[forwardport] ci/cd: publish binaries onto a release when we create a tag (#609) (#611)

This diff forwardports 856e436e20d511a4f0d618546da7921fa9f8c5f6 to the master branch

Original commit message:

- - -

This pull request changes `mk` and github workflows to build and publish binaries on tag. We also update the documentation to explain this new branching model. Basically, we have release branches where we produce binary packages and we add extra code, on tag, to publish such packages inside a release.

We discussed removing most secrets from builds in this repository and having a different tool/repository that takes in input also secrets for doing follow-up actions after publishing. As a consequence, this pull request also removes all pieces of code that require secrets. The next step is to reinstate this code in this new repository/tool.

The existing code in `mk` also implemented caching. This feature was useful when doing local builds because it reduced the time required to obtain binary releases. With builds running as part of GitHub actions, we don't need caching because we spawn parallel machines to build binaries. Therefore, let us also remove caching, which makes the code simpler. (Caching in itself is hard and in https://github.com/ooni/probe/issues/1875 I noted that, for example, caching of the `ooni/go` repository was leading to some unwanted behaviour when changing the branch. Without caching, this behaviour is gone and we always generally use fresh information to produce builds.) Of course, this means that local builds are now slower, but I do not think this is a problem _because_ we want to use GitHub actions for building in the common case.

Reference issues: https://github.com/ooni/probe/issues/1879 and https://github.com/ooni/probe/issues/1875.

The final aspect to mention to conclude this description is an implementation one:

```
          gh release create -p $tag --target $GITHUB_SHA || true
```

The code above uses `|| true` because there could already be a release. So, basically, it means that, if a release does not already exist, then we're going to create one. Otherwise, it does not matter because there's already a release.
This commit is contained in:
Simone Basso 2021-11-23 15:56:25 +01:00 committed by GitHub
parent 5b9f701317
commit fdbf871103
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
49 changed files with 957 additions and 2014 deletions

View File

@ -3,10 +3,12 @@ name: android
on: on:
push: push:
branches: branches:
- "mobile-staging"
- "release/**" - "release/**"
tags:
- "v*"
jobs: jobs:
test: build_and_publish:
runs-on: ubuntu-20.04 runs-on: ubuntu-20.04
steps: steps:
- uses: actions/setup-go@v1 - uses: actions/setup-go@v1
@ -23,4 +25,14 @@ jobs:
PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }} PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }}
PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }} PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }}
- run: ./mk ./MOBILE/android/oonimkall.aar - run: ./mk ./MOBILE/android
- run: |
tag=$(echo $GITHUB_REF | sed 's|refs/tags/||g')
gh release create -p $tag --target $GITHUB_SHA || true
gh release upload $tag --clobber ./MOBILE/android/oonimkall.aar \
./MOBILE/android/oonimkall-sources.jar \
./MOBILE/android/oonimkall.pom
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

View File

@ -3,10 +3,12 @@ name: ios
on: on:
push: push:
branches: branches:
- "mobile-staging"
- "release/**" - "release/**"
tags:
- "v*"
jobs: jobs:
test: build_and_publish:
runs-on: macos-10.15 runs-on: macos-10.15
steps: steps:
- uses: actions/setup-go@v1 - uses: actions/setup-go@v1
@ -23,4 +25,13 @@ jobs:
PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }} PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }}
PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }} PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }}
- run: ./mk XCODE_VERSION=12.4 ./MOBILE/ios/oonimkall.xcframework.zip - run: ./mk XCODE_VERSION=12.4 ./MOBILE/ios
- run: |
tag=$(echo $GITHUB_REF | sed 's|refs/tags/||g')
gh release create -p $tag --target $GITHUB_SHA || true
gh release upload $tag --clobber ./MOBILE/ios/oonimkall.xcframework.zip \
./MOBILE/ios/oonimkall.podspec
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

View File

@ -4,10 +4,11 @@ on:
push: push:
branches: branches:
- "release/**" - "release/**"
- "ooniprobe-staging" tags:
- "v*"
jobs: jobs:
build_386: build_and_publish_386:
runs-on: "ubuntu-20.04" runs-on: "ubuntu-20.04"
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
@ -19,16 +20,18 @@ jobs:
env: env:
PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }} PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }}
PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }} PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }}
- run: ./mk DEBIAN_TILDE_VERSION=$GITHUB_RUN_NUMBER ./debian/386 - run: ./mk ./CLI/ooniprobe-linux-386
- run: ./E2E/ooniprobe.sh ./CLI/linux/386/ooniprobe - run: ./E2E/ooniprobe.sh ./CLI/ooniprobe-linux-386
- run: ./CLI/linux/pubdebian - run: |
if: github.ref == 'refs/heads/ooniprobe-staging' tag=$(echo $GITHUB_REF | sed 's|refs/tags/||g')
gh release create -p $tag --target $GITHUB_SHA || true
gh release upload $tag --clobber ./CLI/ooniprobe-linux-386
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
env: env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DEB_GPG_KEY: ${{ secrets.DEB_GPG_KEY }}
build_amd64:
build_and_publish_amd64:
runs-on: "ubuntu-20.04" runs-on: "ubuntu-20.04"
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
@ -40,16 +43,17 @@ jobs:
env: env:
PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }} PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }}
PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }} PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }}
- run: ./mk DEBIAN_TILDE_VERSION=$GITHUB_RUN_NUMBER ./debian/amd64 - run: ./mk ./CLI/ooniprobe-linux-amd64
- run: ./E2E/ooniprobe.sh ./CLI/linux/amd64/ooniprobe - run: ./E2E/ooniprobe.sh ./CLI/ooniprobe-linux-amd64
- run: ./CLI/linux/pubdebian - run: |
if: github.ref == 'refs/heads/ooniprobe-staging' tag=$(echo $GITHUB_REF | sed 's|refs/tags/||g')
gh release create -p $tag --target $GITHUB_SHA || true
gh release upload $tag --clobber ./CLI/ooniprobe-linux-amd64
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
env: env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DEB_GPG_KEY: ${{ secrets.DEB_GPG_KEY }}
build_arm: build_and_publish_armv7:
runs-on: "ubuntu-20.04" runs-on: "ubuntu-20.04"
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
@ -63,16 +67,17 @@ jobs:
env: env:
PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }} PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }}
PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }} PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }}
- run: ./mk DEBIAN_TILDE_VERSION=$GITHUB_RUN_NUMBER ./debian/arm - run: ./mk ./CLI/ooniprobe-linux-armv7
- run: ./E2E/ooniprobe.sh ./CLI/linux/arm/ooniprobe - run: ./E2E/ooniprobe.sh ./CLI/ooniprobe-linux-armv7
- run: ./CLI/linux/pubdebian - run: |
if: github.ref == 'refs/heads/ooniprobe-staging' tag=$(echo $GITHUB_REF | sed 's|refs/tags/||g')
gh release create -p $tag --target $GITHUB_SHA || true
gh release upload $tag --clobber ./CLI/ooniprobe-linux-armv7
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
env: env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DEB_GPG_KEY: ${{ secrets.DEB_GPG_KEY }}
build_arm64: build_and_publish_arm64:
runs-on: "ubuntu-20.04" runs-on: "ubuntu-20.04"
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
@ -86,11 +91,12 @@ jobs:
env: env:
PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }} PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }}
PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }} PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }}
- run: ./mk DEBIAN_TILDE_VERSION=$GITHUB_RUN_NUMBER ./debian/arm64 - run: ./mk ./CLI/ooniprobe-linux-arm64
- run: ./E2E/ooniprobe.sh ./CLI/linux/arm64/ooniprobe - run: ./E2E/ooniprobe.sh ./CLI/ooniprobe-linux-arm64
- run: ./CLI/linux/pubdebian - run: |
if: github.ref == 'refs/heads/ooniprobe-staging' tag=$(echo $GITHUB_REF | sed 's|refs/tags/||g')
gh release create -p $tag --target $GITHUB_SHA || true
gh release upload $tag --clobber ./CLI/ooniprobe-linux-arm64
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
env: env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DEB_GPG_KEY: ${{ secrets.DEB_GPG_KEY }}

View File

@ -4,9 +4,12 @@ on:
push: push:
branches: branches:
- "release/**" - "release/**"
tags:
- "v*"
jobs: jobs:
build: build_and_publish:
runs-on: "macos-10.15" runs-on: "macos-11"
steps: steps:
- uses: actions/setup-go@v1 - uses: actions/setup-go@v1
with: with:
@ -20,5 +23,14 @@ jobs:
env: env:
PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }} PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }}
PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }} PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }}
- run: ./mk ./CLI/darwin/amd64/ooniprobe - run: ./mk ./CLI/ooniprobe-darwin
- run: ./E2E/ooniprobe.sh ./CLI/darwin/amd64/ooniprobe - run: ./E2E/ooniprobe.sh ./CLI/ooniprobe-darwin-amd64
- run: |
tag=$(echo $GITHUB_REF | sed 's|refs/tags/||g')
gh release create -p $tag --target $GITHUB_SHA || true
gh release upload $tag --clobber ./CLI/ooniprobe-darwin-amd64 \
./CLI/ooniprobe-darwin-arm64
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

View File

@ -4,10 +4,11 @@ on:
push: push:
branches: branches:
- "release/**" - "release/**"
- "oohelperd-staging" tags:
- "v*"
jobs: jobs:
build_amd64: build_and_publish:
runs-on: "ubuntu-20.04" runs-on: "ubuntu-20.04"
steps: steps:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
@ -16,35 +17,12 @@ jobs:
go-version: "1.17.3" go-version: "1.17.3"
- name: build oohelperd binary - name: build oohelperd binary
run: GOOS=linux GOARCH=amd64 go build -v ./internal/cmd/oohelperd run: GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o ./CLI/oohelperd-linux-amd64 -v -tags netgo -ldflags="-s -w -extldflags -static" ./internal/cmd/oohelperd
- run: find . -type f -name oohelperd - run: |
tag=$(echo $GITHUB_REF | sed 's|refs/tags/||g')
- name: install deps gh release create -p $tag --target $GITHUB_SHA || true
run: | gh release upload $tag --clobber ./CLI/oohelperd-linux-amd64
sudo apt-get -q update if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
sudo apt-get install -yq --no-install-recommends curl devscripts \
dpkg-dev debhelper git python3 python3-requests python3-gnupg s3cmd
- name: update the debian changelog
run: |
version="$(go run ./internal/cmd/printversion)~$GITHUB_RUN_NUMBER"
cd ./internal/cmd/oohelperd
dch -v "$version" "New version ${version}"
- name: build deb package
run: |
cd ./internal/cmd/oohelperd
dpkg-buildpackage -us -uc -b
- name: upload package
if: github.ref == 'refs/heads/oohelperd-staging'
run: |
curl -fsSLO https://raw.githubusercontent.com/ooni/sysadmin/master/tools/debops-ci
chmod +x debops-ci
find . -name '*.deb'
./debops-ci --show-commands upload --bucket-name ooni-internal-deb --arch "amd64" internal/cmd/*.deb
env: env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DEB_GPG_KEY: ${{ secrets.DEB_GPG_KEY }}

View File

@ -4,6 +4,9 @@ on:
push: push:
branches: branches:
- "release/**" - "release/**"
tags:
- "v*"
jobs: jobs:
build: build:
runs-on: "ubuntu-20.04" runs-on: "ubuntu-20.04"
@ -21,11 +24,16 @@ jobs:
env: env:
PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }} PSIPHON_CONFIG_KEY: ${{ secrets.PSIPHON_CONFIG_KEY }}
PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }} PSIPHON_CONFIG_JSON_AGE_BASE64: ${{ secrets.PSIPHON_CONFIG_JSON_AGE_BASE64 }}
- run: ./mk MINGW_W64_VERSION="9.3-win32" ./CLI/windows/amd64/ooniprobe.exe - run: ./mk MINGW_W64_VERSION="9.3-win32" ./CLI/ooniprobe-windows
- uses: actions/upload-artifact@v2 - uses: actions/upload-artifact@v2
with: with:
name: ooniprobe.exe name: ooniprobe-windows-amd64.exe
path: ./CLI/windows/amd64/ooniprobe.exe path: ./CLI/ooniprobe-windows-amd64.exe
- uses: actions/upload-artifact@v2
with:
name: ooniprobe-windows-386.exe
path: ./CLI/ooniprobe-windows-386.exe
test: test:
needs: build needs: build
runs-on: "windows-2019" runs-on: "windows-2019"
@ -33,5 +41,25 @@ jobs:
- uses: actions/checkout@v2 - uses: actions/checkout@v2
- uses: actions/download-artifact@v2 - uses: actions/download-artifact@v2
with: with:
name: ooniprobe.exe name: ooniprobe-windows-amd64.exe
- run: bash.exe ./E2E/ooniprobe.sh ./ooniprobe.exe - run: bash.exe ./E2E/ooniprobe.sh ./ooniprobe-windows-amd64.exe
publish:
needs: test
runs-on: "ubuntu-20.04"
steps:
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
with:
name: ooniprobe-windows-amd64.exe
- uses: actions/download-artifact@v2
with:
name: ooniprobe-windows-386.exe
- run: |
tag=$(echo $GITHUB_REF | sed 's|refs/tags/||g')
gh release create -p $tag --target $GITHUB_SHA || true
gh release upload $tag --clobber ooniprobe-windows-386.exe \
ooniprobe-windows-amd64.exe
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

1
CLI/.gitignore vendored
View File

@ -1 +1,2 @@
/miniooni-* /miniooni-*
/ooniprobe-*

View File

@ -14,8 +14,11 @@ apk add --no-progress gcc git linux-headers musl-dev
# some of the following exports are redundant but are however # some of the following exports are redundant but are however
# useful because they provide explicit logging # useful because they provide explicit logging
export GOARM=$GOARM export GOARM=$GOARM
export GOPATH=$GOPATH
export CGO_ENABLED=1 export CGO_ENABLED=1
export GOOS=linux export GOOS=linux
export GOARCH=$GOARCH export GOARCH=$GOARCH
go build -o "./CLI/linux/$GOARCH/" -ldflags='-s -w -extldflags "-static"' "$@" ./cmd/ooniprobe archname=$GOARCH
if [ "$GOARCH" = "arm" -a "$GOARM" = "7" ]; then
archname="armv7"
fi
go build -o "./CLI/ooniprobe-linux-$archname" -ldflags='-s -w -extldflags "-static"' "$@" ./cmd/ooniprobe

View File

@ -1,3 +0,0 @@
/miniooni
/ooniprobe
/ooniprobe.asc

View File

@ -1,3 +0,0 @@
/miniooni
/ooniprobe
/ooniprobe.asc

View File

@ -1,3 +0,0 @@
/miniooni
/ooniprobe
/ooniprobe.asc

View File

@ -1,3 +0,0 @@
/miniooni
/ooniprobe
/ooniprobe.asc

View File

@ -1,3 +0,0 @@
/miniooni
/ooniprobe
/ooniprobe.asc

View File

@ -1,3 +0,0 @@
/miniooni
/ooniprobe
/ooniprobe.asc

View File

@ -1,76 +0,0 @@
#!/bin/sh
# This script creates a Debian package. When run by `./mk`, it
# is run inside a debian:stable container. It's fine to also
# run this script from any debian-like system, as long as the
# following ASSUMPTIONS are met:
#
# 1. the `ooniprobe` we are packaging is available at
# this path `./CLI/linux/$GOARCH/ooniprobe`;
#
# 2. we are running on a debian system that is capable
# of running binaries for the architecture that we wanna
# package, either natively or via qemu-user-static.
if [ $# -ne 1 ] && [ $# -ne 2 ]; then
echo "usage: $0 {arch} [run_number]" 1>&2
exit 1
fi
goarch=$1
run_number=$2
set -ex
# Copy the target binary in the correct location expected
# by the debian/ooniprobe-cli.install file.
rm -rf ./debian/bin
mkdir -p ./debian/bin
cp "./CLI/linux/$goarch/ooniprobe" ./debian/bin
# figure out the version number from the binary itself (which rests
# on the assumption that we can run such a binary)
version=$(./debian/bin/ooniprobe version)
if [ -n "$run_number" ]; then
version="${version}~${run_number}"
fi
darch=""
case $goarch in
386)
darch="i386"
;;
amd64)
darch="amd64"
;;
arm)
darch="armhf"
;;
arm64)
darch="arm64"
;;
esac
echo "Building for GOARCH=$goarch / DEBARCH=$darch"
# The OONI_DEB_DRY_RUN is a semi-undocumented feature allowing
# us to see the commands that would be run by this script.
$OONI_DEB_DRY_RUN dpkg --add-architecture $darch
# install the dependencies required by the build process
$OONI_DEB_DRY_RUN apt-get update -q
$OONI_DEB_DRY_RUN apt-get build-dep -y --no-install-recommends .
# keep the original changelog file safe
$OONI_DEB_DRY_RUN cp ./debian/changelog ./debian/changelog.oocopy
$OONI_DEB_DRY_RUN dch -v "$version" "New version ${version}"
$OONI_DEB_DRY_RUN dpkg-buildpackage -a $darch -us -uc -b
# restore the original changelog file
$OONI_DEB_DRY_RUN mv ./debian/changelog.oocopy ./debian/changelog
# move the package so that we don't loose track
# of it when using a build container
$OONI_DEB_DRY_RUN mv ../*.deb .
# install the package on the container as a smoke test to
# ensure that it is installable.
DEBIAN_FRONTEND=noninteractive dpkg -i "ooniprobe-cli_${version}_${darch}.deb"

View File

@ -1,52 +0,0 @@
#!/bin/sh
# This script publishes Debian packages. When run by `mk`, it's
# run inside of an `ubuntu:20.04` container. It's fine also to run
# this script from a live Debian-like system as long as all the
# following assumptions are met:
#
# 1. Debian packages we want to publish are in the toplevel dir.
# ensure that we have all the required environment variables.
fail=0
if [ -z "$AWS_ACCESS_KEY_ID" ]; then
echo "warning: missing AWS_ACCESS_KEY_ID environment variable" 1>&2
fail=1
fi
if [ -z "$AWS_SECRET_ACCESS_KEY" ]; then
echo "warning: missing AWS_SECRET_ACCESS_KEY environment variable" 1>&2
fail=1
fi
if [ -z "$DEB_GPG_KEY" ]; then
echo "warning: missing DEB_GPG_KEY environment variable" 1>&2
fail=1
fi
if [ $fail -ne 0 ]; then
exit 1
fi
set -ex
export DEBIAN_FRONTEND=noninteractive
maybe_with_sudo() {
if command -v sudo 1>/dev/null; then
sudo "$@"
else
"$@"
fi
}
# install the dependencies required by the uploader.
maybe_with_sudo apt-get update -q
maybe_with_sudo apt-get install --yes --no-install-recommends curl git make python3 python3-requests python3-gnupg s3cmd
# pull the latest version of the debops-ci script from ooni/sysadmin.
curl -fsSLO https://raw.githubusercontent.com/ooni/sysadmin/master/tools/debops-ci
chmod +x debops-ci
# loop over the available packages and upload.
for debpkg in *.deb; do
# for example: ooniprobe-cli_3.10.0_i386.deb
arch=$(echo "$debpkg" | awk -F_ '{print $3}' | sed 's/\.deb$//g')
./debops-ci --show-commands upload --bucket-name ooni-deb --arch "$arch" "$debpkg"
done

View File

@ -1,3 +0,0 @@
/miniooni.exe
/ooniprobe.exe
/ooniprobe.exe.asc

View File

@ -1,3 +0,0 @@
/miniooni.exe
/ooniprobe.exe
/ooniprobe.exe.asc

View File

@ -125,43 +125,5 @@ port, the commit message should start with `[forwardport]`.
When we branch off release `x.y` from `master`, we also need to bump When we branch off release `x.y` from `master`, we also need to bump
the `alpha` version used by `master`. the `alpha` version used by `master`.
In addition we have `PRODUCT-staging` branches for each product. These We build binary packages for each tagged release. We will use external
branches are described below: tools for publishing binaries to our Debian repository, Maven Central, etc.
- `miniooni-staging`: branch for building and publishing `miniooni`
binaries. This branch marges from the `master` branch when we tag
alpha releases. We use this strategy because `miniooni` is an alpha client.
We publish the resulting binaries in alpha releases.
- `mobile-staging`: branch for building and publishing iOS and
Android releases of the `pkg/oonimkall` library. This branch
merges from the release branches or the release tags. We use this
strategy because mobile releases are either beta quality or
production quality releases. We publish the resulting binaries
in beta quality or stable releases.
- `oohelperd-staging`: branch for building and publishing `oohelperd`
binaries. This branch merges from the release branches or the
release tags. We use this strategy because `oohelperd` releases
are either beta quality or production quality releases. We
publish the resulting binaries in OONI's internal Debian repository.
- `ooniprobe-staging`: branch for building and publising `ooniprobe`
binaries. This branch merges from the release branches or the
release tags. We use this strategy because `ooniprobe` releases
are either beta quality or production quality releases. We
publish the resulting binaries both in beta quality or stable
releases and in OONI's public Debian repository.
Builds proper happen either in this repository, using GitHub
actions, or using private build machines. Sometimes we need
private build machines to inject specific secrets into the
binary (e.g., we currently use this to inject OONI's Psiphon config).
Additionally, we currently publish as Github Actions artifacts
`miniooni` binaries for selected Linux architectures for
each commit that lands into the `master` branch. You will
find those binaries [in the results of each individual build](
https://github.com/ooni/probe-cli/actions/workflows/miniooni.yml)
until they are automatically removed by GitHub compatibly with
the build assets retention period (should be 90 days).

7
debian/.gitignore vendored
View File

@ -1,7 +0,0 @@
/bin
/.debhelper/
/debhelper-build-stamp
/files
/ooniprobe-cli/
/ooniprobe-cli.postrm.debhelper
/ooniprobe-cli.substvars

3
debian/README.md vendored
View File

@ -1,3 +0,0 @@
# Directory github.com/ooni/probe-cli/debian
This directory allows us to build debian packages.

5
debian/changelog vendored
View File

@ -1,5 +0,0 @@
ooniprobe-cli (3.0.9) unstable; urgency=medium
* Test release
-- Federico Ceratto <federico@openobservatory.org> Tue, 16 Feb 2021 12:39:41 +0000

13
debian/config vendored
View File

@ -1,13 +0,0 @@
#! /bin/sh
#
# Load debconf module and ask informed consent
#
set -e
. /usr/share/debconf/confmodule
db_version 2.0
db_input high ooniprobe-cli/ask-consent || true
db_go
exit 0

23
debian/control vendored
View File

@ -1,23 +0,0 @@
Source: ooniprobe-cli
Maintainer: Federico Ceratto <federico@openobservatory.org>
Section: devel
Priority: optional
Build-Depends:
debhelper-compat (= 12),
devscripts,
dpkg-dev,
Standards-Version: 4.5.0
Vcs-Browser: https://github.com/ooni/probe-cli
Vcs-Git: https://github.com/ooni/probe-cli.git
Homepage: https://github.com/ooni/probe-cli
Rules-Requires-Root: no
XS-Go-Import-Path: github.com/ooni/probe-cli
Package: ooniprobe-cli
Architecture: any
Pre-Depends: debconf (>= 1.0.0)
Depends: ${misc:Depends}, ${shlibs:Depends},
adduser,
debconf
Built-Using: ${misc:Built-Using}
Description: OONI Probe CLI

40
debian/copyright vendored
View File

@ -1,40 +0,0 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Source: https://github.com/ooni/probe-cli
Upstream-Name: ooniprobe-cli
Files: *
Copyright: 2018 Open Observatory of Network Interference (OONI)
License: BSD-3-clause
Files: debian/*
Copyright: 2020 Federico Ceratto <federico@openobservatory.org>
License: BSD-3-clause
Comment: Debian packaging is licensed under the same terms as upstream
License: BSD-3-clause
Copyright 2018 Open Observatory of Network Interference (OONI), The Tor Project
.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
.
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
.
3. Neither the name of the copyright holder nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

View File

@ -1,2 +0,0 @@
debian/bin/ooniprobe /usr/bin
debian/ooniprobe.conf.disabled /etc/ooniprobe

View File

@ -1,23 +0,0 @@
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
db_version 2.0
if [ "$1" = "configure" ]; then
if ! getent passwd ooniprobe >/dev/null; then
adduser --quiet --system --group --home /var/lib/ooniprobe ooniprobe
fi
fi
# Extract the answer
db_get ooniprobe-cli/ask-consent || true
consent="$RET"
CF=/etc/ooniprobe/ooniprobe.conf
[ "$consent" = true ] && [ -f ${CF}.disabled ] && mv ${CF}.disabled ${CF}
[ "$consent" = false ] && [ -f ${CF} ] && mv ${CF} ${CF}.disabled
#DEBHELPER#
exit 0

View File

@ -1,54 +0,0 @@
[Unit]
Description=OONI Probe CLI
Documentation=man:ooniprobe-cli
Documentation=https://ooni.org/
After=network.target tor.target
Wants=network-online.target
ConditionPathExists=/etc/ooniprobe/ooniprobe.conf
[Service]
Type=simple
ExecStart=/usr/bin/ooniprobe --config=/etc/ooniprobe/ooniprobe.conf run unattended
TimeoutStopSec=5
KillMode=mixed
Environment="OONI_HOME=/var/lib/ooniprobe"
User=ooniprobe
PermissionsStartOnly=true
Restart=on-abnormal
RestartSec=2s
LimitNOFILE=65536
WorkingDirectory=/var/lib/ooniprobe
RuntimeDirectory=ooniprobe
StateDirectory=ooniprobe
LogsDirectory=ooniprobe
ConfigurationDirectory=ooniprobe
# Sandboxing
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
LockPersonality=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/proc
ReadWriteDirectories=-/var/log/ooniprobe
ReadWriteDirectories=-/var/lib/ooniprobe
ReadWriteDirectories=-/var/run
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
[Install]
WantedBy=multi-user.target

View File

@ -1,15 +0,0 @@
Template: ooniprobe-cli/ask-consent
Type: boolean
Default: true
Description: Can we automatically publish your OONI Probe test results?
OONI Probe measures internet censorship and network performance.
.
Heads-up!
.
- The network data you will collect will automatically be published (unless you opt-out in the settings).
.
- Anyone monitoring your internet activity (eg. government or ISP) may be able to tell that you are using OONI Probe.
.
- OONI Probe will likely test objectionable websites.
.
To learn more, see https://ooni.org/about/risks/

View File

@ -1,11 +0,0 @@
[Unit]
Description=OONI Probe CLI
Requires=ooniprobe-cli.service
[Timer]
Unit=ooniprobe-cli.service
OnCalendar=daily
RandomizedDelaySec=12h
[Install]
WantedBy=timers.target

View File

@ -1,13 +0,0 @@
{
"_": "",
"_version": 1,
"_informed_consent": true,
"sharing": {
"upload_results": true
},
"nettests": {
"websites_max_runtime": 0,
"websites_enabled_category_codes": null
},
"advanced": {}
}

30
debian/rules vendored
View File

@ -1,30 +0,0 @@
#!/usr/bin/make -f
export DH_VERBOSE=1
%:
dh $@
override_dh_auto_clean:
dh_auto_clean
override_dh_auto_build:
# The ooniprobe binary is provided
override_dh_dwz:
true
override_dh_strip:
# We cross compile and build packages for any arch from
# linux/amd64 so we need to avoid this step. BTW this step
# is not needed because we already strip when building.
true
override_dh_makeshlibs:
# We cross compile and build packages for any arch from
# linux/amd64 so we need to avoid this step. BTW this step
# is not needed because we don't have any shlib.
true
override_dh_auto_install:
dh_auto_install -- --no-source

View File

@ -1 +0,0 @@
3.0 (native)

File diff suppressed because it is too large Load Diff

Binary file not shown.

Before

Width:  |  Height:  |  Size: 891 KiB

After

Width:  |  Height:  |  Size: 757 KiB

2
go.mod
View File

@ -50,7 +50,7 @@ require (
gitlab.com/yawning/utls.git v0.0.12-1 gitlab.com/yawning/utls.git v0.0.12-1
golang.org/x/mod v0.5.1 // indirect golang.org/x/mod v0.5.1 // indirect
golang.org/x/net v0.0.0-20211109214657-ef0fda0de508 golang.org/x/net v0.0.0-20211109214657-ef0fda0de508
golang.org/x/sys v0.0.0-20211113001501-0c823b97ae02 golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1
golang.org/x/text v0.3.7 // indirect golang.org/x/text v0.3.7 // indirect
golang.org/x/tools v0.1.8-0.20211022200916-316ba0b74098 // indirect golang.org/x/tools v0.1.8-0.20211022200916-316ba0b74098 // indirect
gopkg.in/AlecAivazis/survey.v1 v1.8.8 gopkg.in/AlecAivazis/survey.v1 v1.8.8

4
go.sum
View File

@ -833,8 +833,8 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210903071746-97244b99971b/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211113001501-0c823b97ae02 h1:7NCfEGl0sfUojmX78nK9pBJuUlSZWEJA/TwASvfiPLo= golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1 h1:kwrAHlwJ0DUBZwQ238v+Uod/3eZ8B2K5rYsUHBQvzmI=
golang.org/x/sys v0.0.0-20211113001501-0c823b97ae02/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211117180635-dee7805ff2e1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b h1:9zKuko04nR4gjZ4+DNjHqRlAJqbJETHwiNKDqTfOjfE= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b h1:9zKuko04nR4gjZ4+DNjHqRlAJqbJETHwiNKDqTfOjfE=

View File

@ -1,5 +0,0 @@
oohelperd (0.0.1) unstable; urgency=medium
* Test release
-- Federico Ceratto <federico@openobservatory.org> Tue, 16 Feb 2021 12:39:41 +0000

View File

@ -1 +0,0 @@
11

View File

@ -1,22 +0,0 @@
Source: oohelperd
Maintainer: Federico Ceratto <federico@openobservatory.org>
Section: devel
Priority: optional
Build-Depends:
devscripts,
dpkg-dev,
Standards-Version: 4.5.0
Vcs-Browser: https://github.com/ooni/probe-cli
Vcs-Git: https://github.com/ooni/probe-cli.git
Homepage: https://github.com/ooni/probe-cli
Rules-Requires-Root: no
XS-Go-Import-Path: github.com/ooni/probe-cli
Package: oohelperd
Architecture: any
Pre-Depends: debconf (>= 1.0.0)
Depends: ${misc:Depends}, ${shlibs:Depends},
adduser,
debconf
Built-Using: ${misc:Built-Using}
Description: OONI test helper

View File

@ -1,40 +0,0 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Source: https://github.com/ooni/probe-cli
Upstream-Name: oohelperd
Files: *
Copyright: 2018 Open Observatory of Network Interference (OONI)
License: BSD-3-clause
Files: debian/*
Copyright: 2020 Federico Ceratto <federico@openobservatory.org>
License: BSD-3-clause
Comment: Debian packaging is licensed under the same terms as upstream
License: BSD-3-clause
Copyright 2018 Open Observatory of Network Interference (OONI), The Tor Project
.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
.
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
.
3. Neither the name of the copyright holder nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

View File

@ -1 +0,0 @@
oohelperd /usr/bin

View File

@ -1,15 +0,0 @@
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
db_version 2.0
if [ "$1" = "configure" ]; then
if ! getent passwd oohelperd >/dev/null; then
adduser --quiet --system --group --home /var/lib/oohelperd oohelperd
fi
fi
#DEBHELPER#
exit 0

View File

@ -1,50 +0,0 @@
[Unit]
Description=OONI Test heper
Documentation=https://ooni.org/
After=network.target tor.target
Wants=network-online.target
[Service]
Type=simple
ExecStart=/usr/bin/oohelperd
TimeoutStopSec=5
KillMode=mixed
User=oohelperd
PermissionsStartOnly=true
Restart=on-abnormal
RestartSec=2s
LimitNOFILE=65536
WorkingDirectory=/var/lib/oohelperd
RuntimeDirectory=oohelperd
StateDirectory=oohelperd
LogsDirectory=oohelperd
ConfigurationDirectory=oohelperd
# Sandboxing
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
LockPersonality=yes
NoNewPrivileges=yes
PrivateDevices=yes
PrivateTmp=yes
PrivateUsers=yes
ProtectClock=yes
ProtectControlGroups=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelLogs=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/proc
ReadWriteDirectories=-/var/lib/oohelperd
ReadWriteDirectories=-/var/run
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
SystemCallArchitectures=native
SystemCallFilter=@system-service
[Install]
WantedBy=multi-user.target

View File

@ -1,19 +0,0 @@
#!/usr/bin/make -f
export DH_VERBOSE=1
%:
dh $@
override_dh_auto_clean:
dh_auto_clean
override_dh_auto_build:
# The oohelperd binary is provided
cp ../../../oohelperd .
override_dh_dwz:
true
override_dh_auto_install:
dh_auto_install -- --no-source

View File

@ -1 +0,0 @@
3.0 (native)

301
mk
View File

@ -46,12 +46,6 @@ ANDROID_INSTALL_EXTRA = 'build-tools;29.0.3' 'platforms;android-31'
#help: * ANDROID_NDK_VERSION : Android NDK version. #help: * ANDROID_NDK_VERSION : Android NDK version.
ANDROID_NDK_VERSION = 23.1.7779620 ANDROID_NDK_VERSION = 23.1.7779620
#help:
#help: * DEBIAN_TILDE_VERSION : if non-empty, this should be "[0-9]+" and
#help: will be appended to the package version using
#help: a tilde, thus producing, e.g., "1.0~1234".
DEBIAN_TILDE_VERSION =
#help: #help:
#help: * GIT_CLONE_DIR : directory where to clone repositories, by default #help: * GIT_CLONE_DIR : directory where to clone repositories, by default
#help: set to `$HOME/.ooniprobe-build/src`. #help: set to `$HOME/.ooniprobe-build/src`.
@ -61,17 +55,6 @@ GIT_CLONE_DIR = $(HOME)/.ooniprobe-build/src
$(GIT_CLONE_DIR): $(GIT_CLONE_DIR):
mkdir -p $(GIT_CLONE_DIR) mkdir -p $(GIT_CLONE_DIR)
#help:
#help: * GOLANG_DOCKER_GOCACHE : where to store golang's build cache to
#help: speed up subsequent Docker builds.
GOLANG_DOCKER_GOCACHE = $(HOME)/.ooniprobe-build/docker/gocache
#help:
#help: * GOLANG_DOCKER_GOPATH : GOPATH directory used by builds running
#help: inside docker to significantly speed
#help: up subsequent Docker based builds.
GOLANG_DOCKER_GOPATH := $(HOME)/.ooniprobe-build/docker/gopath
#help: #help:
#help: * GOLANG_EXTRA_FLAGS : extra flags passed to `go build ...`, empty by #help: * GOLANG_EXTRA_FLAGS : extra flags passed to `go build ...`, empty by
#help: default. Useful to pass flags to `go`, e.g.: #help: default. Useful to pass flags to `go`, e.g.:
@ -83,13 +66,6 @@ GOLANG_EXTRA_FLAGS =
#help: * GOLANG_VERSION_NUMBER : the expected version number for golang. #help: * GOLANG_VERSION_NUMBER : the expected version number for golang.
GOLANG_VERSION_NUMBER = 1.17.3 GOLANG_VERSION_NUMBER = 1.17.3
#help:
#help: * GPG_USER : allows overriding the default GPG user used
#help: to sign binary releases, e.g.:
#help:
#help: ./mk GPG_USER=john@doe.com ooniprobe/windows
GPG_USER = simone@openobservatory.org
#help: #help:
#help: * MINGW_W64_VERSION : the expected mingw-w64 version. #help: * MINGW_W64_VERSION : the expected mingw-w64 version.
MINGW_W64_VERSION = 10.3.1 MINGW_W64_VERSION = 10.3.1
@ -130,13 +106,9 @@ show-config:
@echo "ANDROID_CLI_SHA256=$(ANDROID_CLI_SHA256)" @echo "ANDROID_CLI_SHA256=$(ANDROID_CLI_SHA256)"
@echo "ANDROID_INSTALL_EXTRA=$(ANDROID_INSTALL_EXTRA)" @echo "ANDROID_INSTALL_EXTRA=$(ANDROID_INSTALL_EXTRA)"
@echo "ANDROID_NDK_VERSION=$(ANDROID_NDK_VERSION)" @echo "ANDROID_NDK_VERSION=$(ANDROID_NDK_VERSION)"
@echo "DEBIAN_TILDE_VERSION=$(DEBIAN_TILDE_VERSION)"
@echo "GIT_CLONE_DIR=$(GIT_CLONE_DIR)" @echo "GIT_CLONE_DIR=$(GIT_CLONE_DIR)"
@echo "GOLANG_DOCKER_GOCACHE=$(GOLANG_DOCKER_GOCACHE)"
@echo "GOLANG_DOCKER_GOPATH=$(GOLANG_DOCKER_GOPATH)"
@echo "GOLANG_EXTRA_FLAGS=$(GOLANG_EXTRA_FLAGS)" @echo "GOLANG_EXTRA_FLAGS=$(GOLANG_EXTRA_FLAGS)"
@echo "GOLANG_VERSION_NUMBER=$(GOLANG_VERSION_NUMBER)" @echo "GOLANG_VERSION_NUMBER=$(GOLANG_VERSION_NUMBER)"
@echo "GPG_USER=$(GPG_USER)"
@echo "MINGW_W64_VERSION=$(MINGW_W64_VERSION)" @echo "MINGW_W64_VERSION=$(MINGW_W64_VERSION)"
@echo "OONI_PSIPHON_TAGS=$(OONI_PSIPHON_TAGS)" @echo "OONI_PSIPHON_TAGS=$(OONI_PSIPHON_TAGS)"
@echo "OONI_ANDROID_HOME=$(OONI_ANDROID_HOME)" @echo "OONI_ANDROID_HOME=$(OONI_ANDROID_HOME)"
@ -226,215 +198,91 @@ GOLANG_DOCKER_IMAGE = golang:$(GOLANG_VERSION_NUMBER)-alpine
GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -tags="$(OONI_PSIPHON_TAGS)" -ldflags="-s -w" $(GOLANG_EXTRA_FLAGS) -o $@ ./internal/cmd/miniooni GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -tags="$(OONI_PSIPHON_TAGS)" -ldflags="-s -w" $(GOLANG_EXTRA_FLAGS) -o $@ ./internal/cmd/miniooni
#help: #help:
#help: The `./mk ./CLI/ooniprobe/darwin` command builds the ooniprobe official #help: The `./mk ./CLI/ooniprobe-darwin` command builds the ooniprobe official
#help: command line client for darwin/amd64 and darwin/arm64. This process #help: command line client for darwin/amd64 and darwin/arm64. This process
#help: entails building ooniprobe and then GPG-signing the binaries. #help: entails building ooniprobe and then GPG-signing the binaries.
#help: #help:
#help: You can also build the following subtargets: #help: You can also build the following subtargets:
.PHONY: ./CLI/ooniprobe/darwin .PHONY: ./CLI/ooniprobe-darwin
./CLI/ooniprobe/darwin: \ ./CLI/ooniprobe-darwin: ./CLI/ooniprobe-darwin-amd64 ./CLI/ooniprobe-darwin-arm64
./ooniprobe_darwin_amd64.tar.gz.asc \
./ooniprobe_darwin_arm64.tar.gz.asc
# ./ooniprobe_darwin_amd64.tar.gz.asc creates and signs the release tarball
.PHONY: ./ooniprobe_darwin_amd64.tar.gz.asc
./ooniprobe_darwin_amd64.tar.gz.asc: ./CLI/darwin/amd64/ooniprobe
rm -f ooniprobe_darwin_amd64.tar.gz ooniprobe_darwin_amd64.tar.gz.asc
tar -cvzf ooniprobe_darwin_amd64.tar.gz -C ./CLI/darwin/amd64 ooniprobe
gpg -abu $(GPG_USER) ooniprobe_darwin_amd64.tar.gz
# We force CGO_ENABLED=1 because in principle we may be cross compiling. In # We force CGO_ENABLED=1 because in principle we may be cross compiling. In
# reality it's hard to see a macOS/darwin build not made on macOS. # reality it's hard to see a macOS/darwin build not made on macOS.
#help: #help:
#help: * `./mk ./CLI/darwin/amd64/ooniprobe`: darwin/amd64 #help: * `./mk ./CLI/ooniprobe-darwin-amd64`: darwin/amd64
.PHONY: ./CLI/darwin/amd64/ooniprobe .PHONY: ./CLI/ooniprobe-darwin-amd64
./CLI/darwin/amd64/ooniprobe: search/for/go maybe/copypsiphon ./CLI/ooniprobe-darwin-amd64: search/for/go maybe/copypsiphon
GOOS=darwin GOARCH=amd64 CGO_ENABLED=1 go build -tags="$(OONI_PSIPHON_TAGS)" -ldflags="-s -w" $(GOLANG_EXTRA_FLAGS) -o $@ ./cmd/ooniprobe GOOS=darwin GOARCH=amd64 CGO_ENABLED=1 go build -tags="$(OONI_PSIPHON_TAGS)" -ldflags="-s -w" $(GOLANG_EXTRA_FLAGS) -o $@ ./cmd/ooniprobe
# ./ooniprobe_darwin_arm64.tar.gz.asc creates and signs the release tarball
.PHONY: ./ooniprobe_darwin_arm64.tar.gz.asc
./ooniprobe_darwin_arm64.tar.gz.asc: ./CLI/darwin/arm64/ooniprobe
rm -f ooniprobe_darwin_arm64.tar.gz ooniprobe_darwin_arm64.tar.gz.asc
tar -cvzf ooniprobe_darwin_arm64.tar.gz -C ./CLI/darwin/arm64 ooniprobe
gpg -abu $(GPG_USER) ooniprobe_darwin_arm64.tar.gz
#help: #help:
#help: * `./mk ./CLI/darwin/arm64/ooniprobe`: darwin/arm64 #help: * `./mk ./CLI/ooniprobe-darwin-arm64`: darwin/arm64
.PHONY: ./CLI/darwin/arm64/ooniprobe .PHONY: ./CLI/ooniprobe-darwin-arm64
./CLI/darwin/arm64/ooniprobe: search/for/go maybe/copypsiphon ./CLI/ooniprobe-darwin-arm64: search/for/go maybe/copypsiphon
GOOS=darwin GOARCH=arm64 CGO_ENABLED=1 go build -tags="$(OONI_PSIPHON_TAGS)" -ldflags="-s -w" $(GOLANG_EXTRA_FLAGS) -o $@ ./cmd/ooniprobe GOOS=darwin GOARCH=arm64 CGO_ENABLED=1 go build -tags="$(OONI_PSIPHON_TAGS)" -ldflags="-s -w" $(GOLANG_EXTRA_FLAGS) -o $@ ./cmd/ooniprobe
#help: #help:
#help: The `./mk ./debian` command builds the ooniprobe CLI #help: The `./mk ./CLI/ooniprobe-linux` command builds the ooniprobe official command
#help: debian package for amd64 and arm64. #help: line client for amd64, arm64, etc.
#help: #help:
#help: You can also build the following subtargets: #help: You can also build the following subtargets:
.PHONY: ./debian .PHONY: ./CLI/ooniprobe-linux
./debian: \ ./CLI/ooniprobe-linux: \
./debian/386 \ ./CLI/ooniprobe-linux-386 \
./debian/amd64 \ ./CLI/ooniprobe-linux-amd64 \
./debian/arm \ ./CLI/ooniprobe-linux-armv7 \
./debian/arm64 ./CLI/ooniprobe-linux-arm64
#help:
#help: * `./mk ./debian/386`: debian/386
.PHONY: ./debian/386
# This extra .PHONY for linux/386 is to help printing targets 🤷.
.PHONY: ./CLI/linux/386/ooniprobe
./debian/386: search/for/docker ./CLI/linux/386/ooniprobe
docker pull debian:stable
docker run -v $(shell pwd):/ooni -w /ooni debian:stable ./CLI/linux/pkgdebian 386 "$(DEBIAN_TILDE_VERSION)"
#help:
#help: * `./mk ./debian/amd64`: debian/amd64
.PHONY: ./debian/amd64
# This extra .PHONY for linux/amd64 is to help printing targets 🤷.
.PHONY: ./CLI/linux/amd64/ooniprobe
./debian/amd64: search/for/docker ./CLI/linux/amd64/ooniprobe
docker pull debian:stable
docker run -v $(shell pwd):/ooni -w /ooni debian:stable ./CLI/linux/pkgdebian amd64 "$(DEBIAN_TILDE_VERSION)"
# Note that we're building for armv7 here
#help:
#help: * `./mk ./debian/arm`: debian/arm
.PHONY: ./debian/arm
# This extra .PHONY for linux/arm is to help printing targets 🤷.
.PHONY: ./CLI/linux/arm/ooniprobe
./debian/arm: search/for/docker ./CLI/linux/arm/ooniprobe
docker pull debian:stable
docker run -v $(shell pwd):/ooni -w /ooni debian:stable ./CLI/linux/pkgdebian arm "$(DEBIAN_TILDE_VERSION)"
#help:
#help: * `./mk ./debian/arm64`: debian/arm64
.PHONY: ./debian/arm64
# This extra .PHONY for linux/arm64 is to help printing targets 🤷.
.PHONY: ./CLI/linux/arm64/ooniprobe
./debian/arm64: search/for/docker ./CLI/linux/arm64/ooniprobe
docker pull debian:stable
docker run -v $(shell pwd):/ooni -w /ooni debian:stable ./CLI/linux/pkgdebian arm64 "$(DEBIAN_TILDE_VERSION)"
#help:
#help: The `./mk ./CLI/ooniprobe/linux` command builds the ooniprobe official command
#help: line client for amd64 and arm64. This entails building and GPG signing.
#help:
#help: You can also build the following subtargets:
.PHONY: ./CLI/ooniprobe/linux
./CLI/ooniprobe/linux: \
./ooniprobe_linux_386.tar.gz.asc \
./ooniprobe_linux_amd64.tar.gz.asc \
./ooniprobe_linux_armv7.tar.gz.asc \
./ooniprobe_linux_arm64.tar.gz.asc
# ./ooniprobe_linux_386.tar.gz.asc creates and signs the release tarball
.PHONY: ./ooniprobe_linux_386.tar.gz.asc
./ooniprobe_linux_386.tar.gz.asc: ./CLI/linux/386/ooniprobe
rm -f ooniprobe_linux_386.tar.gz ooniprobe_linux_386.tar.gz.asc
tar -cvzf ooniprobe_linux_386.tar.gz -C ./CLI/linux/386 ooniprobe
gpg -abu $(GPG_USER) ooniprobe_linux_386.tar.gz
# Linux builds use Alpine and Docker so we are sure that we are statically # Linux builds use Alpine and Docker so we are sure that we are statically
# linking to musl libc, thus making our binaries extremely portable. # linking to musl libc, thus making our binaries extremely portable.
#help: #help:
#help: * `./mk ./CLI/linux/386/ooniprobe`: linux/386 #help: * `./mk ./CLI/ooniprobe-linux-386`: linux/386
.PHONY: ./CLI/linux/386/ooniprobe .PHONY: ./CLI/ooniprobe-linux-386
./CLI/linux/386/ooniprobe: search/for/docker maybe/copypsiphon ./CLI/ooniprobe-linux-386: search/for/docker maybe/copypsiphon
docker pull --platform linux/386 $(GOLANG_DOCKER_IMAGE) docker pull --platform linux/386 $(GOLANG_DOCKER_IMAGE)
docker run --platform linux/386 -e GOPATH=/gopath -e GOARCH=386 -v $(GOLANG_DOCKER_GOCACHE)/386:/root/.cache/go-build -v $(GOLANG_DOCKER_GOPATH):/gopath -v $(shell pwd):/ooni -w /ooni $(GOLANG_DOCKER_IMAGE) ./CLI/linux/build -tags=netgo,$(OONI_PSIPHON_TAGS) $(GOLANG_EXTRA_FLAGS) docker run --platform linux/386 -e GOPATH=/gopath -e GOARCH=386 -v $(shell pwd):/ooni -w /ooni $(GOLANG_DOCKER_IMAGE) ./CLI/build-linux -tags=netgo,$(OONI_PSIPHON_TAGS) $(GOLANG_EXTRA_FLAGS)
# ./ooniprobe_linux_amd64.tar.gz.asc creates and signs the release tarball
.PHONY: ./ooniprobe_linux_amd64.tar.gz.asc
./ooniprobe_linux_amd64.tar.gz.asc: ./CLI/linux/amd64/ooniprobe
rm -f ooniprobe_linux_amd64.tar.gz ooniprobe_linux_amd64.tar.gz.asc
tar -cvzf ooniprobe_linux_amd64.tar.gz -C ./CLI/linux/amd64 ooniprobe
gpg -abu $(GPG_USER) ooniprobe_linux_amd64.tar.gz
#help: #help:
#help: * `./mk ./CLI/linux/amd64/ooniprobe`: linux/amd64 #help: * `./mk ./CLI/ooniprobe-linux-amd64`: linux/amd64
.PHONY: ./CLI/linux/amd64/ooniprobe .PHONY: ./CLI/ooniprobe-linux-amd64
./CLI/linux/amd64/ooniprobe: search/for/docker maybe/copypsiphon ./CLI/ooniprobe-linux-amd64: search/for/docker maybe/copypsiphon
docker pull --platform linux/amd64 $(GOLANG_DOCKER_IMAGE) docker pull --platform linux/amd64 $(GOLANG_DOCKER_IMAGE)
docker run --platform linux/amd64 -e GOPATH=/gopath -e GOARCH=amd64 -v $(GOLANG_DOCKER_GOCACHE)/amd64:/root/.cache/go-build -v $(GOLANG_DOCKER_GOPATH):/gopath -v $(shell pwd):/ooni -w /ooni $(GOLANG_DOCKER_IMAGE) ./CLI/linux/build -tags=netgo,$(OONI_PSIPHON_TAGS) $(GOLANG_EXTRA_FLAGS) docker run --platform linux/amd64 -e GOPATH=/gopath -e GOARCH=amd64 -v $(shell pwd):/ooni -w /ooni $(GOLANG_DOCKER_IMAGE) ./CLI/build-linux -tags=netgo,$(OONI_PSIPHON_TAGS) $(GOLANG_EXTRA_FLAGS)
# ./ooniprobe_linux_armv7.tar.gz.asc creates and signs the release tarball
.PHONY: ./ooniprobe_linux_armv7.tar.gz.asc
./ooniprobe_linux_armv7.tar.gz.asc: ./CLI/linux/arm/ooniprobe
rm -f ooniprobe_linux_armv7.tar.gz ooniprobe_linux_armv7.tar.gz.asc
tar -cvzf ooniprobe_linux_armv7.tar.gz -C ./CLI/linux/arm ooniprobe
gpg -abu $(GPG_USER) ooniprobe_linux_armv7.tar.gz
# Note that we're building for armv7 here
#help: #help:
#help: * `./mk ./CLI/linux/arm/ooniprobe`: linux/arm #help: * `./mk ./CLI/ooniprobe-linux-armv7`: linux/arm
.PHONY: ./CLI/linux/arm/ooniprobe .PHONY: ./CLI/ooniprobe-linux-armv7
./CLI/linux/arm/ooniprobe: search/for/docker maybe/copypsiphon ./CLI/ooniprobe-linux-armv7: search/for/docker maybe/copypsiphon
docker pull --platform linux/arm/v7 $(GOLANG_DOCKER_IMAGE) docker pull --platform linux/arm/v7 $(GOLANG_DOCKER_IMAGE)
docker run --platform linux/arm/v7 -e GOPATH=/gopath -e GOARCH=arm -e GOARM=7 -v $(GOLANG_DOCKER_GOCACHE)/arm:/root/.cache/go-build -v $(GOLANG_DOCKER_GOPATH):/gopath -v $(shell pwd):/ooni -w /ooni $(GOLANG_DOCKER_IMAGE) ./CLI/linux/build -tags=netgo,$(OONI_PSIPHON_TAGS) $(GOLANG_EXTRA_FLAGS) docker run --platform linux/arm/v7 -e GOPATH=/gopath -e GOARCH=arm -e GOARM=7 -v $(shell pwd):/ooni -w /ooni $(GOLANG_DOCKER_IMAGE) ./CLI/build-linux -tags=netgo,$(OONI_PSIPHON_TAGS) $(GOLANG_EXTRA_FLAGS)
# ./ooniprobe_linux_arm64.tar.gz.asc creates and signs the release tarball
.PHONY: ./ooniprobe_linux_arm64.tar.gz.asc
./ooniprobe_linux_arm64.tar.gz.asc: ./CLI/linux/arm64/ooniprobe
rm -f ooniprobe_linux_arm64.tar.gz ooniprobe_linux_arm64.tar.gz.asc
tar -cvzf ooniprobe_linux_arm64.tar.gz -C ./CLI/linux/arm64 ooniprobe
gpg -abu $(GPG_USER) ooniprobe_linux_arm64.tar.gz
#help: #help:
#help: * `./mk ./CLI/linux/arm64/ooniprobe`: linux/arm64 #help: * `./mk ./CLI/ooniprobe-linux-arm64`: linux/arm64
.PHONY: ./CLI/linux/arm64/ooniprobe .PHONY: ./CLI/ooniprobe-linux-arm64
./CLI/linux/arm64/ooniprobe: search/for/docker maybe/copypsiphon ./CLI/ooniprobe-linux-arm64: search/for/docker maybe/copypsiphon
docker pull --platform linux/arm64 $(GOLANG_DOCKER_IMAGE) docker pull --platform linux/arm64 $(GOLANG_DOCKER_IMAGE)
docker run --platform linux/arm64 -e GOPATH=/gopath -e GOARCH=arm64 -v $(GOLANG_DOCKER_GOCACHE)/arm64:/root/.cache/go-build -v $(GOLANG_DOCKER_GOPATH):/gopath -v $(shell pwd):/ooni -w /ooni $(GOLANG_DOCKER_IMAGE) ./CLI/linux/build -tags=netgo,$(OONI_PSIPHON_TAGS) $(GOLANG_EXTRA_FLAGS) docker run --platform linux/arm64 -e GOPATH=/gopath -e GOARCH=arm64 -v $(shell pwd):/ooni -w /ooni $(GOLANG_DOCKER_IMAGE) ./CLI/build-linux -tags=netgo,$(OONI_PSIPHON_TAGS) $(GOLANG_EXTRA_FLAGS)
#help: #help:
#help: The `./mk ./CLI/ooniprobe/windows` command builds the ooniprobe official #help: The `./mk ./CLI/ooniprobe-windows` command builds the ooniprobe official
#help: command line client for windows/386 and windows/amd64. This entails #help: command line client for windows/386 and windows/amd64. This entails
#help: building and PGP signing the executables. #help: building and PGP signing the executables.
#help: #help:
#help: You can also build the following subtargets: #help: You can also build the following subtargets:
.PHONY: ./CLI/ooniprobe/windows .PHONY: ./CLI/ooniprobe-windows
./CLI/ooniprobe/windows: \ ./CLI/ooniprobe-windows: \
./ooniprobe_windows_386.tar.gz.asc \ ./CLI/ooniprobe-windows-386.exe \
./ooniprobe_windows_386.zip.asc \ ./CLI/ooniprobe-windows-amd64.exe
./ooniprobe_windows_amd64.tar.gz.asc \
./ooniprobe_windows_amd64.zip.asc
# ./ooniprobe_windows_386.tar.gz.asc creates and signs the release tarball
.PHONY: ./ooniprobe_windows_386.tar.gz.asc
./ooniprobe_windows_386.tar.gz.asc: ./CLI/windows/386/ooniprobe.exe
rm -f ooniprobe_windows_386.tar.gz ooniprobe_windows_386.tar.gz.asc
tar -cvzf ooniprobe_windows_386.tar.gz -C ./CLI/windows/386 ooniprobe.exe
gpg -abu $(GPG_USER) ooniprobe_windows_386.tar.gz
# ./ooniprobe_windows_386.zip.asc creates and signs the release zipball
.PHONY: ./ooniprobe_windows_386.zip.asc
./ooniprobe_windows_386.zip.asc: ./CLI/windows/386/ooniprobe.exe
rm -f ooniprobe_windows_386.zip ooniprobe_windows_386.zip.asc
cd ./CLI/windows/386 && zip ../../../ooniprobe_windows_386.zip ooniprobe.exe
gpg -abu $(GPG_USER) ooniprobe_windows_386.zip
#help: #help:
#help: * `./mk ./CLI/windows/386/ooniprobe.exe`: windows/386 #help: * `./mk ./CLI/ooniprobe-windows-386.exe`: windows/386
.PHONY: ./CLI/windows/386/ooniprobe.exe .PHONY: ./CLI/ooniprobe-windows-386.exe
./CLI/windows/386/ooniprobe.exe: search/for/go search/for/mingw-w64 maybe/copypsiphon ./CLI/ooniprobe-windows-386.exe: search/for/go search/for/mingw-w64 maybe/copypsiphon
GOOS=windows GOARCH=386 CGO_ENABLED=1 CC=i686-w64-mingw32-gcc go build -tags="$(OONI_PSIPHON_TAGS)" -ldflags="-s -w" $(GOLANG_EXTRA_FLAGS) -o $@ ./cmd/ooniprobe GOOS=windows GOARCH=386 CGO_ENABLED=1 CC=i686-w64-mingw32-gcc go build -tags="$(OONI_PSIPHON_TAGS)" -ldflags="-s -w" $(GOLANG_EXTRA_FLAGS) -o $@ ./cmd/ooniprobe
# ./ooniprobe_windows_amd64.tar.gz.asc creates and signs the release tarball
.PHONY: ./ooniprobe_windows_amd64.tar.gz.asc
./ooniprobe_windows_amd64.tar.gz.asc: ./CLI/windows/amd64/ooniprobe.exe
rm -f ooniprobe_windows_amd64.tar.gz ooniprobe_windows_amd64.tar.gz.asc
tar -cvzf ooniprobe_windows_amd64.tar.gz -C ./CLI/windows/amd64 ooniprobe.exe
gpg -abu $(GPG_USER) ooniprobe_windows_amd64.tar.gz
# ./ooniprobe_windows_amd64.zip.asc creates and signs the release zipball
.PHONY: ./ooniprobe_windows_amd64.zip.asc
./ooniprobe_windows_amd64.zip.asc: ./CLI/windows/amd64/ooniprobe.exe
rm -f ooniprobe_windows_amd64.zip ooniprobe_windows_amd64.zip.asc
cd ./CLI/windows/amd64 && zip ../../../ooniprobe_windows_amd64.zip ooniprobe.exe
gpg -abu $(GPG_USER) ooniprobe_windows_amd64.zip
#help: #help:
#help: * `./mk ./CLI/windows/amd64/ooniprobe.exe`: windows/amd64 #help: * `./mk ./CLI/ooniprobe-windows-amd64.exe`: windows/amd64
.PHONY: ./CLI/windows/amd64/ooniprobe.exe .PHONY: ./CLI/ooniprobe-windows-amd64.exe
./CLI/windows/amd64/ooniprobe.exe: search/for/go search/for/mingw-w64 maybe/copypsiphon ./CLI/ooniprobe-windows-amd64.exe: search/for/go search/for/mingw-w64 maybe/copypsiphon
GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc go build -tags="$(OONI_PSIPHON_TAGS)" -ldflags="-s -w" $(GOLANG_EXTRA_FLAGS) -o $@ ./cmd/ooniprobe GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC=x86_64-w64-mingw32-gcc go build -tags="$(OONI_PSIPHON_TAGS)" -ldflags="-s -w" $(GOLANG_EXTRA_FLAGS) -o $@ ./cmd/ooniprobe
#help: #help:
@ -442,14 +290,13 @@ GOLANG_DOCKER_IMAGE = golang:$(GOLANG_VERSION_NUMBER)-alpine
#help: #help:
#help: You can also build the following subtargets: #help: You can also build the following subtargets:
.PHONY: ./MOBILE/android .PHONY: ./MOBILE/android
./MOBILE/android: search/for/gpg search/for/jar ./MOBILE/android/oonimkall.aar ./MOBILE/android: ./MOBILE/android/oonimkall.aar ./MOBILE/android/oonimkall.pom
cp ./MOBILE/android/oonimkall.aar ./MOBILE/android/oonimkall-$(OONIMKALL_V).aar
cp ./MOBILE/android/oonimkall-sources.jar ./MOBILE/android/oonimkall-$(OONIMKALL_V)-sources.jar #help:
cat ./MOBILE/template.pom | sed -e "s/@VERSION@/$(OONIMKALL_V)/g" > ./MOBILE/android/oonimkall-$(OONIMKALL_V).pom #help: * `./mk ./MOBILE/android/oonimkall.pom`: the POM
gpg -abu $(GPG_USER) ./MOBILE/android/oonimkall-$(OONIMKALL_V).aar .PHONY: ./MOBILE/android/oonimkall.pom
gpg -abu $(GPG_USER) ./MOBILE/android/oonimkall-$(OONIMKALL_V)-sources.jar ./MOBILE/android/oonimkall.pom:
gpg -abu $(GPG_USER) ./MOBILE/android/oonimkall-$(OONIMKALL_V).pom cat ./MOBILE/android/template.pom | sed -e "s/@VERSION@/$(OONIMKALL_V)/g" > ./MOBILE/android/oonimkall.pom
cd ./MOBILE/android && jar -cf bundle.jar oonimkall-$(OONIMKALL_V).aar oonimkall-$(OONIMKALL_V).aar.asc oonimkall-$(OONIMKALL_V)-sources.jar oonimkall-$(OONIMKALL_V)-sources.jar.asc oonimkall-$(OONIMKALL_V).pom oonimkall-$(OONIMKALL_V).pom.asc
#help: #help:
#help: * `./mk ./MOBILE/android/oonimkall.aar`: the AAR #help: * `./mk ./MOBILE/android/oonimkall.aar`: the AAR
@ -466,16 +313,14 @@ GOMOBILE = $(shell go env GOPATH)/bin/gomobile
__android_build_with_ooni_go: search/for/go __android_build_with_ooni_go: search/for/go
go get -u golang.org/x/mobile/cmd/gomobile go get -u golang.org/x/mobile/cmd/gomobile
$(GOMOBILE) init $(GOMOBILE) init
PATH=$(shell go env GOPATH)/bin:$$PATH ANDROID_HOME=$(OONI_ANDROID_HOME) ANDROID_NDK_HOME=$(OONI_ANDROID_HOME)/ndk/$(ANDROID_NDK_VERSION) $(GOMOBILE) bind -target android -o ./MOBILE/android/oonimkall.aar -tags="$(OONI_PSIPHON_TAGS)" -ldflags '-s -w' $(GOLANG_EXTRA_FLAGS) ./pkg/oonimkall PATH=$(shell go env GOPATH)/bin:$$PATH ANDROID_HOME=$(OONI_ANDROID_HOME) ANDROID_NDK_HOME=$(OONI_ANDROID_HOME)/ndk/$(ANDROID_NDK_VERSION) $(GOMOBILE) bind -x -target android -o ./MOBILE/android/oonimkall.aar -tags="$(OONI_PSIPHON_TAGS)" -ldflags '-s -w' $(GOLANG_EXTRA_FLAGS) ./pkg/oonimkall
#help: #help:
#help: The `./mk ./MOBILE/ios` command builds the oonimkall library for iOS. #help: The `./mk ./MOBILE/ios` command builds the oonimkall library for iOS.
#help: #help:
#help: You can also build the following subtargets: #help: You can also build the following subtargets:
.PHONY: ./MOBILE/ios .PHONY: ./MOBILE/ios
./MOBILE/ios: \ ./MOBILE/ios: ./MOBILE/ios/oonimkall.xcframework.zip ./MOBILE/ios/oonimkall.podspec
./MOBILE/ios/oonimkall.xcframework.zip \
./MOBILE/ios/oonimkall.podspec
#help: #help:
#help: * `./mk ./MOBILE/ios/oonimkall.xcframework.zip`: zip the xcframework #help: * `./mk ./MOBILE/ios/oonimkall.xcframework.zip`: zip the xcframework
@ -495,26 +340,13 @@ __android_build_with_ooni_go: search/for/go
#help: #help:
#help: * `./mk ./MOBILE/ios/oonimkall.podspec`: the podspec #help: * `./mk ./MOBILE/ios/oonimkall.podspec`: the podspec
.PHONY: ./MOBILE/ios/oonimkall.podspec .PHONY: ./MOBILE/ios/oonimkall.podspec
./MOBILE/ios/oonimkall.podspec: ./MOBILE/template.podspec ./MOBILE/ios/oonimkall.podspec: ./MOBILE/ios/template.podspec
cat $< | sed -e "s/@VERSION@/$(OONIMKALL_V)/g" -e "s/@RELEASE@/$(OONIMKALL_R)/g" > $@ cat $< | sed -e "s/@VERSION@/$(OONIMKALL_V)/g" -e "s/@RELEASE@/$(OONIMKALL_R)/g" > $@
# important: OONIMKALL_V and OONIMKALL_R MUST be expanded just once so we use `:=` # important: OONIMKALL_V and OONIMKALL_R MUST be expanded just once so we use `:=`
OONIMKALL_V := $(shell date -u +%Y.%m.%d-%H%M%S) OONIMKALL_V := $(shell date -u +%Y.%m.%d-%H%M%S)
OONIMKALL_R := $(shell git describe --tags || echo '0.0.0-dev') OONIMKALL_R := $(shell git describe --tags || echo '0.0.0-dev')
#help: The `debian/publish` target publishes all the debian packages
#help: present in the toplevel directory using debopos-ci.
# TODO(bassosimone): do not hardcode using linux/amd64 here?
.PHONY: debian/publish
debian/publish: search/for/docker
test -z "$(CI)" || { echo "fatal: refusing to run in a CI environment" 1>&2; exit 1; }
ls *.deb 2>/dev/null || { echo "fatal: no debian packages in the toplevel dir" 1>&2; exit 1; }
test -n "$(AWS_ACCESS_KEY_ID)" || { echo "fatal: AWS_ACCESS_KEY_ID not set" 1>&2; exit 1; }
test -n "$(AWS_SECRET_ACCESS_KEY)" || { echo "fatal: AWS_SECRET_ACCESS_KEY not set" 1>&2; exit 1; }
test -n "$(DEB_GPG_KEY)" || { echo "fatal: DEB_GPG_KEY not set" 1>&2; exit 1; }
docker pull --platform linux/amd64 ubuntu:20.04
docker run --platform linux/amd64 -e AWS_ACCESS_KEY_ID="$(AWS_ACCESS_KEY_ID)" -e AWS_SECRET_ACCESS_KEY="$(AWS_SECRET_ACCESS_KEY)" -e DEB_GPG_KEY="$(DEB_GPG_KEY)" -v $(shell pwd):/ooni -w /ooni ubuntu:20.04 ./CLI/linux/pubdebian
#help: #help:
#help: The following commands check for the availability of dependencies: #help: The following commands check for the availability of dependencies:
# TODO(bassosimone): make checks more robust? # TODO(bassosimone): make checks more robust?
@ -547,13 +379,6 @@ search/for/git:
@printf "checking for git... " @printf "checking for git... "
@command -v git || { echo "not found"; exit 1; } @command -v git || { echo "not found"; exit 1; }
#help:
#help: * `./mk search/for/gpg`: checks for gpg
.PHONY: search/for/gpg
search/for/gpg:
@printf "checking for gpg... "
@command -v gpg || { echo "not found"; exit 1; }
#help: #help:
#help: * `./mk search/for/go`: checks for go #help: * `./mk search/for/go`: checks for go
.PHONY: search/for/go .PHONY: search/for/go
@ -568,13 +393,6 @@ search/for/go:
# SHOULD NOT cache this value so we ARE NOT using `:=`) # SHOULD NOT cache this value so we ARE NOT using `:=`)
__GOVERSION_REAL = $(shell go version | awk '{print $$3}') __GOVERSION_REAL = $(shell go version | awk '{print $$3}')
#help:
#help: * `./mk search/for/jar`: checks for jar
.PHONY: search/for/jar
search/for/jar:
@printf "checking for jar... "
@command -v jar || { echo "not found"; exit 1; }
#help: #help:
#help: * `./mk search/for/java`: checks for java #help: * `./mk search/for/java`: checks for java
.PHONY: search/for/java .PHONY: search/for/java
@ -671,17 +489,15 @@ OONIPRIVATE_REPO = git@github.com:ooni/probe-private
# $(OONIPRIVATE) clones the private repository in $(GIT_CLONE_DIR) # $(OONIPRIVATE) clones the private repository in $(GIT_CLONE_DIR)
$(OONIPRIVATE): search/for/git $(GIT_CLONE_DIR) $(OONIPRIVATE): search/for/git $(GIT_CLONE_DIR)
test -d $(OONIPRIVATE) || $(MAKE) -f mk __really_clone_private_repo rm -rf $(OONIPRIVATE)
__really_clone_private_repo:
git clone $(OONIPRIVATE_REPO) $(OONIPRIVATE) git clone $(OONIPRIVATE_REPO) $(OONIPRIVATE)
#help: #help:
#help: The `./mk ooni/go` command builds the latest version of ooni/go. #help: The `./mk ooni/go` command builds the latest version of ooni/go.
.PHONY: ooni/go .PHONY: ooni/go
ooni/go: search/for/bash search/for/git search/for/go $(OONIGODIR) ooni/go: search/for/bash search/for/git search/for/go $(OONIGODIR)
test -d $(OONIGODIR) || git clone -b $(OONIGO_BRANCH) --single-branch --depth 8 $(OONIGO_REPO) $(OONIGODIR) rm -rf $(OONIGODIR)
cd $(OONIGODIR) && git pull --ff-only git clone -b $(OONIGO_BRANCH) --single-branch --depth 8 $(OONIGO_REPO) $(OONIGODIR)
cd $(OONIGODIR)/src && ./make.bash cd $(OONIGODIR)/src && ./make.bash
# OONIGODIR is the directory in which we clone ooni/go # OONIGODIR is the directory in which we clone ooni/go
@ -695,7 +511,8 @@ OONIGO_REPO = https://github.com/ooni/go
#help: correct version of the Android sdk. #help: correct version of the Android sdk.
.PHONY: android/sdk .PHONY: android/sdk
android/sdk: search/for/java android/sdk: search/for/java
test -d $(OONI_ANDROID_HOME) || $(MAKE) -f mk android/sdk/download rm -rf $(OONI_ANDROID_HOME)
$(MAKE) -f mk android/sdk/download
test -f $(__ANDROID_SDKMANAGER) || { echo "please run './mk android/sdk/download'"; exit 1; } test -f $(__ANDROID_SDKMANAGER) || { echo "please run './mk android/sdk/download'"; exit 1; }
echo "Yes" | $(__ANDROID_SDKMANAGER) --install $(ANDROID_INSTALL_EXTRA) 'ndk;$(ANDROID_NDK_VERSION)' echo "Yes" | $(__ANDROID_SDKMANAGER) --install $(ANDROID_INSTALL_EXTRA) 'ndk;$(ANDROID_NDK_VERSION)'