commit 82f061f118519c318ddf0aaa7dc4fcbd8290536e Author: Mike Perry mikeperry-git@torproject.org Date: Sun Mar 2 14:21:30 2014 -0800
Bug 4261: Make uncompressed DMG creation reproducible.
genisoimage was non-deterministic, and libdmg was using unitialized memory in a stack struct. --- gitian/build-helpers/ddmg.sh | 25 +++++++------------ gitian/descriptors/mac/gitian-bundle.yml | 6 +++++ gitian/patches/libdmg.patch | 39 ++++++++++++++++++++++++++++++ 3 files changed, 54 insertions(+), 16 deletions(-)
diff --git a/gitian/build-helpers/ddmg.sh b/gitian/build-helpers/ddmg.sh index f9f54da..468d6be 100755 --- a/gitian/build-helpers/ddmg.sh +++ b/gitian/build-helpers/ddmg.sh @@ -5,24 +5,17 @@ export LC_ALL=C DMGFILE=$1 shift
-# Attempt to normalize inode ordering.. -# XXX: the genisoimage -path-list argument seems broken -mkdir -p ~/build/tmp/dmg +find $@ -executable -exec chmod 700 {} ; +find $@ ! -executable -exec chmod 600 {} ; + cd $@ -for i in `find . | sort` -do - if [ -d $i ]; - then - mkdir -p ~/build/tmp/dmg/$i - else - cp --parents -d --preserve=all $i ~/build/tmp/dmg/ - fi -done +find . -type f | sed -e 's/^.///' | sort | xargs -i echo "{}={}" > ~/build/filelist.txt +find . -type l | sed -e 's/^.///' | sort | xargs -i echo "{}={}" >> ~/build/filelist.txt + +mkisofs -D -V "Tor Browser" -no-pad -R -apple -o ~/build/tbb-uncompressed.dmg -path-list ~/build/filelist.txt -graft-points -dir-mode 0700 -new-dir-mode 0700
-find ~/build/tmp/dmg -executable -exec chmod 700 {} ; -find ~/build/tmp/dmg ! -executable -exec chmod 600 {} ; +cd ~/build
-genisoimage -D -V "Tor Browser" -no-pad -R -apple -o tbb-uncompressed.dmg ~/build/tmp/dmg/ ~/build/libdmg-hfsplus/dmg/dmg dmg tbb-uncompressed.dmg $DMGFILE rm tbb-uncompressed.dmg -rm -rf ~/build/tmp/dmg/ +rm ~/build/filelist.txt diff --git a/gitian/descriptors/mac/gitian-bundle.yml b/gitian/descriptors/mac/gitian-bundle.yml index 63c0a96..55a6777 100644 --- a/gitian/descriptors/mac/gitian-bundle.yml +++ b/gitian/descriptors/mac/gitian-bundle.yml @@ -41,6 +41,7 @@ files: - "noscript@noscript.net.xpi" - "dzip.sh" - "ddmg.sh" +- "libdmg.patch" - "bare-version" - "bundle.inputs" - "versions" @@ -141,6 +142,7 @@ script: | # # Set up DMG skeleton cd libdmg-hfsplus + git am ~/build/libdmg.patch cmake CMakeLists.txt cd dmg make @@ -162,6 +164,10 @@ script: | ~/build/dzip.sh $OUTDIR/TorBrowserBundle-${TORBROWSER_VERSION}-osx${GBUILD_BITS}_en-US.zip ${TORBROWSER_NAME}_en-US.app rm -rf ~/build/${TORBROWSER_NAME}_en-US.app else + # XXX: We need to insert these placeholders because otherwise mkisofs won't + # include these otherwise empty dirs: + touch ~/build/$TORBROWSER_NAME.app/Data/Browser/Caches/placeholder.txt + touch ~/build/$TORBROWSER_NAME.app/Contents/MacOS/TorBrowser.app/Contents/MacOS/browser/defaults/preferences/placeholder.txt cp -a ~/build/$TORBROWSER_NAME.app ~/build/dmg/$TORBROWSER_APP.app ~/build/ddmg.sh $OUTDIR/TorBrowser-${TORBROWSER_VERSION}-osx${GBUILD_BITS}_en-US.dmg ~/build/dmg rm -rf ~/build/dmg/$TORBROWSER_APP.app diff --git a/gitian/patches/libdmg.patch b/gitian/patches/libdmg.patch new file mode 100644 index 0000000..a84ac3e --- /dev/null +++ b/gitian/patches/libdmg.patch @@ -0,0 +1,39 @@ +From d1a5eca891f32103ccda80ee75e158dfc7ece70d Mon Sep 17 00:00:00 2001 +From: Mike Perry mikeperry-git@torproject.org +Date: Thu, 6 Mar 2014 19:47:05 -0800 +Subject: [PATCH] Memset a UDIF header to ensure archive reproducibility. + +Some of the struct padding and fields contained unitialized memory, which +caused two successive invocations to produce archives that differed in some +bytes. +--- + dmg/dmglib.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/dmg/dmglib.c b/dmg/dmglib.c +index f481b1f..b74e50b 100644 +--- a/dmg/dmglib.c ++++ b/dmg/dmglib.c +@@ -108,7 +108,8 @@ int buildDmg(AbstractFile* abstractIn, AbstractFile* abstractOut) { + ChecksumToken dataForkToken; + + UDIFResourceFile koly; +- ++ memset(&koly, 0, sizeof(koly)); ++ + off_t plistOffset; + uint32_t plistSize; + uint32_t dataForkChecksum; +@@ -284,7 +285,8 @@ int convertToDMG(AbstractFile* abstractIn, AbstractFile* abstractOut) { + uint64_t numSectors; + + UDIFResourceFile koly; +- ++ memset(&koly, 0, sizeof(koly)); ++ + char partitionName[512]; + + off_t fileLength; +-- +1.8.1.2 +