[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor-browser-bundle/hardened-builds] Bug 20735: Add snowflake pt to alpha Linux builds



commit f78866cad71122fa851ebdf6c63053605c565826
Author: David Fifield <david@xxxxxxxxxxxxxxx>
Date:   Sat Apr 30 15:42:21 2016 -0700

    Bug 20735: Add snowflake pt to alpha Linux builds
    
     * Snowflake depends on go-webrtc, which in turn depends on libwebrtc,
       which adds significantly to the build.  webrtc is special, having its
       own build system that brings in lots of Chromium dependencies.
    
     * Further, building cgo reproducibly requires go 1.7.3 and a compiler
       that supports the following flags,
    
         -gno-record-gcc-switches
         -fdebug-prefix-map=$WORK=/tmp/go-build
---
 Bundle-Data/PTConfigs/bridge_prefs.js              |   2 +
 .../PTConfigs/linux/torrc-defaults-appendix        |   3 +
 gitian/Makefile                                    |   5 +-
 gitian/check-prerequisites.sh                      |   8 +-
 .../linux/gitian-pluggable-transports.yml          |  79 +++++++++++++
 gitian/descriptors/linux/gitian-webrtc.yml         | 125 +++++++++++++++++++++
 gitian/fetch-inputs.sh                             |  28 +++++
 gitian/mkbundle-linux.sh                           |  44 ++++++--
 gitian/verify-tags.sh                              |   6 +
 gitian/versions                                    |  13 ++-
 gitian/versions.alpha                              |   6 +
 gitian/versions.beta                               |   5 +
 gitian/versions.nightly                            |   6 +
 13 files changed, 312 insertions(+), 18 deletions(-)

diff --git a/Bundle-Data/PTConfigs/bridge_prefs.js b/Bundle-Data/PTConfigs/bridge_prefs.js
index 6831555..bd92585 100644
--- a/Bundle-Data/PTConfigs/bridge_prefs.js
+++ b/Bundle-Data/PTConfigs/bridge_prefs.js
@@ -38,3 +38,5 @@ pref("extensions.torlauncher.default_bridge.obfs4.20", "obfs4 85.17.30.79:443 FC
 
 pref("extensions.torlauncher.default_bridge.meek-amazon.1", "meek 0.0.2.0:2 B9E7141C594AF25699E0079C1F0146F409495296 url=https://d2zfqthxsdq309.cloudfront.net/ front=a0.awsstatic.com");
 pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:3 A2C13B7DFCAB1CBF3A884B6EB99A98067AB6EF44 url=https://az786092.vo.msecnd.net/ front=ajax.aspnetcdn.com");
+
+pref("extensions.torlauncher.default_bridge.snowflake.1", "snowflake 0.0.3.0:1 B05EC36590AC0374F0E4D36DDA77908FD59D97F3");
diff --git a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
index c79efde..7fbf63c 100644
--- a/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
+++ b/Bundle-Data/PTConfigs/linux/torrc-defaults-appendix
@@ -6,3 +6,6 @@ ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec ./TorBrowser/Tor/Plugg
 
 ## meek configuration
 ClientTransportPlugin meek exec ./TorBrowser/Tor/PluggableTransports/meek-client-torbrowser -- ./TorBrowser/Tor/PluggableTransports/meek-client
+
+## snowflake configuration
+ClientTransportPlugin snowflake exec ./TorBrowser/Tor/PluggableTransports/snowflake-client -url https://snowflake-reg.appspot.com/ -front www.google.com -ice stun:stun.l.google.com:19302
diff --git a/gitian/Makefile b/gitian/Makefile
index 1aac5ed..b321eab 100644
--- a/gitian/Makefile
+++ b/gitian/Makefile
@@ -93,7 +93,7 @@ prep-alpha:
 	$(TORSOCKS) ./fetch-inputs.sh ../../gitian-builder/inputs/ versions.alpha
 
 
-clean: clean-utils clean-tor clean-browser clean-pt clean-bundle
+clean: clean-utils clean-tor clean-browser clean-webrtc clean-pt clean-bundle
 	rm -f ../../gitian-builder/inputs/*.yml
 	rm -f ../../gitian-builder/inputs/bundle.inputs
 	rm -f ../../gitian-builder/inputs/versions*
@@ -112,6 +112,9 @@ clean-browser: clean-bundle
 	rm -f ../../gitian-builder/inputs/tor-browser-win*
 	rm -f ../../gitian-builder/inputs/mar-tools-*
 
+clean-webrtc: clean-bundle
+	rm -f ../../gitian-builder/inputs/webrtc-*-gbuilt.zip
+
 clean-pt: clean-bundle
 	rm -f ../../gitian-builder/inputs/pluggable-transports*
 
diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh
index 858fd4d..530e160 100755
--- a/gitian/check-prerequisites.sh
+++ b/gitian/check-prerequisites.sh
@@ -17,7 +17,7 @@ then
   VERSION=`cat /etc/issue | grep -Eo '[0-9]{2}' | head -1`
   if [ "$VERSION" -ge "14" ];
   then
-    dpkg -s ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring torsocks tor 2>/dev/null >/dev/null
+    dpkg -s ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring curl pkg-config libgtk2.0-dev libglib2.0-dev torsocks tor 2>/dev/null >/dev/null
 
     if [ $? -ne 0 ];
     then
@@ -25,7 +25,7 @@ then
       echo
       echo "Please run:"
       echo " sudo apt-get install torsocks tor"
-      echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring"
+      echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion debian-archive-keyring curl pkg-config libgtk2.0-dev libglib2.0-dev"
       exit 1
     fi
   else
@@ -34,7 +34,7 @@ then
   fi
 elif [ $DISTRO = "Debian" ];
 then
-  dpkg -s ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip torsocks tor python-cheetah debootstrap parted kpartx rsync 2>/dev/null >/dev/null
+  dpkg -s ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip python-cheetah debootstrap parted kpartx rsync curl pkg-config libgtk2.0-dev libglib2.0-dev torsocks tor 2>/dev/null >/dev/null
 
   if [ $? -ne 0 ];
   then
@@ -42,7 +42,7 @@ then
     echo
     echo "Please run"
     echo " sudo apt-get install torsocks tor"
-    echo " sudo torsocks apt-get install ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip python-cheetah debootstrap parted kpartx rsync"
+    echo " sudo torsocks apt-get install ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip python-cheetah debootstrap parted kpartx rsync curl pkg-config libgtk2.0-dev libglib2.0-dev"
     exit 1
   fi
 else
diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml
index 2793a76..31aa9bb 100644
--- a/gitian/descriptors/linux/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml
@@ -13,6 +13,8 @@ packages:
 - "swig"
 - "zip"
 - "hardening-wrapper"
+- "pkg-config"
+- "libx11-dev"
 reference_datetime: "2000-01-01 00:00:00"
 remotes:
 - "url": "https://git.torproject.org/pluggable-transports/pyptlib.git";
@@ -39,6 +41,12 @@ remotes:
   "dir": "goxnet"
 - "url": "https://git.torproject.org/pluggable-transports/obfs4.git";
   "dir": "obfs4"
+- "url": "https://github.com/keroserene/go-webrtc.git";
+  "dir": "go-webrtc"
+- "url": "https://git.torproject.org/pluggable-transports/snowflake.git";
+  "dir": "snowflake"
+- "url": "https://github.com/dchest/uniuri.git";
+  "dir": "uniuri"
 files:
 - "pycrypto.tar.gz"
 - "argparse.tar.gz"
@@ -51,6 +59,12 @@ files:
 - "dzip.sh"
 - "gmp-linux64-utils.zip"
 - "openssl-linux64-utils.zip"
+- "binutils-linux32-utils.zip"
+- "binutils-linux64-utils.zip"
+- "gcc-linux32-utils.zip"
+- "gcc-linux64-utils.zip"
+- "webrtc-linux32-gbuilt.zip"
+- "webrtc-linux64-gbuilt.zip"
 script: |
   INSTDIR="$HOME/install"
   PTDIR="$INSTDIR/Tor/PluggableTransports"
@@ -73,6 +87,35 @@ script: |
   # FTE only needs libgmp.so.10 and no libgmpxx anymore.
   cp $INSTDIR/gmp/lib/libgmp.so.10 $INSTDIR/Tor
 
+  # Preparing Binutils and GCC for webrtc
+  unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip
+  # Make sure gold is used with the hardening wrapper for full RELRO, see
+  # #13031.
+  cd $INSTDIR/binutils/bin
+  rm ld
+  cp /usr/bin/hardened-ld ./
+  mv ld.gold ld.gold.real
+  ln -sf hardened-ld ld.gold
+  ln -sf ld.gold ld
+  cd ~/build
+  unzip -d $INSTDIR gcc-linux$GBUILD_BITS-utils.zip
+  # Make sure we use the hardening wrapper when compiling Tor Browser.
+  cd $INSTDIR/gcc/bin
+  cp /usr/bin/hardened-cc ./
+  mv gcc gcc.real
+  mv c++ c++.real
+  ln -sf hardened-cc gcc
+  ln -sf hardened-cc c++
+  cd ~/build
+  export PATH=$INSTDIR/gcc/bin:$INSTDIR/binutils/bin:$PATH
+  ARCH=""
+  if [ $GBUILD_BITS == "64" ];
+  then
+    ARCH="64"
+  fi
+  # Make sure our GCC gets properly used.
+  export LD_LIBRARY_PATH=$INSTDIR/gcc/lib$ARCH
+
   # Building go 1.4.x
   # This is needed to bootstrap the go that we actually use
   # https://golang.org/doc/install/source#go14
@@ -231,6 +274,14 @@ script: |
   go install github.com/dchest/siphash
   cd ..
 
+  # Building go uniuri
+  cd uniuri
+  find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/github.com/dchest/"
+  ln -sf "$PWD" "$GOPATH/src/github.com/dchest/uniuri"
+  go install github.com/dchest/uniuri
+  cd ..
+
   # Building golang.org/x/crypto (obfs4proxy > 0.0.3 || Go >= 1.4)
   cd goxcrypto
   find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
@@ -259,6 +310,34 @@ script: |
   cp -a obfs4proxy $PTDIR
   cd ../..
 
+  unzip webrtc-linux$GBUILD_BITS-gbuilt.zip
+
+  # Building go-webrtc
+  cd go-webrtc
+  # Replace the prebuilt webrtc library with our own one.
+  rm -rf include/ lib/
+  ln -sf ../webrtc/{include,lib} .
+  find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
+  mkdir -p "$GOPATH/src/github.com/keroserene/"
+  ln -sf "$PWD" "$GOPATH/src/github.com/keroserene/go-webrtc"
+  # The go-webrtc package sets _GLIBCXX_USE_CXX11_ABI=0 for compatibility with
+  # the prebuilt libwebrtc-magic.a libraries. Since we build our own
+  # libwebrtc-magic.a with the C++11 ABI, we have to undo that setting here,
+  # using CGO_CXXFLAGS.
+  CGO_CXXFLAGS=-D_GLIBCXX_USE_CXX11_ABI=1 go install github.com/keroserene/go-webrtc
+  cd ..
+
+  # Building snowflake
+  cd snowflake
+  find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
+  cd client
+  go build -ldflags '-s'
+  cp -a client $PTDIR/snowflake-client
+  cd ..
+  mkdir -p $INSTDIR/Docs/snowflake
+  cp -a README.md LICENSE $INSTDIR/Docs/snowflake
+  cd ..
+
   # Grabbing the results and making sure timestamps don't spoil them
   cd $INSTDIR
   ~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/
diff --git a/gitian/descriptors/linux/gitian-webrtc.yml b/gitian/descriptors/linux/gitian-webrtc.yml
new file mode 100644
index 0000000..ba654c5
--- /dev/null
+++ b/gitian/descriptors/linux/gitian-webrtc.yml
@@ -0,0 +1,125 @@
+---
+name: "webrtc-linux"
+distro: "debian"
+suites:
+- "wheezy"
+architectures:
+- "i386"
+- "amd64"
+packages:
+- "unzip"
+- "zip"
+- "hardening-wrapper"
+- "libasound2-dev"
+- "libexpat1-dev"
+- "libudev-dev"
+- "libx11-dev"
+- "libxext-dev"
+- "libxrandr-dev"
+- "default-jre-headless"
+- "default-jdk"
+reference_datetime: "2000-01-01 00:00:00"
+remotes:
+- "url": "https://chromium.googlesource.com/chromium/tools/depot_tools.git";
+  "dir": "depot_tools"
+files:
+- "dzip.sh"
+- "binutils-linux32-utils.zip"
+- "binutils-linux64-utils.zip"
+- "gcc-linux32-utils.zip"
+- "gcc-linux64-utils.zip"
+- "webrtc.tar.gz"
+script: |
+  INSTDIR="$HOME/install"
+  export REFERENCE_DATETIME
+  export TZ=UTC
+  export LC_ALL=C
+  umask 0022
+  #
+  mkdir -p $OUTDIR/
+
+  # Config options for hardening-wrapper
+  export DEB_BUILD_HARDENING=1
+  export DEB_BUILD_HARDENING_STACKPROTECTOR=1
+  export DEB_BUILD_HARDENING_FORTIFY=1
+  export DEB_BUILD_HARDENING_FORMAT=1
+  export DEB_BUILD_HARDENING_PIE=1
+
+  # Preparing Binutils and GCC for webrtc
+  unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip
+  # Make sure gold is used with the hardening wrapper for full RELRO, see
+  # #13031.
+  cd $INSTDIR/binutils/bin
+  rm ld
+  cp /usr/bin/hardened-ld ./
+  mv ld.gold ld.gold.real
+  ln -sf hardened-ld ld.gold
+  ln -sf ld.gold ld
+  cd ~/build
+  unzip -d $INSTDIR gcc-linux$GBUILD_BITS-utils.zip
+  # Make sure we use the hardening wrapper when compiling Tor Browser.
+  cd $INSTDIR/gcc/bin
+  cp /usr/bin/hardened-cc ./
+  mv gcc gcc.real
+  mv c++ c++.real
+  ln -sf hardened-cc gcc
+  ln -sf hardened-cc c++
+  cd ~/build
+  export PATH=$INSTDIR/gcc/bin:$INSTDIR/binutils/bin:$PATH
+  ARCH=""
+  if [ $GBUILD_BITS == "64" ];
+  then
+    ARCH="64"
+  fi
+  # Make sure our GCC gets properly used.
+  export LD_LIBRARY_PATH=$INSTDIR/gcc/lib$ARCH
+
+  # Setting up depot_tools
+  # https://dev.chromium.org/developers/how-tos/install-depot-tools
+  export PATH="$PATH:$PWD/depot_tools"
+  # Disable automatic updating.
+  export DEPOT_TOOLS_UPDATE=0
+
+  # Building webrtc
+  tar xaf webrtc.tar.gz
+  cd webrtc/src
+  export GYP_CROSSCOMPILE=1
+  export GYP_DEFINES="OS=linux target_arch=$(if [ $GBUILD_BITS = 32 ]; then echo ia32; else echo x64; fi)"
+  # Do not use bundled utilities.
+  GYP_DEFINES+=" clang=0 host_clang=0 use_sysroot=0"
+  GYP_DEFINES+=" linux_use_bundled_gold=0 linux_use_gold_flags=0 linux_use_bundled_binutils=0"
+  # Avoid some dependencies. Some of these don't seem to work fully; for
+  # example even with use_alsa=0 we need libasound2-dev.
+  GYP_DEFINES+=" use_x11=0 use_gtk=0 use_gconf=0 use_alsa=0 use_pulseaudio=0 use_libpci=0 include_internal_audio_device=0 enabled_libjingle_device_manager=0"
+  # examples and tests also bring in dependencies.
+  GYP_DEFINES+=" include_examples=0 include_tests=0"
+  # embedded=1 is supposed to turn of various features; see
+  # https://bugs.chromium.org/p/chromium/issues/detail?id=318413.
+  GYP_DEFINES+=" embedded=1"
+  GYP_DEFINES+=" werror="
+  JAVA_HOME=/usr/lib/jvm/default-java webrtc/build/gyp_webrtc.py
+  ninja -C out/Release
+  # Run ninja once more, without include_tests=0, in order to build just the
+  # FakeAudioCaptureModule that go-webrtc uses.
+  GYP_DEFINES="$(echo "$GYP_DEFINES" | sed -e 's/include_tests=0//g')"
+  JAVA_HOME=/usr/lib/jvm/default-java webrtc/build/gyp_webrtc.py
+  ninja -C out/Release obj/webrtc/api/test/peerconnection_unittests.fakeaudiocapturemodule.o
+  # https://github.com/keroserene/go-webrtc/issues/23#issuecomment-175312648
+  # dump_syms_regtest.o is actually an executable, not an object file. If not
+  # excluded, it results in the error:
+  # libwebrtc-linux-386-magic.a(dump_syms_regtest.o): unsupported ELF file type 2
+  ar crs libwebrtc-magic.a $(find . -name '*.o' -not -name '*.main.o' -not -name 'dump_syms_regtest.o' | sort)
+  cd ../..
+
+  # Grabbing the result
+  cd $INSTDIR
+  mkdir -p webrtc/include webrtc/lib
+  cp -f $HOME/build/webrtc/src/libwebrtc-magic.a webrtc/lib/libwebrtc-linux-$(if [ $GBUILD_BITS = 32 ]; then echo 386; else echo amd64; fi)-magic.a
+  INCLUDE_DIR="$PWD/webrtc/include"
+  (cd $HOME/build/webrtc/src && for h in $(find talk/ webrtc/ -type f -name '*.h'); do
+    mkdir -p "$INCLUDE_DIR/$(dirname $h)"
+    cp -f "$h" "$INCLUDE_DIR/$h"
+  done)
+
+  ~/build/dzip.sh webrtc-linux$GBUILD_BITS-gbuilt.zip webrtc
+  cp webrtc-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index 65ebc11..01ec802 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -273,6 +273,7 @@ https-everywhere      https://git.torproject.org/https-everywhere.git $HTTPSE_TA
 torbutton             https://git.torproject.org/torbutton.git            $TORBUTTON_TAG
 tor-launcher          https://git.torproject.org/tor-launcher.git         $TORLAUNCHER_TAG
 tor-browser           https://git.torproject.org/tor-browser.git          $TORBROWSER_TAG
+libcxx                https://github.com/llvm-mirror/libcxx               $LIBCXX_TAG
 mingw-w64-git         http://git.code.sf.net/p/mingw-w64/mingw-w64        $MINGW_TAG
 pyptlib               https://git.torproject.org/pluggable-transports/pyptlib.git $PYPTLIB_TAG
 obfsproxy https://git.torproject.org/pluggable-transports/obfsproxy.git $OBFSPROXY_TAG
@@ -290,6 +291,10 @@ goxnet                https://go.googlesource.com/net  $GO_X_NET_TAG
 obfs4                 https://git.torproject.org/pluggable-transports/obfs4.git $OBFS4_TAG
 noto-fonts            https://github.com/googlei18n/noto-fonts $NOTOFONTS_TAG
 selfrando             https://github.com/immunant/selfrando.git $SELFRANDO_TAG
+depot_tools           https://chromium.googlesource.com/chromium/tools/depot_tools.git $DEPOT_TOOLS_TAG
+go-webrtc             https://github.com/keroserene/go-webrtc $GO_WEBRTC_TAG
+snowflake             https://git.torproject.org/pluggable-transports/snowflake.git $SNOWFLAKE_TAG
+uniuri                https://github.com/dchest/uniuri $UNIURI_TAG
 EOF
 
 # HTTPS-Everywhere is special, too. We need to initialize the git submodules and
@@ -299,5 +304,28 @@ git submodule init
 git submodule update
 cd ..
 
+# WebRTC is special, having its own build system that brings in lots of Chromium dependencies.
+# https://webrtc.org/native-code/development/
+# depot_tools must have been downloaded before running this code.
+dir=webrtc
+PATH="$PATH:$PWD/depot_tools"
+# GYP_CROSSCOMPILE=1 and GYP_DEFINES="use_x11=0" prevent probing for certain dependencies.
+# Use --no-history because the whole checkout with history is about 12 GB.
+export GYP_CROSSCOMPILE=1
+export GYP_DEFINES="use_x11=0"
+mkdir -p "$dir"
+cd "$dir"
+if [ ! -d "src" ];
+then
+  # "fetch" is part of depot_tools.
+  fetch --nohooks --no-history webrtc
+fi
+# "gclient" is part of depot_tools. This download takes a long time the first time.
+# JAVA_HOME is needed in a hook for libjingle. The readlink line tries to find the current JRE.
+# default-java comes from the package default-jdk-headless.
+JAVA_HOME=/usr/lib/jvm/default-java gclient sync --with_branch_heads --no-history -r $WEBRTC_TAG
+cd ..
+tar --exclude .git -czf webrtc.tar.gz webrtc
+
 exit 0
 
diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh
index 48aac24..e5be697 100755
--- a/gitian/mkbundle-linux.sh
+++ b/gitian/mkbundle-linux.sh
@@ -108,7 +108,7 @@ if [ ! -f inputs/binutils-$BINUTILS_VER-linux64-utils.zip -o \
      ! -f inputs/self-rando-utils.zip ];
 then
   echo
-  echo "****** Starting Utilities Component of Linux Bundle (1/5 for Linux) ******"
+  echo "****** Starting Utilities Component of Linux Bundle (1/6 for Linux) ******"
   echo
 
   ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libevent=$LIBEVENT_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-utils.yml
@@ -129,7 +129,7 @@ then
   #cp -a result/utils-linux-res.yml inputs/
 else
   echo
-  echo "****** SKIPPING already built Utilities Component of Linux Bundle (1/5 for Linux) ******"
+  echo "****** SKIPPING already built Utilities Component of Linux Bundle (1/6 for Linux) ******"
   echo
   # We might have built the utilities in the past but maybe the links are
   # pointing to the wrong version. Refresh them.
@@ -145,7 +145,7 @@ fi
 if [ ! -f inputs/tor-linux64-gbuilt.zip ];
 then
   echo
-  echo "****** Starting Tor Component of Linux Bundle (2/5 for Linux) ******"
+  echo "****** Starting Tor Component of Linux Bundle (2/6 for Linux) ******"
   echo
 
   ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor=$TOR_TAG $DESCRIPTOR_DIR/linux/gitian-tor.yml
@@ -160,14 +160,14 @@ then
   #cp -a result/tor-linux-res.yml inputs/
 else
   echo
-  echo "****** SKIPPING already built Tor Component of Linux Bundle (2/5 for Linux) ******"
+  echo "****** SKIPPING already built Tor Component of Linux Bundle (2/6 for Linux) ******"
   echo
 fi
 
 if [ ! -f inputs/tor-browser-linux64-gbuilt.zip ];
 then
   echo
-  echo "****** Starting TorBrowser Component of Linux Bundle (3/5 for Linux) ******"
+  echo "****** Starting TorBrowser Component of Linux Bundle (3/6 for Linux) ******"
   echo
 
   ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor-browser=$TORBROWSER_TAG,faketime=$FAKETIME_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-firefox.yml
@@ -183,17 +183,39 @@ then
   #cp -a result/torbrowser-linux-res.yml inputs/
 else
   echo
-  echo "****** SKIPPING already built TorBrowser Component of Linux Bundle (3/5 for Linux) ******"
+  echo "****** SKIPPING already built TorBrowser Component of Linux Bundle (3/6 for Linux) ******"
+  echo
+fi
+
+if [ ! -f inputs/webrtc-linux32-gbuilt.zip -o \
+     ! -f inputs/webrtc-linux64-gbuilt.zip ];
+then
+  echo
+  echo "****** Starting WebRTC Component of Linux Bundle (4/6 for Linux) ******"
+  echo
+
+  ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit depot_tools=$DEPOT_TOOLS_TAG $DESCRIPTOR_DIR/linux/gitian-webrtc.yml
+  if [ $? -ne 0 ];
+  then
+    #mv var/build.log ./webrtc-fail-linux.log.`date +%Y%m%d%H%M%S`
+    exit 1
+  fi
+
+  cp -a build/out/webrtc-linux*-gbuilt.zip inputs/
+  #cp -a result/webrtc-linux-res.yml inputs/
+else
+  echo
+  echo "****** SKIPPING already built WebRTC Component of Linux Bundle (4/6 for Linux) ******"
   echo
 fi
 
 if [ ! -f inputs/pluggable-transports-linux64-gbuilt.zip ];
 then
   echo
-  echo "****** Starting Pluggable Transports Component of Linux Bundle (4/5 for Linux) ******"
+  echo "****** Starting Pluggable Transports Component of Linux Bundle (5/6 for Linux) ******"
   echo
 
-  ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG,ed25519=$GOED25519_TAG,siphash=$GOSIPHASH_TAG,goxcrypto=$GO_X_CRYPTO_TAG,goxnet=$GO_X_NET_TAG,obfs4=$OBFS4_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml
+  ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit pyptlib=$PYPTLIB_TAG,obfsproxy=$OBFSPROXY_TAG,libfte=$LIBFTE_TAG,fteproxy=$FTEPROXY_TAG,txsocksx=$TXSOCKSX_TAG,goptlib=$GOPTLIB_TAG,meek=$MEEK_TAG,ed25519=$GOED25519_TAG,siphash=$GOSIPHASH_TAG,goxcrypto=$GO_X_CRYPTO_TAG,goxnet=$GO_X_NET_TAG,obfs4=$OBFS4_TAG,go-webrtc=$GO_WEBRTC_TAG,snowflake=$SNOWFLAKE_TAG,uniuri=$UNIURI_TAG $DESCRIPTOR_DIR/linux/gitian-pluggable-transports.yml
   if [ $? -ne 0 ];
   then
     #mv var/build.log ./pluggable-transports-fail-linux.log.`date +%Y%m%d%H%M%S`
@@ -204,14 +226,14 @@ then
   #cp -a result/pluggable-transports-linux-res.yml inputs/
 else
   echo
-  echo "****** SKIPPING already built Pluggable Transports Component of Linux Bundle (4/5 for Linux) ******"
+  echo "****** SKIPPING already built Pluggable Transports Component of Linux Bundle (5/6 for Linux) ******"
   echo
 fi
 
 if [ ! -f inputs/bundle-linux.gbuilt ];
 then
   echo
-  echo "****** Starting Bundling+Localization of Linux Bundle (5/5 for Linux) ******"
+  echo "****** Starting Bundling+Localization of Linux Bundle (6/6 for Linux) ******"
   echo
 
   cd $WRAPPER_DIR && ./record-inputs.sh $VERSIONS_FILE && cd $GITIAN_DIR
@@ -231,7 +253,7 @@ then
   touch inputs/bundle-linux.gbuilt
 else
   echo
-  echo "****** SKIPPING already built Bundling+Localization of Linux Bundle (5/5 for Linux) ******"
+  echo "****** SKIPPING already built Bundling+Localization of Linux Bundle (6/6 for Linux) ******"
   echo
 fi
 
diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh
index b7c45c4..575901b 100755
--- a/gitian/verify-tags.sh
+++ b/gitian/verify-tags.sh
@@ -108,6 +108,7 @@ EOF
 while read dir commit; do
   check_git_hash "$dir" "$commit"
 done << EOF
+libcxx                  $LIBCXX_TAG
 mingw-w64-git           $MINGW_TAG
 libdmg-hfsplus          $LIBDMG_TAG
 libfte                  $LIBFTE_TAG
@@ -120,6 +121,10 @@ goxcrypto               $GO_X_CRYPTO_TAG
 goxnet                  $GO_X_NET_TAG
 noto-fonts              $NOTOFONTS_TAG
 selfrando               $SELFRANDO_TAG
+depot_tools             $DEPOT_TOOLS_TAG
+go-webrtc               $GO_WEBRTC_TAG
+snowflake               $SNOWFLAKE_TAG
+uniuri                  $UNIURI_TAG
 EOF
 
 # Verify signatures on signed packages
@@ -152,6 +157,7 @@ do
    fi
 done
 
+# webrtc? Its fetch brings in sources from many repos.
 
 cd "$INPUTS_DIR"
 verify_git "." "$WRAPPER_DIR/gpg/torbutton.gpg" "$GITIAN_TAG"
diff --git a/gitian/versions b/gitian/versions
index 3b84b63..1b88910 100755
--- a/gitian/versions
+++ b/gitian/versions
@@ -19,8 +19,12 @@ TORBUTTON_TAG=1.9.3.2
 HTTPSE_TAG=5.1.0
 NSIS_TAG=v0.3
 ZLIB_TAG=v1.2.8
-LIBEVENT_TAG=release-2.0.21-stable
-MINGW_TAG=a883b47a45ff74ced41dfbd9f748d5c2c61f3c01 # due to bug 1156131
+LIBEVENT_TAG=release-2.0.22-stable
+CMAKE_TAG=v2.8.12.2
+LLVM_TAG=8f188e0ea735ac9383a65a0d1c846eb790c2ec74  # r247539
+CLANG_TAG=592b43b609b42cffd1531a700c140e10766bf049 # r247539
+LIBCXX_TAG=af9a44f256be54de6874d1eefd1d282d0671c0cf # r247539
+MINGW_TAG=a0cd5afeb60be3be0860e9a203314c10485bb9b8
 PYPTLIB_TAG=pyptlib-0.0.6
 OBFSPROXY_TAG=obfsproxy-0.2.12
 FLASHPROXY_TAG=1.6
@@ -37,6 +41,11 @@ GO_X_CRYPTO_TAG=4ed45ec682102c643324fae5dff8dab085b6c300
 GO_X_NET_TAG=7dbad50ab5b31073856416cdcfeb2796d682f844
 OBFS4_TAG=obfs4proxy-0.0.5
 NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2
+DEPOT_TOOLS_TAG=28216cd14b44716db5c83634afbdc6e90492652b
+WEBRTC_TAG=f33698296719f956497d2dbff81b5080864a8804 # https://chromium.googlesource.com/external/webrtc.git/+/refs/branch-heads/52
+GO_WEBRTC_TAG=69c5ca70533142494d145b43ef2f46ca94715557
+SNOWFLAKE_TAG=6cecd31fd896eb26e64ad8bab8a9ea510ec3b21d
+UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a
 
 GITIAN_TAG=tor-browser-builder-3.x-8
 
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index f553468..d9ce0cb 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -29,6 +29,7 @@ LIBEVENT_TAG=release-2.0.22-stable
 CMAKE_TAG=v2.8.12.2
 LLVM_TAG=8f188e0ea735ac9383a65a0d1c846eb790c2ec74  # r247539
 CLANG_TAG=592b43b609b42cffd1531a700c140e10766bf049 # r247539
+LIBCXX_TAG=af9a44f256be54de6874d1eefd1d282d0671c0cf # r247539
 MINGW_TAG=a0cd5afeb60be3be0860e9a203314c10485bb9b8
 PYPTLIB_TAG=pyptlib-0.0.6
 OBFSPROXY_TAG=obfsproxy-0.2.12
@@ -46,6 +47,11 @@ GO_X_NET_TAG=7dbad50ab5b31073856416cdcfeb2796d682f844
 OBFS4_TAG=obfs4proxy-0.0.5
 NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2
 SELFRANDO_TAG=44ac0df8c0e8eb291f2d913e2dd147000bf54863
+DEPOT_TOOLS_TAG=28216cd14b44716db5c83634afbdc6e90492652b
+WEBRTC_TAG=f33698296719f956497d2dbff81b5080864a8804 # https://chromium.googlesource.com/external/webrtc.git/+/refs/branch-heads/52
+GO_WEBRTC_TAG=69c5ca70533142494d145b43ef2f46ca94715557
+SNOWFLAKE_TAG=6cecd31fd896eb26e64ad8bab8a9ea510ec3b21d
+UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a
 
 GITIAN_TAG=tor-browser-builder-4-1
 
diff --git a/gitian/versions.beta b/gitian/versions.beta
index 2bcde03..a9c988e 100755
--- a/gitian/versions.beta
+++ b/gitian/versions.beta
@@ -30,6 +30,11 @@ TXSOCKSX_TAG=216eb0894a1755872f4789f9458aa6cf543b8433 # unsigned habnabit/1.13.0
 GOPTLIB_TAG=0.2
 MEEK_TAG=0.25
 NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2
+DEPOT_TOOLS_TAG=28216cd14b44716db5c83634afbdc6e90492652b
+WEBRTC_TAG=f33698296719f956497d2dbff81b5080864a8804 # https://chromium.googlesource.com/external/webrtc.git/+/refs/branch-heads/52
+GO_WEBRTC_TAG=69c5ca70533142494d145b43ef2f46ca94715557
+SNOWFLAKE_TAG=6cecd31fd896eb26e64ad8bab8a9ea510ec3b21d
+UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a
 
 GITIAN_TAG=tor-browser-builder-3.x-6
 
diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index d606efc..ad3f017 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -32,6 +32,7 @@ LIBEVENT_TAG=release-2.0.22-stable
 CMAKE_TAG=v2.8.12.2
 LLVM_TAG=8f188e0ea735ac9383a65a0d1c846eb790c2ec74  # r247539
 CLANG_TAG=592b43b609b42cffd1531a700c140e10766bf049 # r247539
+LIBCXX_TAG=af9a44f256be54de6874d1eefd1d282d0671c0cf # r247539
 MINGW_TAG=a0cd5afeb60be3be0860e9a203314c10485bb9b8
 PYPTLIB_TAG=master
 OBFSPROXY_TAG=master
@@ -49,6 +50,11 @@ GO_X_NET_TAG=master
 OBFS4_TAG=master
 NOTOFONTS_TAG=720e34851382ee3c1ef024d8dffb68ffbfb234c2
 SELFRANDO_TAG=44ac0df8c0e8eb291f2d913e2dd147000bf54863
+DEPOT_TOOLS_TAG=master
+WEBRTC_TAG=f33698296719f956497d2dbff81b5080864a8804 # https://chromium.googlesource.com/external/webrtc.git/+/refs/branch-heads/52
+GO_WEBRTC_TAG=master
+SNOWFLAKE_TAG=master
+UNIURI_TAG=master
 
 GITIAN_TAG=tor-browser-builder-4
 



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits