1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
|
#!/bin/bash
######################################################################
# Copyright (C) 2013 LEAP
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
######################################################################
# This script is meant to be used as a bootstrapper for the environment to
# create a Bitmask bundle for Linux.
# This is tested to work on Debian 7.1 32 and 64 bits Virtual Machines
# This script uses `sudo` which is installed by default on debian, but you need
# to configure your non-root user to be able to use `sudo`.
# Edit the /etc/sudoers file and add this line at the bottom:
# leap ALL=NOPASSWD: ALL
# WARNING: That line allows the user 'leap' to use `sudo` without being asked
# for a password, that makes the script easier to use but it would be a
# security problem. If you use this script in a VM and only for bundling
# purposes then it shouldn't be a problem.
# You'll need an internet connection, approximately 1.3Gb of disk space and
# some patience.
################################################################################
set -e # Exit immediately if a command exits with a non-zero status.
BASE='/home/leap/bitmask.bundle'
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
VERSIONS_FILE="$SCRIPT_DIR/bitmask.json"
BINARY_COPIER="$SCRIPT_DIR/copy-binaries.sh"
ROOT_JSON="$SCRIPT_DIR/root.json"
# picked from https://github.com/OpenVPN/openvpn/releases
OPENVPN_VERSION="v2.3.8"
BOOST_MINOR="59" # Minor version
BOOST_NAME="boost_1_${BOOST_MINOR}_0"
mkdir -p $BASE
# Note: we could use:
# ARCH=`uname -i`
# but it does not work on a VM (tested in i386 returns unknown)
if [[ `getconf LONG_BIT` == "64" ]]; then
ARCH='x86_64-linux-gnu'
else
ARCH='i386-linux-gnu'
fi
install_dependencies() {
sudo apt-get update # update apt, otherwise some packages may not be found
sudo apt-get install -y build-essential python-dev cmake git autoconf \
libtool liblzo2-dev libqt4-dev libxml2-dev libxslt1-dev qtmobility-dev \
libsqlite3-dev libffi-dev python-virtualenv
}
build_boost() {
cd $BASE
wget -c http://ufpr.dl.sourceforge.net/project/boost/boost/1.${BOOST_MINOR}.0/${BOOST_NAME}.tar.bz2
# NOTE: md5 is the only thing that they provide to verification.
# for more information see: https://leap.se/code/issues/6296
echo "727a932322d94287b62abb1bd2d41723eec4356a7728909e38adb65ca25241ca boost_1_59_0.tar.bz2" | sha256sum -c
tar xjf ${BOOST_NAME}.tar.bz2
cd $BOOST_NAME/tools/build/
./bootstrap.sh --with-toolset=gcc
./b2 install --prefix=$BASE/boost
export PATH=$PATH:$BASE/boost/bin/
cd $BASE/$BOOST_NAME # boost root
b2 cxxflags=-std=c++0x --with-python --with-filesystem --with-system variant=release link=shared
}
build_launcher() {
cd $BASE
git clone -b develop https://leap.se/git/bitmask_launcher.git
cd bitmask_launcher
mkdir build
cd build
cmake -DBoost_INCLUDE_DIR=$BASE/$BOOST_NAME ..
make
}
build_openvpn() {
# Build openvpn to support RPATH
cd $BASE
git clone https://github.com/OpenVPN/openvpn.git --branch $OPENVPN_VERSION
cd openvpn
autoreconf -i
LZO_LIBS="/usr/lib/$ARCH/liblzo2.a" ./configure LDFLAGS="-Wl,-rpath,lib/" --disable-snappy --disable-plugin-auth-pam
make -j2
}
build_pyside() {
# for more information look at:
# https://github.com/PySide/pyside-setup/blob/master/docs/building/linux.rst
cd $BASE
sudo pip install wheel
git clone https://github.com/PySide/pyside-setup.git pyside-setup.git
cd pyside-setup.git
python setup.py bdist_wheel --qmake=/usr/bin/qmake-qt4 --version=1.2.2
}
set_pyside_environment() {
arch_bits=`getconf LONG_BIT` # '32' or '64'
# from https://github.com/PySide/BuildScripts/blob/master/environment.sh
PYSIDE="$BASE/pyside-setup.git/pyside_install/py2.7-qt4.8.2-${arch_bits}bit-release/"
PYTHONXY='python2.7'
export PATH=$PYSIDE/bin:$PATH
export PYTHONPATH=$PYSIDE/lib/$PYTHONXY/site-packages:$PYSIDE/lib64/$PYTHONXY/site-packages:$PYTHONPATH
export LD_LIBRARY_PATH=$PYSIDE/lib:$LD_LIBRARY_PATH
export PKG_CONFIG_PATH=$PYSIDE/lib/pkgconfig:$PKG_CONFIG_PATH
export DYLD_LIBRARY_PATH=$PYSIDE/lib:$DYLD_LIBRARY_PATH
}
copy_binaries() {
cp $ROOT_JSON $BASE
cd $BASE
$BINARY_COPIER
}
create_bundler_paths() {
cd $BASE
cat > bundler.paths << EOF
$BASE/bitmask_bundler.git/bundler
/usr/lib/python2.7
/usr/lib/python2.7/plat-linux2
/usr/lib/python2.7/lib-tk
/usr/lib/python2.7/lib-old
/usr/lib/python2.7/lib-dynload
/usr/local/lib/python2.7/dist-packages
/usr/lib/python2.7/dist-packages
/usr/lib/python2.7/dist-packages/gtk-2.0
/usr/lib/pymodules/python2.7
EOF
}
setup_bundler() {
cd $BASE
git clone https://github.com/leapcode/bitmask_bundler.git bitmask_bundler.git
virtualenv bundler.venv && source bundler.venv/bin/activate
# HACK: install these dependencies manually since they can't be installed normally due not passing some pip checks.
pip install --upgrade pip
pip install --allow-external u1db --allow-unverified u1db --allow-external dirspec --allow-unverified dirspec u1db dirspec
pip install pysqlcipher
pip install functools32 # HACK: this dependency is needed by jsonschema and is not automatically gathered
pip install service_identity # see https://leap.se/code/issues/7136
# HACK: this is needed so tuf can verify the downloaded data, if we add
# this to the requirements.pip pycrypto is installed as an egg and the
# bundler can't copy its contents (not supported right now)
pip install tuf[tools] pycrypto
git clone https://github.com/chiiph/protobuf-socket-rpc protobuf-socket-rpc.git
cd protobuf-socket-rpc.git
python setup.py easy_install -Z .
pip install -r $BASE/bitmask_bundler.git/pkg/requirements.pip
}
clean() {
cd $BASE
rm -fr bitmask_bundler.git bundler.venv protobuf-socket-rpc.git bundler.output
}
run_bundler() {
cd $BASE
# if the virtualenv is not sourced, then source it!
# this is helpful if you want to run only this step
[[ -z "$VIRTUAL_ENV" ]] && source bundler.venv/bin/activate
set_pyside_environment
mkdir bundler.output
# Use a shortcut for the bundler command
bundler="python bitmask_bundler.git/bundler/main.py --workon bundler.output --binaries binaries/ --paths-file bundler.paths --versions-file $VERSIONS_FILE"
$bundler --do gitclone
$bundler --do gitcheckout
copy_binaries
# uncomment the following line if you want to do a pause before the python setup in order to do some tweaks on the cloned repos.
# read -p "Waiting to 'pythonsetup' ... press <Enter> to continue, <Ctrl>+C to exit. "
# pin pyzmq version, 14.7.0 doesn't work
sed 's/pyzmq>=14.4.1/pyzmq==14.6.0/' -i bundler.output/leap_pycommon/pkg/requirements.pip
sed 's/^pyzmq$/pyzmq==14.6.0/' -i bundler.output/bitmask_client/pkg/requirements.pip
$bundler --do pythonsetup
# hack to solve gnupg version problem
pip uninstall -y gnupg && pip install gnupg
$bundler --skip gitclone gitcheckout pythonsetup
}
REUSE_BINARIES=$BASE/reuse-binaries.lock
if [[ ! -f $BINARY_COPIER ]]; then
echo "ERROR: missing $BINARY_COPIER file."
exit 1
fi
if [[ ! -f $VERSIONS_FILE ]]; then
echo "ERROR: missing $VERSIONS_FILE file."
exit 1
fi
if [[ ! -f $ROOT_JSON ]]; then
echo "ERROR: missing $ROOT_JSON file."
exit 1
fi
if [[ ! -f $REUSE_BINARIES ]]; then
install_dependencies
build_boost
build_launcher
build_openvpn
build_pyside
create_bundler_paths
else
echo "Reusing existing binaries, cleaning up before creating a new bundle..."
clean
fi
setup_bundler
run_bundler
echo 'If you remove this file the createbundle.sh script will rebuild all the binaries.' > $REUSE_BINARIES
|
