summaryrefslogtreecommitdiffstats
path: root/auto/config
blob: 36bba4e251a014a6d85ae53d7f3150a3cf05c38c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
#! /bin/sh
# automatically run by "lb config"

set -e
set -u
set -x

. "$(dirname $0)/scripts/utils.sh"

# we require building from git
if ! git rev-parse --is-inside-work-tree; then
    echo "${PWD} is not a Git tree. Exiting."
    exit 1
fi

. config/amnesia
if [ -e config/amnesia.local ] ; then
   . config/amnesia.local
fi

if [ -n "${SOURCE_DATE_EPOCH}" ]; then
    CURRENT_EPOCH="$(date --utc +%s)"
    if [ "${SOURCE_DATE_EPOCH}" -gt "${CURRENT_EPOCH}" ]; then
        echo "SOURCE_DATE_EPOCH is set before the current time. Exiting."
        exit 1
    fi
else
    echo "SOURCE_DATE_EPOCH is not set. Exiting."
    exit 1
fi

# get git branch or tag so we can set the basename appropriately, i.e.:
# * if we build from a tag: tails-$ARCH-$TAG.iso
# * otherwise:              tails-$ARCH-$BRANCH-$VERSION-$TIME-$COMMIT.iso
GIT_BRANCH="$(git_current_branch)"
if [ -n "${GIT_BRANCH}" ]; then
    CLEAN_GIT_BRANCH=$(echo "$GIT_BRANCH" | sed 's,/,_,g')
    GIT_SHORT_ID="$(git_current_commit --short)"
    BUILD_BASENAME="tails-amd64-${CLEAN_GIT_BRANCH}-${AMNESIA_VERSION}-${AMNESIA_NOW}-${GIT_SHORT_ID}"
else
    if git_on_a_tag; then
        CLEAN_GIT_TAG=$(git_current_tag | tr '/-' '_~')
	BUILD_BASENAME="tails-amd64-${CLEAN_GIT_TAG}"
    else
	# this shouldn't reasonably happen (e.g. only if you checkout a
        # tag, remove the tag and then build)
	fatal "Neither a Git branch nor a tag, exiting."
    fi
fi

GIT_BASE_BRANCH=$(base_branch) \
    || fatal "GIT_BASE_BRANCH could not be guessed."

if [ "${TAILS_MERGE_BASE_BRANCH:-}" = 1 ] && \
       ! git_on_a_tag && [ "$GIT_BRANCH" != "$GIT_BASE_BRANCH" ] ; then
    GIT_BASE_BRANCH_COMMIT=$(git_base_branch_head)
    [ -n "${GIT_BASE_BRANCH_COMMIT}" ] \
        || fatal "Base branch's top commit could not be guessed."

    echo "Merging base branch origin/${GIT_BASE_BRANCH}"
    echo "(at commit ${GIT_BASE_BRANCH_COMMIT})..."
    faketime -f "${SOURCE_DATE_FAKETIME}" \
        git merge --no-edit "origin/${GIT_BASE_BRANCH}" \
	    || fatal "Failed to merge base branch."
    git submodule update --init

    # Adjust BUILD_BASENAME to embed the base branch name and its top commit
    CLEAN_GIT_BASE_BRANCH=$(echo "$GIT_BASE_BRANCH" | sed 's,/,_,g')
    GIT_BASE_BRANCH_SHORT_ID=$(git_base_branch_head --short)
    [ -n "${GIT_BASE_BRANCH_SHORT_ID}" ] \
        || fatal "Base branch's top commit short ID could not be guessed."
    BUILD_BASENAME="${BUILD_BASENAME}+${CLEAN_GIT_BASE_BRANCH}"
    BUILD_BASENAME="${BUILD_BASENAME}@${GIT_BASE_BRANCH_SHORT_ID}"
fi

# save variables that lb build needs
mkdir -p tmp
echo "BUILD_BASENAME='${BUILD_BASENAME}'" > tmp/build_environment

# sanity checks
if grep -qs -E '^Pin:\s+release\s+.*a=' config/chroot_apt/preferences ; then
    echo "Found unsupported a= syntax in config/chroot_apt/preferences,"
    echo "use n= instead. Exiting."
    exit 1
fi
if grep -qs -E '^Pin:\s+release\s+.*o=Debian Backports' \
	config/chroot_apt/preferences ; then
    echo "Found unsupported 'o=Debian Backports' syntax,"
    echo "in config/chroot_apt/preferences. Use o=Debian instead. Exiting."
    exit 1
fi
if [ $(dpkg --print-architecture) != amd64 ] ; then
    echo "Only amd64 build systems are supported"
    exit 1
fi

# init variables
RUN_LB_CONFIG="lb config noauto"

# init config/ with defaults for the target distribution
$RUN_LB_CONFIG --distribution stretch ${@}

# set up everything for time-based snapshots:
apt-snapshots-serials prepare-build

DEBIAN_MIRROR="$(apt-mirror debian)"
DEBIAN_SECURITY_MIRROR="$(apt-mirror debian-security)"
TORPROJECT_MIRROR="$(apt-mirror torproject)"

[ -n "$DEBIAN_MIRROR" ]          || exit 1
[ -n "$DEBIAN_SECURITY_MIRROR" ] || exit 1
[ -n "$TORPROJECT_MIRROR" ]      || exit 1

perl -pi \
     -E \
       "s|^(deb(?:-src)?\s+)https?://ftp[.]us[.]debian[.]org/debian/?(\s+)|\$1$DEBIAN_MIRROR\$2| ; \
        s|^(deb(?:-src)?\s+)https?://deb[.]torproject[.]org/torproject[.]org/?(\s+)|\$1$TORPROJECT_MIRROR\$2|" \
    config/chroot_sources/*.chroot \
    || exit 1

# set Amnesia's general options
$RUN_LB_CONFIG \
   --verbose \
   --apt-recommends false \
   --architecture amd64 \
   --backports false \
   --binary-images iso \
   --binary-indices false \
   --cache          false \
   --cache-indices  false \
   --cache-packages false \
   --cache-stages   false \
   --checksums none \
   --bootappend-live "${AMNESIA_APPEND}" \
   --bootstrap debootstrap \
   --bootstrap-config tails-build-jessie \
   --archive-areas "main contrib non-free" \
   --includes none \
   --iso-application="The Amnesic Incognito Live System" \
   --iso-publisher="https://tails.boum.org/" \
   --iso-volume="TAILS ${AMNESIA_FULL_VERSION}" \
   --linux-flavours amd64 \
   --memtest none \
   --mirror-binary              "$DEBIAN_MIRROR" \
   --mirror-bootstrap           "$DEBIAN_MIRROR" \
   --mirror-chroot              "$DEBIAN_MIRROR" \
   --mirror-binary-security     "$DEBIAN_SECURITY_MIRROR" \
   --mirror-chroot-security     "$DEBIAN_SECURITY_MIRROR" \
   --packages-lists="standard" \
   --tasks="standard" \
   --linux-packages="linux-image-${KERNEL_VERSION}" \
   --syslinux-menu vesamenu \
   --syslinux-splash data/splash.png \
   --syslinux-timeout 4 \
   --initramfs=live-boot \
   ${@}

install -d config/chroot_local-includes/etc/amnesia/

# environment
TAILS_WIKI_SUPPORTED_LANGUAGES="$(ikiwiki-supported-languages ikiwiki.setup)"
[ -n "$TAILS_WIKI_SUPPORTED_LANGUAGES" ] || exit 16
echo "TAILS_WIKI_SUPPORTED_LANGUAGES='${TAILS_WIKI_SUPPORTED_LANGUAGES}'" \
   >> config/chroot_local-includes/etc/amnesia/environment

# version
echo "${AMNESIA_FULL_VERSION}" > config/chroot_local-includes/etc/amnesia/version
if git rev-list HEAD 2>&1 >/dev/null; then
   git rev-list HEAD | head -n 1 >> config/chroot_local-includes/etc/amnesia/version
fi
echo "live-build: `dpkg-query -W -f='${Version}\n' live-build`" \
   >> config/chroot_local-includes/etc/amnesia/version
# os-release
cat >> config/chroot_local-includes/etc/os-release <<EOF
TAILS_PRODUCT_NAME="Tails"
TAILS_VERSION_ID="$AMNESIA_VERSION"
EOF
if echo "$AMNESIA_VERSION" | grep -qs -E '~(alpha|beta|rc)[0-9]*$' ; then
    echo 'TAILS_CHANNEL="alpha"' >> config/chroot_local-includes/etc/os-release
fi

# changelog
cp debian/changelog config/chroot_local-includes/usr/share/doc/amnesia/Changelog

# create readahead-list from squashfs.sort
if [ -e config/binary_rootfs/squashfs.sort ]; then
    mkdir -p config/chroot_local-includes/usr/share/amnesia
    sort -k2 -n -r config/binary_rootfs/squashfs.sort |
        cut -d' ' -f1 > config/chroot_local-includes/usr/share/amnesia/readahead-list
fi

# custom APT sources
tails-custom-apt-sources > config/chroot_sources/tails.chroot

# tails-transform-mirror-url and its dependencies
install -m 0755 \
   submodules/mirror-pool-dispatcher/bin/tails-transform-mirror-url \
   config/chroot_local-includes/usr/local/bin/
install -m 0755 -d config/chroot_local-includes/usr/local/lib/nodejs
install -m 0755 \
   submodules/mirror-pool-dispatcher/lib/js/mirror-dispatcher.js \
   config/chroot_local-includes/usr/local/lib/nodejs/

# custom debootstrap script, setting some APT magic to log downloads:
patch \
    --follow-symlinks \
    --output=/usr/share/debootstrap/scripts/tails-build-jessie \
    /usr/share/debootstrap/scripts/jessie \
    data/debootstrap/scripts/jessie.patch
sed -i "s,%%topdir%%,$(pwd)," /usr/share/debootstrap/scripts/tails-build-jessie