[tbb-commits] [tor-browser-build/master] Add linux sandbox

boklm at torproject.org boklm at torproject.org
Mon Feb 6 13:02:26 UTC 2017


commit 918acde2b07acc72313ed8f69f0fd4a2622d772a
Author: Nicolas Vigier <boklm at torproject.org>
Date:   Mon Feb 6 13:58:21 2017 +0100

    Add linux sandbox
---
 projects/go/config               |  9 ++++++++-
 projects/goerrors/config         | 16 ++++++++++++++++
 projects/gogb/config             | 22 ++++++++++++++++++++++
 projects/gogb/gb-build-dir.patch | 31 +++++++++++++++++++++++++++++++
 projects/release/config          |  8 ++++++++
 projects/sandbox/build           | 27 +++++++++++++++++++++++++++
 projects/sandbox/config          | 29 +++++++++++++++++++++++++++++
 7 files changed, 141 insertions(+), 1 deletion(-)

diff --git a/projects/go/config b/projects/go/config
index a5920f5..9341f98 100644
--- a/projects/go/config
+++ b/projects/go/config
@@ -12,7 +12,7 @@ var:
     export GOOS=[% c("var/GOOS") %]
     export GOARCH=[% c("var/GOARCH") %]
     export GOPATH=/var/tmp/dist/gopath
-    export PATH=/var/tmp/dist/go/bin:"$PATH"
+    export PATH=/var/tmp/dist/go/bin:/var/tmp/dist/gopath/bin:"$PATH"
 
   # Template build script for building a go library.
   # This can be called as projects/go/var/build_go_lib.
@@ -26,9 +26,16 @@ var:
     distdir=/var/tmp/dist/[% project %]
     mkdir -p /var/tmp/build
     tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
+    [% FOREACH dep = c("var/go_lib_deps") -%]
+      tar -C /var/tmp/dist -xf [% c('input_files_by_name/' _ dep) %]
+    [% END -%]
     mkdir -p $(dirname "$GOPATH/src/[% c("var/go_lib") %]")
     mv /var/tmp/build/[% project %]-[% c('version') %] "$GOPATH/src/[% c("var/go_lib") %]"
     cd "$GOPATH/src/[% c("var/go_lib") %]"
+    for p in $(ls -1 $rootdir/*.patch 2> /dev/null | sort)
+    do
+      patch -p1 < $p
+    done
     [% IF c("var/go_lib_install") -%]
       [% FOREACH inst IN c("var/go_lib_install") %]
         go install [% inst %]
diff --git a/projects/goerrors/config b/projects/goerrors/config
new file mode 100644
index 0000000..4451f7b
--- /dev/null
+++ b/projects/goerrors/config
@@ -0,0 +1,16 @@
+# vim: filetype=yaml sw=2
+version: '[% c("abbrev") %]'
+git_url: https://github.com/pkg/errors
+git_hash: 248dadf4e9068a0b3e79f02ed0a610d935de5302
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+
+build: '[% c("projects/go/var/build_go_lib") %]'
+
+var:
+  go_lib: github.com/pkg/errors
+
+input_files:
+  - project: docker-image
+  - name: go
+    project: go
diff --git a/projects/gogb/config b/projects/gogb/config
new file mode 100644
index 0000000..a358819
--- /dev/null
+++ b/projects/gogb/config
@@ -0,0 +1,22 @@
+# vim: filetype=yaml sw=2
+version: '[% c("abbrev") %]'
+git_url: https://github.com/constabulary/gb
+git_hash: 06cc925cce6592e922dcc4839a8b44feb384e71e
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+
+build: '[% c("projects/go/var/build_go_lib") %]'
+
+var:
+  go_lib: github.com/constabulary/gb
+  go_lib_install: github.com/constabulary/gb/cmd/gb
+  go_lib_deps:
+    - goerrors
+
+input_files:
+  - project: docker-image
+  - name: go
+    project: go
+  - name: goerrors
+    project: goerrors
+  - filename: gb-build-dir.patch
diff --git a/projects/gogb/gb-build-dir.patch b/projects/gogb/gb-build-dir.patch
new file mode 100644
index 0000000..a52ca69
--- /dev/null
+++ b/projects/gogb/gb-build-dir.patch
@@ -0,0 +1,31 @@
+From a7b198e3a32509197150d7c2767262a7319ff339 Mon Sep 17 00:00:00 2001
+From: Georg Koppen <gk at torproject.org>
+Date: Tue, 6 Dec 2016 21:34:16 +0000
+Subject: [PATCH] Make the gb build directory deterministic
+
+
+diff --git a/context.go b/context.go
+index 53c00da..d040082 100644
+--- a/context.go
++++ b/context.go
+@@ -3,7 +3,6 @@ package gb
+ import (
+ 	"fmt"
+ 	"io"
+-	"io/ioutil"
+ 	"os"
+ 	"os/exec"
+ 	"path/filepath"
+@@ -136,7 +135,8 @@ func NewContext(p Project, opts ...func(*Context) error) (*Context, error) {
+ 		},
+ 		GcToolchain(),
+ 	}
+-	workdir, err := ioutil.TempDir("", "gb")
++	workdir := filepath.Join(os.TempDir(), "gb")
++	err := os.Mkdir(workdir, 0777)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+-- 
+2.10.2
+
diff --git a/projects/release/config b/projects/release/config
index 26dd8b7..527e269 100644
--- a/projects/release/config
+++ b/projects/release/config
@@ -75,6 +75,13 @@ input_files:
      - '[% c("var/build_target") %]'
      - torbrowser-linux-x86_64
 
+ - name: sandbox-linux-x86_64
+   project: sandbox
+   enable: '[% c("var/torbrowser-linux-x86_64") %]'
+   target:
+     - '[% c("var/build_target") %]'
+     - torbrowser-linux-x86_64
+
  - name: linux-i686
    project: tor-browser
    enable: '[% c("var/torbrowser-linux-i686") %]'
@@ -114,6 +121,7 @@ build: |
   [% END -%]
   [% IF c("var/torbrowser-linux-x86_64") -%]
     mv [% c('input_files_by_name/linux-x86_64') %]/* "$destdir"/
+    mv [% c('input_files_by_name/sandbox-linux-x86_64') %] "$destdir"/sandbox-[% pc('sandbox', 'version') %]-linux64.zip
   [% END -%]
   cd "$destdir"
   sha256sum $(ls -1 *.exe *.tar.xz *.dmg *.mar | grep -v '\.incremental\.mar$' | sort) > sha256sums-unsigned-build.txt
diff --git a/projects/sandbox/build b/projects/sandbox/build
new file mode 100644
index 0000000..28b5a48
--- /dev/null
+++ b/projects/sandbox/build
@@ -0,0 +1,27 @@
+#!/bin/bash
+set -e
+rootdir=$(pwd)
+[% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %]
+distdir=/var/tmp/dist/[% project %]
+mkdir -p $distdir
+
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/gogb') %]
+
+mkdir -p /var/tmp/build
+tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
+cd /var/tmp/build/[% project %]-[% c('version') %]
+
+# we don't have access to the git repository during the build
+sed -i Makefile -e 's|git rev-parse --short HEAD > data/revision|echo [% c("abbrev") %] > data/revision|' 
+# Unset GOOS and GOARCH as they change some file names, and we don't need
+# them as we are only building on x86_64
+unset GOOS
+unset GOARCH
+make
+cp bin/sandboxed-tor-browser $distdir
+
+cd $distdir/..
+[% c('zip', {
+      zip_src => [ project ],
+      zip_args => dest_dir _ '/' _ c('filename'),
+  }) %]
diff --git a/projects/sandbox/config b/projects/sandbox/config
new file mode 100644
index 0000000..54fe4df
--- /dev/null
+++ b/projects/sandbox/config
@@ -0,0 +1,29 @@
+# vim: filetype=yaml sw=2
+version: 0.0.3
+git_url: https://git.schwanenlied.me/yawning/sandboxed-tor-browser
+git_hash: 'sandboxed-tor-browser-[% c("version") %]'
+tag_gpg_id: 1
+gpg_keyring: obfs4.gpg
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+distribution: Debian-8.7
+
+var:
+  deps:
+    - libx11-dev
+    - pkg-config
+    - libgtk-3-dev
+    - libnotify-dev
+    - zip
+
+targets:
+  nightly:
+    git_hash: master
+    tag_gpg_id: 0
+
+input_files:
+  - project: docker-image
+  - name: go
+    project: go
+  - name: gogb
+    project: gogb



More information about the tbb-commits mailing list