[tbb-commits] [tor-browser-build/master] Add linux sandbox
boklm at torproject.org
boklm at torproject.org
Mon Feb 6 13:02:26 UTC 2017
commit 918acde2b07acc72313ed8f69f0fd4a2622d772a
Author: Nicolas Vigier <boklm at torproject.org>
Date: Mon Feb 6 13:58:21 2017 +0100
Add linux sandbox
---
projects/go/config | 9 ++++++++-
projects/goerrors/config | 16 ++++++++++++++++
projects/gogb/config | 22 ++++++++++++++++++++++
projects/gogb/gb-build-dir.patch | 31 +++++++++++++++++++++++++++++++
projects/release/config | 8 ++++++++
projects/sandbox/build | 27 +++++++++++++++++++++++++++
projects/sandbox/config | 29 +++++++++++++++++++++++++++++
7 files changed, 141 insertions(+), 1 deletion(-)
diff --git a/projects/go/config b/projects/go/config
index a5920f5..9341f98 100644
--- a/projects/go/config
+++ b/projects/go/config
@@ -12,7 +12,7 @@ var:
export GOOS=[% c("var/GOOS") %]
export GOARCH=[% c("var/GOARCH") %]
export GOPATH=/var/tmp/dist/gopath
- export PATH=/var/tmp/dist/go/bin:"$PATH"
+ export PATH=/var/tmp/dist/go/bin:/var/tmp/dist/gopath/bin:"$PATH"
# Template build script for building a go library.
# This can be called as projects/go/var/build_go_lib.
@@ -26,9 +26,16 @@ var:
distdir=/var/tmp/dist/[% project %]
mkdir -p /var/tmp/build
tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
+ [% FOREACH dep = c("var/go_lib_deps") -%]
+ tar -C /var/tmp/dist -xf [% c('input_files_by_name/' _ dep) %]
+ [% END -%]
mkdir -p $(dirname "$GOPATH/src/[% c("var/go_lib") %]")
mv /var/tmp/build/[% project %]-[% c('version') %] "$GOPATH/src/[% c("var/go_lib") %]"
cd "$GOPATH/src/[% c("var/go_lib") %]"
+ for p in $(ls -1 $rootdir/*.patch 2> /dev/null | sort)
+ do
+ patch -p1 < $p
+ done
[% IF c("var/go_lib_install") -%]
[% FOREACH inst IN c("var/go_lib_install") %]
go install [% inst %]
diff --git a/projects/goerrors/config b/projects/goerrors/config
new file mode 100644
index 0000000..4451f7b
--- /dev/null
+++ b/projects/goerrors/config
@@ -0,0 +1,16 @@
+# vim: filetype=yaml sw=2
+version: '[% c("abbrev") %]'
+git_url: https://github.com/pkg/errors
+git_hash: 248dadf4e9068a0b3e79f02ed0a610d935de5302
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+
+build: '[% c("projects/go/var/build_go_lib") %]'
+
+var:
+ go_lib: github.com/pkg/errors
+
+input_files:
+ - project: docker-image
+ - name: go
+ project: go
diff --git a/projects/gogb/config b/projects/gogb/config
new file mode 100644
index 0000000..a358819
--- /dev/null
+++ b/projects/gogb/config
@@ -0,0 +1,22 @@
+# vim: filetype=yaml sw=2
+version: '[% c("abbrev") %]'
+git_url: https://github.com/constabulary/gb
+git_hash: 06cc925cce6592e922dcc4839a8b44feb384e71e
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+
+build: '[% c("projects/go/var/build_go_lib") %]'
+
+var:
+ go_lib: github.com/constabulary/gb
+ go_lib_install: github.com/constabulary/gb/cmd/gb
+ go_lib_deps:
+ - goerrors
+
+input_files:
+ - project: docker-image
+ - name: go
+ project: go
+ - name: goerrors
+ project: goerrors
+ - filename: gb-build-dir.patch
diff --git a/projects/gogb/gb-build-dir.patch b/projects/gogb/gb-build-dir.patch
new file mode 100644
index 0000000..a52ca69
--- /dev/null
+++ b/projects/gogb/gb-build-dir.patch
@@ -0,0 +1,31 @@
+From a7b198e3a32509197150d7c2767262a7319ff339 Mon Sep 17 00:00:00 2001
+From: Georg Koppen <gk at torproject.org>
+Date: Tue, 6 Dec 2016 21:34:16 +0000
+Subject: [PATCH] Make the gb build directory deterministic
+
+
+diff --git a/context.go b/context.go
+index 53c00da..d040082 100644
+--- a/context.go
++++ b/context.go
+@@ -3,7 +3,6 @@ package gb
+ import (
+ "fmt"
+ "io"
+- "io/ioutil"
+ "os"
+ "os/exec"
+ "path/filepath"
+@@ -136,7 +135,8 @@ func NewContext(p Project, opts ...func(*Context) error) (*Context, error) {
+ },
+ GcToolchain(),
+ }
+- workdir, err := ioutil.TempDir("", "gb")
++ workdir := filepath.Join(os.TempDir(), "gb")
++ err := os.Mkdir(workdir, 0777)
+ if err != nil {
+ return nil, err
+ }
+--
+2.10.2
+
diff --git a/projects/release/config b/projects/release/config
index 26dd8b7..527e269 100644
--- a/projects/release/config
+++ b/projects/release/config
@@ -75,6 +75,13 @@ input_files:
- '[% c("var/build_target") %]'
- torbrowser-linux-x86_64
+ - name: sandbox-linux-x86_64
+ project: sandbox
+ enable: '[% c("var/torbrowser-linux-x86_64") %]'
+ target:
+ - '[% c("var/build_target") %]'
+ - torbrowser-linux-x86_64
+
- name: linux-i686
project: tor-browser
enable: '[% c("var/torbrowser-linux-i686") %]'
@@ -114,6 +121,7 @@ build: |
[% END -%]
[% IF c("var/torbrowser-linux-x86_64") -%]
mv [% c('input_files_by_name/linux-x86_64') %]/* "$destdir"/
+ mv [% c('input_files_by_name/sandbox-linux-x86_64') %] "$destdir"/sandbox-[% pc('sandbox', 'version') %]-linux64.zip
[% END -%]
cd "$destdir"
sha256sum $(ls -1 *.exe *.tar.xz *.dmg *.mar | grep -v '\.incremental\.mar$' | sort) > sha256sums-unsigned-build.txt
diff --git a/projects/sandbox/build b/projects/sandbox/build
new file mode 100644
index 0000000..28b5a48
--- /dev/null
+++ b/projects/sandbox/build
@@ -0,0 +1,27 @@
+#!/bin/bash
+set -e
+rootdir=$(pwd)
+[% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %]
+distdir=/var/tmp/dist/[% project %]
+mkdir -p $distdir
+
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/gogb') %]
+
+mkdir -p /var/tmp/build
+tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
+cd /var/tmp/build/[% project %]-[% c('version') %]
+
+# we don't have access to the git repository during the build
+sed -i Makefile -e 's|git rev-parse --short HEAD > data/revision|echo [% c("abbrev") %] > data/revision|'
+# Unset GOOS and GOARCH as they change some file names, and we don't need
+# them as we are only building on x86_64
+unset GOOS
+unset GOARCH
+make
+cp bin/sandboxed-tor-browser $distdir
+
+cd $distdir/..
+[% c('zip', {
+ zip_src => [ project ],
+ zip_args => dest_dir _ '/' _ c('filename'),
+ }) %]
diff --git a/projects/sandbox/config b/projects/sandbox/config
new file mode 100644
index 0000000..54fe4df
--- /dev/null
+++ b/projects/sandbox/config
@@ -0,0 +1,29 @@
+# vim: filetype=yaml sw=2
+version: 0.0.3
+git_url: https://git.schwanenlied.me/yawning/sandboxed-tor-browser
+git_hash: 'sandboxed-tor-browser-[% c("version") %]'
+tag_gpg_id: 1
+gpg_keyring: obfs4.gpg
+filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
+remote_docker: 1
+distribution: Debian-8.7
+
+var:
+ deps:
+ - libx11-dev
+ - pkg-config
+ - libgtk-3-dev
+ - libnotify-dev
+ - zip
+
+targets:
+ nightly:
+ git_hash: master
+ tag_gpg_id: 0
+
+input_files:
+ - project: docker-image
+ - name: go
+ project: go
+ - name: gogb
+ project: gogb
More information about the tbb-commits
mailing list