux-packages="linux-image-${KERNEL_VERSION}" \
 158    --syslinux-menu vesamenu \
 159    --syslinux-splash data/splash.png \
 160    --syslinux-timeout 4 \
 161    --initramfs=live-boot \
 162    "${@}"
 163
 164 install -d config/chroot_local-includes/etc/amnesia/
 165
 166 # environment
 167 TAILS_WIKI_SUPPORTED_LANGUAGES="$(ikiwiki-supported-languages ikiwiki.setup)"
 168 [ -n "$TAILS_WIKI_SUPPORTED_LANGUAGES" ] \
 169    || fatal "\$TAILS_WIKI_SUPPORTED_LANGUAGES is empty"
 170 echo "TAILS_WIKI_SUPPORTED_LANGUAGES='${TAILS_WIKI_SUPPORTED_LANGUAGES}'" \
 171    >> config/chroot_local-includes/etc/amnesia/environment
 172
 173 # version
 174 echo "${AMNESIA_FULL_VERSION}" > config/chroot_local-includes/etc/amnesia/version
 175 if git rev-list HEAD 2>&1 >/dev/null; then
 176    git rev-list HEAD | head -n 1 >> config/chroot_local-includes/etc/amnesia/version
 177 fi
 178 echo "live-build: `dpkg-query -W -f='${Version}\n' live-build`" \
 179    >> config/chroot_local-includes/etc/amnesia/version
 180 # os-release
 181 cat >> config/chroot_local-includes/etc/os-release <<EOF
 182 TAILS_PRODUCT_NAME="Tails"
 183 TAILS_VERSION_ID="$AMNESIA_VERSION"
 184 TAILS_DISTRIBUTION="$TAILS_DISTRIBUTION"
 185 EOF
 186 # If you update the following regexp, also update it in
 187 # config/chroot_local-includes/usr/src/iuk/lib/Tails/IUK/UpgradeDescriptionFile/Generate.pm
 188 if echo "$AMNESIA_VERSION" | grep -qs -E '~(alpha|beta|rc)[0-9]*$' ; then
 189     echo 'TAILS_CHANNEL="alpha"' >> config/chroot_local-includes/etc/os-release
 190 fi
 191
 192 # changelog
 193 cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog
 194
 195 # custom APT sources
 196 tails-custom-apt-sources > config/chroot_sources/tails.chroot \
 197    || fatal "tails-custom-apt-sources failed with exit code $?"
 198
 199 # tails-transform-mirror-url and its dependencies
 200 install -m 0755 \
 201    submodules/mirror-pool-dispatcher/bin/tails-transform-mirror-url \
 202    config/chroot_local-includes/usr/local/bin/
 203 install -m 0755 -d config/chroot_local-includes/usr/local/lib/nodejs
 204 install -m 0755 \
 205    submodules/mirror-pool-dispatcher/lib/js/mirror-dispatcher.js \
 206    config/chroot_local-includes/usr/local/lib/nodejs/
 207
 208 # save the original file, shipped by the debootstrap package,
 209 # so we can always apply our debian-common.patch to the original
 210 # version
 211 if ! [ -e /usr/share/debootstrap/scripts/debian-common.bak ]; then
 212    cp -a /usr/share/debootstrap/scripts/debian-common \
 213          /usr/share/debootstrap/scripts/debian-common.bak
 214 fi
 215 # customize debootstrap with some APT magic to log downloads
 216 patch \
 217     --output=/usr/share/debootstrap/scripts/debian-common \
 218     /usr/share/debootstrap/scripts/debian-common.bak \
 219     data/debootstrap/scripts/debian-common.patch
 220 sed -i "s,%%topdir%%,$(pwd)," /usr/share/debootstrap/scripts/debian-common
 221
 222 # Make the python library available in Tails
 223 install -d -m 2777 config/chroot_local-includes/tmp/