summaryrefslogtreecommitdiffstats
path: root/vagrant/provision/assets/build-tails
blob: 050416e3475f9915ee400c02b0341aa61ac84e65 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/bin/sh

set -e
set -x

if [ -n "${TAILS_PROXY:-}" ]; then
	export http_proxy="${TAILS_PROXY}"
fi

as_root_do() {
	sudo \
		${RSYNC_PROXY:+RSYNC_PROXY="${RSYNC_PROXY}"} \
		${http_proxy:+http_proxy="${http_proxy}"} \
		${https_proxy:+https_proxy="${https_proxy}"} \
		${ftp_proxy:+ftp_proxy="${ftp_proxy}"} \
		${no_proxy:+no_proxy="${no_proxy}"} \
		${MKSQUASHFS_OPTIONS:+MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS}"} \
                ${TAILS_MERGE_BASE_BRANCH:+TAILS_MERGE_BASE_BRANCH="${TAILS_MERGE_BASE_BRANCH}"} \
		${GIT_COMMIT:+GIT_COMMIT="${GIT_COMMIT}"} \
		${GIT_REF:+GIT_REF="${GIT_REF}"} \
		${BASE_BRANCH_GIT_COMMIT:+BASE_BRANCH_GIT_COMMIT="${BASE_BRANCH_GIT_COMMIT}"} \
		"${@}"
}

cleanup() {
	[ -n "${BUILD_DIR}" ] || return 0
	cd /
	remove_build_dirs
	sudo rm -rf "${BUILD_DIR}"
}

remove_build_dirs() {
	for mountpoint in $(old_build_dirs | tac) ; do
		tries=0
		sudo lsof | grep --fixed-strings "${mountpoint}" || true
		while ! sudo umount -f --verbose "${mountpoint}" && [ $tries -lt 12 ]; do
			sudo fuser --ismountpoint --mount "${mountpoint}" --kill || true
			sleep 5
			tries=$(expr $tries + 1)
		done
		sudo rm -rf "${mountpoint}"
	done
}

old_build_dirs() {
	mount | \
	perl -ni -E 'say $mountpoint if (($mountpoint) = ($_ =~ m{^(?:aufs|tmpfs|devpts-live|proc-live|sysfs-live) on (/tmp/tails-build(?:-tmpfs)?\.[/[:alnum:]]+)}))'
}

ntp_synchronized() {
	timedatectl status | grep -qs -E '^\s*NTP\s+synchronized:\s+yes$'
}

if [ "${TAILS_BUILD_FAILURE_RESCUE}" != 1 ]; then
	trap cleanup EXIT
	remove_build_dirs
fi

TAILS_GIT_DIR="/home/vagrant/amnesia"
if [ ! -d "${TAILS_GIT_DIR}" ]; then
    git clone /amnesia.git/.git "${TAILS_GIT_DIR}"
fi
cd "${TAILS_GIT_DIR}"
# Mirror the branches amnesia.git tracks on its "origin" remote as if
# they were on our own "origin" remote, (i.e. under the origin/$REF
# name), even if it's untrue (our own "origin" is amnesia.git and has
# only one local ref, which is the branch we work on and that it has
# checked out as a local tracking branch). We need this for the base
# branch merge we do (if the 'mergebasebranch'/TAILS_MERGE_BASE_BRANCH
# option is set) later in auto/build.
git config remote.origin.fetch +refs/remotes/origin/*:refs/remotes/origin/*
git fetch --tags
git checkout --force "${GIT_REF}"
git reset --hard "${GIT_COMMIT}"
git submodule update --init

if as_root_do systemctl --quiet is-active apt-cacher-ng.service ; then
	as_root_do ./auto/scripts/update-acng-config
	as_root_do systemctl restart apt-cacher-ng.service
fi

if [ "${TAILS_OFFLINE_MODE}" != 1 ]; then
	as_root_do timedatectl set-ntp true
	echo -n "Waiting for the time to be synchronized..."
	while ! ntp_synchronized; do
		sleep 1
		echo -n "."
	done
	echo " done."
fi
if [ -n "$TAILS_DATE_OFFSET" ]; then
	as_root_do timedatectl set-ntp false
	DESIRED_DATE=$(date --utc --date="${TAILS_DATE_OFFSET} days" '+%F %T')
	echo "Setting system time to ${DESIRED_DATE}"
	as_root_do timedatectl set-time "$DESIRED_DATE"
fi

if [ "${TAILS_PROXY_TYPE}" = "vmproxy" ]; then
    # The apt-cacher-ng cache disk is 15G, so let's ensure at most 10G
    # of it is used there is 5G before each build, which should be
    # enough for any build, even if we have to download a complete set
    # of new packages for a new Debian release.
    /usr/lib/apt-cacher-ng/acngtool shrink 10G -f || \
        echo "The clean-up of apt-cacher-ng's cache failed: this is" \
             "not fatal and most likely just means that some disk" \
             "space could not be reclaimed -- in order to fix that" \
             "situation you need to manually investigate " \
             "/var/cache/apt-cacher-ng/apt-cacher-ng-log/main_*.html" >&2
fi

BUILD_DIR=$(mktemp -d /tmp/tails-build.XXXXXXXX)
if [ "${TAILS_RAM_BUILD}" ]; then
	as_root_do mount -t tmpfs -o "noatime,size=100%,mode=0770,uid=root,gid=${USER}" tmpfs "${BUILD_DIR}"
fi
as_root_do rsync -a "${TAILS_GIT_DIR}"/ "${BUILD_DIR}"/

cd "${BUILD_DIR}"
as_root_do lb config --cache false

as_root_do lb build

mv -f tails-* "${TAILS_GIT_DIR}/"