summaryrefslogtreecommitdiffstats
path: root/vagrant/provision/assets/build-tails
blob: 4ff955e7ee87c7ae7e17f08f5182b67934ec41a9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/bin/sh

# This script is used by both our Vagrant and Jenkins -based build environments.

set -e
set -x

as_root_do() {
	sudo \
		${RSYNC_PROXY:+RSYNC_PROXY="$RSYNC_PROXY"} \
		${http_proxy:+http_proxy="$http_proxy"} \
		${https_proxy:+https_proxy="$https_proxy"} \
		${ftp_proxy:+ftp_proxy="$ftp_proxy"} \
		${no_proxy:+no_proxy="$no_proxy"} \
		${MKSQUASHFS_OPTIONS:+MKSQUASHFS_OPTIONS="$MKSQUASHFS_OPTIONS"} \
		"$@"
}

cleanup() {
	[ -n "$BUILD_DIR" ] || return 0
	cd /
	remove_build_dirs
	sudo rm -rf "$BUILD_DIR"
}

remove_build_dirs() {
	for mountpoint in $(old_build_dirs | tac) ; do
		sudo umount -f -l "$mountpoint"
		sudo rm -rf "$mountpoint"
	done
}

old_build_dirs() {
	mount | \
	perl -ni -E 'say $mountpoint if (($mountpoint) = ($_ =~ m{^(?:aufs|tmpfs|devpts-live|proc-live|sysfs-live) on (/tmp/tails-build(?:-tmpfs)?\.[/[:alnum:]]+)}))'
}

trap cleanup EXIT

WORKSPACE=/home/vagrant/amnesia

sudo rsync -a --exclude 'vagrant/.vagrant' "/amnesia.git/" "${WORKSPACE}"
sudo chown -R vagrant:vagrant "${WORKSPACE}"

cd "$WORKSPACE"

COMMIT="$(git rev-parse --verify HEAD)"

if git symbolic-ref HEAD >/dev/null 2>&1; then
	# We are building from a branch
	REV="${1:-$(git name-rev --name-only HEAD)}"
else
	# We are (hopefully) building from a tag
	if ! REV="${1:-$(git describe --tags --exact-match ${COMMIT})}"; then
		echo "It seems we are building from an untagged detached HEAD. Aborting." >&2
		exit 1
	fi
fi

if [ "$TAILS_RAM_BUILD" ]; then
	remove_build_dirs
fi

git checkout --force "$REV"
git reset --hard "$COMMIT"
git submodule update --init

if as_root_do systemctl --quiet is-active apt-cacher-ng.service ; then
	as_root_do ./auto/scripts/update-acng-config
	as_root_do systemctl restart apt-cacher-ng.service
fi

if [ "$TAILS_CLEAN_BUILD" ]; then
	as_root_do lb clean --all
	git clean -fdx
fi

BUILD_DIR=$(mktemp -d /tmp/tails-build.XXXXXXXX)
if [ "$TAILS_RAM_BUILD" ]; then
	as_root_do mount -t tmpfs -o "noatime,size=100%,mode=0770,uid=root,gid=${USER}" tmpfs "${BUILD_DIR}"
fi
as_root_do rsync -a "$WORKSPACE"/ "$BUILD_DIR"/

cd "$BUILD_DIR"
as_root_do lb config --cache false

as_root_do lb build

if [ "$TAILS_RAM_BUILD" ]; then
	mv -f tails-* "$WORKSPACE/"
fi