diff --git a/src/Build/Packaging/openwrt/package/utils/veracrypt/Makefile.in b/src/Build/Packaging/openwrt/package/utils/veracrypt/Makefile.in index 780bc6b7..6b73e8e0 100644 --- a/src/Build/Packaging/openwrt/package/utils/veracrypt/Makefile.in +++ b/src/Build/Packaging/openwrt/package/utils/veracrypt/Makefile.in @@ -11,9 +11,8 @@ PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) PKG_BUILD_PARALLEL:=1 PKG_BUILD_DEPENDS:=fuse3 pcsc-lite -WXWIDGETS_VERSION:=@WXWIDGETS_VERSION@ -VERACRYPT_SOURCE_DIR:=@VERACRYPT_SOURCE_DIR@ -WXWIDGETS_SOURCE_DIR:=@WXWIDGETS_SOURCE_DIR@ +VERACRYPT_STAGED_SOURCE:=sources/veracrypt +WXWIDGETS_STAGED_SOURCE:=sources/wxWidgets include $(INCLUDE_DIR)/package.mk @@ -34,8 +33,8 @@ define Package/veracrypt/description endef define Build/Prepare - rm -rf $(PKG_BUILD_DIR) - $(INSTALL_DIR) $(PKG_BUILD_DIR) + rm -rf "$(PKG_BUILD_DIR)" + $(INSTALL_DIR) "$(PKG_BUILD_DIR)" rsync -a --delete \ --exclude .git \ --exclude 'src/wxrelease' \ @@ -45,8 +44,8 @@ define Build/Prepare --exclude '*.o' \ --exclude '*.d' \ --exclude '*.a' \ - $(VERACRYPT_SOURCE_DIR)/ $(PKG_BUILD_DIR)/veracrypt/ - rsync -a --delete $(WXWIDGETS_SOURCE_DIR)/ $(PKG_BUILD_DIR)/wxWidgets-$(WXWIDGETS_VERSION)/ + "$(VERACRYPT_STAGED_SOURCE)/" "$(PKG_BUILD_DIR)/veracrypt/" + rsync -a --delete "$(WXWIDGETS_STAGED_SOURCE)/" "$(PKG_BUILD_DIR)/wxWidgets/" endef define Build/Configure @@ -60,7 +59,7 @@ VC_COMMON_MAKE_FLAGS = \ RANLIB="$(TARGET_RANLIB)" \ PKG_CONFIG="$(PKG_CONFIG)" \ PKG_CONFIG_PATH="$(PKG_CONFIG_PATH)" \ - WX_ROOT="$(PKG_BUILD_DIR)/wxWidgets-$(WXWIDGETS_VERSION)" \ + WX_ROOT="$(PKG_BUILD_DIR)/wxWidgets" \ WX_BUILD_DIR="$(PKG_BUILD_DIR)/wxBuildConsole" \ WX_CONFIGURE_EXTRA_FLAGS="--target=$(GNU_TARGET_NAME) --host=$(GNU_TARGET_NAME) --build=$(GNU_HOST_NAME) --prefix=/usr --exec-prefix=/usr --disable-rpath" \ TC_EXTRA_CFLAGS="$(TARGET_CFLAGS) $(TARGET_CPPFLAGS)" \ @@ -74,18 +73,18 @@ VC_COMMON_MAKE_FLAGS = \ VERBOSE=1 define Build/Compile - +$(MAKE) -C $(PKG_BUILD_DIR)/veracrypt/src $(VC_COMMON_MAKE_FLAGS) clean - +$(MAKE) -C $(PKG_BUILD_DIR)/veracrypt/src $(VC_COMMON_MAKE_FLAGS) wxbuild - +$(MAKE) -C $(PKG_BUILD_DIR)/veracrypt/src $(PKG_JOBS) $(VC_COMMON_MAKE_FLAGS) + +$(MAKE) -C "$(PKG_BUILD_DIR)/veracrypt/src" $(VC_COMMON_MAKE_FLAGS) clean + +$(MAKE) -C "$(PKG_BUILD_DIR)/veracrypt/src" $(VC_COMMON_MAKE_FLAGS) wxbuild + +$(MAKE) -C "$(PKG_BUILD_DIR)/veracrypt/src" $(PKG_JOBS) $(VC_COMMON_MAKE_FLAGS) endef define Package/veracrypt/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/veracrypt/src/Main/veracrypt $(1)/usr/bin/veracrypt - $(INSTALL_DIR) $(1)/sbin - $(INSTALL_BIN) $(PKG_BUILD_DIR)/veracrypt/src/Setup/Linux/mount.veracrypt $(1)/sbin/mount.veracrypt - $(INSTALL_DIR) $(1)/usr/share/licenses/veracrypt - $(INSTALL_DATA) $(PKG_BUILD_DIR)/veracrypt/src/License.txt $(1)/usr/share/licenses/veracrypt/License.txt + $(INSTALL_DIR) "$(1)/usr/bin" + $(INSTALL_BIN) "$(PKG_BUILD_DIR)/veracrypt/src/Main/veracrypt" "$(1)/usr/bin/veracrypt" + $(INSTALL_DIR) "$(1)/sbin" + $(INSTALL_BIN) "$(PKG_BUILD_DIR)/veracrypt/src/Setup/Linux/mount.veracrypt" "$(1)/sbin/mount.veracrypt" + $(INSTALL_DIR) "$(1)/usr/share/licenses/veracrypt" + $(INSTALL_DATA) "$(PKG_BUILD_DIR)/veracrypt/src/License.txt" "$(1)/usr/share/licenses/veracrypt/License.txt" endef $(eval $(call BuildPackage,veracrypt)) diff --git a/src/Build/build_veracrypt_openwrt.sh b/src/Build/build_veracrypt_openwrt.sh index ea10a777..1951f5b2 100755 --- a/src/Build/build_veracrypt_openwrt.sh +++ b/src/Build/build_veracrypt_openwrt.sh @@ -68,6 +68,17 @@ require_option_arg() { [ $# -ge 2 ] || die "Option $1 requires an argument" } +validate_version_token() { + name=$1 + value=$2 + + case "$value" in + ''|*[!A-Za-z0-9._+-]*) + die "$name must contain only letters, digits, '.', '_', '+', or '-'" + ;; + esac +} + download_file() { url=$1 out=$2 @@ -236,20 +247,53 @@ sed_escape() { printf '%s' "$1" | sed 's/[&|]/\\&/g' } +assert_package_dir_outside_checkout() { + package_dir=$1 + + case "$package_dir/" in + "$REPOROOT"/*) + die "OpenWrt package directory is inside the VeraCrypt checkout; choose a --work-dir or --sdk-dir outside the repository" + ;; + esac +} + +stage_package_sources() { + package_dir=$1 + staging_dir="$package_dir/sources" + + assert_package_dir_outside_checkout "$package_dir" + + rm -rf "$staging_dir" + mkdir -p "$staging_dir/veracrypt" "$staging_dir/wxWidgets" + + rsync -a --delete \ + --exclude .git \ + --exclude 'src/wxrelease' \ + --exclude 'src/wxdebug' \ + --exclude 'src/Main/veracrypt' \ + --exclude 'src/Setup/Linux/usr' \ + --exclude '*.o' \ + --exclude '*.d' \ + --exclude '*.a' \ + "$REPOROOT/" "$staging_dir/veracrypt/" + + rsync -a --delete "$WX_SOURCE_DIR/" "$staging_dir/wxWidgets/" +} + render_package_makefile() { version=$(sed -n 's/^#define[[:space:]][[:space:]]*VERSION_STRING[[:space:]][[:space:]]*"\([^"]*\)".*/\1/p' "$SOURCEPATH/Common/Tcdefs.h" | head -n 1) [ -n "$version" ] || die "Could not determine VeraCrypt version from src/Common/Tcdefs.h" + validate_version_token "VeraCrypt version" "$version" package_dir="$SDK_DIR/package/utils/veracrypt" template="$REPOROOT/src/Build/Packaging/openwrt/package/utils/veracrypt/Makefile.in" + assert_package_dir_outside_checkout "$package_dir" rm -rf "$package_dir" mkdir -p "$package_dir" + stage_package_sources "$package_dir" sed \ -e "s|@VERACRYPT_VERSION@|$(sed_escape "$version")|g" \ - -e "s|@VERACRYPT_SOURCE_DIR@|$(sed_escape "$REPOROOT")|g" \ - -e "s|@WXWIDGETS_VERSION@|$(sed_escape "$WX_VERSION")|g" \ - -e "s|@WXWIDGETS_SOURCE_DIR@|$(sed_escape "$WX_SOURCE_DIR")|g" \ "$template" > "$package_dir/Makefile" VERACRYPT_VERSION=$version @@ -369,6 +413,7 @@ case "$JOBS" in ;; esac [ "$JOBS" -gt 0 ] || die "jobs must be a positive integer" +validate_version_token "wxWidgets version" "$WX_VERSION" need_tool awk need_tool find diff --git a/src/Build/test_veracrypt_openwrt_qemu.py b/src/Build/test_veracrypt_openwrt_qemu.py index 67499c9c..8ba0e466 100755 --- a/src/Build/test_veracrypt_openwrt_qemu.py +++ b/src/Build/test_veracrypt_openwrt_qemu.py @@ -713,12 +713,13 @@ def run_guest_tests(args, console, http_port, packages): raise TestError("algorithm self-test did not report success") if not args.skip_container: - escaped_password = args.password.replace("'", "'\"'\"'") + quoted_container_size = sh_quote(args.container_size) + quoted_password = sh_quote(args.password) console.run("dd if=/dev/urandom of=/tmp/vc-random.bin bs=1M count=1", timeout=120) console.run( "veracrypt --text --create /tmp/openwrt-test.hc " - f"--size={args.container_size} " - f"--password='{escaped_password}' " + f"--size={quoted_container_size} " + f"--password={quoted_password} " "--encryption=AES --hash=SHA-512 --filesystem=none " "--volume-type=normal --random-source=/tmp/vc-random.bin " "--quick --force --non-interactive", @@ -727,7 +728,7 @@ def run_guest_tests(args, console, http_port, packages): console.run("mkdir -p /mnt/veracrypt-test", timeout=60) console.run( "veracrypt --text --mount /tmp/openwrt-test.hc /mnt/veracrypt-test " - f"--password='{escaped_password}' " + f"--password={quoted_password} " "--pim=0 --keyfiles='' --protect-hidden=no --filesystem=none --non-interactive", timeout=240, )