[tbb-commits] [Git][tpo/applications/tor-browser-build][maint-12.0] 4 commits: Bug 40689: Update Ubuntu version in projects/mmdebstrap-image to 22.04.1
boklm (@boklm)
git at gitlab.torproject.org
Fri Dec 9 10:32:08 UTC 2022
boklm pushed to branch maint-12.0 at The Tor Project / Applications / tor-browser-build
Commits:
530ece27 by Nicolas Vigier at 2022-12-09T11:30:15+01:00
Bug 40689: Update Ubuntu version in projects/mmdebstrap-image to 22.04.1
- - - - -
6b48ead1 by Nicolas Vigier at 2022-12-09T11:30:50+01:00
Bug 40693: Patch apt-key to accept expired keys for jessie
- - - - -
bf8ef3b5 by Nicolas Vigier at 2022-12-09T11:30:55+01:00
Bug 40693: use faketime to run `apt-get update` on jessie
- - - - -
4d2e38cd by Pier Angelo Vendrame at 2022-12-09T11:31:31+01:00
Bug 40653: Do not build compiler-rt with Clang
Specifying compiler-rt as a project in LLVM is going to be deprecated.
It should be compiled with runtimes, instead, or alone, if it will be
still allowed.
The only platform in which we were compiling compiler-rt with LLVM was
Linux. But Firefox seems not to actually use it, and just use GCC's
runtime, instead.
However, we were also compiling compiler-rt for Android in the same
project, which prevents to share the artifact with Windows and macOS.
So, I have moved it to another project on its own.
- - - - -
9 changed files:
- projects/clang/build
- projects/clang/config
- + projects/compiler-rt/build
- + projects/compiler-rt/config
- projects/container-image/config
- projects/geckoview/build
- projects/geckoview/config
- + projects/mmdebstrap-image/apt-key-allow-expired-key.patch
- projects/mmdebstrap-image/config
Changes:
=====================================
projects/clang/build
=====================================
@@ -3,16 +3,12 @@
distdir=/var/tmp/dist/[% project %]
mkdir -p /var/tmp/dist
tar -C /var/tmp/dist -xf [% c('input_files_by_name/cmake') %]
-export PATH="/var/tmp/dist/cmake/bin:$PATH"
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/ninja') %]
+export PATH="/var/tmp/dist/ninja:/var/tmp/dist/cmake/bin:$PATH"
[% IF c("var/linux") %]
[% pc('gcc', 'var/setup', { compiler_tarfile => c('input_files_by_name/gcc'),
hardened_gcc => 0 }) %]
[% pc('python', 'var/setup', { python_tarfile => c('input_files_by_name/python') }) %]
-[% END -%]
-[% IF c("var/android") %]
- [% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %]
-[% END -%]
-[% IF c("var/linux") || c("var/android") -%]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/binutils') %]
export PATH="/var/tmp/dist/binutils/bin:$PATH"
[% END -%]
@@ -25,57 +21,15 @@ mkdir build
cd build
# LLVM_ENABLE_ZLIB solves the "contains a compressed section, but zlib is not available" on lld
# LLVM_INSTALL_UTILS allows this LLVM to be used to compile Rust
-cmake ../llvm -G "Unix Makefiles" \
+cmake ../llvm -GNinja \
-DCMAKE_INSTALL_PREFIX=$distdir \
-DCMAKE_BUILD_TYPE=Release \
- [% IF c("var/android") || c("var/macos") -%]
- -DLLVM_TARGETS_TO_BUILD="X86;ARM;AArch64" \
- [% END -%]
- [% IF c("var/rlbox") -%]-DLLVM_EXPERIMENTAL_TARGETS_TO_BUILD=WebAssembly[% END %] \
- -DLLVM_ENABLE_PROJECTS="clang;clang-tools-extra;compiler-rt;lld" \
+ -DLLVM_TARGETS_TO_BUILD="X86;ARM;AArch64[% IF c("var/rlbox") -%];WebAssembly[% END %]" \
+ -DLLVM_ENABLE_PROJECTS="clang;lld" \
-DLLVM_ENABLE_ZLIB=ON \
-DLLVM_INSTALL_UTILS=ON \
-make -j[% c("num_procs") %]
-make install
-cd ..
-
-[% IF c("var/android") -%]
- echo "Compiling compiler-rt (Android only)"
- rtdistdir=/var/tmp/build/rtdist
- mkdir $rtdistdir
-
- make_compilerrt () {
- mkdir "build-compilerrt-$1"
- cd "build-compilerrt-$1"
- cmake ../compiler-rt/ -G "Unix Makefiles" \
- -DCMAKE_INSTALL_PREFIX=$rtdistdir \
- -DCMAKE_BUILD_TYPE=Release \
- -DCMAKE_SYSTEM_NAME=Android \
- -DCMAKE_ANDROID_ARCH_ABI=$1 \
- -DCMAKE_ANDROID_NDK="$ANDROID_NDK_HOME" \
- -DCMAKE_C_FLAGS="$3 -fuse-ld=lld --rtlib=compiler-rt" \
- -DCMAKE_CXX_FLAGS="$3 -fuse-ld=lld --rtlib=compiler-rt" \
- -DCMAKE_EXE_LINKER_FLAGS="-L$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/$2" \
- -DCOMPILER_RT_BUILD_BUILTINS=ON \
- -DCOMPILER_RT_BUILD_LIBFUZZER=OFF \
- -DCOMPILER_RT_BUILD_MEMPROF=OFF \
- -DCOMPILER_RT_BUILD_ORC=OFF \
- -DCOMPILER_RT_BUILD_PROFILE=OFF \
- -DCOMPILER_RT_BUILD_SANITIZERS=OFF \
- -DCOMPILER_RT_BUILD_XRAY=OFF
- make -j[% c("num_procs") %]
- make install
- cd ..
- }
-
- make_compilerrt "armeabi-v7a" "arm-linux-androideabi/lib" "-DARMEABI_V7A"
- make_compilerrt "arm64-v8a" "aarch64-linux-android/lib64"
- make_compilerrt "x86" "i686-linux-android/lib"
- make_compilerrt "x86_64" "x86_64-linux-android/lib64"
-
- mv $rtdistdir/lib/linux/libclang_rt.builtins-*-android.a $distdir/lib/clang/[% c("var/llvm_version") %]/lib/linux/
-[% END -%]
+ninja -j[% c("num_procs") %] -v install
cd /var/tmp/dist
[% c('tar', {
=====================================
projects/clang/config
=====================================
@@ -11,14 +11,16 @@ input_files:
- project: container-image
- name: '[% c("var/compiler") %]'
project: '[% c("var/compiler") %]'
- enable: '[% c("var/linux") || c("var/android") %]'
+ enable: '[% c("var/linux") %]'
- name: binutils
project: binutils
- enable: '[% c("var/linux") || c("var/android") %]'
+ enable: '[% c("var/linux") %]'
- project: cmake
name: cmake
- project: llvm-project
name: clang-source
+ - project: ninja
+ name: ninja
- project: python
name: python
enable: '[% c("var/linux") %]'
=====================================
projects/compiler-rt/build
=====================================
@@ -0,0 +1,51 @@
+#!/bin/bash
+[% c("var/set_default_env") -%]
+distdir=/var/tmp/dist/[% project %]
+mkdir -p /var/tmp/dist
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/cmake') %]
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/ninja') %]
+export PATH="/var/tmp/dist/ninja:/var/tmp/dist/cmake/bin:$PATH"
+
+[% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %]
+
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/binutils') %]
+export PATH="/var/tmp/dist/binutils/bin:$PATH"
+
+mkdir -p /var/tmp/build
+cd /var/tmp/build
+tar -xf $rootdir/[% c('input_files_by_name/clang-source') %]
+cd clang-source
+export LLVM_HOME=$(pwd)
+mkdir build
+cd build
+
+installdir=/var/tmp/build/install
+mkdir -p $installdir
+
+cmake ../compiler-rt/ -GNinja \
+ -DCMAKE_INSTALL_PREFIX=$installdir \
+ -DCMAKE_BUILD_TYPE=Release \
+ -DCMAKE_SYSTEM_NAME=Android \
+ -DCMAKE_ANDROID_ARCH_ABI="[% c('var/abi') %]" \
+ -DCMAKE_ANDROID_NDK="$ANDROID_NDK_HOME" \
+ -DCMAKE_C_FLAGS="-fuse-ld=lld --rtlib=compiler-rt $defines" \
+ -DCMAKE_CXX_FLAGS="-fuse-ld=lld --rtlib=compiler-rt $defines" \
+ -DCMAKE_EXE_LINKER_FLAGS="-L$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/[% c('var/libdir') %]" \
+ -DCOMPILER_RT_BUILD_BUILTINS=ON \
+ -DCOMPILER_RT_BUILD_LIBFUZZER=OFF \
+ -DCOMPILER_RT_BUILD_MEMPROF=OFF \
+ -DCOMPILER_RT_BUILD_ORC=OFF \
+ -DCOMPILER_RT_BUILD_PROFILE=OFF \
+ -DCOMPILER_RT_BUILD_SANITIZERS=OFF \
+ -DCOMPILER_RT_BUILD_XRAY=OFF
+
+ninja -j[% c("num_procs") %] -v install
+
+mkdir -p $distdir/lib/clang/[% c("var/llvm_version") %]/lib/linux/
+mv $installdir/lib/linux/libclang_rt.builtins-*-android.a $distdir/lib/clang/[% c("var/llvm_version") %]/lib/linux/
+
+cd /var/tmp/dist
+[% c('tar', {
+ tar_src => [ project ],
+ tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
+ }) %]
=====================================
projects/compiler-rt/config
=====================================
@@ -0,0 +1,38 @@
+# vim: filetype=yaml sw=2
+version: '[% c("var/llvm_version") %]'
+filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
+container:
+ use_container: 1
+
+var:
+ llvm_version: '[% pc("llvm-project", "version") %]'
+
+targets:
+ android-armv7:
+ var:
+ libdir: 'arm-linux-androideabi/lib'
+ android-aarch64:
+ var:
+ libdir: 'aarch64-linux-android/lib64'
+ android-x86:
+ var:
+ libdir: 'i686-linux-android/lib'
+ android-x86_64:
+ var:
+ libdir: 'x86_64-linux-android/lib64'
+
+input_files:
+ - project: container-image
+ - name: '[% c("var/compiler") %]'
+ project: '[% c("var/compiler") %]'
+ - name: binutils
+ project: binutils
+ - project: cmake
+ name: cmake
+ - project: llvm-project
+ name: clang-source
+ - project: ninja
+ name: ninja
+ - project: python
+ name: python
+ enable: '[% c("var/linux") %]'
=====================================
projects/container-image/config
=====================================
@@ -37,9 +37,14 @@ pre: |
[% IF c("var/linux-cross") -%]
dpkg --add-architecture [% c("var/arch_debian") %]
[% END -%]
+ [% IF c("var/container/suite") == "jessie" -%]
+ # We need to use faketime to run `apt-get update` on jessie, because of
+ # expired key. See tor-browser-build#40693
+ dpkg -i ./libfaketime_0.9.6-3_amd64.deb ./faketime_0.9.6-3_amd64.deb
+ [% END -%]
# Update the package cache again because `pre_pkginst` may change the
# package manager configuration.
- apt-get update -y -q
+ [% IF c("var/container/suite") == "jessie" %]faketime '2018-12-24 08:15:42' [% END %]apt-get update -y -q
[% END -%]
apt-get upgrade -y -q
[%
@@ -82,3 +87,9 @@ input_files:
- project: mmdebstrap-image
target:
- '[% c("var/container/suite") %]-[% c("var/container/arch") %]'
+ - URL: http://deb.debian.org/debian/pool/main/f/faketime/faketime_0.9.6-3_amd64.deb
+ sha256sum: 19b2a01a2fae7e6d5a8b741fc0bc626451cb4c2cc884ee79f1136dd3c2c26213
+ enable: '[% c("var/container/suite") == "jessie" %]'
+ - URL: http://deb.debian.org/debian/pool/main/f/faketime/libfaketime_0.9.6-3_amd64.deb
+ sha256sum: 82747d5815b226cfed7f6f9a751bf8c20d457f3ba786add6017d6904dea4fdb4
+ enable: '[% c("var/container/suite") == "jessie" %]'
=====================================
projects/geckoview/build
=====================================
@@ -21,6 +21,8 @@ tar -C /var/tmp/dist -xf [% c('input_files_by_name/nasm') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/node') %]
tar -C /var/tmp/dist -xf [% c('input_files_by_name/clang') %]
export LLVM_CONFIG="/var/tmp/dist/clang/bin/llvm-config"
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/compiler-rt') %]
+cp -r /var/tmp/dist/compiler-rt/* /var/tmp/dist/clang/
tar -C /var/tmp/dist -xf [% c('input_files_by_name/binutils') %]
export PATH="/var/tmp/dist/rust/bin:/var/tmp/dist/cbindgen:/var/tmp/dist/nasm/bin:/var/tmp/dist/node/bin:/var/tmp/dist/clang/bin:/var/tmp/dist/binutils/bin:$PATH"
=====================================
projects/geckoview/config
=====================================
@@ -171,6 +171,8 @@ input_files:
name: nasm
- project: clang
name: clang
+ - project: 'compiler-rt'
+ name: 'compiler-rt'
- filename: 'gradle-dependencies-[% c("var/gradle_dependencies_version") %]'
name: gradle-dependencies
exec: '[% INCLUDE "fetch-gradle-dependencies" %]'
=====================================
projects/mmdebstrap-image/apt-key-allow-expired-key.patch
=====================================
@@ -0,0 +1,23 @@
+--- o/apt-key 2022-11-30 14:57:12.742026261 +0000
++++ n/apt-key 2022-12-01 08:38:08.170140893 +0000
+@@ -815,11 +815,18 @@
+ create_gpg_home
+ fi
+ setup_merged_keyring
++ tmpfile=$(mktemp)
++ set +e
+ if [ -n "$FORCED_KEYRING" ]; then
+- "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "$(dearmor_filename "${FORCED_KEYRING}")" --ignore-time-conflict "$@"
++ (eval "exec ${GPGSTATUSFD}>$tmpfile"; "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "$(dearmor_filename "${FORCED_KEYRING}")" --ignore-time-conflict "$@")
+ else
+- "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@"
++ (eval "exec ${GPGSTATUSFD}>$tmpfile"; "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@")
+ fi
++ err=$?
++ set -e
++ cat "$tmpfile" | sed 's/^\[GNUPG:\] EXPKEYSIG /\[GNUPG:\] GOODSIG /' >&${GPGSTATUSFD}
++ rm -f "$tmpfile"
++ exit $err
+ ;;
+ help)
+ usage
=====================================
projects/mmdebstrap-image/config
=====================================
@@ -6,7 +6,7 @@ container:
use_container: 1
var:
- ubuntu_version: 22.04
+ ubuntu_version: 22.04.1
pre: |
#!/bin/sh
@@ -16,6 +16,14 @@ pre: |
apt-get update -y -q
apt-get install -y -q debian-archive-keyring ubuntu-keyring mmdebstrap gnupg
+ [% IF c("var/container/suite") == "jessie" -%]
+ apt-get install -y -q patch
+ cd /usr/bin
+ # The gpg key for jessie is expired. We patch apt-key to accept expired keys.
+ patch -p1 < $rootdir/apt-key-allow-expired-key.patch
+ cd $rootdir
+ [% END -%]
+
export SOURCE_DATE_EPOCH='[% c("timestamp") %]'
tar -xf [% c('input_files_by_name/mmdebstrap') %]
./mmdebstrap/mmdebstrap --mode=unshare [% c("var/container/mmdebstrap_opt") %] [% c("var/container/suite") %] output.tar.gz [% c("var/container/debian_mirror") %]
@@ -55,4 +63,6 @@ input_files:
name: mmdebstrap
- URL: 'https://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
- sha256sum: df6fe77cee11bd216ac532f0ee082bdc4da3c0cc1f1d9cb20f3f743196bc4b07
+ sha256sum: e1f9200c99da008a473c9ae7b51e13f5ea05dc4c2e12beb43f0f9cbbbf6216f4
+ - filename: apt-key-allow-expired-key.patch
+ enable: '[% c("var/container/suite") == "jessie" %]'
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/b5077a28ba7f62f8cecdd4d81aedaf9d359ca15b...4d2e38cdafded4f4cb9f24b9aaf5bda090b52caa
--
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/b5077a28ba7f62f8cecdd4d81aedaf9d359ca15b...4d2e38cdafded4f4cb9f24b9aaf5bda090b52caa
You're receiving this email because of your account on gitlab.torproject.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tbb-commits/attachments/20221209/078b1a06/attachment-0001.htm>
More information about the tbb-commits
mailing list