[tor-commits] [builders/rbm] branch master updated: Add default values for several tor-browser-build options

gitolite role git at cupani.torproject.org
Fri Jul 1 14:35:22 UTC 2022 

This is an automated email from the git hooks/post-receive script.

gk pushed a commit to branch master
in repository builders/rbm.

The following commit(s) were added to refs/heads/master by this push:
     new a91d465  Add default values for several tor-browser-build options
a91d465 is described below

commit a91d4653cb5f66d86fd4d306c564161acfd6fa79
Author: Georg Koppen <gk at torproject.org>
AuthorDate: Wed Jun 29 12:37:27 2022 +0000

    Add default values for several tor-browser-build options
    
    This includes:
    
    compress_tar
    buildconf: num_procs (which is now just num_procs)
    ENV
    gpg_wrapper
    var: touch (which is now just touch)
    
    Closes: #40040.
---
 doc/options_misc.asc     | 12 +++++++++++-
 doc/options_tar.asc      |  7 ++++++-
 doc/rbm_config.asc       |  3 ++-
 lib/RBM.pm               |  7 ++++++-
 lib/RBM/DefaultConfig.pm | 35 +++++++++++++++++++++++++++++++++--
 5 files changed, 58 insertions(+), 6 deletions(-)

diff --git a/doc/options_misc.asc b/doc/options_misc.asc
index 5612df3..084348d 100644
--- a/doc/options_misc.asc
+++ b/doc/options_misc.asc
@@ -36,7 +36,7 @@ zip::
         to create deterministic zip files. This option takes a +zip_src+
         argument which is an array containing source files or directories,
         and a +zip_args+ arguments which is usually the destination zip
-        file, and optionaly other zip options. By default, GNU options
+        file, and optionally other zip options. By default, GNU options
         are used in find, but you can disable that with +gnu_utils+.
 
 install_package::
@@ -44,3 +44,13 @@ install_package::
         package. The packages to be installed should be set in option
         +pkg_name+. It will use apt-get on Debian/Ubuntu, yum on Fedora,
         zypper on openSUSE and urpmi on Mageia/Mandriva.
+
+num_procs::
+        This option allows to specify the number of CPUs used to
+        parallelize the build. By default it is set to whatever value
+        +nrpoc+ is returning on the build machine.
+
+touch::
+        This option can be used to set the mtime of files to +timestamp+.
+        It takes a +touch_args+ argument which is the intended file to
+        touch.
diff --git a/doc/options_tar.asc b/doc/options_tar.asc
index b615dec..c21317f 100644
--- a/doc/options_tar.asc
+++ b/doc/options_tar.asc
@@ -22,7 +22,8 @@ git_submodule::
 
 compress_tar::
         If set, the tarball created will be compressed in the select
-        format. Possible values: xz, gz, bz2.
+        format. Possible values: xz, gz, bz2. The default is gz but it
+        can stay empty to disable compression.
 
 commit_gpg_id::
         If set, the commit selected with +git_hash+ will have its
@@ -64,3 +65,7 @@ gpg_bin::
 
 gpg_args::
         Optional gpg arguments. The default is empty.
+
+gpg_allow_expired_keys::
+        Allowing expired keys to successfully verify e.g. signed git tags.
+        By default this is not allowed.
diff --git a/doc/rbm_config.asc b/doc/rbm_config.asc
index 46c1caf..dc045e2 100644
--- a/doc/rbm_config.asc
+++ b/doc/rbm_config.asc
@@ -191,7 +191,8 @@ ENV::
         containing the environment variables that will be defined
         when rbm is starting. This is useful for defining variables
         that can affect how the templates are processed (for instance
-        the +TZ+ variable if dates are used).
+        the +TZ+ variable if dates are used). If this option is not
+        defined +TZ+ will be set to UTC and +LC_ALL+ to C.
 
 include::options_tar.asc[]
 
diff --git a/lib/RBM.pm b/lib/RBM.pm
index 88679f2..a92a04b 100644
--- a/lib/RBM.pm
+++ b/lib/RBM.pm
@@ -109,7 +109,12 @@ sub find_config_file {
 }
 
 sub set_default_env {
-    %ENV = (%ENV, %{$config->{ENV}}) if ref $config->{ENV} eq 'HASH';
+    if (ref $config->{ENV} eq 'HASH') {
+        %ENV = (%ENV, %{$config->{ENV}});
+    } else {
+        $ENV{TZ} = 'UTC';
+        $ENV{LC_ALL} = 'C';
+    }
 }
 
 sub rbm_path {
diff --git a/lib/RBM/DefaultConfig.pm b/lib/RBM/DefaultConfig.pm
index 109ca8d..a638fc0 100644
--- a/lib/RBM/DefaultConfig.pm
+++ b/lib/RBM/DefaultConfig.pm
@@ -102,6 +102,14 @@ our %default_config = (
     sysconf_file  => '/etc/rbm.conf',
     localconf_file=> 'rbm.local.conf',
     tmp_dir       => '[% GET ENV.TMPDIR ? ENV.TMPDIR : "/tmp"; %]',
+    num_procs     => sub {
+        return $ENV{RBM_NUM_PROCS} if $ENV{RBM_NUM_PROCS};
+        CORE::state $nproc;
+        return $nproc if $nproc;
+        my ($stdout, $stderr, $success) = capture_exec('nproc');
+        chomp $stdout;
+        return $nproc = $success ? $stdout : '4';
+    },
     rbm_tmp_dir   => \&rbm_tmp_dir,
     projects_dir  => 'projects',
     modules_dir   => 'modules',
@@ -140,12 +148,14 @@ our %default_config = (
         return '946684800';
     },
     debug         => 0,
+    compress_tar  => 'gz',
     version       => "[%- exit_error('No version specified for ' _ project); -%]",
 ####
 ####
 ####
     gpg_bin         => 'gpg',
     gpg_args        => '',
+    gpg_allow_expired_keys => 0,
     gpg_keyring_path => sub {
         my ($project, $options) = @_;
         my $gpg_keyring = RBM::project_config($project, 'gpg_keyring', $options);
@@ -159,8 +169,11 @@ our %default_config = (
         }
         RBM::exit_error("keyring file $gpg_keyring is missing")
     },
+    # Make it possible for gpg_wrapper to allow git tag signed using an expired
+    # key.
+    # https://bugs.torproject.org/19737
     gpg_wrapper     => <<GPGEND,
-#!/bin/sh
+#!/bin/bash
 export LC_ALL=C
 [%
     IF c('gpg_keyring_path');
@@ -168,7 +181,18 @@ export LC_ALL=C
                      _ ' --no-default-keyring --no-auto-check-trustdb --trust-model always';
     END;
 -%]
-exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "\$@"
+gpg_verify=0
+for opt in "\$@"
+do
+  test "\$opt" = '--verify' && gpg_verify=1
+done
+if [ \$gpg_verify = 1 ]
+then
+      [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "\$@"[% IF c('gpg_allow_expired_keys') %] | sed 's/^\\[GNUPG:\\] EXPKEYSIG /\\[GNUPG:\\] GOODSIG /'[% END %]
+      exit \${PIPESTATUS[0]}
+else
+      exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "\$@"
+fi
 GPGEND
 ####
 ####
@@ -450,6 +474,13 @@ find [% src.join(' ') %] | sort | \
 ZIP_END
 ####
 ####
+####
+    touch => <<TOUCH_END,
+[% USE date -%]
+touch -m -t [% date.format(c('timestamp'), format = '%Y%m%d%H%M') %] [% c('touch_args', { error_if_undef => 1 }) %]
+TOUCH_END
+####
+####
 ####
     arch   => \&get_arch,
     input_files_by_name => sub { RBM::input_files('getfnames', @_); },

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the tor-commits mailing list