From 0b5193f3bd84df957337e703445a6dadd30e4f55 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Sun, 31 Jan 2021 21:51:29 +0100 Subject: move more scripts to scripts folder, adapt gitlab ci and prepare_for_distribution script --- .gitlab-ci.yml | 16 +- build_deps.sh | 38 ---- cleanGit.sh | 8 - fix_gradle_lock.sh | 3 - prepareForDistribution.sh | 372 ------------------------------------- scripts/build_deps.sh | 38 ++++ scripts/cleanGit.sh | 8 + scripts/cleanProject.sh | 12 ++ scripts/fix_gradle_lock.sh | 3 + scripts/prepareForDistribution.sh | 374 ++++++++++++++++++++++++++++++++++++++ 10 files changed, 443 insertions(+), 429 deletions(-) delete mode 100755 build_deps.sh delete mode 100755 cleanGit.sh delete mode 100755 fix_gradle_lock.sh delete mode 100755 prepareForDistribution.sh create mode 100755 scripts/build_deps.sh create mode 100755 scripts/cleanGit.sh create mode 100755 scripts/cleanProject.sh create mode 100755 scripts/fix_gradle_lock.sh create mode 100755 scripts/prepareForDistribution.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b9ac51a6..1d358b22 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -102,9 +102,9 @@ build: image: "0xacab.org:4567/leap/bitmask_android/android-ndk:latest" stage: build script: - - ./cleanProject.sh - - ./build_deps.sh >> build_deps.log 2>&1 - - ./gradlew clean assembleNormalProductionFatDebug --stacktrace >> build.log 2>&1 + - ./scripts/cleanProject.sh + - ./scripts/build_deps.sh >> build_deps.log 2>&1 + - ./scripts/gradlew clean assembleNormalProductionFatDebug --stacktrace >> build.log 2>&1 artifacts: paths: - app/build/outputs/ @@ -117,7 +117,7 @@ build_release: image: "0xacab.org:4567/leap/bitmask_android/android-ndk:latest" stage: build script: - - ./prepareForDistribution.sh build -no-tag >> normalRelease.log 2>&1 + - ./scripts/prepareForDistribution.sh build -no-tag >> normalRelease.log 2>&1 artifacts: paths: - app/build/outputs/ @@ -131,7 +131,7 @@ build_fdroid_beta_release: image: "0xacab.org:4567/leap/bitmask_android/android-ndk:latest" stage: build script: - - ./prepareForDistribution.sh build -no-tag -beta >> normalBeta.log 2>&1 + - ./scripts/prepareForDistribution.sh build -no-tag -beta >> normalBeta.log 2>&1 artifacts: paths: - app/build/outputs/ @@ -145,7 +145,7 @@ build_custom_release: image: "0xacab.org:4567/leap/bitmask_android/android-ndk:latest" stage: build script: - - ./prepareForDistribution.sh build -no-tag -custom >> customRelease.log 2>&1 + - ./scripts/prepareForDistribution.sh build -no-tag -custom >> customRelease.log 2>&1 artifacts: paths: - app/build/outputs/ @@ -159,7 +159,7 @@ build_fdroid_custom_beta_release: image: "0xacab.org:4567/leap/bitmask_android/android-ndk:latest" stage: build script: - - ./prepareForDistribution.sh build -no-tag -beta -custom >> customBeta.log 2>&1 + - ./scripts/prepareForDistribution.sh build -no-tag -beta -custom >> customBeta.log 2>&1 artifacts: paths: - app/build/outputs/ @@ -167,4 +167,4 @@ build_fdroid_custom_beta_release: - customBeta.log when: always expire_in: 1 week - when: manual \ No newline at end of file + when: manual diff --git a/build_deps.sh b/build_deps.sh deleted file mode 100755 index beb5e13e..00000000 --- a/build_deps.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash - -function quit { - echo "Task failed. $1." - exit 1 -} - - -DIR_OVPNASSETS=./ics-openvpn/main/build/ovpnassets -DIR_OVPNLIBS=./ics-openvpn/main/build/intermediates/cmake/noovpn3/release/obj -DIR_GOLIBS=./go/lib/ -FILE_X86=./go/out/x86/piedispatcherlib -FILE_ARM=./go/out/armeabi-v7a/piedispatcherlib - -# init -# look for empty dir - -if [[ $(ls -A ${DIR_OVPNASSETS}) && $(ls -A ${DIR_OVPNLIBS}) ]] -then - echo "Dirty build: skipped externalNativeBuild - reusing existing libs" -else - echo "Clean build: starting externalNativeBuild" - cd ./ics-openvpn || quit "Directory ics-opevpn not found" - ./gradlew clean main:externalNativeBuildCleanSkeletonRelease main:externalNativeBuildSkeletonRelease --debug --stacktrace || quit "Build ics-openvpn native libraries failed" - cd .. -fi - -if [[ $(ls -A ${DIR_GOLIBS}) ]] -then - echo "Dirty build: Reusing go libraries" -else - echo "Clean build: compiling Go libraries" - cd ./go || quit "Directory go not found" - ./install_go.sh || quit "install_go.sh failed" - ./android_build_web_core.sh || quit "android_build_web_core.sh (shapeshifter + pgpverify) failed" - ./android_build_core.sh || quit "android build core (shapeshifter) failed" - cd .. -fi diff --git a/cleanGit.sh b/cleanGit.sh deleted file mode 100755 index 3c0b9271..00000000 --- a/cleanGit.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -#git clean -xfd -#git submodule foreach --recursive git clean -xfd -#git reset --hard -#git submodule foreach --recursive git reset --hard -git --version -git submodule sync --recursive -git submodule update --init --recursive diff --git a/fix_gradle_lock.sh b/fix_gradle_lock.sh deleted file mode 100755 index 4361f3b5..00000000 --- a/fix_gradle_lock.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -find ~/.gradle -type f -name "*.lock" -delete \ No newline at end of file diff --git a/prepareForDistribution.sh b/prepareForDistribution.sh deleted file mode 100755 index 5e39bb5c..00000000 --- a/prepareForDistribution.sh +++ /dev/null @@ -1,372 +0,0 @@ -#!/bin/bash - -# Copyright (c) 2019 LEAP Encryption Access Project and contributers -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - - -function quit { - echo -e "${RED}Task failed. Exit value: $?.${NC}" - cleanUp - exit 1 -} - -function cleanUp { - if [[ -f ${ALIGNED_UNSIGNED_APK} ]] - then - rm ${ALIGNED_UNSIGNED_APK} - fi - if [[ -f ${ALIGNED_SIGNED_APK} ]] - then - rm ${ALIGNED_SIGNED_APK} - fi -} - -function sign { - #---- ALIGN AND JARSIGN APK ----- - if [[ -z $FILE_NAME_STRING ]] - then - FILE_NAME_STRING=$1 - FILE_NAME=${FILE_NAME_STRING##*/} #remove everything till the last '/' - FILE_DIR=${FILE_NAME_STRING%/*} #remove everything after the last '/' - fi - - FINAL_APK="${FILE_DIR}/${FILE_NAME}" - ALIGNED_UNSIGNED_APK="${FILE_DIR}/aligned-${FILE_NAME}" - ALIGNED_SIGNED_APK="${FILE_DIR}/aligned-signed-${FILE_NAME}" - - echo -e "${GREEN} -> zip align ${ALIGNED_UNSIGNED_APK}${NC}" - ${ANDROID_BUILD_TOOLS}/zipalign -v -p 4 "${FINAL_APK}" ${ALIGNED_UNSIGNED_APK} > /dev/null && echo "zip alignment successful" || quit - echo -e "${GREEN} -> apksign ${ALIGNED_UNSIGNED_APK}${NC}" - ${ANDROID_BUILD_TOOLS}/apksigner sign --ks "${KEY_STORE_STRING}" --out ${ALIGNED_SIGNED_APK} ${ALIGNED_UNSIGNED_APK} || quit - rm ${ALIGNED_UNSIGNED_APK} - - FINGERPRINT=$(unzip -p ${ALIGNED_SIGNED_APK} META-INF/*.RSA | keytool -printcert | grep "SHA256" | tr -d '[:space:]') || quit - - if [[ ${FINGERPRINT} == ${EXPECTED_FINGERPRINT} ]] - then - echo "Certificate fingerprint matches: ${FINGERPRINT}" - else - echo -e "${RED}Certificate fingerprint \n${FINGERPRINT} \ndid not match expected fingerprint \n\t${EXPECTED_FINGERPRINT}${NC}" - quit - fi - - echo -e "${GREEN} -> rename aligned signed apk to ${FINAL_APK}${NC}" - cp ${ALIGNED_SIGNED_APK} ${FINAL_APK} || quit - cleanUp - - #---- GPG SIGNING ---- - if [[ -z ${GPG_KEY} && -z ${GPG_KEY_USER} ]] - then - echo -e "${ORANGE}WARNING: Could not do gpg signing!${NC}" - exit - fi - - if [[ ${GPG_KEY} ]] - then - echo -e "${GREEN} -> gpg sign using key ${GPG_KEY}${NC}" - gpg --default-key ${GPG_KEY} --armor --output "${FINAL_APK}.sig" --detach-sign ${FINAL_APK} || quit - #gpg -u ${GPG_KEY} -sab --output ${FINAL_APK} || quit - else - echo -e "${GREEN} -> gpg sign using pub key of user ${GPG_KEY_USER}${NC}" - GPG_KEY=$(gpg --list-keys $GPG_KEY_USER | grep pub | cut -d '/' -f 2 | cut -d ' ' -f 1) || quit - #gpg -u ${GPG_KEY} -sab --output ${FINAL_APK} || quit - gpg --default-key ${GPG_KEY} --armor --output "${FINAL_APK}.sig" --detach-sign ${FINAL_APK} || quit - fi - - echo -e "${GREEN} -> gpg verify ${FINAL_APK}${NC}" - gpg --verify "${FINAL_APK}.sig" || quit -} - -# ----Main----- - -DO_BUILD=false -DO_SIGN=false -BETA=false -NO_TAG=false -FLAVOR="Normal" -FLAVOR_LOWERCASE="normal" -EXPECTED_FINGERPRINT="SHA256:9C:94:DB:F8:46:FD:95:97:47:57:17:2A:6A:8D:9A:9B:DF:8C:40:21:A6:6C:15:11:28:28:D1:72:39:1B:81:AA" -GREEN='\033[0;32m' -RED='\033[0;31m' -ORANGE='\033[0;33m' -NC='\033[0m' - -export GREEN=${GREEN} -export RED=${RED} -export ORANGE=${ORANGE} -export EXPECTED_FINGERPRINT=${EXPECTED_FINGERPRINT} -export -f sign -export -f quit -export -f cleanUp - - -# init parameters -for ((i=1;i<=$#;i++)); -do - if [[ ${!i} = "b" || ${!i} = "build" ]] - then - DO_BUILD=true - - elif [[ ${!i} = "s" || ${!i} = "sign" ]] - then - DO_SIGN=true - - elif [[ ${!i} = "-f" || ${!i} = "-file" ]] - then - ((i++)) - FILE_NAME_STRING=${!i} - FILE_NAME=${FILE_NAME_STRING##*/} #remove everything till the last '/' - FILE_DIR=${FILE_NAME_STRING%/*} #remove everything after the last '/' - - elif [[ ${!i} = "-d" || ${!i} = "-dir" ]] - then - ((i++)) - FILE_DIR=${!i} - MULTIPLE_APKS=true - elif [[ ${!i} = "-ks" || ${!i} = "-keystore" ]] - then - ((i++)) - KEY_STORE_STRING=${!i}; - KEY_STORE_NAME=${KEY_STORE_STRING##*/} - KEY_STORE_DIR=${KEY_STORE_STRING%/*} - export KEY_STORE_STRING=${KEY_STORE_STRING} - - elif [[ ${!i} = "-v" || ${!i} = "-version" ]] - then - ((i++)) - VERSION_NAME=${!i}; - if [[ -z $(git tag --list | grep -w ${VERSION_NAME}) ]] - then - echo -e "${RED}ERROR: Version name has to be a git tag!${NC}" - exit - fi - elif [[ ${!i} = "-k" || ${!i} = "-key" ]]; - then - ((i++)) - GPG_KEY=${!i} - export GPG_KEY=${GPG_KEY} - elif [[ ${!i} = "-u" || ${!i} = "-user" ]]; - then - ((i++)) - GPG_KEY_USER=${!i} - export GPG_KEY_USER=${GPG_KEY_USER} - elif [[ ${!i} = "-b" || ${!i} = "-beta" ]]; - then - BETA=true - elif [[ ${!i} = "-no-tag" ]]; - then - NO_TAG=true - elif [[ ${!i} = "-c" || ${!i} = "-custom" ]] - then - ((i++)) - FLAVOR="Custom" - FLAVOR_LOWERCASE="custom" - elif [[ ${!i} = "-h" || ${!i} = "-help" ]]; - then - echo -e " - sign [-ks -fp -f -b -u -k] sign a given apk (both app signing and GPG signing) - -ks / -keystore [path] -------------- define path to keystore for signing (required) - -fp / -fingerprint [fingerprint] ---- define the fingerprint for the app (required for non-LEAP - signed apps) - -f / -file [inputfile] -------------- define path to apk going to be signed - -d / -dir [path] -------------------- define path to directory including apks to be signed - -u / -user [gpguser] ---------------- define the gpg user whose key will be used for GPG signing - (optional) - -k / -key [gpgkey] ------------------ define the key used for GPG signing. Using this option, - -u will be ignored (optional) - - - build [-v, -c, -b, -no-tag] - -v / -version [gittag] -------------- define the git version tag that needs to be checked out - for building. It's also part of the resulting apk file - name. (required if you don't use -no-tag) - -c / -custom ------------------------ build custom Bitmask client instead of main Bitmask client - (optional) - -b / -beta -------------------------- build beta version with .beta appended to applicationId (optional) - -no-tag ----------------------------- force to build current checked out git commit instead of an - official release version - - - -h / -help print out this help - - - example Usages: - --------------- - - * jarsign only: - ./prepareForDistribution.sh sign -f app/build/outputs/apk/app-production-beta.apk -ks ~/path/to/bitmask-android.keystore - - * jarsign and gpg sign only: - ./prepareForDistribution.sh sign -f app/build/outputs/apk/app-production-beta.apk -ks ~/path/to/bitmask-android.keystore -u GPG_USER - - * jarsign and gpg sign all apks in directory: - ./prepareForDistribution.sh sign -d currentReleases/ -ks ~/path/to/bitmask-android.keystore -u GPG_USER - - * build custom stable - ./prepareForDistribution.sh build -v 0.9.7 -c - - * build and sign custom stable: - ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -c -v 0.9.7 - - * build and sign custom beta: - ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -c -b -v 0.9.7RC2 - - * build and sign stable: - ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -v 0.9.7 - - * build and sign current git HEAD - ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -no-tag" - exit - - else - echo -e "${RED}Invalid argument: ${!i}${NC}" - exit - fi - -done; - - -# check what to do -if [[ ${DO_BUILD} == false && ${DO_SIGN} == false ]] -then - echo -e "${RED}ERROR: No action set. Please check ./prepareForDistribution -help!${NC}" - exit -fi - -BASE_FILE_DIR="$(pwd)/app/build/outputs/apk" -RELEASES_FILE_DIR="$(pwd)/currentReleases" - -if [[ ${DO_BUILD} == true ]] -then - if [[ ${NO_TAG} == false && -z ${VERSION_NAME} ]] - then - echo -e "${RED}ERROR: You didn't enter the version (git tag) to be built. If you really want to force building the current checked out commit, use -no-tag.${NC}" - quit - fi - if [[ ${NO_TAG} == false ]] - then - #---- COMPARE TAG COMMIT WITH CURRENT COMMIT AND CHECK OUT TAG COMMIT IF NECESSARY ---- - TAG_COMMIT=$(git log -n 1 ${VERSION_NAME} --format="%H") - CURRENT_COMMIT=$(git log -n 1 --format="%H") - if [[ ${TAG_COMMIT} != ${CURRENT_COMMIT} ]] - then - echo "CHECKING OUT VERSION: ${VERSION_NAME} ..." - git checkout ${VERSION_NAME} || quit - fi - fi - - ./cleanProject.sh || quit - ./build_deps.sh || quit - ./fix_gradle_lock.sh || quit - - if [[ ! -d $RELEASES_FILE_DIR ]] - then - mkdir $RELEASES_FILE_DIR - fi - rm -rf $RELEASES_FILE_DIR/* - - if [[ ${BETA} == true ]] - then - echo -e "${GREEN} -> build beta releases for flavor ${FLAVOR}${NC}" - ./gradlew clean assemble${FLAVOR}ProductionFatBeta --stacktrace || quit - # echo "copy file: $(ls $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionFat/beta/*.apk)" - cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionFat/beta/*.apk $RELEASES_FILE_DIR/. - - # custom builds might have disabled split apks -> check if build task exist - if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionX86Beta) ]]; then - ./gradlew clean assemble${FLAVOR}ProductionX86Beta --stacktrace || quit - cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionX86/beta/*.apk $RELEASES_FILE_DIR/. - fi - if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionX86_64Beta) ]]; then - ./gradlew clean assemble${FLAVOR}ProductionX86_64Beta --stacktrace || quit - cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionX86_64/beta/*.apk $RELEASES_FILE_DIR/. - fi - if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionArmv7Beta) ]]; then - ./gradlew clean assemble${FLAVOR}ProductionArmv7Beta --stacktrace || quit - cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionArmv7/beta/*.apk $RELEASES_FILE_DIR/. - fi - if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionArmv7Beta) ]]; then - ./gradlew clean assemble${FLAVOR}ProductionArm64Beta --stacktrace || quit - cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionArm64/beta/*.apk $RELEASES_FILE_DIR/. - fi - else - echo -e "${GREEN} -> build stable releases for flavor ${FLAVOR}${NC}" - ./gradlew clean assemble${FLAVOR}ProductionFatRelease --stacktrace || quit - cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionFat/release/*.apk $RELEASES_FILE_DIR/. - - ./gradlew clean assemble${FLAVOR}ProductionFatwebRelease --stacktrace || quit - cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionFatweb/release/*.apk $RELEASES_FILE_DIR/. - - # custom builds might have disabled split apks -> check if build task exist - if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionX86Release) ]]; then - ./gradlew clean assemble${FLAVOR}ProductionX86Release --stacktrace || quit - cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionX86/release/*.apk $RELEASES_FILE_DIR/. - fi - if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionX86_64Release) ]]; then - ./gradlew clean assemble${FLAVOR}ProductionX86_64Release --stacktrace || quit - cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionX86_64/release/*.apk $RELEASES_FILE_DIR/. - fi - if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionArmv7Release) ]]; then - ./gradlew clean assemble${FLAVOR}ProductionArmv7Release --stacktrace || quit - cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionArmv7/release/*.apk $RELEASES_FILE_DIR/. - fi - if [[ $(./gradlew tasks --console plain | grep ${FLAVOR}ProductionArm64Release) ]]; then - ./gradlew clean assemble${FLAVOR}ProductionArm64Release --stacktrace || quit - cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionArm64/release/*.apk $RELEASES_FILE_DIR/. - fi - fi -fi - -if [[ ${DO_SIGN} == true ]] -then - # check global vars - if [[ -z ${ANDROID_BUILD_TOOLS} ]] - then - echo -e "${RED}ERROR: Environment variable ANDROID_BUILD_TOOLS not set! Please add it to your environment variables. Exiting.${NC}" - exit - fi - - if [[ -z ${FILE_NAME} && -z ${FILE_DIR} && ${DO_BUILD} == false ]] - then - echo -e "${RED}ERROR: Sign only needs a file name or a directory. Please check ./prepareForDistribution -help!${NC}" - exit - fi - if [[ -z ${KEY_STORE_NAME} ]] - then - echo -e "${RED}ERROR: Key store not set. Please check ./prepareForDistribution -help${NC}" - exit - fi - if [[ -n ${FILE_NAME_STRING} && ${DO_BUILD} == true ]] - then - echo -e "${ORANGE}WARNING: Ignoring parameter -file. Built APK will be used instead.${NC}" - fi - - #---- OPT: SELECT APK FROM LAST BUILD ---- - if [[ ${DO_BUILD} == true ]] - then - FILE_DIR=$RELEASES_FILE_DIR - echo -e "${GREEN} -> sign apks:${NC}" - ls -w 1 $FILE_DIR/*\.apk | xargs -I {} echo {} - xargs -I _ -ra <(ls -w 1 $FILE_DIR/*\.apk) bash -c 'sign _' - elif [[ ${MULTIPLE_APKS} == true ]] - then - echo -e "${GREEN} -> sign apks:${NC}" - ls -w 1 $FILE_DIR/*\.apk | xargs -I {} echo {} - xargs -I _ -ra <(ls -w 1 $FILE_DIR/*\.apk) bash -c 'sign _' - else - echo -e "${GREEN} -> sign apk: ${FILE_NAME_STRING}${NC}" - sign $FILE_NAME_STRING - fi -fi diff --git a/scripts/build_deps.sh b/scripts/build_deps.sh new file mode 100755 index 00000000..beb5e13e --- /dev/null +++ b/scripts/build_deps.sh @@ -0,0 +1,38 @@ +#!/bin/bash + +function quit { + echo "Task failed. $1." + exit 1 +} + + +DIR_OVPNASSETS=./ics-openvpn/main/build/ovpnassets +DIR_OVPNLIBS=./ics-openvpn/main/build/intermediates/cmake/noovpn3/release/obj +DIR_GOLIBS=./go/lib/ +FILE_X86=./go/out/x86/piedispatcherlib +FILE_ARM=./go/out/armeabi-v7a/piedispatcherlib + +# init +# look for empty dir + +if [[ $(ls -A ${DIR_OVPNASSETS}) && $(ls -A ${DIR_OVPNLIBS}) ]] +then + echo "Dirty build: skipped externalNativeBuild - reusing existing libs" +else + echo "Clean build: starting externalNativeBuild" + cd ./ics-openvpn || quit "Directory ics-opevpn not found" + ./gradlew clean main:externalNativeBuildCleanSkeletonRelease main:externalNativeBuildSkeletonRelease --debug --stacktrace || quit "Build ics-openvpn native libraries failed" + cd .. +fi + +if [[ $(ls -A ${DIR_GOLIBS}) ]] +then + echo "Dirty build: Reusing go libraries" +else + echo "Clean build: compiling Go libraries" + cd ./go || quit "Directory go not found" + ./install_go.sh || quit "install_go.sh failed" + ./android_build_web_core.sh || quit "android_build_web_core.sh (shapeshifter + pgpverify) failed" + ./android_build_core.sh || quit "android build core (shapeshifter) failed" + cd .. +fi diff --git a/scripts/cleanGit.sh b/scripts/cleanGit.sh new file mode 100755 index 00000000..3c0b9271 --- /dev/null +++ b/scripts/cleanGit.sh @@ -0,0 +1,8 @@ +#!/bin/bash +#git clean -xfd +#git submodule foreach --recursive git clean -xfd +#git reset --hard +#git submodule foreach --recursive git reset --hard +git --version +git submodule sync --recursive +git submodule update --init --recursive diff --git a/scripts/cleanProject.sh b/scripts/cleanProject.sh new file mode 100755 index 00000000..703788cc --- /dev/null +++ b/scripts/cleanProject.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +git checkout -- \* +git checkout -- \.\* + +rm -r ./ics-openvpn +rm -r ./build +rm -r ./app/build +rm -r ./go/lib/* +rm -r ./currentReleases +git submodule sync --recursive +git submodule update --init --recursive diff --git a/scripts/fix_gradle_lock.sh b/scripts/fix_gradle_lock.sh new file mode 100755 index 00000000..4361f3b5 --- /dev/null +++ b/scripts/fix_gradle_lock.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +find ~/.gradle -type f -name "*.lock" -delete \ No newline at end of file diff --git a/scripts/prepareForDistribution.sh b/scripts/prepareForDistribution.sh new file mode 100755 index 00000000..cf2aafea --- /dev/null +++ b/scripts/prepareForDistribution.sh @@ -0,0 +1,374 @@ +#!/bin/bash + +# Copyright (c) 2019 LEAP Encryption Access Project and contributers +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +function quit { + echo -e "${RED}Task failed. Exit value: $?.${NC}" + cleanUp + exit 1 +} + +function cleanUp { + if [[ -f ${ALIGNED_UNSIGNED_APK} ]] + then + rm ${ALIGNED_UNSIGNED_APK} + fi + if [[ -f ${ALIGNED_SIGNED_APK} ]] + then + rm ${ALIGNED_SIGNED_APK} + fi +} + +function sign { + #---- ALIGN AND JARSIGN APK ----- + if [[ -z $FILE_NAME_STRING ]] + then + FILE_NAME_STRING=$1 + FILE_NAME=${FILE_NAME_STRING##*/} #remove everything till the last '/' + FILE_DIR=${FILE_NAME_STRING%/*} #remove everything after the last '/' + fi + + FINAL_APK="${FILE_DIR}/${FILE_NAME}" + ALIGNED_UNSIGNED_APK="${FILE_DIR}/aligned-${FILE_NAME}" + ALIGNED_SIGNED_APK="${FILE_DIR}/aligned-signed-${FILE_NAME}" + + echo -e "${GREEN} -> zip align ${ALIGNED_UNSIGNED_APK}${NC}" + ${ANDROID_BUILD_TOOLS}/zipalign -v -p 4 "${FINAL_APK}" ${ALIGNED_UNSIGNED_APK} > /dev/null && echo "zip alignment successful" || quit + echo -e "${GREEN} -> apksign ${ALIGNED_UNSIGNED_APK}${NC}" + ${ANDROID_BUILD_TOOLS}/apksigner sign --ks "${KEY_STORE_STRING}" --out ${ALIGNED_SIGNED_APK} ${ALIGNED_UNSIGNED_APK} || quit + rm ${ALIGNED_UNSIGNED_APK} + + FINGERPRINT=$(unzip -p ${ALIGNED_SIGNED_APK} META-INF/*.RSA | keytool -printcert | grep "SHA256" | tr -d '[:space:]') || quit + + if [[ ${FINGERPRINT} == ${EXPECTED_FINGERPRINT} ]] + then + echo "Certificate fingerprint matches: ${FINGERPRINT}" + else + echo -e "${RED}Certificate fingerprint \n${FINGERPRINT} \ndid not match expected fingerprint \n\t${EXPECTED_FINGERPRINT}${NC}" + quit + fi + + echo -e "${GREEN} -> rename aligned signed apk to ${FINAL_APK}${NC}" + cp ${ALIGNED_SIGNED_APK} ${FINAL_APK} || quit + cleanUp + + #---- GPG SIGNING ---- + if [[ -z ${GPG_KEY} && -z ${GPG_KEY_USER} ]] + then + echo -e "${ORANGE}WARNING: Could not do gpg signing!${NC}" + exit + fi + + if [[ ${GPG_KEY} ]] + then + echo -e "${GREEN} -> gpg sign using key ${GPG_KEY}${NC}" + gpg --default-key ${GPG_KEY} --armor --output "${FINAL_APK}.sig" --detach-sign ${FINAL_APK} || quit + #gpg -u ${GPG_KEY} -sab --output ${FINAL_APK} || quit + else + echo -e "${GREEN} -> gpg sign using pub key of user ${GPG_KEY_USER}${NC}" + GPG_KEY=$(gpg --list-keys $GPG_KEY_USER | grep pub | cut -d '/' -f 2 | cut -d ' ' -f 1) || quit + #gpg -u ${GPG_KEY} -sab --output ${FINAL_APK} || quit + gpg --default-key ${GPG_KEY} --armor --output "${FINAL_APK}.sig" --detach-sign ${FINAL_APK} || quit + fi + + echo -e "${GREEN} -> gpg verify ${FINAL_APK}${NC}" + gpg --verify "${FINAL_APK}.sig" || quit +} + +# ----Main----- + +DO_BUILD=false +DO_SIGN=false +BETA=false +NO_TAG=false +FLAVOR="Normal" +FLAVOR_LOWERCASE="normal" +EXPECTED_FINGERPRINT="SHA256:9C:94:DB:F8:46:FD:95:97:47:57:17:2A:6A:8D:9A:9B:DF:8C:40:21:A6:6C:15:11:28:28:D1:72:39:1B:81:AA" +GREEN='\033[0;32m' +RED='\033[0;31m' +ORANGE='\033[0;33m' +NC='\033[0m' + +export GREEN=${GREEN} +export RED=${RED} +export ORANGE=${ORANGE} +export EXPECTED_FINGERPRINT=${EXPECTED_FINGERPRINT} +export -f sign +export -f quit +export -f cleanUp + + +# init parameters +for ((i=1;i<=$#;i++)); +do + if [[ ${!i} = "b" || ${!i} = "build" ]] + then + DO_BUILD=true + + elif [[ ${!i} = "s" || ${!i} = "sign" ]] + then + DO_SIGN=true + + elif [[ ${!i} = "-f" || ${!i} = "-file" ]] + then + ((i++)) + FILE_NAME_STRING=${!i} + FILE_NAME=${FILE_NAME_STRING##*/} #remove everything till the last '/' + FILE_DIR=${FILE_NAME_STRING%/*} #remove everything after the last '/' + + elif [[ ${!i} = "-d" || ${!i} = "-dir" ]] + then + ((i++)) + FILE_DIR=${!i} + MULTIPLE_APKS=true + elif [[ ${!i} = "-ks" || ${!i} = "-keystore" ]] + then + ((i++)) + KEY_STORE_STRING=${!i}; + KEY_STORE_NAME=${KEY_STORE_STRING##*/} + KEY_STORE_DIR=${KEY_STORE_STRING%/*} + export KEY_STORE_STRING=${KEY_STORE_STRING} + + elif [[ ${!i} = "-v" || ${!i} = "-version" ]] + then + ((i++)) + VERSION_NAME=${!i}; + if [[ -z $(git tag --list | grep -w ${VERSION_NAME}) ]] + then + echo -e "${RED}ERROR: Version name has to be a git tag!${NC}" + exit + fi + elif [[ ${!i} = "-k" || ${!i} = "-key" ]]; + then + ((i++)) + GPG_KEY=${!i} + export GPG_KEY=${GPG_KEY} + elif [[ ${!i} = "-u" || ${!i} = "-user" ]]; + then + ((i++)) + GPG_KEY_USER=${!i} + export GPG_KEY_USER=${GPG_KEY_USER} + elif [[ ${!i} = "-b" || ${!i} = "-beta" ]]; + then + BETA=true + elif [[ ${!i} = "-no-tag" ]]; + then + NO_TAG=true + elif [[ ${!i} = "-c" || ${!i} = "-custom" ]] + then + ((i++)) + FLAVOR="Custom" + FLAVOR_LOWERCASE="custom" + elif [[ ${!i} = "-h" || ${!i} = "-help" ]]; + then + echo -e " + sign [-ks -fp -f -b -u -k] sign a given apk (both app signing and GPG signing) + -ks / -keystore [path] -------------- define path to keystore for signing (required) + -fp / -fingerprint [fingerprint] ---- define the fingerprint for the app (required for non-LEAP + signed apps) + -f / -file [inputfile] -------------- define path to apk going to be signed + -d / -dir [path] -------------------- define path to directory including apks to be signed + -u / -user [gpguser] ---------------- define the gpg user whose key will be used for GPG signing + (optional) + -k / -key [gpgkey] ------------------ define the key used for GPG signing. Using this option, + -u will be ignored (optional) + + + build [-v, -c, -b, -no-tag] + -v / -version [gittag] -------------- define the git version tag that needs to be checked out + for building. It's also part of the resulting apk file + name. (required if you don't use -no-tag) + -c / -custom ------------------------ build custom Bitmask client instead of main Bitmask client + (optional) + -b / -beta -------------------------- build beta version with .beta appended to applicationId (optional) + -no-tag ----------------------------- force to build current checked out git commit instead of an + official release version + + + -h / -help print out this help + + + example Usages: + --------------- + + * jarsign only: + ./prepareForDistribution.sh sign -f app/build/outputs/apk/app-production-beta.apk -ks ~/path/to/bitmask-android.keystore + + * jarsign and gpg sign only: + ./prepareForDistribution.sh sign -f app/build/outputs/apk/app-production-beta.apk -ks ~/path/to/bitmask-android.keystore -u GPG_USER + + * jarsign and gpg sign all apks in directory: + ./prepareForDistribution.sh sign -d currentReleases/ -ks ~/path/to/bitmask-android.keystore -u GPG_USER + + * build custom stable + ./prepareForDistribution.sh build -v 0.9.7 -c + + * build and sign custom stable: + ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -c -v 0.9.7 + + * build and sign custom beta: + ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -c -b -v 0.9.7RC2 + + * build and sign stable: + ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -v 0.9.7 + + * build and sign current git HEAD + ./prepareForDistribution.sh build sign -ks ~/path/to/bitmask-android.keystore -u GPG_USER -no-tag" + exit + + else + echo -e "${RED}Invalid argument: ${!i}${NC}" + exit + fi + +done; + + +# check what to do +if [[ ${DO_BUILD} == false && ${DO_SIGN} == false ]] +then + echo -e "${RED}ERROR: No action set. Please check ./prepareForDistribution -help!${NC}" + exit +fi + +SCRIPT_DIR=$(dirname "$0") +BASE_DIR="$SCRIPT_DIR/../" +BASE_FILE_DIR="$BASE_DIR/app/build/outputs/apk" +RELEASES_FILE_DIR="$BASE_DIR/currentReleases" + +if [[ ${DO_BUILD} == true ]] +then + if [[ ${NO_TAG} == false && -z ${VERSION_NAME} ]] + then + echo -e "${RED}ERROR: You didn't enter the version (git tag) to be built. If you really want to force building the current checked out commit, use -no-tag.${NC}" + quit + fi + if [[ ${NO_TAG} == false ]] + then + #---- COMPARE TAG COMMIT WITH CURRENT COMMIT AND CHECK OUT TAG COMMIT IF NECESSARY ---- + TAG_COMMIT=$(git log -n 1 ${VERSION_NAME} --format="%H") + CURRENT_COMMIT=$(git log -n 1 --format="%H") + if [[ ${TAG_COMMIT} != ${CURRENT_COMMIT} ]] + then + echo "CHECKING OUT VERSION: ${VERSION_NAME} ..." + git checkout ${VERSION_NAME} || quit + fi + fi + + $SCRIPT_DIR/cleanProject.sh || quit + $SCRIPT_DIR/build_deps.sh || quit + $SCRIPT_DIR/fix_gradle_lock.sh || quit + + if [[ ! -d $RELEASES_FILE_DIR ]] + then + mkdir $RELEASES_FILE_DIR + fi + rm -rf $RELEASES_FILE_DIR/* + + if [[ ${BETA} == true ]] + then + echo "${GREEN} -> build beta releases for flavor ${FLAVOR}${NC}" + $BASE_DIR/gradlew clean assemble${FLAVOR}ProductionFatBeta --stacktrace || quit + # echo "copy file: $(ls $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionFat/beta/*.apk)" + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionFat/beta/*.apk $RELEASES_FILE_DIR/. + + # custom builds might have disabled split apks -> check if build task exist + if [[ $($BASE_DIR/gradlew tasks --console plain | grep ${FLAVOR}ProductionX86Beta) ]]; then + $BASE_DIR/gradlew clean assemble${FLAVOR}ProductionX86Beta --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionX86/beta/*.apk $RELEASES_FILE_DIR/. + fi + if [[ $($BASE_DIR/gradlew tasks --console plain | grep ${FLAVOR}ProductionX86_64Beta) ]]; then + $BASE_DIR/gradlew clean assemble${FLAVOR}ProductionX86_64Beta --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionX86_64/beta/*.apk $RELEASES_FILE_DIR/. + fi + if [[ $($BASE_DIR/gradlew tasks --console plain | grep ${FLAVOR}ProductionArmv7Beta) ]]; then + $BASE_DIR/gradlew clean assemble${FLAVOR}ProductionArmv7Beta --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionArmv7/beta/*.apk $RELEASES_FILE_DIR/. + fi + if [[ $($BASE_DIR/gradlew tasks --console plain | grep ${FLAVOR}ProductionArmv7Beta) ]]; then + $BASE_DIR/gradlew clean assemble${FLAVOR}ProductionArm64Beta --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionArm64/beta/*.apk $RELEASES_FILE_DIR/. + fi + else + echo -e "${GREEN} -> build stable releases for flavor ${FLAVOR}${NC}" + $BASE_DIR/gradlew clean assemble${FLAVOR}ProductionFatRelease --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionFat/release/*.apk $RELEASES_FILE_DIR/. + + $BASE_DIR/gradlew clean assemble${FLAVOR}ProductionFatwebRelease --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionFatweb/release/*.apk $RELEASES_FILE_DIR/. + + # custom builds might have disabled split apks -> check if build task exist + if [[ $($BASE_DIR/gradlew tasks --console plain | grep ${FLAVOR}ProductionX86Release) ]]; then + $BASE_DIR/gradlew clean assemble${FLAVOR}ProductionX86Release --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionX86/release/*.apk $RELEASES_FILE_DIR/. + fi + if [[ $($BASE_DIR/gradlew tasks --console plain | grep ${FLAVOR}ProductionX86_64Release) ]]; then + $BASE_DIR/gradlew clean assemble${FLAVOR}ProductionX86_64Release --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionX86_64/release/*.apk $RELEASES_FILE_DIR/. + fi + if [[ $($BASE_DIR/gradlew tasks --console plain | grep ${FLAVOR}ProductionArmv7Release) ]]; then + $BASE_DIR/gradlew clean assemble${FLAVOR}ProductionArmv7Release --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionArmv7/release/*.apk $RELEASES_FILE_DIR/. + fi + if [[ $($BASE_DIR/gradlew tasks --console plain | grep ${FLAVOR}ProductionArm64Release) ]]; then + $BASE_DIR/gradlew clean assemble${FLAVOR}ProductionArm64Release --stacktrace || quit + cp $BASE_FILE_DIR/${FLAVOR_LOWERCASE}ProductionArm64/release/*.apk $RELEASES_FILE_DIR/. + fi + fi +fi + +if [[ ${DO_SIGN} == true ]] +then + # check global vars + if [[ -z ${ANDROID_BUILD_TOOLS} ]] + then + echo -e "${RED}ERROR: Environment variable ANDROID_BUILD_TOOLS not set! Please add it to your environment variables. Exiting.${NC}" + exit + fi + + if [[ -z ${FILE_NAME} && -z ${FILE_DIR} && ${DO_BUILD} == false ]] + then + echo -e "${RED}ERROR: Sign only needs a file name or a directory. Please check ./prepareForDistribution -help!${NC}" + exit + fi + if [[ -z ${KEY_STORE_NAME} ]] + then + echo -e "${RED}ERROR: Key store not set. Please check ./prepareForDistribution -help${NC}" + exit + fi + if [[ -n ${FILE_NAME_STRING} && ${DO_BUILD} == true ]] + then + echo -e "${ORANGE}WARNING: Ignoring parameter -file. Built APK will be used instead.${NC}" + fi + + #---- OPT: SELECT APK FROM LAST BUILD ---- + if [[ ${DO_BUILD} == true ]] + then + FILE_DIR=$RELEASES_FILE_DIR + echo -e "${GREEN} -> sign apks:${NC}" + ls -w 1 $FILE_DIR/*\.apk | xargs -I {} echo {} + xargs -I _ -ra <(ls -w 1 $FILE_DIR/*\.apk) bash -c 'sign _' + elif [[ ${MULTIPLE_APKS} == true ]] + then + echo -e "${GREEN} -> sign apks:${NC}" + ls -w 1 $FILE_DIR/*\.apk | xargs -I {} echo {} + xargs -I _ -ra <(ls -w 1 $FILE_DIR/*\.apk) bash -c 'sign _' + else + echo -e "${GREEN} -> sign apk: ${FILE_NAME_STRING}${NC}" + sign $FILE_NAME_STRING + fi +fi -- cgit v1.2.3