[tor-dev] Building meek-server with Go 1.11.5

[Matthew Finkel <matthew.finkel@xxxxxxxxx>]

Attached is a script for building meek-server. I used this for
completing #29171. The newest version of Go is only available in Sid and
Buster[0], so this script creates a Buster environment and installs the
dependencies.

The script assumes debootstrap and sudo are installed (and you have
necessary privilege). As of today, a Debian Buster system should create
a reproducible binary with a SHA-256 digest
6e242798f861308083e54bc0ca3989a03b0818475e9b6df4589ced10c7e3aadc
(confirmed over multi-path builds).

This is simply an FYI, in case anyone else want so to use it.

- Matt

[0] https://security-tracker.debian.org/tracker/source-package/golang-1.11

#!/bin/sh

set -e
set -x

if [ -z "${ROOTDIR}" ]; then
    ROOTDIR=meekserver_chroot
fi

if [ -z "${VIA_TOR}" ]; then
    VIA_TOR=0
fi

if [ -z "${PROXY}" ]; then
    PROXY="127.0.0.1:9050"
fi

if [ -z "${RELEASE}" ]; then
    RELEASE="buster"
fi

sudo debootstrap --verbose --variant=buildd "${RELEASE}" ${ROOTDIR}
sudo mount -t proc proc ${ROOTDIR}/proc/
sudo mount -t tmpfs dev ${ROOTDIR}/dev
sudo mount -t sysfs sys ${ROOTDIR}/sys/
sudo mkdir ${ROOTDIR}/dev/pts
sudo mkdir ${ROOTDIR}/dev/shm
sudo touch ${ROOTDIR}/dev/null
sudo mount -t tmpfs shm ${ROOTDIR}/dev/shm
sudo mount -t devpts devpts ${ROOTDIR}/dev/pts
sudo mount --bind /dev/null ${ROOTDIR}/dev/null

if [ "${VIA_TOR}" -ne "0" ]; then
    apt-get download apt-transport-tor/"${RELEASE}"
    sudo mv apt-transport-tor_*.deb ${ROOTDIR}/
    echo "Acquire::tor::proxy \"socks5h://${PROXY}\";" | sudo tee ${ROOTDIR}/etc/apt/apt.conf.d/01tor
    echo "deb  tor+http://vwakviie2ienjx6t.onion/debian          ${RELEASE}            main" | sudo tee ${ROOTDIR}/etc/apt/sources.list
fi

cat > setup_chroot <<EOF
#!/bin/sh
set -e

if [ "${VIA_TOR}" -ne "0" ]; then
    dpkg -i apt-transport-tor_*.deb
fi

apt-get update

apt-get install -y golang-go

apt-get install -y git-core

apt-get install -y golang-golang-x-crypto-dev

useradd -m meek_builder

if [ "${VIA_TOR}" -ne "0" ]; then
    su -l -c 'git config --global http.proxy "socks5h://meek_${RELEASE}_git:1234@${PROXY}"' meek_builder
fi

su -l -c 'git clone https://git.torproject.org/pluggable-transports/meek.git' meek_builder
su -l -c 'GOPATH="\${HOME}/go" go get git.torproject.org/pluggable-transports/goptlib.git' meek_builder
echo 'export GOPATH="/usr/share/gocode/:\${HOME}/go"' >> /home/meek_builder/.profile
EOF

chmod 700 setup_chroot
sudo mv setup_chroot ${ROOTDIR}/
sudo chroot ${ROOTDIR}/ /setup_chroot

sudo umount ${ROOTDIR}/dev/null ${ROOTDIR}/dev/pts ${ROOTDIR}/dev/shm
sudo umount ${ROOTDIR}/sys/ ${ROOTDIR}/dev ${ROOTDIR}/proc/

echo Building...
################ BUILD ##################
#sudo unshare -n chroot ${ROOTDIR}/ su -c 'sh -c "cd ${HOME}/meek/meek-server/ && go build"' meek_builder
sudo unshare -n \
  chroot ${ROOTDIR}/ \
    su -l -c \
      sh -c 'cd ${HOME}/meek/meek-server/ && GOPATH="/usr/share/gocode/:${HOME}/go" go build' \
    meek_builder

echo "6e242798f861308083e54bc0ca3989a03b0818475e9b6df4589ced10c7e3aadc  meekserver_chroot/home/meek_builder/meek/meek-server/meek-server" | sha256sum -c
#########################################

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev