version: 2.1 orbs: win: circleci/windows@4.0.0 workflows: version: 2 ci: jobs: - test-cli # - test-gui - build-tor-windows: requires: - test-cli # - build-win64: # requires: # - test-cli # # - test-gui # - build-win32: # requires: # - test-cli # # - test-gui # - build-macos: # requires: # - test-cli # # - test-gui jobs: test-cli: docker: - image: cimg/python:3.9 steps: - checkout - run: name: Install dependencies command: | sudo apt-get update sudo apt-get -y install tor obfs4proxy - restore_cache: key: test-cli-poetry-deps-{{ .Environment.CACHE_VERSION }}-{{ checksum "~/project/cli/poetry.lock" }} - run: name: Install poetry dependencies command: | cd ~/project/cli poetry install - save_cache: key: test-cli-poetry-deps-{{ .Environment.CACHE_VERSION }}-{{ checksum "~/project/cli/poetry.lock" }} paths: - /home/circleci/.cache/pypoetry/virtualenvs - run: name: Run tests command: | cd ~/project/cli poetry run pytest -v ./tests poetry run onionshare-cli --local-only ./tests --auto-stop-timer 2 poetry run onionshare-cli --local-only --receive --auto-stop-timer 2 poetry run onionshare-cli --local-only --website ../docs --auto-stop-timer 2 poetry run onionshare-cli --local-only --chat --auto-stop-timer 2 test-gui: docker: - image: cimg/python:3.9 steps: - checkout - run: name: Install dependencies command: | sudo apt-get update sudo apt-get install -y tor obfs4proxy gcc python3-dev python3-pyside2.qtcore python3-pyside2.qtwidgets python3-pyside2.qtgui sudo apt-get install -y xvfb x11-utils libxkbcommon-x11-0 libxcb-randr0-dev libxcb-xtest0-dev libxcb-xinerama0-dev libxcb-shape0-dev libxcb-xkb-dev libxcb-render-util0 libxcb-icccm4 libxcb-keysyms1 libxcb-image0 - restore_cache: key: test-desktop-poetry-deps-{{ checksum "~/project/desktop/poetry.lock" }}-{{ .Environment.CACHE_VERSION }} - run: name: Install poetry dependencies command: | cd ~/project/desktop poetry install - save_cache: key: test-desktop-poetry-deps-{{ checksum "~/project/desktop/poetry.lock" }}-{{ .Environment.CACHE_VERSION }} paths: - /home/circleci/.cache/pypoetry/virtualenvs - run: name: Run tests command: | cd ~/project/desktop QT_DEBUG_PLUGINS=1 xvfb-run poetry run pytest -v ./tests/test_gui_*.py # Based off of https://github.com/ahf/tor-win32 build-tor-windows: docker: - image: debian:bullseye resource_class: medium+ environment: # NOTE: change when upgrading openssl OPENSSL_VERSION: "3.0.3" # NOTE: change when upgrading libevent LIBEVENT_TAG: release-2.1.12-stable # NOTE: change when upgrading tor TOR_TAG: tor-0.4.7.7 steps: - run: name: Install build dependencies command: | apt-get update apt-get install -y wget build-essential autoconf automake libtool gcc-mingw-w64-i686 gcc-mingw-w64-x86-64 libz-mingw-w64-dev - run: name: Create folders command: | mkdir ~/build mkdir ~/build/src mkdir ~/build/dist mkdir ~/build/prefix-openssl-x32 mkdir ~/build/prefix-openssl-x64 mkdir ~/build/prefix-libevent-x32 mkdir ~/build/prefix-libevent-x64 mkdir ~/build/prefix-tor-x32 mkdir ~/build/prefix-tor-x64 - restore_cache: # NOTE: change when upgrading openssl key: build-tor-windows-download-openssl-3.0.3-{{ .Environment.CACHE_VERSION }} - run: name: Download openssl command: | if [[ -f "/home/circleci/build/dist/openssl-$OPENSSL_VERSION.tar.gz" ]]; then echo "openssl already downloaded, skipping" exit 0 fi cd ~/build/dist # download wget https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz echo "ee0078adcef1de5f003c62c80cc96527721609c6f3bb42b7795df31f8b558c0b openssl-$OPENSSL_VERSION.tar.gz" | sha256sum --check --status if [ $? -ne 0 ]; then echo "openssl checksum failed" exit -1 fi - save_cache: # NOTE: change when upgrading openssl key: build-tor-windows-download-openssl-3.0.3-{{ .Environment.CACHE_VERSION }} paths: - /home/circleci/build/dist/openssl-3.0.3.tar.gz - restore_cache: # NOTE: change when upgrading libevent key: build-tor-windows-download-libevent-2.1.12-stable-{{ .Environment.CACHE_VERSION }} - run: name: Download libevent command: | if [[ -d "/home/circleci/build/dist/libevent" ]]; then echo "livevent already downloaded, skipping" exit 0 fi # git clone curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x9e3ac83a27974b84d1b3401db86086848ef8686d" | gpg --import cd ~/build/dist git clone https://github.com/libevent/libevent.git cd libevent git tag -v $LIBEVENT_TAG if [ $? -ne 0 ]; then echo "libevent tag doesn't verify" exit -1 fi git checkout $LIBEVENT_TAG - save_cache: # NOTE: change when upgrading libevent key: build-tor-windows-download-libevent-2.1.12-stable-{{ .Environment.CACHE_VERSION }} paths: - /home/circleci/build/dist/libevent - restore_cache: # NOTE: change when upgrading tor key: build-tor-windows-download-tor-0.4.7.7-{{ .Environment.CACHE_VERSION }} - run: name: Download tor command: | if [[ -d "/home/circleci/build/dist/tor" ]]; then echo "tor already downloaded, skipping" exit 0 fi # git clone curl https://keys.openpgp.org/vks/v1/by-fingerprint/B74417EDDF22AC9F9E90F49142E86A2A11F48D36 | gpg --import cd ~/build/dist git clone https://git.torproject.org/tor.git cd tor git tag -v $TOR_TAG if [ $? -ne 0 ]; then echo "tor tag doesn't verify" exit -1 fi git checkout $TOR_TAG - save_cache: # NOTE: change when upgrading tor key: build-tor-windows-download-tor-0.4.7.7-{{ .Environment.CACHE_VERSION }} paths: - /home/circleci/build/dist/tor - restore_cache: # NOTE: change when upgrading openssl key: build-tor-windows-openssl-x32-3.0.3-{{ .Environment.CACHE_VERSION }} - run: name: Build openssl (32-bit) command: | if [[ -f "/home/circleci/build/prefix-openssl-x32/bin/openssl.exe" ]]; then echo "openssl (32-bit) already compiled, skipping" exit 0 fi # extract tar zxfv ~/build/dist/openssl-$OPENSSL_VERSION.tar.gz -C ~/build/src/ mv ~/build/src/openssl-$OPENSSL_VERSION ~/build/src/openssl-x32 # build 32-bit export MINGW=mingw export HOST=i686-w64-mingw32 cd ~/build/src/openssl-x32 ./Configure $MINGW shared --cross-compile-prefix=$HOST- --prefix=/home/circleci/build/prefix-openssl-x32 make -j$(nproc) make install - save_cache: # NOTE: change when upgrading openssl key: build-tor-windows-openssl-x32-3.0.3-{{ .Environment.CACHE_VERSION }} paths: - /home/circleci/build/prefix-openssl-x32 - restore_cache: # NOTE: change when upgrading openssl key: build-tor-windows-openssl-x64-3.0.3-{{ .Environment.CACHE_VERSION }} - run: name: Build openssl (64-bit) command: | if [[ -f "/home/circleci/build/prefix-openssl-x64/bin/openssl.exe" ]]; then echo "openssl (64-bit) already compiled, skipping" exit 0 fi # extract tar zxfv ~/build/dist/openssl-$OPENSSL_VERSION.tar.gz -C ~/build/src/ mv ~/build/src/openssl-$OPENSSL_VERSION ~/build/src/openssl-x64 # build 64-bit export MINGW=mingw64 export HOST=x86_64-w64-mingw32 cd ~/build/src/openssl-x64 ./Configure $MINGW shared --cross-compile-prefix=$HOST- --prefix=/home/circleci/build/prefix-openssl-x64 make -j$(nproc) make install - save_cache: # NOTE: change when upgrading openssl key: build-tor-windows-openssl-x64-3.0.3-{{ .Environment.CACHE_VERSION }} paths: - /home/circleci/build/prefix-openssl-x64 - restore_cache: # NOTE: change when upgrading libevent key: build-tor-windows-libevent-x32-2.1.12-stable-{{ .Environment.CACHE_VERSION }} - run: name: Build libevent (32-bit) command: | if [[ -d "/home/circleci/build/prefix-libevent-x32/lib" ]]; then echo "libevent (32-bit) already compiled, skipping" exit 0 fi cp -r ~/build/dist/libevent ~/build/src/libevent-x32 # build 32-bit export MINGW=mingw export HOST=i686-w64-mingw32 cd ~/build/src/libevent-x32 ./autogen.sh ./configure --host=$HOST --prefix=/home/circleci/build/prefix-libevent-x32 --disable-openssl make -j$(nproc) make install - save_cache: # NOTE: change when upgrading libevent key: build-tor-windows-libevent-x32-2.1.12-stable-{{ .Environment.CACHE_VERSION }} paths: - /home/circleci/build/prefix-libevent-x32 - restore_cache: # NOTE: change when upgrading libevent key: build-tor-windows-libevent-x64-2.1.12-stable-{{ .Environment.CACHE_VERSION }} - run: name: Build libevent (64-bit) command: | if [[ -d "/home/circleci/build/prefix-libevent-x64/lib" ]]; then echo "libevent (64-bit) already compiled, skipping" exit 0 fi cp -r ~/build/dist/libevent ~/build/src/libevent-x64 # build 64-bit export MINGW=mingw64 export HOST=x86_64-w64-mingw32 cd ~/build/src/libevent-x64 ./autogen.sh ./configure --host=$HOST --prefix=/home/circleci/build/prefix-libevent-x64 --disable-openssl make -j$(nproc) make install - save_cache: # NOTE: change when upgrading libevent key: build-tor-windows-libevent-x64-2.1.12-stable-{{ .Environment.CACHE_VERSION }} paths: - /home/circleci/build/prefix-libevent-x64 - restore_cache: # NOTE: change when upgrading tor key: build-tor-windows-tor-x32-0.4.7.7-{{ .Environment.CACHE_VERSION }} - run: name: Build tor (32-bit) command: | if [[ -f "/home/circleci/build/prefix-tor-x32/bin/tor.exe" ]]; then echo "tor (32-bit) already compiled, skipping" exit 0 fi cp -r ~/build/dist/tor ~/build/src/tor-x32 # build 32-bit export MINGW=mingw export HOST=i686-w64-mingw32 cd ~/build/src/tor-x32 ./autogen.sh ./configure --host=$HOST \ --disable-asciidoc \ --disable-zstd \ --disable-lzma \ --enable-static-libevent \ --with-libevent-dir=/home/circleci/build/prefix-libevent-x32 \ --enable-static-openssl \ --with-openssl-dir=/home/circleci/build/prefix-openssl-x32 \ --disable-tool-name-check \ --enable-fatal-warnings \ --prefix=/home/circleci/build/prefix-tor-x32 && \ make -j$(nproc) && \ make install - save_cache: # NOTE: change when upgrading tor key: build-tor-windows-tor-x32-0.4.7.7-{{ .Environment.CACHE_VERSION }} paths: - /home/circleci/build/prefix-tor-x32 - restore_cache: # NOTE: change when upgrading tor key: build-tor-windows-tor-x64-0.4.7.7-{{ .Environment.CACHE_VERSION }} - run: name: Build tor (64-bit) command: | if [[ -f "/home/circleci/build/prefix-tor-x64/bin/tor.exe" ]]; then echo "tor (64-bit) already compiled, skipping" exit 0 fi cp -r ~/build/dist/tor ~/build/src/tor-x64 # build 64-bit export MINGW=mingw64 export HOST=x86_64-w64-mingw32 ./autogen.sh cd ~/build/src/tor-x64 ./configure --host=$HOST \ --disable-asciidoc \ --disable-zstd \ --disable-lzma \ --enable-static-libevent \ --with-libevent-dir=/home/circleci/build/prefix-libevent-x64 \ --enable-static-openssl \ --with-openssl-dir=/home/circleci/build/prefix-openssl-x64 \ --disable-tool-name-check \ --enable-fatal-warnings \ --prefix=/home/circleci/build/prefix-tor-x64 && \ make -j$(nproc) && \ make install - save_cache: # NOTE: change when upgrading tor key: build-tor-windows-tor-x64-0.4.7.7-{{ .Environment.CACHE_VERSION }} paths: - /home/circleci/build/prefix-tor-x64 - persist_to_workspace: root: ~/build/prefix paths: - prefix-tor-x32 - prefix-tor-x64 - restore_cache: # NOTE: change when upgrading tor key: build-tor-windows-tor-0.4.7.7-{{ .Environment.CACHE_VERSION }} - run: name: Build tor command: | if [[ -f "/home/circleci/build/prefix-tor-x32/bin/tor.exe" ]]; then echo "tor already compiled, skipping" exit 0 fi # git clone curl https://keys.openpgp.org/vks/v1/by-fingerprint/B74417EDDF22AC9F9E90F49142E86A2A11F48D36 | gpg --import cd ~/build/src git clone https://git.torproject.org/tor.git cd tor git tag -v $TOR_TAG if [ $? -ne 0 ]; then echo "tor tag doesn't verify" exit -1 fi git checkout $TOR_TAG cd ~/build mv ~/build/src/tor ~/build/src/tor-x32 cp -r ~/build/src/tor-x32 ~/build/src/tor-x64 # build 32-bit export MINGW=mingw export HOST=i686-w64-mingw32 cd ~/build/src/tor-x32 ./autogen.sh ./configure --host=$HOST \ --disable-asciidoc \ --disable-zstd \ --disable-lzma \ --enable-static-libevent \ --with-libevent-dir=/home/circleci/build/prefix-libevent-x32 \ --enable-static-openssl \ --with-openssl-dir=/home/circleci/build/prefix-openssl-x32 \ --disable-tool-name-check \ --enable-fatal-warnings \ --prefix=/home/circleci/build/prefix-tor-x32 make -j$(nproc) make install # build 64-bit export MINGW=mingw64 export HOST=x86_64-w64-mingw32 ./autogen.sh cd ~/build/src/tor-x64 ./configure --host=$HOST \ --disable-asciidoc \ --disable-zstd \ --disable-lzma \ --enable-static-libevent \ --with-libevent-dir=/home/circleci/build/prefix-libevent-x64 \ --enable-static-openssl \ --with-openssl-dir=/home/circleci/build/prefix-openssl-x64 \ --disable-tool-name-check \ --enable-fatal-warnings \ --prefix=/home/circleci/build/prefix-tor-x64 make -j$(nproc) make install - save_cache: # NOTE: change when upgrading tor key: build-tor-windows-tor-0.4.7.7-{{ .Environment.CACHE_VERSION }} paths: - /home/circleci/build/prefix-tor-x32 - /home/circleci/build/prefix-tor-x64 - persist_to_workspace: root: ~/build/prefix paths: - prefix-tor-x32 - prefix-tor-x64 build-win64: executor: name: win/default shell: powershell.exe environment: # NOTE: change when upgrading libevent LIBEVENT_TAG: release-2.1.12-stable # NOTE: change when upgrading tor TOR_TAG: tor-0.4.7.7 # NOTE: change when upgrading obfs4proxy OBFS4PROXY_TAG: obfs4proxy-0.0.13 # NOTE: change when upgrading snowflake SNOWFLAKE_TAG: v2.2.0 # NOTE: change when upgrading meek MEEK_TAG: v0.37.0 steps: - checkout - run: name: Install cygwin and required packages shell: bash.exe --login -eo pipefail command: | curl -o setup-x86_64.exe https://cygwin.com/setup-x86_64.exe curl -o setup-x86_64.exe.sig https://cygwin.com/setup-x86_64.exe.sig curl -o pubring.asc https://cygwin.com/key/pubring.asc gpg --import pubring.asc gpg --verify setup-x86_64.exe.sig setup-x86_64.exe if [ $? -ne 0 ]; then echo "cygwin signature doesn't verify" exit -1 fi ./setup-x86_64.exe -q -s https://mirrors.kernel.org/sourceware/cygwin/ \ -P libssl-devel,zlib-devel,git,gcc-core,make,autoconf,automake,libtool,gnupg - restore_cache: # NOTE: change when upgrading libevent key: build-win64-libevent-2.1.12-stable-{{ .Environment.CACHE_VERSION }} - run: name: Build libevent shell: C:\\cygwin64\\bin\\bash.exe --login -eo pipefail command: | if [[ -d "/cygdrive/c/Users/circleci/build/libevent" ]]; then echo "libevent already compiled, skipping" exit 0 fi mkdir -p /cygdrive/c/Users/circleci/src mkdir -p /cygdrive/c/Users/circleci/build # Get source curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x9e3ac83a27974b84d1b3401db86086848ef8686d" | gpg --import cd /cygdrive/c/Users/circleci/src git clone https://github.com/libevent/libevent.git cd libevent git tag -v $LIBEVENT_TAG if [ $? -ne 0 ]; then echo "libevent tag doesn't verify" exit -1 fi git checkout $LIBEVENT_TAG # Build ./autogen.sh ./configure \ --prefix=/cygdrive/c/Users/circleci/build/libevent \ --with-pic make -j$(nproc) make install - save_cache: # NOTE: change when upgrading libevent key: build-win64-libevent-2.1.12-stable-{{ .Environment.CACHE_VERSION }} paths: - C:\Users\circleci\build\libevent - restore_cache: # NOTE: change when upgrading tor key: build-win64-tor-0.4.7.7-{{ .Environment.CACHE_VERSION }} - run: name: Build tor shell: C:\\cygwin64\\bin\\bash.exe --login -eo pipefail command: | if [[ -d "/cygdrive/c/Users/circleci/build/tor" ]]; then echo "tor already compiled, skipping" exit 0 fi mkdir -p /cygdrive/c/Users/circleci/src mkdir -p /cygdrive/c/Users/circleci/build # Get source curl https://keys.openpgp.org/vks/v1/by-fingerprint/B74417EDDF22AC9F9E90F49142E86A2A11F48D36 | gpg --import cd /cygdrive/c/Users/circleci/src git clone https://git.torproject.org/tor.git cd tor git tag -v $TOR_TAG if [ $? -ne 0 ]; then echo "tor tag doesn't verify" exit -1 fi git checkout $TOR_TAG # Build ./autogen.sh ./configure \ --prefix=/cygdrive/c/Users/circleci/build/tor \ --disable-asciidoc \ --enable-static-libevent \ --with-libevent-dir=/cygdrive/c/Users/circleci/build/libevent make -j$(nproc) make install - save_cache: # NOTE: change when upgrading tor key: build-win64-tor-0.4.7.7-{{ .Environment.CACHE_VERSION }} paths: - C:\Users\circleci\build\tor - run: name: Copy tor binaries into project command: | New-Item -ItemType Directory -Force -Path C:\Users\circleci\project\desktop\onionshare\resources\tor Copy-Item -Path C:\Users\circleci\build\tor\bin\tor.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor Copy-Item -Path C:\Users\circleci\build\tor\share\tor\geoip -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor Copy-Item -Path C:\Users\circleci\build\tor\share\tor\geoip6 -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor - restore_cache: # NOTE: change when upgrading obfs4proxy key: build-win64-obfs4proxy-v0.0.13-{{ .Environment.CACHE_VERSION }} - run: name: Build obfs4proxy command: | if ((Test-Path -Path C:\Users\circleci\project\desktop\onionshare\resources\tor\obfs4proxy.exe) -eq $True) { Write-Output "obfs4proxy already built" } else { # curl https://keys.openpgp.org/vks/v1/by-fingerprint/9EB1A490C73CC5D44DFB3E47BFBD1C7B8A6EC81A | gpg --import New-Item -ItemType Directory -Force -Path C:\Users\circleci\src\obfs4proxy cd C:\Users\circleci\src\obfs4proxy git clone https://gitlab.com/yawning/obfs4 cd obfs4 # TODO: verify signature git checkout $OBFS4PROXY_TAG go build .\obfs4proxy Move-Item -Path .\obfs4proxy.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor\obfs4proxy.exe } - save_cache: # NOTE: change when upgrading obfs4proxy key: build-win64-obfs4proxy-v0.0.13-{{ .Environment.CACHE_VERSION }} paths: - C:\Users\circleci\project\desktop\onionshare\resources\tor\obfs4proxy.exe - restore_cache: # NOTE: change when upgrading snowflake key: build-win64-snowflake-v2.1.0-{{ .Environment.CACHE_VERSION }} - run: name: Build snowflake-client command: | if ((Test-Path -Path C:\Users\circleci\project\desktop\onionshare\resources\tor\snowflake-client.exe) -eq $True) { Write-Output "snowflake already built" } else { New-Item -ItemType Directory -Force -Path C:\Users\circleci\src\obfs4proxy cd C:\Users\circleci\src\obfs4proxy git clone https://git.torproject.org/pluggable-transports/snowflake.git cd snowflake # TODO: verify signature git checkout $SNOWFLAKE_TAG go build .\client Move-Item -Path .\client.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor\snowflake-client.exe } - save_cache: # NOTE: change when upgrading snowflake key: build-win64-snowflake-v2.1.0-{{ .Environment.CACHE_VERSION }} paths: - C:\Users\circleci\project\desktop\onionshare\resources\tor\snowflake-client.exe - restore_cache: # NOTE: change when upgrading meek key: build-win64-meek-v0.37.0-{{ .Environment.CACHE_VERSION }} - run: name: Build meek-client command: | if ((Test-Path -Path C:\Users\circleci\project\desktop\onionshare\resources\tor\meek-client.exe) -eq $True) { Write-Output "snowflake already built" } else { New-Item -ItemType Directory -Force -Path C:\Users\circleci\src\meek cd C:\Users\circleci\src\meek git clone https://git.torproject.org/pluggable-transports/meek.git cd meek # TODO: verify signature git checkout $MEEK_TAG go build .\meek-client Move-Item -Path .\meek-client.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor\meek-client.exe } - save_cache: # NOTE: change when upgrading meek key: build-win64-meek-v0.37.0-{{ .Environment.CACHE_VERSION }} paths: - C:\Users\circleci\project\desktop\onionshare\resources\tor\Tor\meek-client.exe - run: name: Install Python 3.9.12 command: | choco install python3 --version=3.9.12 - run: name: Install poetry command: (Invoke-WebRequest -Uri https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py -UseBasicParsing).Content | python - - restore_cache: key: build-win64-desktop-poetry-deps-{{ checksum "~/project/desktop/poetry.lock" }}-{{ .Environment.CACHE_VERSION }} - run: name: Install poetry dependencies command: | cd C:\Users\circleci\project\desktop poetry install - save_cache: key: build-win64-desktop-poetry-deps-{{ checksum "~/project/desktop/poetry.lock" }}-{{ .Environment.CACHE_VERSION }} paths: - C:\Users\circleci\AppData\Local\pypoetry\Cache\virtualenvs - run: name: Build OnionShare command: | cd ~\project\desktop poetry run python .\setup-freeze.py build poetry run python .\scripts\build-windows.py cleanup-build - run: name: Compress command: | mv ~\project\desktop\build\exe.win-amd64-3.9\ ~\onionshare-win64 Compress-Archive -LiteralPath ~\onionshare-win64 -DestinationPath ~\onionshare-win64.zip - store_artifacts: path: ~\onionshare-win64.zip build-win32: executor: name: win/default shell: powershell.exe environment: # NOTE: change when upgrading tor TOR_TAG: tor-0.4.7.7 # NOTE: change when upgrading obfs4proxy OBFS4PROXY_TAG: obfs4proxy-0.0.13 # NOTE: change when upgrading snowflake SNOWFLAKE_TAG: v2.2.0 # NOTE: change when upgrading meek MEEK_TAG: v0.37.0 steps: - checkout - run: name: Install cygwin (32-bit) and required packages shell: bash.exe --login -eo pipefail command: | curl -o setup-x86.exe https://cygwin.com/setup-x86.exe curl -o setup-x86.exe.sig https://cygwin.com/setup-x86.exe.sig curl -o pubring.asc https://cygwin.com/key/pubring.asc gpg --import pubring.asc gpg --verify setup-x86.exe.sig setup-x86.exe if [ $? -ne 0 ]; then echo "cygwin signature doesn't verify" exit -1 fi ./setup-x86.exe -q -s https://mirrors.kernel.org/sourceware/cygwin/ \ -P libssl-devel,libevent-devel,zlib-devel,git,gcc-core,make,autoconf,automake,libtool,gnupg - restore_cache: # NOTE: change when upgrading tor key: build-win32-tor-0.4.7.7-{{ .Environment.CACHE_VERSION }} - run: name: Build tor shell: C:\\cygwin\\bin\\bash.exe --login -eo pipefail command: | if [[ -d "/cygdrive/c/Users/circleci/build/tor" ]]; then echo "tor already compiled, skipping" exit 0 fi mkdir -p /cygdrive/c/Users/circleci/src mkdir -p /cygdrive/c/Users/circleci/build # Get source curl https://keys.openpgp.org/vks/v1/by-fingerprint/B74417EDDF22AC9F9E90F49142E86A2A11F48D36 | gpg --import cd /cygdrive/c/Users/circleci/src git clone https://git.torproject.org/tor.git cd tor git tag -v $TOR_TAG if [ $? -ne 0 ]; then echo "tor tag doesn't verify" exit -1 fi git checkout $TOR_TAG # Build ./autogen.sh ./configure \ --prefix=/opt/tor-build \ --disable-asciidoc make -j$(nproc) make install cp -r /opt/tor-build /cygdrive/c/Users/circleci/build/tor - save_cache: # NOTE: change when upgrading tor key: build-win32-tor-0.4.7.7-{{ .Environment.CACHE_VERSION }} paths: - C:\Users\circleci\build\tor - run: name: Copy tor binaries into project command: | New-Item -ItemType Directory -Force -Path C:\Users\circleci\project\desktop\onionshare\resources\tor Copy-Item -Path C:\Users\circleci\build\tor\bin\tor.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor Copy-Item -Path C:\Users\circleci\build\tor\share\tor\geoip -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor Copy-Item -Path C:\Users\circleci\build\tor\share\tor\geoip6 -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor - run: name: Install golang (32-bit) command: | cd ~\Downloads Invoke-WebRequest -Uri https://go.dev/dl/go1.18.windows-386.msi -OutFile go1.18.windows-386.msi msiexec.exe /i go1.18.windows-386.msi /quiet /L*V go-install.log - restore_cache: # NOTE: change when upgrading obfs4proxy key: build-win32-obfs4proxy-v0.0.13-{{ .Environment.CACHE_VERSION }} - run: name: Build obfs4proxy (32-bit) command: | if ((Test-Path -Path C:\Users\circleci\project\desktop\onionshare\resources\tor\obfs4proxy.exe) -eq $True) { Write-Output "obfs4proxy already built" } else { # curl https://keys.openpgp.org/vks/v1/by-fingerprint/9EB1A490C73CC5D44DFB3E47BFBD1C7B8A6EC81A | gpg --import New-Item -ItemType Directory -Force -Path C:\Users\circleci\src\obfs4proxy cd C:\Users\circleci\src\obfs4proxy git clone https://gitlab.com/yawning/obfs4 cd obfs4 # TODO: verify signature git checkout $OBFS4PROXY_TAG "C:\Program Files (x86)\Go\bin\go" build .\obfs4proxy Move-Item -Path .\obfs4proxy.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor\obfs4proxy.exe } - save_cache: # NOTE: change when upgrading obfs4proxy key: build-win32-obfs4proxy-v0.0.13-{{ .Environment.CACHE_VERSION }} paths: - C:\Users\circleci\project\desktop\onionshare\resources\tor\obfs4proxy.exe - restore_cache: # NOTE: change when upgrading snowflake key: build-win32-snowflake-v2.1.0-{{ .Environment.CACHE_VERSION }} - run: name: Build snowflake-client (32-bit) command: | if ((Test-Path -Path C:\Users\circleci\project\desktop\onionshare\resources\tor\snowflake-client.exe) -eq $True) { Write-Output "snowflake already built" } else { New-Item -ItemType Directory -Force -Path C:\Users\circleci\src\obfs4proxy cd C:\Users\circleci\src\obfs4proxy git clone https://git.torproject.org/pluggable-transports/snowflake.git cd snowflake # TODO: verify signature git checkout $SNOWFLAKE_TAG "C:\Program Files (x86)\Go\bin\go" build .\client Move-Item -Path .\client.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor\snowflake-client.exe } - save_cache: # NOTE: change when upgrading snowflake key: build-win32-snowflake-v2.1.0-{{ .Environment.CACHE_VERSION }} paths: - C:\Users\circleci\project\desktop\onionshare\resources\tor\snowflake-client.exe - restore_cache: # NOTE: change when upgrading meek key: build-win32-meek-v0.37.0-{{ .Environment.CACHE_VERSION }} - run: name: Build meek-client (32-bit) command: | if ((Test-Path -Path C:\Users\circleci\project\desktop\onionshare\resources\tor\meek-client.exe) -eq $True) { Write-Output "snowflake already built" } else { New-Item -ItemType Directory -Force -Path C:\Users\circleci\src\meek cd C:\Users\circleci\src\meek git clone https://git.torproject.org/pluggable-transports/meek.git cd meek # TODO: verify signature git checkout $MEEK_TAG "C:\Program Files (x86)\Go\bin\go" build .\meek-client Move-Item -Path .\meek-client.exe -Destination C:\Users\circleci\project\desktop\onionshare\resources\tor\meek-client.exe } - save_cache: # NOTE: change when upgrading meek key: build-win32-meek-v0.37.0-{{ .Environment.CACHE_VERSION }} paths: - C:\Users\circleci\project\desktop\onionshare\resources\tor\Tor\meek-client.exe - run: name: Install Python 3.9.12 (32-bit) command: | choco install python3 --params "/InstallDir32:C:\Python-32bit" --version=3.9.12 - run: name: Install poetry (32-bit) command: C:\Python-32bit\Scripts\pip install poetry - restore_cache: key: build-win32-desktop-poetry-deps-{{ checksum "~/project/desktop/poetry.lock" }}-{{ .Environment.CACHE_VERSION }} - run: name: Install poetry dependencies command: | cd ~\project\desktop C:\Python-32bit\Scripts\poetry install - save_cache: key: build-win32-desktop-poetry-deps-{{ checksum "~/project/desktop/poetry.lock" }}-{{ .Environment.CACHE_VERSION }} paths: - C:\Users\circleci\AppData\Local\pypoetry\Cache\virtualenvs - run: name: Build OnionShare command: | cd ~\project\desktop C:\Python-32bit\Scripts\poetry run python .\setup-freeze.py build C:\Python-32bit\Scripts\poetry run python .\scripts\build-windows.py cleanup-build - run: name: Compress command: | mv ~\project\desktop\build\exe.win32-3.9\ ~\onionshare-win32 Compress-Archive -LiteralPath ~\onionshare-win32 -DestinationPath ~\onionshare-win32.zip - store_artifacts: path: ~\onionshare-win32.zip build-macos: macos: xcode: 12.5.1 environment: BINARY_DIR: /Users/distiller/bin steps: - checkout - run: name: Install Homebrew dependencies command: | brew install wget brew install go - restore_cache: key: build-libevent-2.1.12-tor-0.4.6.10 - run: name: Build libevent and tor command: | mkdir -p $BINARY_DIR/tor # Download and verify libevent cd ~/Downloads URL=https://github.com/libevent/libevent/releases/download/release-2.1.12-stable/libevent-2.1.12-stable.tar.gz FILENAME=libevent-2.1.12-stable.tar.gz EXPECTED_SHA256=92e6de1be9ec176428fd2367677e61ceffc2ee1cb119035037a27d346b0403bb wget $URL SHA256=$(shasum -a 256 $FILENAME | cut -d" " -f1) if [ "$SHA256" != "$EXPECTED_SHA256" ]; then echo "Failed" && exit -1; fi tar -xvf $FILENAME # Build libevent cd libevent-2.1.12-stable ./configure --disable-openssl --prefix=$BINARY_DIR/tor make make install # Download and verify tor cd ~/Downloads URL=https://dist.torproject.org/tor-0.4.6.10.tar.gz FILENAME=tor-0.4.6.10.tar.gz EXPECTED_SHA256=94ccd60e04e558f33be73032bc84ea241660f92f58cfb88789bda6893739e31c wget $URL SHA256=$(shasum -a 256 $FILENAME | cut -d" " -f1) if [ "$SHA256" != "$EXPECTED_SHA256" ]; then echo "Failed" && exit -1; fi tar -xvf $FILENAME # Build tor cd tor-0.4.6.10 ./configure --prefix=$BINARY_DIR/tor make make install - save_cache: key: build-libevent-2.1.12-tor-0.4.6.10 paths: - /Users/distiller/bin/tor - restore_cache: key: build-macos-obfs4proxy-v0.0.13 - run: name: Build obfs4proxy command: | # Get source code mkdir ~/Downloads/obfs4proxy cd ~/Downloads/obfs4proxy git clone https://gitlab.com/yawning/obfs4 cd obfs4 git checkout obfs4proxy-0.0.13 # Build go build -o $BINARY_DIR/obfs4proxy ./obfs4proxy - save_cache: key: build-macos-obfs4proxy-v0.0.13 paths: - /Users/distiller/bin/obfs4proxy - restore_cache: key: build-macos-snowflake-v2.1.0 - run: name: Build snowflake-client command: | # Get source code mkdir ~/Downloads/snowflake-client cd ~/Downloads/snowflake-client git clone https://git.torproject.org/pluggable-transports/snowflake.git cd snowflake git checkout v2.1.0 # Build go build -o $BINARY_DIR/snowflake-client ./client - save_cache: key: build-macos-snowflake-v2.1.0 paths: - /Users/distiller/bin/snowflake-client - restore_cache: key: build-macos-meek-v0.37.0 - run: name: Build meek-client command: | # Get source code mkdir ~/Downloads/meek-client cd ~/Downloads/meek-client git clone https://git.torproject.org/pluggable-transports/meek.git cd meek git checkout v0.37.0 # Build go build -o $BINARY_DIR/meek-client ./meek-client - save_cache: key: build-macos-meek-v0.37.0 paths: - /Users/distiller/bin/meek-client - run: name: Copy binaries into app command: | export DEST=~\project\desktop\onionshare\resources\tor cp $BINARY_DIR/tor/bin/tor $DEST cp $BINARY_DIR/tor/lib/libevent-2.1.7.dylib $DEST cp $BINARY_DIR/tor/share/tor/geoip* $DEST cp $BINARY_DIR/obfs4proxy $DEST cp $BINARY_DIR/snowflake-client $DEST cp $BINARY_DIR/meek-client $DEST - run: name: Install Python 3.9.12 command: | wget https://www.python.org/ftp/python/3.9.12/python-3.9.12-macosx10.9.pkg -O ~/Downloads/python.pkg sudo installer -pkg ~/Downloads/python.pkg -target / - run: name: Install poetry command: | pip3 install poetry ln -s /Library/Frameworks/Python.framework/Versions/3.9/bin/poetry /usr/local/bin - run: name: Install poetry dependencies command: | cd ~/project/desktop poetry install - run: name: Build OnionShare command: | cd ~/project/desktop poetry run python ./setup-freeze.py build poetry run python ./setup-freeze.py bdist_mac poetry run python ./scripts/build-macos.py cleanup-build - run: name: Compress command: | cd ~/project/desktop/build zip -r ~/onionshare-macos.zip OnionShare.app - store_artifacts: path: ~/onionshare-macos.zip