summaryrefslogtreecommitdiffstats
path: root/auto/build
blob: 6c9b2f17bfe3fea8aa39358b9559f164448cf716 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
#!/bin/bash

set -x

. "$(dirname $0)/scripts/utils.sh"

# get $BUILD_BASENAME
. tmp/build_environment

umask 022

### functions

syslinux_utils_upstream_version () {
   dpkg-query -W -f='${Version}\n' syslinux-utils | \
       # drop epoch
       sed -e 's,.*:,,' | \
       # drop +dfsg and everything that follows
       sed -e 's,\+dfsg.*,,'
}

print_iso_size () {
   local isofile="$1"
   [ -f "$isofile" ] || return 23
   size=$(stat --printf='%s' "$isofile")
   echo "The ISO is ${size} bytes large."
}

### Main

# we require building from git
git rev-parse --is-inside-work-tree &> /dev/null \
   || fatal "${PWD} is not a Git tree."

. config/amnesia
if [ -e config/amnesia.local ] ; then
   . config/amnesia.local
fi

# a clean starting point
rm -rf cache/stages_rootfs

# get LB_BINARY_IMAGES
. config/binary

# get LB_ARCHITECTURE and LB_DISTRIBUTION
. config/bootstrap

# save variables that are needed by chroot_local-hooks
echo "KERNEL_VERSION=${KERNEL_VERSION}" \
   >> config/chroot_local-includes/usr/share/amnesia/build/variables
echo "KERNEL_SOURCE_VERSION=${KERNEL_SOURCE_VERSION}" \
   >> config/chroot_local-includes/usr/share/amnesia/build/variables
echo "LB_DISTRIBUTION=${LB_DISTRIBUTION}" >> config/chroot_local-includes/usr/share/amnesia/build/variables
echo "POTFILES_DOT_IN='$(
         /bin/grep -E --no-filename '[^ #]*\.in$' po/POTFILES.in \
       | sed -e 's,^config/chroot_local-includes,,' | tr "\n" ' '
   )'" \
   >> config/chroot_local-includes/usr/share/amnesia/build/variables

# fix permissions on some source files that will be copied as is to the chroot.
# they may be wrong, e.g. if the Git repository was cloned with a strict umask.
chown    0:0   config/chroot_local-includes/etc/resolv.conf
chmod -R go+rX config/binary_local-includes/
chmod -R go+rX config/chroot_local-includes/etc
chmod    0440  config/chroot_local-includes/etc/sudoers.d/*
chmod    go+rX config/chroot_local-includes/home
chmod    go+rX config/chroot_local-includes/lib
chmod    go+rX config/chroot_local-includes/lib/live
chmod -R go+rx config/chroot_local-includes/lib/live/config
chmod    go+rX config/chroot_local-includes/lib/live/mount
chmod -R go+rX config/chroot_local-includes/lib/systemd
chmod    go+rX config/chroot_local-includes/live
chmod -R go+rX config/chroot_local-includes/usr
chmod -R go+rx config/chroot_local-includes/usr/local/bin
chmod -R go+rx config/chroot_local-includes/usr/local/sbin
chmod -R go+rX config/chroot_local-includes/usr/share/doc/tails
chmod -R go+rX config/chroot_local-includes/var
chmod -R go+rX config/chroot_apt
chmod -R go+rX config/chroot_sources

# normalize file timestamps
find config/binary_local-includes config/chroot_local-includes \
     -exec touch --date="@$SOURCE_DATE_EPOCH" '{}' \;

# build the image

# we need /debootstrap/deburis to build a manifest of used packages:
DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --keep-debootstrap-dir"

# we're not ready for merged-/usr yet: Debian#843461, Tails#11903
DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --no-merged-usr"

# use our own APT repository's key:
DEBOOTSTRAP_GNUPG_HOMEDIR=$(mktemp -d)
gpg --homedir "$DEBOOTSTRAP_GNUPG_HOMEDIR" \
    --import config/chroot_sources/tails.chroot.gpg
if [ -e "$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.gpg" ]; then
    DEBOOTSTRAP_GNUPG_KEYRING="$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.gpg"
elif [ -e "$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.kbx" ]; then
    DEBOOTSTRAP_GNUPG_KEYRING="$DEBOOTSTRAP_GNUPG_HOMEDIR/pubring.kbx"
else
   fatal "No debootstrap GnuPG keyring was created."
fi
DEBOOTSTRAP_OPTIONS="$DEBOOTSTRAP_OPTIONS --keyring=$DEBOOTSTRAP_GNUPG_KEYRING"

export DEBOOTSTRAP_OPTIONS

: ${MKSQUASHFS_OPTIONS:='-comp xz -Xbcj x86 -b 1024K -Xdict-size 1024K -no-exports'}
MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -wildcards -ef chroot/usr/share/amnesia/build/mksquashfs-excludes"
export MKSQUASHFS_OPTIONS

# build the doc wiki
./build-website

# refresh translations of our programs
./refresh-translations || fatal "refresh-translations failed ($?)."

case "$LB_BINARY_IMAGES" in
   iso)
      BUILD_FILENAME_EXT=iso
      BUILD_FILENAME=binary
      which isohybrid >/dev/null || fatal 'Cannot find isohybrid in $PATH'
      installed_syslinux_utils_upstream_version="$(syslinux_utils_upstream_version)"
      if dpkg --compare-versions \
	   "$installed_syslinux_utils_upstream_version" \
	   'lt' \
	   "$REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION" ; then
	  fatal \
	      "syslinux-utils '${installed_syslinux_utils_upstream_version}' is installed, " \
	      "while we need at least '${REQUIRED_SYSLINUX_UTILS_UPSTREAM_VERSION}'."
      fi
      ;;
   iso-hybrid)
      BUILD_FILENAME_EXT=iso
      BUILD_FILENAME=binary-hybrid
      ;;
   tar)
      BUILD_FILENAME_EXT=tar.gz
      BUILD_FILENAME=binary-tar
      ;;
   usb-hdd)
      BUILD_FILENAME_EXT=img
      BUILD_FILENAME=binary
      ;;
   *)
      fatal "Image type ${LB_BINARY_IMAGES} is not supported."
      ;;
esac
BUILD_DEST_FILENAME="${BUILD_BASENAME}.${BUILD_FILENAME_EXT}"
BUILD_MANIFEST="${BUILD_DEST_FILENAME}.build-manifest"
BUILD_APT_SOURCES="${BUILD_DEST_FILENAME}.apt-sources"
BUILD_PACKAGES="${BUILD_DEST_FILENAME}.packages"
BUILD_LOG="${BUILD_DEST_FILENAME}.buildlog"

# Clone all output, from this point on, to the log file
exec >  >(tee -a "$BUILD_LOG")
trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM
exec 2> >(tee -a "$BUILD_LOG" >&2)
trap "kill -9 $! 2>/dev/null" EXIT HUP INT QUIT TERM

(
   echo "Mirrors:"
   apt-mirror debian
   apt-mirror debian-security
   apt-mirror torproject
   echo "Additional sources:"
   cat config/chroot_sources/*.chroot
) > "$BUILD_APT_SOURCES"

echo "Building $LB_BINARY_IMAGES image ${BUILD_BASENAME}..."
set -o pipefail
time lb build noauto ${@}
RET=$?
if [ -e "${BUILD_FILENAME}.${BUILD_FILENAME_EXT}" ]; then
   echo "Image was successfully created"
   [ "$RET" -eq 0 ] || \
       echo "Warning: lb build exited with code $RET"
   if [ "$LB_BINARY_IMAGES" = iso ]; then
       ISO_FILE="${BUILD_FILENAME}.${BUILD_FILENAME_EXT}"
       print_iso_size "$ISO_FILE"
       echo "Hybriding it..."
       isohybrid $AMNESIA_ISOHYBRID_OPTS "$ISO_FILE" || fatal "isohybrid failed"
       print_iso_size "$ISO_FILE"
       truncate -s %2048 "$ISO_FILE"
       print_iso_size "$ISO_FILE"
   fi
   echo "Renaming generated files..."
   mv -i "${BUILD_FILENAME}.${BUILD_FILENAME_EXT}" "${BUILD_DEST_FILENAME}"
   mv -i binary.packages "${BUILD_PACKAGES}"
   generate-build-manifest chroot/debootstrap "${BUILD_MANIFEST}"
else
   fatal "lb build failed ($?)."
fi