[tbb-commits] [tor-browser-bundle/master] Bug 15578: Switch Linux descriptors over to Wheezy
gk at torproject.org
gk at torproject.org
Fri Jan 22 10:17:39 UTC 2016
commit f78282bad0e1e2255adcf65198137ee14d7b2235
Author: Georg Koppen <gk at torproject.org>
Date: Mon Dec 7 12:33:16 2015 +0000
Bug 15578: Switch Linux descriptors over to Wheezy
Besides using Wheezy for building Linux bundles this patch cleans up our
usage of libfaketime as well to make it obvious where exactly we still
need it.
---
gitian/Makefile | 2 +-
gitian/README.build | 2 +-
gitian/check-prerequisites.sh | 41 ++++++++++----------
gitian/descriptors/linux/gitian-bundle.yml | 7 +---
gitian/descriptors/linux/gitian-firefox.yml | 9 ++---
.../linux/gitian-pluggable-transports.yml | 7 ++--
gitian/descriptors/linux/gitian-tor.yml | 7 ++--
gitian/descriptors/linux/gitian-utils.yml | 40 ++++++++++++++-----
gitian/make-vms.sh | 29 ++++++++------
9 files changed, 85 insertions(+), 59 deletions(-)
diff --git a/gitian/Makefile b/gitian/Makefile
index 8f89bca..50d4328 100644
--- a/gitian/Makefile
+++ b/gitian/Makefile
@@ -120,7 +120,7 @@ clean-bundle:
vmclean:
rm -rf ../../gitian-builder/*.qcow2
rm -rf ../../gitian-builder/base-*
- rm -rf ../../gitian-builder/target-{lucid,precise}*
+ rm -rf ../../gitian-builder/target-{lucid,wheezy,precise}*
distclean: vmclean
rm -rf ../../gitian-builder/inputs/*
diff --git a/gitian/README.build b/gitian/README.build
index f289791..4d01d6a 100644
--- a/gitian/README.build
+++ b/gitian/README.build
@@ -177,7 +177,7 @@ Known Issues and Quirks:
where 'make vmclean' causes the rebuild of two VMs in a row.. This might
trigger weird bugs in python-vm-builder.. To rebuild only one set of VMs,
use either 'rm ../../gitian-builder/*precise*' (to remove the Windows/Mac
- VMs) or 'rm ../../gitian-builder/*lucid*' (to remove the Linux VMs).
+ VMs) or 'rm ../../gitian-builder/*wheezy*' (to remove the Linux VMs).
You probably want to make sure you have no stray qemu processes before
rebuilding the VMs or starting a new build, too. 'killall qemu-kvm' is
diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh
index cc16d0e..a5f8393 100755
--- a/gitian/check-prerequisites.sh
+++ b/gitian/check-prerequisites.sh
@@ -17,7 +17,7 @@ then
VERSION=`cat /etc/issue | grep -Eo '[0-9]{2}' | head -1`
if [ "$VERSION" -ge "14" ];
then
- dpkg -s ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null
+ dpkg -s ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null
if [ $? -ne 0 ];
then
@@ -25,7 +25,7 @@ then
echo
echo "Please run:"
echo " sudo apt-get install torsocks tor"
- echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion"
+ echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion"
exit 1
fi
else
@@ -45,28 +45,29 @@ then
echo " sudo torsocks apt-get install ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip python-cheetah debootstrap parted kpartx rsync"
exit 1
fi
-
- # python-vm-builder is special as we don't have a Debian package for it.
- vmbuilder --help 2>/dev/null >/dev/null
- if [ $? -ne 0 ];
- then
- echo "The VM tool python-vm-builder is missing."
- echo
- echo "Please run"
- echo 'torsocks wget -U "" http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr489.orig.tar.gz'
- echo 'echo "ec12e0070a007989561bfee5862c89a32c301992dd2771c4d5078ef1b3014f03 vm-builder_0.12.4+bzr489.orig.tar.gz" | sha256sum -c'
- echo "# (verification -- must return OK)"
- echo "tar -zxvf vm-builder_0.12.4+bzr489.orig.tar.gz"
- echo "cd vm-builder-0.12.4+bzr489"
- echo "sudo python setup.py install"
- echo "cd .."
- exit 1
- fi
else
echo "We need Debian or Ubuntu which seem to be missing. Aborting."
exit 1
fi
+# vmbuilder is special as we don't have a package for it yet.
+# XXX: Make sure an already installed vmbuilder is recent enough.
+vmbuilder --help 2>/dev/null >/dev/null
+if [ $? -ne 0 ];
+then
+ echo "The VM tool python-vm-builder is missing."
+ echo
+ echo "Please run"
+ echo 'torsocks wget -U "" https://bugs.launchpad.net/ubuntu/+archive/primary/+files/vm-builder_0.12.4+bzr494.orig.tar.gz'
+ echo 'echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c'
+ echo "# (verification -- must return OK)"
+ echo "tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz"
+ echo "cd vm-builder-0.12.4+bzr494"
+ echo "sudo python setup.py install"
+ echo "cd .."
+ exit 1
+fi
+
update_responses_pkg="libyaml-perl libfile-slurp-perl libxml-writer-perl libio-captureoutput-perl libfile-which-perl libparallel-forkmanager-perl libxml-libxml-perl libwww-perl libjson-perl"
missing_pkg=''
for pkg in $update_responses_pkg
@@ -80,7 +81,7 @@ if [ -n "$missing_pkg" ]
then
echo "You are missing one or more dependencies for the update_responses script"
echo "Please run"
- echo " sudo apt-get install $missing_pkg"
+ echo " sudo torsocks apt-get install $missing_pkg"
exit 1
fi
diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml
index 15f6359..bfecb0f 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -1,7 +1,8 @@
---
name: "bundle-linux"
+distro: "debian"
suites:
-- "lucid"
+- "wheezy"
architectures:
- "i386"
- "amd64"
@@ -28,7 +29,6 @@ remotes:
- "url": "https://github.com/wolfcw/libfaketime"
"dir": "faketime"
files:
-# TODO: Can we use an env for this file+version??
- "tor-browser-linux32-gbuilt.zip"
- "tor-browser-linux64-gbuilt.zip"
- "tor-linux32-gbuilt.zip"
@@ -113,9 +113,6 @@ script: |
cd ../../../
#
cd https-everywhere
- # Workaround for git not knowing `git submodule -f` in the version shipped in
- # 10.04.
- sed 's/recursive -f/recursive/' -i makexpi.sh
# XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
# makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
# The solution there does not work for us as doing something like
diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml
index 1efed90..468d6e5 100644
--- a/gitian/descriptors/linux/gitian-firefox.yml
+++ b/gitian/descriptors/linux/gitian-firefox.yml
@@ -1,7 +1,8 @@
---
name: "torbrowser-linux"
+distro: "debian"
suites:
-- "lucid"
+- "wheezy"
architectures:
- "i386"
- "amd64"
@@ -11,9 +12,10 @@ packages:
- "autoconf2.13"
- "libgtk2.0-dev"
- "libdbus-glib-1-dev"
-- "yasm-1"
+- "yasm"
- "libasound2-dev"
- "libgstreamer-plugins-base0.10-dev"
+- "libxt-dev"
- "hardening-wrapper"
# To pass configure since ESR 31.
- "libpulse-dev"
@@ -51,9 +53,6 @@ script: |
export DEB_BUILD_HARDENING_FORMAT=1
export DEB_BUILD_HARDENING_PIE=1
#
- mkdir -p $INSTDIR/build/bin/
- ln -s /usr/bin/yasm-1 $INSTDIR/build/bin/yasm
- export PATH=$PATH:$INSTDIR/build/bin
# Preparing Python for Tor Browser
unzip -d $INSTDIR python-linux$GBUILD_BITS-utils.zip
# TODO: We might want to have a smarter solution than hard-coding the version.
diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml
index 31deebb..0643e6b 100644
--- a/gitian/descriptors/linux/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml
@@ -1,7 +1,8 @@
---
name: "pluggable-transports-linux"
+distro: "debian"
suites:
-- "lucid"
+- "wheezy"
architectures:
- "i386"
- "amd64"
@@ -57,7 +58,6 @@ script: |
INSTDIR="$HOME/install"
PTDIR="$INSTDIR/Tor/PluggableTransports"
mkdir -p $PTDIR
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
@@ -251,7 +251,8 @@ script: |
cp -a obfs4proxy $PTDIR
cd ../..
- # Grabbing the results
+ # Grabbing the results and making sure timestamps don't spoil them
+ export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
cd $INSTDIR
~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/
cp pluggable-transports-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/
diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml
index 0e35d2f..bc1dc67 100644
--- a/gitian/descriptors/linux/gitian-tor.yml
+++ b/gitian/descriptors/linux/gitian-tor.yml
@@ -1,7 +1,8 @@
---
name: "tor-linux"
+distro: "debian"
suites:
-- "lucid"
+- "wheezy"
architectures:
- "i386"
- "amd64"
@@ -29,7 +30,6 @@ files:
script: |
INSTDIR="$HOME/install"
source versions
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
@@ -93,7 +93,8 @@ script: |
objcopy --add-gnu-debuglink=./Debug/Tor/$LIB $INSTDIR/Tor/$LIB
done
- # Grabbing the results
+ # Grabbing the results and making sure timestamps don't spoil them
+ export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
~/build/dzip.sh tor-linux$GBUILD_BITS-gbuilt.zip Data/ Tor/
~/build/dzip.sh tor-linux$GBUILD_BITS-debug.zip Debug/
cp tor-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/
diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml
index 740a22c..34e93dc 100644
--- a/gitian/descriptors/linux/gitian-utils.yml
+++ b/gitian/descriptors/linux/gitian-utils.yml
@@ -1,7 +1,8 @@
---
name: "utils-linux"
+distro: "debian"
suites:
-- "lucid"
+- "wheezy"
architectures:
- "i386"
- "amd64"
@@ -22,6 +23,8 @@ packages:
- "libxslt-dev"
# Needed for passing the Python related part of configure in ESR 31.
- "libssl-dev"
+# Needed for binutils (64bit) as we are building with PIE enabled.
+- "libstdc++6-4.7-pic"
reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://github.com/libevent/libevent.git"
@@ -40,6 +43,7 @@ script: |
source versions
export TZ=UTC
export LC_ALL=C
+ export FAKETIME=$REFERENCE_DATETIME
umask 0022
# Config options for hardening-wrapper
@@ -51,16 +55,33 @@ script: |
# Building Binutils
tar xjf binutils.tar.bz2
+ # The libstdc++ shipped by default is non-PIC which breaks the binutils build
+ # if we build with DEB_BUILD_HARDENING_PIE=1. We need to install a PIC one AND
+ # make sure it gets used before the non-PIC one would.
+ if [ $GBUILD_BITS == "64" ];
+ then
+ ln -s /usr/lib/gcc/x86_64-linux-gnu/4.7/libstdc++_pic.a libstdc++.a
+ export LDFLAGS="-L/home/debian -lstdc++"
+ fi
cd binutils*
# We want to use gold as the linker in our toolchain mainly as it is way
# faster when linking Tor Browser code (especially libxul). But apart from
# that it fixes #12103 and issues with ESR 31 and our Gitian setup as well
# (see bug #12743).
- ./configure --prefix=$INSTDIR/binutils --disable-multilib --enable-gold
+ ./configure --prefix=$INSTDIR/binutils --disable-multilib --enable-gold --enable-plugins
make $MAKEOPTS
make install
cd ..
+ export LDFLAGS=""
+ # We need to disable `-Werror=format-security` as GCC does not build with it
+ # anymore. It seems it got audited for those problems already:
+ # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48817.
+ export DEB_BUILD_HARDENING_FORMAT=0
+ # libfaketime gets into our way when building GCC 4.9.x. See:
+ # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61314 for details. Thus, we
+ # avoid it for the toolchain and cross our fingers.
+ # TODO: Test a newer libfaketime than 0.8.
# Building GCC
tar xjf gcc.tar.bz2
cd gcc-*
@@ -69,13 +90,7 @@ script: |
make install
cd ..
- # libfaketime gets into our way when building GCC 4.9.x. See:
- # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61314 for details. Thus, we
- # avoid it for the toolchain and cross our fingers.
- # TODO: Test a newer libfaketime than 0.8.
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
- export FAKETIME=$REFERENCE_DATETIME
-
+ export DEB_BUILD_HARDENING_FORMAT=1
# Building Libevent
cd libevent
./autogen.sh
@@ -86,6 +101,7 @@ script: |
cd ..
# Building OpenSSL
+ export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
tar xzf openssl.tar.gz
cd openssl-*
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
@@ -111,6 +127,7 @@ script: |
cd ..
# Building lxml
+ export LD_PRELOAD=""
tar xzf lxml.tar.gz
cd lxml-*
# Make sure we use our freshly built python binary here. Otherwise bad things
@@ -118,7 +135,9 @@ script: |
# rules.
$INSTDIR/python/bin/python2.7 setup.py build
cd build/lib*
+ export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
~/build/dzip.sh lxml-$LXML_VER-linux$GBUILD_BITS-utils.zip lxml
+ export LD_PRELOAD=""
cp *utils.zip $OUTDIR
cd ../../../
@@ -135,7 +154,8 @@ script: |
make install
cd ..
- # Grabbing the remaining results
+ # Grabbing the remaining results and making sure timestamps don't spoil them
+ export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
cd $INSTDIR
~/build/dzip.sh binutils-$BINUTILS_VER-linux$GBUILD_BITS-utils.zip binutils
~/build/dzip.sh gcc-$GCC_VER-linux$GBUILD_BITS-utils.zip gcc
diff --git a/gitian/make-vms.sh b/gitian/make-vms.sh
index a3b43b5..469a9ca 100755
--- a/gitian/make-vms.sh
+++ b/gitian/make-vms.sh
@@ -33,7 +33,14 @@ build_and_test_vm() {
export LXC_ARCH=$arch
./bin/make-base-vm --suite $dist --lxc --arch $arch
else
- ./bin/make-base-vm --suite $dist --arch $arch
+ if [ "$dist" = "wheezy" ];
+ then
+ export DISTRO=debian
+ ./bin/make-base-vm --distro debian --suite $dist --arch $arch
+ else
+ export DISTRO=ubuntu
+ ./bin/make-base-vm --suite $dist --arch $arch
+ fi
fi
make-clean-vm --suite $dist --arch $arch
@@ -56,21 +63,21 @@ build_and_test_vm() {
return 0
}
-while ! build_and_test_vm lucid i386 32
+while ! build_and_test_vm wheezy i386 32
do
- stop-target 32 lucid
- rm ./base-lucid-i386*
+ stop-target 32 wheezy
+ rm ./base-wheezy-i386*
echo
- echo "Lucid i386 VM build failed... Trying again"
+ echo "Wheezy i386 VM build failed... Trying again"
echo
done
-while ! build_and_test_vm lucid amd64 64
+while ! build_and_test_vm wheezy amd64 64
do
- stop-target 64 lucid
- rm ./base-lucid-amd64*
+ stop-target 64 wheezy
+ rm ./base-wheezy-amd64*
echo
- echo "Lucid amd64 VM build failed... Trying again"
+ echo "Wheezy amd64 VM build failed... Trying again"
echo
done
@@ -79,7 +86,7 @@ do
stop-target 32 precise
rm ./base-precise-i386*
echo
- echo "Lucid amd64 VM build failed... Trying again"
+ echo "Precise amd64 VM build failed... Trying again"
echo
done
@@ -88,7 +95,7 @@ do
stop-target 64 precise
rm ./base-precise-amd64*
echo
- echo "Lucid amd64 VM build failed... Trying again"
+ echo "Precise amd64 VM build failed... Trying again"
echo
done
More information about the tbb-commits
mailing list