[tbb-commits] [tor-browser-bundle/hardened-builds] Revert "Bug 15578: Switch Linux descriptors over to Wheezy"
gk at torproject.org
gk at torproject.org
Mon Jan 25 08:56:39 UTC 2016
commit a125e1c1bfc3babae9636750b4722b4ab7010ca3
Author: Georg Koppen <gk at torproject.org>
Date: Mon Jan 25 08:05:41 2016 +0000
Revert "Bug 15578: Switch Linux descriptors over to Wheezy"
This reverts commit 763784f552779b6dd4e58a76f441a8602b9018ba.
---
gitian/Makefile | 2 +-
gitian/README.build | 2 +-
gitian/check-prerequisites.sh | 41 ++++++++++----------
gitian/descriptors/linux/gitian-bundle.yml | 6 ++-
gitian/descriptors/linux/gitian-firefox.yml | 9 +++--
.../linux/gitian-pluggable-transports.yml | 7 ++--
gitian/descriptors/linux/gitian-tor.yml | 7 ++--
gitian/descriptors/linux/gitian-utils.yml | 38 +++++-------------
gitian/make-vms.sh | 29 ++++++--------
9 files changed, 57 insertions(+), 84 deletions(-)
diff --git a/gitian/Makefile b/gitian/Makefile
index 36b5ec3..5718d76 100644
--- a/gitian/Makefile
+++ b/gitian/Makefile
@@ -119,7 +119,7 @@ clean-bundle:
vmclean:
rm -rf ../../gitian-builder/*.qcow2
rm -rf ../../gitian-builder/base-*
- rm -rf ../../gitian-builder/target-{lucid,wheezy,precise}*
+ rm -rf ../../gitian-builder/target-{lucid,precise}*
distclean: vmclean
rm -rf ../../gitian-builder/inputs/*
diff --git a/gitian/README.build b/gitian/README.build
index 4d01d6a..f289791 100644
--- a/gitian/README.build
+++ b/gitian/README.build
@@ -177,7 +177,7 @@ Known Issues and Quirks:
where 'make vmclean' causes the rebuild of two VMs in a row.. This might
trigger weird bugs in python-vm-builder.. To rebuild only one set of VMs,
use either 'rm ../../gitian-builder/*precise*' (to remove the Windows/Mac
- VMs) or 'rm ../../gitian-builder/*wheezy*' (to remove the Linux VMs).
+ VMs) or 'rm ../../gitian-builder/*lucid*' (to remove the Linux VMs).
You probably want to make sure you have no stray qemu processes before
rebuilding the VMs or starting a new build, too. 'killall qemu-kvm' is
diff --git a/gitian/check-prerequisites.sh b/gitian/check-prerequisites.sh
index a5f8393..cc16d0e 100755
--- a/gitian/check-prerequisites.sh
+++ b/gitian/check-prerequisites.sh
@@ -17,7 +17,7 @@ then
VERSION=`cat /etc/issue | grep -Eo '[0-9]{2}' | head -1`
if [ "$VERSION" -ge "14" ];
then
- dpkg -s ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null
+ dpkg -s ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion torsocks tor 2>/dev/null >/dev/null
if [ $? -ne 0 ];
then
@@ -25,7 +25,7 @@ then
echo
echo "Please run:"
echo " sudo apt-get install torsocks tor"
- echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion"
+ echo " sudo torsocks apt-get install ruby apache2 git apt-cacher-ng python-vm-builder qemu-kvm virt-what lxc lxctl fakeroot faketime zip unzip subversion"
exit 1
fi
else
@@ -45,29 +45,28 @@ then
echo " sudo torsocks apt-get install ruby git apt-cacher-ng qemu-kvm virt-what lxc lxctl fakeroot zip unzip python-cheetah debootstrap parted kpartx rsync"
exit 1
fi
+
+ # python-vm-builder is special as we don't have a Debian package for it.
+ vmbuilder --help 2>/dev/null >/dev/null
+ if [ $? -ne 0 ];
+ then
+ echo "The VM tool python-vm-builder is missing."
+ echo
+ echo "Please run"
+ echo 'torsocks wget -U "" http://archive.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.12.4+bzr489.orig.tar.gz'
+ echo 'echo "ec12e0070a007989561bfee5862c89a32c301992dd2771c4d5078ef1b3014f03 vm-builder_0.12.4+bzr489.orig.tar.gz" | sha256sum -c'
+ echo "# (verification -- must return OK)"
+ echo "tar -zxvf vm-builder_0.12.4+bzr489.orig.tar.gz"
+ echo "cd vm-builder-0.12.4+bzr489"
+ echo "sudo python setup.py install"
+ echo "cd .."
+ exit 1
+ fi
else
echo "We need Debian or Ubuntu which seem to be missing. Aborting."
exit 1
fi
-# vmbuilder is special as we don't have a package for it yet.
-# XXX: Make sure an already installed vmbuilder is recent enough.
-vmbuilder --help 2>/dev/null >/dev/null
-if [ $? -ne 0 ];
-then
- echo "The VM tool python-vm-builder is missing."
- echo
- echo "Please run"
- echo 'torsocks wget -U "" https://bugs.launchpad.net/ubuntu/+archive/primary/+files/vm-builder_0.12.4+bzr494.orig.tar.gz'
- echo 'echo "76cbf8c52c391160b2641e7120dbade5afded713afaa6032f733a261f13e6a8e vm-builder_0.12.4+bzr494.orig.tar.gz" | sha256sum -c'
- echo "# (verification -- must return OK)"
- echo "tar -zxvf vm-builder_0.12.4+bzr494.orig.tar.gz"
- echo "cd vm-builder-0.12.4+bzr494"
- echo "sudo python setup.py install"
- echo "cd .."
- exit 1
-fi
-
update_responses_pkg="libyaml-perl libfile-slurp-perl libxml-writer-perl libio-captureoutput-perl libfile-which-perl libparallel-forkmanager-perl libxml-libxml-perl libwww-perl libjson-perl"
missing_pkg=''
for pkg in $update_responses_pkg
@@ -81,7 +80,7 @@ if [ -n "$missing_pkg" ]
then
echo "You are missing one or more dependencies for the update_responses script"
echo "Please run"
- echo " sudo torsocks apt-get install $missing_pkg"
+ echo " sudo apt-get install $missing_pkg"
exit 1
fi
diff --git a/gitian/descriptors/linux/gitian-bundle.yml b/gitian/descriptors/linux/gitian-bundle.yml
index 8f282e0..48c68eb 100644
--- a/gitian/descriptors/linux/gitian-bundle.yml
+++ b/gitian/descriptors/linux/gitian-bundle.yml
@@ -1,8 +1,7 @@
---
name: "bundle-linux"
-distro: "debian"
suites:
-- "wheezy"
+- "lucid"
architectures:
- "amd64"
packages:
@@ -107,6 +106,9 @@ script: |
cd ../../../
#
cd https-everywhere
+ # Workaround for git not knowing `git submodule -f` in the version shipped in
+ # 10.04.
+ sed 's/recursive -f/recursive/' -i makexpi.sh
# XXX: Bloody hack to workaround a bug in HTTPS_E's git hash extraction in
# makexpi.sh. See https://trac.torproject.org/projects/tor/ticket/10066
# The solution there does not work for us as doing something like
diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml
index a0fc8e3..3c6c1f1 100644
--- a/gitian/descriptors/linux/gitian-firefox.yml
+++ b/gitian/descriptors/linux/gitian-firefox.yml
@@ -1,8 +1,7 @@
---
name: "torbrowser-linux"
-distro: "debian"
suites:
-- "wheezy"
+- "lucid"
architectures:
- "amd64"
packages:
@@ -11,10 +10,9 @@ packages:
- "autoconf2.13"
- "libgtk2.0-dev"
- "libdbus-glib-1-dev"
-- "yasm"
+- "yasm-1"
- "libasound2-dev"
- "libgstreamer-plugins-base0.10-dev"
-- "libxt-dev"
- "hardening-wrapper"
# To pass configure since ESR 31.
- "libpulse-dev"
@@ -47,6 +45,9 @@ script: |
export DEB_BUILD_HARDENING_FORMAT=1
export DEB_BUILD_HARDENING_PIE=1
#
+ mkdir -p $INSTDIR/build/bin/
+ ln -s /usr/bin/yasm-1 $INSTDIR/build/bin/yasm
+ export PATH=$PATH:$INSTDIR/build/bin
# Preparing Python for Tor Browser
unzip -d $INSTDIR python-linux$GBUILD_BITS-utils.zip
# TODO: We might want to have a smarter solution than hard-coding the version.
diff --git a/gitian/descriptors/linux/gitian-pluggable-transports.yml b/gitian/descriptors/linux/gitian-pluggable-transports.yml
index a886572..25b5a1b 100644
--- a/gitian/descriptors/linux/gitian-pluggable-transports.yml
+++ b/gitian/descriptors/linux/gitian-pluggable-transports.yml
@@ -1,8 +1,7 @@
---
name: "pluggable-transports-linux"
-distro: "debian"
suites:
-- "wheezy"
+- "lucid"
architectures:
- "amd64"
packages:
@@ -55,6 +54,7 @@ script: |
INSTDIR="$HOME/install"
PTDIR="$INSTDIR/Tor/PluggableTransports"
mkdir -p $PTDIR
+ export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
@@ -248,8 +248,7 @@ script: |
cp -a obfs4proxy $PTDIR
cd ../..
- # Grabbing the results and making sure timestamps don't spoil them
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
+ # Grabbing the results
cd $INSTDIR
~/build/dzip.sh pluggable-transports-linux$GBUILD_BITS-gbuilt.zip Tor/ Docs/
cp pluggable-transports-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/
diff --git a/gitian/descriptors/linux/gitian-tor.yml b/gitian/descriptors/linux/gitian-tor.yml
index f8f83e9..630c2e0 100644
--- a/gitian/descriptors/linux/gitian-tor.yml
+++ b/gitian/descriptors/linux/gitian-tor.yml
@@ -1,8 +1,7 @@
---
name: "tor-linux"
-distro: "debian"
suites:
-- "wheezy"
+- "lucid"
architectures:
- "amd64"
packages:
@@ -28,6 +27,7 @@ files:
script: |
INSTDIR="$HOME/install"
source versions
+ export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
export FAKETIME=$REFERENCE_DATETIME
export TZ=UTC
export LC_ALL=C
@@ -90,8 +90,7 @@ script: |
objcopy --add-gnu-debuglink=./Debug/Tor/$LIB $INSTDIR/Tor/$LIB
done
- # Grabbing the results and making sure timestamps don't spoil them
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
+ # Grabbing the results
~/build/dzip.sh tor-linux$GBUILD_BITS-gbuilt.zip Data/ Tor/
~/build/dzip.sh tor-linux$GBUILD_BITS-debug.zip Debug/
cp tor-linux$GBUILD_BITS-gbuilt.zip $OUTDIR/
diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml
index c581248..a742c4e 100644
--- a/gitian/descriptors/linux/gitian-utils.yml
+++ b/gitian/descriptors/linux/gitian-utils.yml
@@ -1,8 +1,7 @@
---
name: "utils-linux"
-distro: "debian"
suites:
-- "wheezy"
+- "lucid"
architectures:
- "amd64"
packages:
@@ -22,8 +21,6 @@ packages:
- "libxslt-dev"
# Needed for passing the Python related part of configure in ESR 31.
- "libssl-dev"
-# Needed for binutils (64bit) as we are building with PIE enabled.
-- "libstdc++6-4.7-pic"
reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://github.com/libevent/libevent.git"
@@ -43,7 +40,6 @@ script: |
source versions
export TZ=UTC
export LC_ALL=C
- export FAKETIME=$REFERENCE_DATETIME
umask 0022
# Config options for hardening-wrapper
@@ -55,14 +51,6 @@ script: |
# Building Binutils
tar xjf binutils.tar.bz2
- # The libstdc++ shipped by default is non-PIC which breaks the binutils build
- # if we build with DEB_BUILD_HARDENING_PIE=1. We need to install a PIC one AND
- # make sure it gets used before the non-PIC one would.
- if [ $GBUILD_BITS == "64" ];
- then
- ln -s /usr/lib/gcc/x86_64-linux-gnu/4.7/libstdc++_pic.a libstdc++.a
- export LDFLAGS="-L/home/debian -lstdc++"
- fi
cd binutils*
# We want to use gold as the linker in our toolchain mainly as it is way
# faster when linking Tor Browser code (especially libxul). But apart from
@@ -74,15 +62,6 @@ script: |
cd ..
export PATH=$INSTDIR/binutils/bin:$PATH
- export LDFLAGS=""
- # We need to disable `-Werror=format-security` as GCC does not build with it
- # anymore. It seems it got audited for those problems already:
- # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48817.
- export DEB_BUILD_HARDENING_FORMAT=0
- # libfaketime gets into our way when building GCC 4.9.x. See:
- # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61314 for details. Thus, we
- # avoid it for the toolchain and cross our fingers.
- # TODO: Test a newer libfaketime than 0.8.
# Building GCC
tar xjf gcc.tar.bz2
cd gcc-*
@@ -92,7 +71,13 @@ script: |
make install
cd ..
- export DEB_BUILD_HARDENING_FORMAT=1
+ # libfaketime gets into our way when building GCC 4.9.x. See:
+ # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61314 for details. Thus, we
+ # avoid it for the toolchain and cross our fingers.
+ # TODO: Test a newer libfaketime than 0.8.
+ export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
+ export FAKETIME=$REFERENCE_DATETIME
+
# Building Libevent
cd libevent
./autogen.sh
@@ -103,7 +88,6 @@ script: |
cd ..
# Building OpenSSL
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
tar xzf openssl.tar.gz
cd openssl-*
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
@@ -124,7 +108,6 @@ script: |
cd ..
# Building lxml
- export LD_PRELOAD=""
tar xzf lxml.tar.gz
cd lxml-*
# Make sure we use our freshly built python binary here. Otherwise bad things
@@ -132,9 +115,7 @@ script: |
# rules.
$INSTDIR/python/bin/python2.7 setup.py build
cd build/lib*
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
~/build/dzip.sh lxml-$LXML_VER-linux$GBUILD_BITS-utils.zip lxml
- export LD_PRELOAD=""
cp *utils.zip $OUTDIR
cd ../../../
@@ -151,8 +132,7 @@ script: |
make install
cd ..
- # Grabbing the remaining results and making sure timestamps don't spoil them
- export LD_PRELOAD=/usr/lib/faketime/libfaketime.so.1
+ # Grabbing the remaining results
cd $INSTDIR
~/build/dzip.sh binutils-$BINUTILS_VER-linux$GBUILD_BITS-utils.zip binutils
~/build/dzip.sh gcc-$GCC_VER-linux$GBUILD_BITS-utils.zip gcc
diff --git a/gitian/make-vms.sh b/gitian/make-vms.sh
index 469a9ca..a3b43b5 100755
--- a/gitian/make-vms.sh
+++ b/gitian/make-vms.sh
@@ -33,14 +33,7 @@ build_and_test_vm() {
export LXC_ARCH=$arch
./bin/make-base-vm --suite $dist --lxc --arch $arch
else
- if [ "$dist" = "wheezy" ];
- then
- export DISTRO=debian
- ./bin/make-base-vm --distro debian --suite $dist --arch $arch
- else
- export DISTRO=ubuntu
- ./bin/make-base-vm --suite $dist --arch $arch
- fi
+ ./bin/make-base-vm --suite $dist --arch $arch
fi
make-clean-vm --suite $dist --arch $arch
@@ -63,21 +56,21 @@ build_and_test_vm() {
return 0
}
-while ! build_and_test_vm wheezy i386 32
+while ! build_and_test_vm lucid i386 32
do
- stop-target 32 wheezy
- rm ./base-wheezy-i386*
+ stop-target 32 lucid
+ rm ./base-lucid-i386*
echo
- echo "Wheezy i386 VM build failed... Trying again"
+ echo "Lucid i386 VM build failed... Trying again"
echo
done
-while ! build_and_test_vm wheezy amd64 64
+while ! build_and_test_vm lucid amd64 64
do
- stop-target 64 wheezy
- rm ./base-wheezy-amd64*
+ stop-target 64 lucid
+ rm ./base-lucid-amd64*
echo
- echo "Wheezy amd64 VM build failed... Trying again"
+ echo "Lucid amd64 VM build failed... Trying again"
echo
done
@@ -86,7 +79,7 @@ do
stop-target 32 precise
rm ./base-precise-i386*
echo
- echo "Precise amd64 VM build failed... Trying again"
+ echo "Lucid amd64 VM build failed... Trying again"
echo
done
@@ -95,7 +88,7 @@ do
stop-target 64 precise
rm ./base-precise-amd64*
echo
- echo "Precise amd64 VM build failed... Trying again"
+ echo "Lucid amd64 VM build failed... Trying again"
echo
done
More information about the tbb-commits
mailing list