From a6ac016a842a37e6c5433e17599f422ba19bd842 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Mon, 21 Sep 2015 12:05:24 +0200 Subject: [PATCH 1/7] use symlinks to provide alternate folders for Hebrew and Indonesian These two languages must be included twice (iw/he and id/in) For a full discussion of why, see: https://gitlab.com/fdroid/fdroidclient/issues/139 https://stackoverflow.com/questions/5074769/cyanogenmod-translate-a-project/8470980#8470980 https://stackoverflow.com/questions/8393771/android-not-using-finding-my-hebrew-localization --- res/values-he | 1 + res/values-id | 1 + 2 files changed, 2 insertions(+) create mode 120000 res/values-he create mode 120000 res/values-id diff --git a/res/values-he b/res/values-he new file mode 120000 index 00000000..6fe8b495 --- /dev/null +++ b/res/values-he @@ -0,0 +1 @@ +values-iw \ No newline at end of file diff --git a/res/values-id b/res/values-id new file mode 120000 index 00000000..3e5fb5a7 --- /dev/null +++ b/res/values-id @@ -0,0 +1 @@ +values-in-rID \ No newline at end of file From 72eab39a95794fa5f7a6ff73e7b38abc185c6454 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Thu, 14 Jan 2016 20:57:30 +0100 Subject: [PATCH 2/7] build jtorctl directly, using a symlink to point to its source code This builds the jtorctl java with the rest of Orbot's java. The process of making a jar breaks when external/Makefile is run with frozen time using faketime. That is needed to get reproducible native bits. --- external/Makefile | 31 ++++--------------------------- src/net | 1 + 2 files changed, 5 insertions(+), 27 deletions(-) create mode 120000 src/net diff --git a/external/Makefile b/external/Makefile index ae7db87d..e25cd0dd 100644 --- a/external/Makefile +++ b/external/Makefile @@ -199,7 +199,7 @@ iptables/Makefile: cp config.sub iptables cp config.guess iptables cd iptables && \ - CC="$(CC)" AR="$(AR)" RANLIB=$(RANLIB) CFLAGS="$(CFLAGS) -I$(EXTERNAL_ROOT)/include" LDFLAGS="$(LDFLAGS)" \ + CC="$(CC)" AR="$(AR)" RANLIB=$(RANLIB) CFLAGS="$(CFLAGS) -I$(EXTERNAL_ROOT)/include" LDFLAGS="$(LDFLAGS)" \ ./configure --host=$(HOST) --disable-shared --enable-static iptables-build-stamp: iptables/Makefile @@ -290,35 +290,13 @@ pluto: pluto-build-stamp pluto-clean: # -rm -rf pluto/bin -#------------------------------------------------------------------------------# -# JTorControl library - -jtorctl/bin/jtorctl.jar: - test -d jtorctl/bin || mkdir jtorctl/bin - cd jtorctl && \ - javac -source 1.6 -target 1.6 net/freehaven/tor/control/TorControlConnection.java -d bin - cd jtorctl/bin && \ - jar cvf jtorctl.jar * - -jtorctl-build-stamp: jtorctl/bin/jtorctl.jar - touch jtorctl-build-stamp - -jtorctl: jtorctl-build-stamp - test -d bin || mkdir bin - cp jtorctl/bin/jtorctl.jar bin - -jtorctl-clean: - -rm -rf jtorctl/bin - -rm jtorctl-build-stamp - #------------------------------------------------------------------------------# #create and clean assets: FYI - tor is stored as a ZIP file with an mp3 extension #in order to stop Android OS (older devices) from trying to compress/decompress it #this is related to a bug in compression of assets and resources > 1MB -assets: tor polipo jtorctl iptables pluto +assets: tor polipo iptables pluto install -d ../libs - install bin/jtorctl.jar ../libs install -d ../assets/$(APP_ABI) -$(STRIP) bin/polipo -zip ../assets/$(APP_ABI)/polipo.mp3 bin/polipo @@ -341,13 +319,12 @@ assets-clean: -rm ../assets/$(APP_ABI)/meek-client.mp3 -rm ../assets/$(APP_ABI)/obfs4proxy.mp3 -rm ../assets/$(APP_ABI)/pdnsd.mp3 - -rm ../libs/jtorctl.jar #------------------------------------------------------------------------------# # cleanup, cleanup, put the toys away -##clean: openssl-clean libevent-clean tor-clean polipo-clean jtorctl-clean assets-clean -clean: openssl-clean libevent-clean tor-clean polipo-clean iptables-clean jtorctl-clean pluto-clean +##clean: openssl-clean libevent-clean tor-clean polipo-clean assets-clean +clean: openssl-clean libevent-clean tor-clean polipo-clean iptables-clean pluto-clean #------------------------------------------------------------------------------# # debugging stuff diff --git a/src/net b/src/net new file mode 120000 index 00000000..ab37141f --- /dev/null +++ b/src/net @@ -0,0 +1 @@ +../external/jtorctl/net/ \ No newline at end of file From 5ce1f5f91ad6ae98e0388243126313328c971e35 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Thu, 14 Jan 2016 20:57:57 +0100 Subject: [PATCH 3/7] make-release-build: make sure tag signers exist before verifying tags --- make-release-build | 3 +++ 1 file changed, 3 insertions(+) diff --git a/make-release-build b/make-release-build index b28dcd80..3c18ce03 100755 --- a/make-release-build +++ b/make-release-build @@ -16,6 +16,9 @@ else echo "" echo "" echo "Checking git tag signature for release build:" + gpg --list-key 9F0FE587374BBE81 || gpg --recv-key 9F0FE587374BBE81 + gpg --list-key E9E28DEA00AA5556 || gpg --recv-key E9E28DEA00AA5556 + gpg --list-key A801183E69B37AA9 || gpg --recv-key A801183E69B37AA9 git tag -v $versionName echo "" echo "" From 58d53ea347d2c923d781aed450bbb922b3888210 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Thu, 14 Jan 2016 20:59:17 +0100 Subject: [PATCH 4/7] make-release-build: use strip-nondeterminism to get reproducible build strip-nondeterminism sets the timestamps in the zip based on the timestamp of the git commit. --- make-release-build | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/make-release-build b/make-release-build index 3c18ce03..2d5947a7 100755 --- a/make-release-build +++ b/make-release-build @@ -71,6 +71,14 @@ faketime -f "$TIMESTAMP_5" ant release apk=$projectroot/bin/$projectname-v$describe.apk +# standardize timestamps in ZIP headers, requires strip-nondeterminism 0.014 +if which strip-nondeterminism > /dev/null; then + strip-nondeterminism -t zip -T $(git log -n1 --format=format:%at) $apk +fi + +# echo the checksum to build logs +sha256sum $apk + if which gpg > /dev/null; then if [ -z "`gpg --list-secret-keys`" ]; then echo "No GPG secret keys found, not signing APK" From 5c86b5cc7ea9ee84c4dc6d84d8acaff955e21eb6 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Thu, 14 Jan 2016 21:08:46 +0100 Subject: [PATCH 5/7] make-release-build: make sure ndk-build can be found --- make-release-build | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/make-release-build b/make-release-build index 2d5947a7..ee48d173 100755 --- a/make-release-build +++ b/make-release-build @@ -35,6 +35,15 @@ if [ -z $ANDROID_HOME ]; then fi fi +if [ -z $ANDROID_NDK_HOME ]; then + if which ndk-build 2>&1 /dev/null; then + ANDROID_NDK_HOME=`which ndk-build | sed 's,/ndk-build,,'` + else + echo "ANDROID_NDK_HOME not set and 'ndk-build' not in PATH" + exit + fi +fi + projectroot=`pwd` projectname=`sed -n 's,.*name="app_name">\(.*\)<.*,\1,p' res/values/strings.xml` @@ -61,7 +70,7 @@ else echo "skipping release ant.properties" fi -ndk-build +$ANDROID_NDK_HOME/ndk-build faketime "$TIMESTAMP" make -C external From 461e35dc5163501ef936ed4ec6afcfbe1f41ee56 Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Thu, 14 Jan 2016 21:09:45 +0100 Subject: [PATCH 6/7] make-release-build: freeze time when running ndk-build This aides reproducibility. --- make-release-build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make-release-build b/make-release-build index ee48d173..23aa5e23 100755 --- a/make-release-build +++ b/make-release-build @@ -70,7 +70,7 @@ else echo "skipping release ant.properties" fi -$ANDROID_NDK_HOME/ndk-build +faketime "$TIMESTAMP" $ANDROID_NDK_HOME/ndk-build faketime "$TIMESTAMP" make -C external From 735b2985f72fbabe7d6a080636a48842933c07ac Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Thu, 14 Jan 2016 21:42:59 +0100 Subject: [PATCH 7/7] make-release-build: remove faketime from `ant release` It is too problematic and there are other ways to make those final parts of the APK reproducible. --- make-release-build | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/make-release-build b/make-release-build index 23aa5e23..19dc5b7d 100755 --- a/make-release-build +++ b/make-release-build @@ -51,9 +51,6 @@ projectname=`sed -n 's,.*name="app_name">\(.*\)<.*,\1,p' res/values/strings.xml` export TZ=UTC TIMESTAMP=`printf '%(%Y-%m-%d %H:%M:%S)T' \ $(git log -n1 --format=format:%at)` -# run the clock at 5% speed, ant requires a moving clock -TIMESTAMP_5=`printf '@%(%Y-%m-%d %H:%M:%S)T x0.05' \ - $(git log -n1 --format=format:%at)` git reset --hard git clean -fdx @@ -76,7 +73,7 @@ faketime "$TIMESTAMP" make -C external ./setup-ant -faketime -f "$TIMESTAMP_5" ant release +ant release apk=$projectroot/bin/$projectname-v$describe.apk