summaryrefslogtreecommitdiffstats
path: root/vagrant/provision/assets/build-tails
blob: 73bce7bf88e0c04b8f9e3d9b87e2f21625b924dd (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
#!/bin/sh

# This script is used by both our Vagrant and Jenkins -based build environments.

set -e

as_root_do() {
	sudo \
		${RSYNC_PROXY:+RSYNC_PROXY="$RSYNC_PROXY"} \
		${http_proxy:+http_proxy="$http_proxy"} \
		${https_proxy:+https_proxy="$https_proxy"} \
		${ftp_proxy:+ftp_proxy="$ftp_proxy"} \
		${no_proxy:+no_proxy="$no_proxy"} \
		${JENKINS_URL:+JENKINS_URL="$JENKINS_URL"} \
		${MKSQUASHFS_OPTIONS:+MKSQUASHFS_OPTIONS="$MKSQUASHFS_OPTIONS"} \
		"$@"
}

usable_memory() {
	free -b | awk '/cache:/ { print $4 }'
}

cleanup() {
	[ -n "$BUILD_DIR" ] || return 0
	cd /
	remove_build_dirs
	sudo rm -rf "$BUILD_DIR"
}

remove_build_dirs() {
	for mountpoint in $(old_build_dirs | tac) ; do
		sudo lsof | grep --fixed-strings "$mountpoint" || true
		sudo umount -f --verbose "$mountpoint"
		sudo rm -rf "$mountpoint"
	done
}

old_build_dirs() {
	mount | \
	perl -ni -E 'say $mountpoint if (($mountpoint) = ($_ =~ m{^(?:aufs|tmpfs|devpts-live|proc-live|sysfs-live) on (/tmp/tails-build(?:-tmpfs)?\.[/[:alnum:]]+)}))'
}

trap cleanup EXIT

if [ -n "$JENKINS_URL" ]; then
	if [ -z "$WORKSPACE" ]; then
		echo "WORKSPACE environment variable is not set. Aborting." >&2
		exit 2
	fi
	if [ -z "$GIT_BRANCH" ]; then
		echo "GIT_BRANCH environment variable is not set. Aborting." >&2
		exit 4
	fi
	if [ -z "$GIT_COMMIT" ]; then
		echo "GIT_COMMIT environment variable is not set. Aborting." >&2
		exit 5
	fi
	REV="${GIT_BRANCH##origin/}"
	COMMIT="$GIT_COMMIT"
	ARTIFACTS_DIR="$WORKSPACE/build-artifacts"
else
	# Build triggered by Vagrant
	WORKSPACE=/home/vagrant/amnesia
	ARTIFACTS_DIR=/home/vagrant
	COMMIT="$(git --git-dir=/amnesia.git rev-parse --verify HEAD)"
	if git --git-dir=/amnesia.git symbolic-ref HEAD >/dev/null 2>&1; then
		# We are building from a branch
		REV="${1:-$(git --git-dir=/amnesia.git name-rev --name-only HEAD)}"
	else
		# We are (hopefully) building from a tag
		if ! REV="${1:-$(git --git-dir=/amnesia.git describe --tags --exact-match ${COMMIT})}"; then
			echo "It seems we are building from an untagged detached HEAD. Aborting." >&2
			exit 1
		fi
	fi
	test -d "$WORKSPACE" || git clone /amnesia.git "$WORKSPACE"
	cd "$WORKSPACE"
	git fetch --tags origin
fi

if [ "$TAILS_RAM_BUILD" ]; then
	remove_build_dirs
fi

cd "$WORKSPACE"
git checkout --force "$REV"
git reset --hard "$COMMIT"
git submodule update --init

if as_root_do systemctl --quiet is-active apt-cacher-ng.service ; then
	as_root_do ./auto/scripts/update-acng-config
	as_root_do systemctl restart apt-cacher-ng.service
fi

if [ -n "$JENKINS_URL" ]; then
	git clean --force -d -x
fi

if [ "$TAILS_CLEAN_BUILD" ]; then
	as_root_do lb clean --all
	git clean -fdx
fi

install -m 0755 -d "$ARTIFACTS_DIR"

if [ -z "$JENKINS_URL" ]; then
	./build-website
fi

BUILD_DIR=$(mktemp -d /tmp/tails-build.XXXXXXXX)
if [ "$TAILS_RAM_BUILD" ]; then
	as_root_do mount -t tmpfs -o "noatime,size=100%,mode=0770,uid=root,gid=${USER}" tmpfs "${BUILD_DIR}"
fi
as_root_do rsync -a "$WORKSPACE"/ "$BUILD_DIR"/

cd "$BUILD_DIR"
as_root_do lb config --cache false

as_root_do lb build

if [ -n "$JENKINS_URL" ]; then
	ISO=$(ls *.iso)
	for file in tails-*; do
		sha512sum "$file" >> "$ISO.shasum"
	done
	gpg --batch --detach-sign --armor "$ISO.shasum"
fi

mv -f tails-* "$ARTIFACTS_DIR"