Commit 5c290174 authored by intrigeri's avatar intrigeri

Merge branch 'devel' into feature/16073-linux-4.19+force-all-tests

parents 6626c967 c369ace3
......@@ -34,6 +34,7 @@ STABLE_BRANCH_NAMES = ['stable', 'testing']
EXPORTED_VARIABLES = [
'MKSQUASHFS_OPTIONS',
'APT_SNAPSHOTS_SERIALS',
'TAILS_BUILD_FAILURE_RESCUE',
'TAILS_DATE_OFFSET',
'TAILS_MERGE_BASE_BRANCH',
......@@ -54,6 +55,8 @@ INTERNAL_HTTP_PROXY = "http://#{VIRTUAL_MACHINE_HOSTNAME}:3142"
ENV['ARTIFACTS'] ||= '.'
ENV['APT_SNAPSHOTS_SERIALS'] ||= ''
class CommandError < StandardError
attr_reader :status, :stderr
......@@ -314,7 +317,8 @@ end
def list_artifacts
user = vagrant_ssh_config('User')
stdout = capture_vagrant_ssh("find '/home/#{user}/amnesia/' -maxdepth 1 " +
"-name 'tails-amd64-*'").first
"-name 'tails-amd64-*' " +
"-o -name tails-build-env.list").first
stdout.split("\n")
rescue VagrantCommandError
return Array.new
......
......@@ -101,7 +101,19 @@ RUN_LB_CONFIG="lb config noauto"
$RUN_LB_CONFIG --distribution stretch ${@}
# set up everything for time-based snapshots:
apt-snapshots-serials prepare-build
if [ -n "${APT_SNAPSHOTS_SERIALS:-}" ]; then
echo "Fixing 'latest' APT snapshots serials to: '${APT_SNAPSHOTS_SERIALS}'."
apt-snapshots-serials prepare-build "${APT_SNAPSHOTS_SERIALS}"
else
apt-snapshots-serials prepare-build
fi
# record what APT snapshots this build is going to use, so that one
# can try to reproduce it more reliably
JENKINS_ENV_PROPERTIES=tails-build-env.list
echo "# This file is in Java property file format" >> "$JENKINS_ENV_PROPERTIES"
echo "# (https://en.wikipedia.org/wiki/.properties)" >> "$JENKINS_ENV_PROPERTIES"
echo "APT_SNAPSHOTS_SERIALS = $(apt-snapshots-serials cat-json tmp/APT_snapshots.d)" \
>> "$JENKINS_ENV_PROPERTIES"
DEBIAN_MIRROR="$(apt-mirror debian)"
DEBIAN_SECURITY_MIRROR="$(apt-mirror debian-security)"
......
......@@ -7,6 +7,7 @@ set -o pipefail
BASE_URL=http://time-based.snapshots.deb.tails.boum.org/
CONFIG=config/APT_snapshots.d
SERIAL_ONLY=
APT_SNAPSHOTS_SERIALS=
FREEZE_EXCEPTIONS=debian-security
get_latest_serial() {
......@@ -29,11 +30,27 @@ else
FREEZE_EXCEPTIONS=
shift
fi
if [ $# -eq 0 ]; then
ORIGINS="$(cd ${CONFIG}; ls -d *)"
else
ORIGINS="${@}"
fi
case "$action" in
prepare-build)
if [ $# -eq 1 ]; then
APT_SNAPSHOTS_SERIALS="${1}"
shift
fi
;;
cat-json)
if [ $# -eq 1 ]; then
CONFIG="${1}"
shift
fi
;;
cat|get-latest|freeze|thaw)
if [ $# -eq 0 ]; then
ORIGINS="$(cd ${CONFIG}; ls -d *)"
else
ORIGINS="${@}"
fi
;;
esac
fi
case "$action" in
......@@ -43,6 +60,9 @@ case "$action" in
cat "$CONFIG/$origin/serial"
done
;;
cat-json)
$(dirname "$0")/apt-snapshots-serials-cat-json "$CONFIG"
;;
get-latest)
for origin in $ORIGINS; do
[ -z "${SERIAL_ONLY}" ] && echo -n "$origin: "
......@@ -77,7 +97,13 @@ case "$action" in
rm -rf tmp/APT_snapshots.d
mkdir -p tmp
cp -r config/APT_snapshots.d tmp/
$0 get-latest > tmp/cached_APT_snapshots_serials
if [ "${APT_SNAPSHOTS_SERIALS}" ]; then
$(dirname "$0")/apt-snapshots-serials-load-json \
"$APT_SNAPSHOTS_SERIALS" \
> tmp/cached_APT_snapshots_serials
else
$0 get-latest > tmp/cached_APT_snapshots_serials
fi
for origin_dir in tmp/APT_snapshots.d/*; do
origin=$(basename $origin_dir)
if grep -qs '^latest$' $origin_dir/serial; then
......@@ -88,7 +114,7 @@ case "$action" in
done
;;
*)
printf "unknown action ($action), use either 'cat', 'get-latest', 'prepare-build', 'freeze' or 'thaw'\n" >&2
printf "unknown action ($action), use either 'cat', 'cat-json', 'get-latest', 'prepare-build', 'freeze' or 'thaw'\n" >&2
exit 1
;;
esac
#!/usr/bin/ruby
#
# Usage: apt-snapshots-serials-cat-json APT_SNAPSHOTS_CONFIG_DIR
# Example: apt-snapshots-serials-cat-json config/APT_snapshots.d/
require 'json'
usage_str = "Usage: apt-snapshots-serials-cat-json APT_SNAPSHOTS_CONFIG_DIR"
!ARGV.empty? or raise usage_str
config_dir = ARGV[0]
!config_dir.empty? or raise usage_str
serials = {}
origins = Dir.glob("#{config_dir}/*").map do |origin_dir|
origin_dir.sub("#{config_dir}/", '')
end
origins.map do |origin|
serials[origin] = File.open("#{config_dir}/#{origin}/serial") { |f| f.read.chomp }
end
puts JSON.dump(serials)
#!/usr/bin/ruby
#
# Usage:
#
# apt-snapshots-serials-load-json SERIALS_JSON
#
# Example:
#
# apt-snapshots-serials-load-json \
# '{"torproject":"2017120803","debian-security":"2017120902","debian":"2017120903"}'
require 'json'
usage_str = "Usage: apt-snapshots-serials-load-json SERIALS_JSON"
ARGV.size == 1 or raise usage_str
serials = JSON.load(ARGV[0])
serials.each { |origin, serial|
serial != 'latest' or raise "Only numeric serials are supported"
puts "#{origin}: #{serial}\n"
}
......@@ -15,6 +15,7 @@ as_root_do() {
${ftp_proxy:+ftp_proxy="${ftp_proxy}"} \
${no_proxy:+no_proxy="${no_proxy}"} \
${MKSQUASHFS_OPTIONS:+MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS}"} \
${APT_SNAPSHOTS_SERIALS:+APT_SNAPSHOTS_SERIALS="${APT_SNAPSHOTS_SERIALS}"} \
${TAILS_MERGE_BASE_BRANCH:+TAILS_MERGE_BASE_BRANCH="${TAILS_MERGE_BASE_BRANCH}"} \
${GIT_COMMIT:+GIT_COMMIT="${GIT_COMMIT}"} \
${GIT_REF:+GIT_REF="${GIT_REF}"} \
......
......@@ -106,6 +106,15 @@ You can customize the build system using two environment variables:
ARTIFACTS='/path/to/directory'
* `APT_SNAPSHOTS_SERIALS` can be set to specify which [[time-based APT
snapshots|contribute/APT_repository/time-based_snapshots]]
repositories will be used as 'latest' during the build, and will set
it accordingly in the resulting ISO image if necessary. This can be
useful to reproduce an ISO build that did not use tagged APT
snapshots. The value must be JSON, for example:
APT_SNAPSHOTS_SERIALS='{"torproject":"2017120803","debian-security":"2017120902","debian":"2017120903"}'
* To tweak other build settings, use `TAILS_BUILD_OPTIONS`,
a space-separated list of build options documented below.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment