summaryrefslogtreecommitdiffstats
path: root/vagrant/provision/assets/build-tails
blob: 5ff94259393a237bf5d95c1c13532519e309b6b6 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/bin/sh

# This script is used by both our Vagrant and Jenkins -based build environments.

set -e

as_root_do() {
	sudo \
		${RSYNC_PROXY:+RSYNC_PROXY="$RSYNC_PROXY"} \
		${http_proxy:+http_proxy="$http_proxy"} \
		${https_proxy:+https_proxy="$https_proxy"} \
		${ftp_proxy:+ftp_proxy="$ftp_proxy"} \
		${no_proxy:+no_proxy="$no_proxy"} \
		${JENKINS_URL:+JENKINS_URL="$JENKINS_URL"} \
		${MKSQUASHFS_OPTIONS:+MKSQUASHFS_OPTIONS="$MKSQUASHFS_OPTIONS"} \
		"$@"
}

usable_memory() {
	free -b | awk '/cache:/ { print $4 }'
}

cleanup() {
	[ -n "$BUILD_DIR" ] || return 0
	cd /
	mounts=$(mount | grep -E "^[^[:space:]]+ on $BUILD_DIR" | \
		awk '{print $3}' | sort -r)
	[ -n "$mounts" ] && sudo umount $mounts
	[ -d "$TMPFS_DIR" ] && ( sudo umount $TMPFS_DIR ; rmdir $TMPFS_DIR )
	[ -d "$BUILD_DIR" ] && sudo rm -rf $BUILD_DIR
}

trap cleanup EXIT

if [ -n "$JENKINS_URL" ]; then
	if [ -z "$WORKSPACE" ]; then
		echo "WORKSPACE environment variable is not set. Aborting." >&2
		exit 2
	fi
	if [ -z "$GIT_BRANCH" ]; then
		echo "GIT_BRANCH environment variable is not set. Aborting." >&2
		exit 4
	fi
	if [ -z "$GIT_COMMIT" ]; then
		echo "GIT_COMMIT environment variable is not set. Aborting." >&2
		exit 5
	fi
	REV="${GIT_BRANCH##origin/}"
	COMMIT="$GIT_COMMIT"
	ARTIFACTS_DIR="$WORKSPACE/build-artifacts"
else
	# Build triggered by Vagrant
	WORKSPACE=/home/vagrant/amnesia
	ARTIFACTS_DIR=/vagrant
	COMMIT="$(git --git-dir=/amnesia.git rev-parse --verify HEAD)"
	if git --git-dir=/amnesia.git symbolic-ref HEAD >/dev/null 2>&1; then
		# We are building from a branch
		REV="${1:-$(git --git-dir=/amnesia.git name-rev --name-only HEAD)}"
	else
		# We are (hopefully) building from a tag
		if ! REV="${1:-$(git --git-dir=/amnesia.git describe --tags --exact-match ${COMMIT})}"; then
			echo "It seems we are building from an untagged detached HEAD. Aborting." >&2
			exit 1
		fi
	fi
	test -d "$WORKSPACE" || git clone /amnesia.git "$WORKSPACE"
	cd "$WORKSPACE"
	git fetch origin
fi

cd "$WORKSPACE"
git checkout --force "$REV"
git reset --hard "$COMMIT"

if [ -n "$JENKINS_URL" ]; then
	git clean --force -d -x
fi

install -m 0755 -d "$ARTIFACTS_DIR"

if [ "$TAILS_CLEAN_BUILD" ]; then
	as_root_do lb clean --all
fi

if [ -z "$JENKINS_URL" ]; then
	./build-website
fi

BUILD_DIR=$(mktemp -d /tmp/tails-build.XXXXXXXX)
if [ "$TAILS_RAM_BUILD" ]; then
	TMPFS_DIR=$(mktemp -d /tmp/tmpfs.XXXXXXXX)
	as_root_do mount -t tmpfs -o "noatime,size=100%,mode=0770,uid=root,gid=${USER}" tmpfs "$TMPFS_DIR"
	as_root_do mount -t aufs -o "noatime,noxino,dirs=$TMPFS_DIR=rw:${WORKSPACE}/=rr+wh" aufs "$BUILD_DIR"
else
	as_root_do rsync -a "$WORKSPACE"/ "$BUILD_DIR"/
fi

cd "$BUILD_DIR"
as_root_do lb config --cache false

as_root_do lb build

if [ -n "$JENKINS_URL" ]; then
	ISO=$(ls *.iso)

	USER_ON_ACNG_HOST=jenkins
	ACNG_HOST=apt-proxy.lizard
	ACNG_REMOTE_LOG=/var/log/apt-cacher-ng/apt-cacher.log
	ACNG_LOCAL_LOG=$(basename "$ACNG_REMOTE_LOG")
	sftp "${USER_ON_ACNG_HOST}@${ACNG_HOST}:${ACNG_REMOTE_LOG}"
	BUILD_IP=$(ip a show dev eth0 | grep '^\s\+inet\s' | awk '{print $2}' | sed -e 's,/.*,,')
	START_TIME=$(cat "$ISO.start.timestamp")
	END_TIME=$(cat "$ISO.end.timestamp")
	./auto/scripts/packages-from-acng-log "$ACNG_LOCAL_LOG" "$BUILD_IP" \
					      "$START_TIME" "$END_TIME" \
					      "${ISO}.binpkgs" "${ISO}.srcpkgs"
	rm "$ISO".*.timestamp

	for file in tails-*; do
		sha512sum "$file" >> "$ISO.shasum"
	done
	gpg --batch --detach-sign --armor "$ISO.shasum"
fi

mv -f tails-* "$ARTIFACTS_DIR"