summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Rakefile6
-rwxr-xr-xauto/build12
-rw-r--r--vagrant/Vagrantfile2
-rw-r--r--vagrant/provision/assets/acng.conf3
-rwxr-xr-xvagrant/provision/assets/build-tails75
-rwxr-xr-xvagrant/provision/setup-tails-builder4
6 files changed, 35 insertions, 67 deletions
diff --git a/Rakefile b/Rakefile
index 43b18b2..5938718 100644
--- a/Rakefile
+++ b/Rakefile
@@ -39,6 +39,8 @@ EXTERNAL_HTTP_PROXY = ENV['http_proxy']
# In-VM proxy URL
INTERNAL_HTTP_PROXY = "http://#{VIRTUAL_MACHINE_HOSTNAME}:3142"
+ENV['ARTIFACTS'] ||= '.'
+
class VagrantCommandError < StandardError
end
@@ -225,7 +227,7 @@ end
def list_artifacts
user = vagrant_ssh_config('User')
- stdout = capture_vagrant('ssh', '-c', "find '/home/#{user}/' -maxdepth 1 " +
+ stdout = capture_vagrant('ssh', '-c', "find '/home/#{user}/amnesia/' -maxdepth 1 " +
"-name 'tails-*.iso*'").first
stdout.split("\n")
rescue VagrantCommandError
@@ -316,7 +318,7 @@ task :build => ['parse_build_options', 'ensure_clean_repository', 'ensure_clean_
# compromise libvirt's network config or the user running the
# command to modify the #{hostname} below.
'-o', 'StrictHostKeyChecking=no',
- "#{user}@#{hostname}:#{artifact}", '.'
+ "#{user}@#{hostname}:#{artifact}", "#{ENV['ARTIFACTS']}"
)
)
raise "Failed to fetch artifact '#{artifact}'" unless $?.success?
diff --git a/auto/build b/auto/build
index c496792..cb81836 100755
--- a/auto/build
+++ b/auto/build
@@ -121,11 +121,9 @@ fi
GIT_BASE_BRANCH=$(head -n1 config/base_branch) \
|| fatal "GIT_BASE_BRANCH could not be guessed."
-# Merge base branch into the branch being built, iff. we're building
-# in Jenkins, and not building from a tag, and not building the base
-# branch itself
-if [ -n "$JENKINS_URL" ] && [ -z "$GIT_TAG" ] \
- && [ "$GIT_BRANCH" != "$GIT_BASE_BRANCH" ] ; then
+# Merge base branch into the branch being built, if we're not building from a
+# tag, and not building the base branch itself.
+if [ -z "$GIT_TAG" ] && [ "$GIT_BRANCH" != "$GIT_BASE_BRANCH" ] ; then
GIT_BASE_BRANCH_COMMIT=$(git rev-parse "origin/${GIT_BASE_BRANCH}") \
|| fatal "Base branch's top commit could not be guessed."
@@ -204,14 +202,14 @@ trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
echo "Building $LB_BINARY_IMAGES image ${BUILD_BASENAME}..."
set -o pipefail
-[ -z "$JENKINS_URL" ] || date --utc '+%s' > "$BUILD_START_FILENAME"
+date --utc '+%s' > "$BUILD_START_FILENAME"
time eatmydata lb build noauto ${@}
RET=$?
if [ -e "${BUILD_FILENAME}.${BUILD_FILENAME_EXT}" ]; then
echo "Image was successfully created"
[ "$RET" -eq 0 ] || \
echo "Warning: lb build exited with code $RET"
- [ -z "$JENKINS_URL" ] || date --utc '+%s' > "$BUILD_END_FILENAME"
+ date --utc '+%s' > "$BUILD_END_FILENAME"
if [ "$LB_BINARY_IMAGES" = iso ]; then
ISO_FILE="${BUILD_FILENAME}.${BUILD_FILENAME_EXT}"
print_iso_size "$ISO_FILE"
diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile
index ee74395..a066b46 100644
--- a/vagrant/Vagrantfile
+++ b/vagrant/Vagrantfile
@@ -29,7 +29,7 @@ Vagrant.configure("2") do |config|
sudo http_proxy='#{ENV['http_proxy']}' /vagrant/provision/setup-tails-builder
EOF
config.vm.synced_folder '.', '/vagrant', type: '9p', readonly: true
- config.vm.synced_folder '../.git', '/amnesia.git', type: '9p', readonly: true
+ config.vm.synced_folder '../', '/amnesia.git', type: '9p', readonly: true
config.vm.provider :libvirt do |domain|
domain.default_prefix = config.vm.box
domain.driver = 'kvm'
diff --git a/vagrant/provision/assets/acng.conf b/vagrant/provision/assets/acng.conf
index 3d41fc8..be8ae87 100644
--- a/vagrant/provision/assets/acng.conf
+++ b/vagrant/provision/assets/acng.conf
@@ -8,6 +8,7 @@ Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete,
ReportPage: acng-report.html
ExTreshold: 50
VfilePattern = (^|.*?/)(Index|Packages(\.gz|\.bz2|\.lzma|\.xz)?|InRelease|Release|Release\.gpg|Sources(\.gz|\.bz2|\.lzma|\.xz)?|release|index\.db-.*\.gz|Contents-[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|pkglist[^/]*\.bz2|rclist[^/]*\.bz2|/meta-release[^/]*|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|((setup|setup-legacy)(\.ini|\.bz2|\.hint)(\.sig)?)|mirrors\.lst|repo(index|md)\.xml(\.asc|\.key)?|directory\.yast|products|content(\.asc|\.key)?|media|filelists\.xml\.gz|filelists\.sqlite\.bz2|repomd\.xml|packages\.[a-zA-Z][a-zA-Z]\.gz|info\.txt|license\.tar\.gz|license\.zip|.*\.db(\.tar\.gz)?|.*\.files\.tar\.gz|.*\.abs\.tar\.gz|metalink\?repo|.*prestodelta\.xml\.gz)$|/dists/.*/installer-[^/]+/[^0-9][^/]+/images/.*
-VfilePatternEx = .*/project/trace/[a-z-]+$
+VfilePatternEx = .*(/project/trace/[a-z-]+)|(\.box)$
PfilePattern = .*(\.d?deb|\.rpm|\.dsc|\.tar(\.gz|\.bz2|\.lzma|\.xz)(\.gpg)?|\.diff(\.gz|\.bz2|\.lzma|\.xz)|\.o|\.jigdo|\.template|changelog|copyright|\.udeb|\.debdelta|\.diff/.*\.gz|(Devel)?ReleaseAnnouncement(\?.*)?|[a-f0-9]+-(susedata|updateinfo|primary|deltainfo).xml.gz|fonts/(final/)?[a-z]+32.exe(\?download.*)?|/dists/.*/installer-[^/]+/[0-9][^/]+/images/.*)$
WfilePattern = (^|.*?/)(Release|InRelease|Release\.gpg|(Packages|Sources)(\.gz|\.bz2|\.lzma|\.xz)?|Translation[^/]*(\.gz|\.bz2|\.lzma|\.xz)?|MD5SUMS|SHA1SUMS|.*\.xml|.*\.db\.tar\.gz|.*\.files\.tar\.gz|.*\.abs\.tar\.gz|[a-z]+32.exe)$|/dists/.*/installer-.*/images/.*
+DontCache: dl.amnesia.boum.org/tails/project/vagrant/*.box
diff --git a/vagrant/provision/assets/build-tails b/vagrant/provision/assets/build-tails
index 23da292..4ff955e 100755
--- a/vagrant/provision/assets/build-tails
+++ b/vagrant/provision/assets/build-tails
@@ -3,6 +3,7 @@
# This script is used by both our Vagrant and Jenkins -based build environments.
set -e
+set -x
as_root_do() {
sudo \
@@ -11,15 +12,10 @@ as_root_do() {
${https_proxy:+https_proxy="$https_proxy"} \
${ftp_proxy:+ftp_proxy="$ftp_proxy"} \
${no_proxy:+no_proxy="$no_proxy"} \
- ${JENKINS_URL:+JENKINS_URL="$JENKINS_URL"} \
${MKSQUASHFS_OPTIONS:+MKSQUASHFS_OPTIONS="$MKSQUASHFS_OPTIONS"} \
"$@"
}
-usable_memory() {
- free -b | awk '/cache:/ { print $4 }'
-}
-
cleanup() {
[ -n "$BUILD_DIR" ] || return 0
cd /
@@ -41,47 +37,30 @@ old_build_dirs() {
trap cleanup EXIT
-if [ -n "$JENKINS_URL" ]; then
- if [ -z "$WORKSPACE" ]; then
- echo "WORKSPACE environment variable is not set. Aborting." >&2
- exit 2
- fi
- if [ -z "$GIT_BRANCH" ]; then
- echo "GIT_BRANCH environment variable is not set. Aborting." >&2
- exit 4
- fi
- if [ -z "$GIT_COMMIT" ]; then
- echo "GIT_COMMIT environment variable is not set. Aborting." >&2
- exit 5
- fi
- REV="${GIT_BRANCH##origin/}"
- COMMIT="$GIT_COMMIT"
- ARTIFACTS_DIR="$WORKSPACE/build-artifacts"
+WORKSPACE=/home/vagrant/amnesia
+
+sudo rsync -a --exclude 'vagrant/.vagrant' "/amnesia.git/" "${WORKSPACE}"
+sudo chown -R vagrant:vagrant "${WORKSPACE}"
+
+cd "$WORKSPACE"
+
+COMMIT="$(git rev-parse --verify HEAD)"
+
+if git symbolic-ref HEAD >/dev/null 2>&1; then
+ # We are building from a branch
+ REV="${1:-$(git name-rev --name-only HEAD)}"
else
- # Build triggered by Vagrant
- WORKSPACE=/home/vagrant/amnesia
- ARTIFACTS_DIR=/home/vagrant
- COMMIT="$(git --git-dir=/amnesia.git rev-parse --verify HEAD)"
- if git --git-dir=/amnesia.git symbolic-ref HEAD >/dev/null 2>&1; then
- # We are building from a branch
- REV="${1:-$(git --git-dir=/amnesia.git name-rev --name-only HEAD)}"
- else
- # We are (hopefully) building from a tag
- if ! REV="${1:-$(git --git-dir=/amnesia.git describe --tags --exact-match ${COMMIT})}"; then
- echo "It seems we are building from an untagged detached HEAD. Aborting." >&2
- exit 1
- fi
+ # We are (hopefully) building from a tag
+ if ! REV="${1:-$(git describe --tags --exact-match ${COMMIT})}"; then
+ echo "It seems we are building from an untagged detached HEAD. Aborting." >&2
+ exit 1
fi
- test -d "$WORKSPACE" || git clone /amnesia.git "$WORKSPACE"
- cd "$WORKSPACE"
- git fetch --tags origin
fi
if [ "$TAILS_RAM_BUILD" ]; then
remove_build_dirs
fi
-cd "$WORKSPACE"
git checkout --force "$REV"
git reset --hard "$COMMIT"
git submodule update --init
@@ -91,21 +70,11 @@ if as_root_do systemctl --quiet is-active apt-cacher-ng.service ; then
as_root_do systemctl restart apt-cacher-ng.service
fi
-if [ -n "$JENKINS_URL" ]; then
- git clean --force -d -x
-fi
-
if [ "$TAILS_CLEAN_BUILD" ]; then
as_root_do lb clean --all
git clean -fdx
fi
-install -m 0755 -d "$ARTIFACTS_DIR"
-
-if [ -z "$JENKINS_URL" ]; then
- ./build-website
-fi
-
BUILD_DIR=$(mktemp -d /tmp/tails-build.XXXXXXXX)
if [ "$TAILS_RAM_BUILD" ]; then
as_root_do mount -t tmpfs -o "noatime,size=100%,mode=0770,uid=root,gid=${USER}" tmpfs "${BUILD_DIR}"
@@ -117,12 +86,6 @@ as_root_do lb config --cache false
as_root_do lb build
-if [ -n "$JENKINS_URL" ]; then
- ISO=$(ls *.iso)
- for file in tails-*; do
- sha512sum "$file" >> "$ISO.shasum"
- done
- gpg --batch --detach-sign --armor "$ISO.shasum"
+if [ "$TAILS_RAM_BUILD" ]; then
+ mv -f tails-* "$WORKSPACE/"
fi
-
-mv -f tails-* "$ARTIFACTS_DIR"
diff --git a/vagrant/provision/setup-tails-builder b/vagrant/provision/setup-tails-builder
index 07a17e6..d329174 100755
--- a/vagrant/provision/setup-tails-builder
+++ b/vagrant/provision/setup-tails-builder
@@ -146,3 +146,7 @@ if grep -q "^AcceptEnv" /etc/ssh/sshd_config; then
sed -i 's/^AcceptEnv/#AcceptEnv/' /etc/ssh/sshd_config
systemctl reload ssh.service
fi
+
+# Necessary so that vagrant can merge the base branch
+git config --global user.name vagrant
+git config --global user.email vagrant@tailsbuilder