Bug 31130: Use Debian 10 for our Android container images

sisbell · Nov 4, 2019 · 608f2c9 · 608f2c9
1 parent 599384e
commit 608f2c9
Show file tree

Hide file tree

Showing 8 changed files with 36 additions and 31 deletions.
diff --git a/projects/debootstrap-image/config b/projects/debootstrap-image/config
@@ -4,7 +4,7 @@ version: 2
 pkg_type: build
 
 var:
-  ubuntu_version: 18.04.1
+  ubuntu_version: 19.10
 
   container:
     use_container: 1
@@ -15,8 +15,10 @@ pre: |
   #!/bin/sh
   set -e
   export DEBIAN_FRONTEND=noninteractive
-  # Bug 29158: install fixed packages for apt vulnerability (CVE-2019-3462)
-  dpkg -i ./apt_1.6.6ubuntu0.1_amd64.deb ./libapt-pkg5.0_1.6.6ubuntu0.1_amd64.deb
+  [% IF ! c("var/buster") -%]
+    # Bug 29158: install fixed packages for apt vulnerability (CVE-2019-3462)
+    dpkg -i ./apt_1.6.6ubuntu0.1_amd64.deb ./libapt-pkg5.0_1.6.6ubuntu0.1_amd64.deb
+  [% END -%]
   apt-get update -y -q
   apt-get install -y -q debian-archive-keyring ubuntu-keyring debootstrap
   debootstrap --arch=[% c("var/container/arch") %] [% c("var/container/debootstrap_opt") %] [% c("var/container/suite") %] base-image [% c("var/container/debootstrap_mirror") %]
@@ -36,6 +38,7 @@ pre: |
     echo "apt version: $apt_version"
     dpkg --compare-versions "$apt_version" ge '[% c("var/minimal_apt_version") %]'
   [% END -%]
+
   tar -C ./base-image -czf [% dest_dir %]/[% c("filename") %] .
 
 targets:
@@ -65,14 +68,24 @@ targets:
         suite: stretch
         arch: amd64
 
+  buster-amd64:
+    var:
+      buster: 1
+      minimal_apt_version: 1.8.2
+      container:
+        suite: buster
+        arch: amd64
+
 input_files:
   - URL: 'http://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
     filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
-    sha256sum: ed76e649f65548a80b361b68011085ec4dde7bb762d667657acbef87765e1a12
+    sha256sum: eedcb1dc0ccc86b59eb1f89960c322a2ba3ed3e0323a20a1da8bcc0e6f100f4f
   - URL: http://security.ubuntu.com/ubuntu/pool/main/a/apt/apt_1.6.6ubuntu0.1_amd64.deb
     sha256sum: df210f9e30cf9deba5fbe815203af854e5e77bdbbe0b96d0d1c0da46a6a8dd0a
+    enable: '[% ! c("var/buster") %]'
   - URL: http://security.ubuntu.com/ubuntu/pool/main/a/apt/libapt-pkg5.0_1.6.6ubuntu0.1_amd64.deb
     sha256sum: 0a05a97b1e9b8d52ee8df040a14c5fabdebbb2c2235ac495db29df34f4c8cec3
+    enable: '[% ! c("var/buster") %]'
   - URL: '[% c("var/apt_packages_baseurl") %]/[% c("var/apt_package_filename") %]'
     sha256sum: '[% c("var/apt_package_sha256sum") %]'
     enable: '[% c("var/apt_package_filename") %]'

diff --git a/projects/firefox/build b/projects/firefox/build
@@ -57,6 +57,7 @@ mv -f $rootdir/[% c('input_files_by_name/mozconfig') %] .mozconfig
 [% END -%]
 
 [% IF c("var/android") %]
+  export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64
   gradle_repo=/var/tmp/dist/gradle-dependencies
   export GRADLE_MAVEN_REPOSITORIES="file://$gradle_repo"
   export GRADLE_FLAGS="--no-daemon --offline"

diff --git a/projects/firefox/config b/projects/firefox/config
@@ -57,11 +57,6 @@ targets:
       torbrowser_update_channel: default
       branding_directory: '[% IF c("var/android") %]mobile/android[% ELSE %]browser[% END %]/branding/nightly'
 
-  android:
-    var:
-      arch_deps:
-        - openjdk-8-jdk
-
   linux:
     var:
       post_pkginst: |

diff --git a/projects/tor-android-service/config b/projects/tor-android-service/config
@@ -13,12 +13,6 @@ var:
   # this should be updated when the list of gradle dependencies is changed
   gradle_dependencies_version: 3
 
-targets:
-  android:
-    var:
-      arch_deps:
-        - openjdk-8-jdk
-
 input_files:
   - project: container-image
   - name: '[% c("var/compiler") %]'

diff --git a/projects/tor-browser/build.android b/projects/tor-browser/build.android
@@ -42,9 +42,8 @@ zip -d $apk lib/\*
 rm -fR lib
 
 # Bug 31564: Android Gradle Plugin has a reproducibility bug. Decompile and recompile to fix ordering of resources.arsc files
-apktool=$rootdir/[% c('input_files_by_name/apktool') %]
-java -jar $apktool d --no-src -o decompiled $apk
-java -jar $apktool b -o $apk decompiled
+apktool d --no-src -o decompiled $apk
+apktool b -o $apk decompiled
 # Fix timestamps and remove extra field info from zip entries
 unzip $apk -d tmp
 rm $apk

diff --git a/projects/tor-browser/config b/projects/tor-browser/config
@@ -45,8 +45,8 @@ targets:
     build: '[% INCLUDE build.android %]'
     var:
       arch_deps:
-        - openjdk-8-jdk
         - apksigner
+        - apktool
 
 input_files:
   - project: container-image
@@ -100,7 +100,3 @@ input_files:
   # To generate a new keystore, see how-to-generate-keystore.txt
   - filename: android-qa.keystore
     enable: '[% c("var/android") %]'
-  - URL: https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.4.0.jar
-    name: apktool
-    sha256sum: a0f116e8916d6f21160e1559847bb8b8c32ee71900f321cafeadbe37b87ebcc1
-    enable: '[% c("var/android") %]'
diff --git a/projects/tor-onion-proxy-library/config b/projects/tor-onion-proxy-library/config
@@ -15,12 +15,6 @@ var:
   # this should be updated when the list of gradle dependencies is changed
   gradle_dependencies_version: 3
 
-targets:
-  android:
-    var:
-      arch_deps:
-        - openjdk-8-jdk
-
 input_files:
   - project: container-image
   - name: '[% c("var/compiler") %]'

diff --git a/rbm.conf b/rbm.conf
@@ -219,8 +219,9 @@ targets:
       android_min_api_x86: 16
       android_min_api_x86_64: 21
       snowflake: 0
+      buster: 1
       container:
-        suite: stretch
+        suite: buster
         arch: amd64
       deps:
         - build-essential
@@ -229,7 +230,19 @@ targets:
         - libtool
         - zip
         - unzip
-
+      pre_pkginst: |
+          OPENJDK_URL=https://deb.debian.org/debian/pool/main/o/openjdk-8
+          JDK_VERSION=8u232-b09-1~deb9u1_amd64 
+          export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64
+          apt-get install -y -q wget ca-certificates-java java-common libcups2 liblcms2-2 libjpeg62-turbo libfontconfig1 libnss3 libfreetype6 libpcsclite1 libx11-6 libglib2.0-0 libxrandr2 libxinerama1 libgl1 libgl1-mesa-glx libgtk2.0-0 libatk-wrapper-java-jni libgif7 libpulse0
+          wget $OPENJDK_URL/openjdk-8-jdk_$JDK_VERSION.deb
+          wget $OPENJDK_URL/openjdk-8-jdk-headless_$JDK_VERSION.deb
+          wget $OPENJDK_URL/openjdk-8-jre-headless_$JDK_VERSION.deb
+          wget $OPENJDK_URL/openjdk-8-jre_$JDK_VERSION.deb
+          dpkg -i ./openjdk-8-jre-headless_$JDK_VERSION.deb
+          dpkg -i ./openjdk-8-jdk-headless_$JDK_VERSION.deb
+          dpkg -i ./openjdk-8-jre_$JDK_VERSION.deb
+          dpkg -i ./openjdk-8-jdk_$JDK_VERSION.deb
   torbrowser-linux-x86_64:
     - linux-x86_64
     - linux