• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2#
3# Copyright (C) 2021 The Android Open Source Project
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#      http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#
17
18. $SCRIPT_DIR/common.sh
19
20iptables=iptables-1.8.7
21debian_iptables=1.8.7-1
22cuttlefish=android-cuttlefish
23
24setup_and_build_iptables() {
25  get_installed_packages >/root/originally-installed
26
27  # Install everything needed from bullseye to build iptables
28  apt-get install -y \
29    build-essential \
30    autoconf \
31    automake \
32    bison \
33    debhelper \
34    devscripts \
35    fakeroot \
36    flex \
37    libmnl-dev \
38    libnetfilter-conntrack-dev \
39    libnfnetlink-dev \
40    libnftnl-dev \
41    libtool
42
43  # Construct the iptables source package to build
44  mkdir -p /usr/src/$iptables
45
46  cd /usr/src/$iptables
47    # Download a specific revision of iptables from AOSP
48    wget -qO - \
49      https://android.googlesource.com/platform/external/iptables/+archive/master.tar.gz | \
50      tar -zxf -
51    # Download a compatible 'debian' overlay from Debian salsa
52    # We don't want all of the sources, just the Debian modifications
53    # NOTE: This will only work if Android always uses a version of iptables
54    #       that exists for Debian as well.
55    debian_iptables_dir=pkg-iptables-debian-$debian_iptables
56    wget -qO - \
57      https://salsa.debian.org/pkg-netfilter-team/pkg-iptables/-/archive/debian/$debian_iptables/$debian_iptables_dir.tar.gz | \
58      tar --strip-components 1 -zxf - \
59      $debian_iptables_dir/debian
60  cd -
61
62  cd /usr/src
63    # Generate a source package to leave in the filesystem. This is done for
64    # license compliance and build reproducibility.
65    tar --exclude=debian -cf - $iptables | \
66      xz -9 >$(echo $iptables | tr -s '-' '_').orig.tar.xz
67  cd -
68
69  cd /usr/src/$iptables
70    # Build debian packages from the integrated iptables source
71    dpkg-buildpackage -F -d -us -uc
72  cd -
73
74  get_installed_packages >/root/installed
75  remove_installed_packages /root/originally-installed /root/installed
76  apt-get clean
77}
78
79install_and_cleanup_iptables() {
80  cd /usr/src
81    # Find any packages generated, resolve to the debian package name, then
82    # exclude any compat, header or symbol packages
83    packages=$(find -maxdepth 1 -name '*.deb' | colrm 1 2 | cut -d'_' -f1 |
84               grep -ve '-compat$\|-dbg$\|-dbgsym$\|-dev$' | xargs)
85    # Install the patched iptables packages, and 'hold' then so
86    # "apt-get dist-upgrade" doesn't replace them
87    apt-get install --allow-downgrades -y -f \
88      $(for package in $packages; do echo ./${package}_*.deb; done | xargs)
89    for package in $packages; do
90      echo "$package hold" | LANG=C dpkg --set-selections
91    done
92    update-alternatives --set iptables /usr/sbin/iptables-legacy
93
94    # Tidy up the mess we left behind, leaving just the source tarballs
95    rm -rf $iptables *.{buildinfo,changes,deb,dsc}
96  cd -
97}
98
99setup_and_build_cuttlefish() {
100  get_installed_packages >/root/originally-installed
101
102  # Install everything needed from bullseye to build cuttlefish-common
103  apt-get install -y \
104    cdbs \
105    config-package-dev \
106    debhelper \
107    dpkg-dev \
108    git \
109    golang
110
111  if [ "$(uname -m)" = "arm64" ]; then
112    apt-get install -y libc6-dev:amd64
113  fi
114
115  # Fetch cuttlefish and build it for cuttlefish-common
116  git clone https://github.com/google/android-cuttlefish.git /usr/src/$cuttlefish
117  cd /usr/src/$cuttlefish
118    dpkg-buildpackage -d -uc -us
119  cd -
120
121  get_installed_packages >/root/installed
122  remove_installed_packages /root/originally-installed /root/installed
123  apt-get clean
124}
125
126install_and_cleanup_cuttlefish() {
127  # Install and clean up cuttlefish-common
128  cd /usr/src
129    apt-get install -y -f ./cuttlefish-common_*.deb
130    rm -rf $cuttlefish cuttlefish*.{buildinfo,changes,deb,dsc}
131  cd -
132}
133
134bullseye_cleanup() {
135  # SELinux is supported by our kernels, but we don't install the policy files
136  # which causes an error to be printed by systemd. Disable selinux.
137  echo "SELINUX=disabled" >/etc/selinux/config
138
139  # Switch binfmt misc over to a static mount, to avoid an autofs4 dependency
140  systemctl mask proc-sys-fs-binfmt_misc.automount
141  systemctl enable proc-sys-fs-binfmt_misc.mount
142
143  # This package gets pulled in as a phantom dependency. Remove it
144  apt-get purge -y gcc-9-base
145
146  cleanup
147}
148