[tor-commits] [tor] 01/04: Update CI builds to Debian Bullseye, fix associated compatibility bugs

Wed May 31 18:33:12 UTC 2023

This is an automated email from the git hooks/post-receive script.

dgoulet pushed a commit to branch main
in repository tor.

commit 3036bedf30d413e8236ec962b9c91b66988c2204
Author: Micah Elizabeth Scott <beth at torproject.org>
AuthorDate: Tue May 30 09:53:09 2023 -0700

    Update CI builds to Debian Bullseye, fix associated compatibility bugs
    
    This is a change intended for 0.4.7 maintenance as well as main.
    
    The CI builds use Debian Buster which is now end of life, and I was
    experiencing inconsistent CI failures with accessing its security update
    server. I wanted to update CI to a distro that isn't EOL, and Bullseye
    is the current stable release of Debian.
    
    This opened up a small can of worms that this commit also deals with.
    In particular there's a docker engine bug that we work around by
    removing the docker-specific apt cleanup script if it exists, and
    there's a new incompatibility between tracing and sandbox support.
    
    The tracing/sandbox incompatibility itself had two parts:
    
      - The membarrier() syscall is used to deliver inter-processor
        synchronization events, and the external "userspace-rcu"
        data structure library would make assumptions that if membarrier
        is available at initialization it always will be. This caused
        segfaults in some cases when running trace + sandbox. Resolved this
        by allowing membarrier entirely, in the sandbox.
    
      - userspace-rcu also assumes it can block signals, and fails
        hard if this can't be done. We already include a similar carveout
        to allow this in the sandbox for fragile-hardening, so I extended
        that to cover tracing as well.
    
    Addresses issue #40799
    
    Signed-off-by: Micah Elizabeth Scott <beth at torproject.org>
---
 .gitlab-ci.yml            | 21 ++++++++++++---------
 src/lib/sandbox/sandbox.c |  7 ++++++-
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d033b7ca30..3bb2a9a40f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -49,6 +49,7 @@ variables:
       echo Etc/UTC > /etc/timezone
       mkdir -p apt-cache
       export APT_CACHE_DIR="$(pwd)/apt-cache"
+      rm -f /etc/apt/apt.conf.d/docker-clean
       echo 'quiet "1";' \
            'APT::Install-Recommends "0";' \
            'APT::Install-Suggests "0";' \
@@ -79,9 +80,11 @@ variables:
     - *apt-template
     # Install patches unconditionally.
     - apt-get install
+        apt-utils
         automake
         build-essential
         ca-certificates
+        file
         git
         libevent-dev
         liblzma-dev
@@ -106,7 +109,7 @@ variables:
 # Minimal check on debian: just make, make check.
 #
 debian-minimal:
-  image: debian:buster
+  image: debian:bullseye
   <<: *debian-template
   script:
     - ./scripts/ci/ci-driver.sh
@@ -114,7 +117,7 @@ debian-minimal:
 # Minmal check on debian/i386: just make, make check.
 #
 debian-i386-minimal:
-  image: i386/debian:buster
+  image: i386/debian:bullseye
   <<: *debian-template
   script:
     - ./scripts/ci/ci-driver.sh
@@ -137,7 +140,7 @@ debian-hardened:
 #####
 # Distcheck on debian stable
 debian-distcheck:
-  image: debian:buster
+  image: debian:bullseye
   <<: *debian-template
   variables:
     DISTCHECK: "yes"
@@ -148,7 +151,7 @@ debian-distcheck:
 #####
 # Documentation tests on debian stable: doxygen and asciidoc.
 debian-docs:
-  image: debian:buster
+  image: debian:bullseye
   <<: *debian-template
   variables:
     DOXYGEN: "yes"
@@ -166,7 +169,7 @@ debian-docs:
 #       with the 'artifacts' mechanism, in theory, but it would be good to
 #       avoid having to have a system with hundreds of artifacts.
 debian-integration:
-  image: debian:buster
+  image: debian:bullseye
   <<: *debian-template
   variables:
     CHECK: "no"
@@ -180,7 +183,7 @@ debian-integration:
 #####
 # Tracing build on Debian stable.
 debian-tracing:
-  image: debian:buster
+  image: debian:bullseye
   <<: *debian-template
   variables:
     TRACING: "yes"
@@ -192,7 +195,7 @@ debian-tracing:
 #####
 # No-authority mode
 debian-disable-dirauth:
-  image: debian:buster
+  image: debian:bullseye
   <<: *debian-template
   variables:
     DISABLE_DIRAUTH: "yes"
@@ -202,7 +205,7 @@ debian-disable-dirauth:
 #####
 # No-relay mode
 debian-disable-relay:
-  image: debian:buster
+  image: debian:bullseye
   <<: *debian-template
   variables:
     DISABLE_RELAY: "yes"
@@ -212,7 +215,7 @@ debian-disable-relay:
 #####
 # NSS check on debian
 debian-nss:
-  image: debian:buster
+  image: debian:bullseye
   <<: *debian-template
   variables:
     NSS: "yes"
diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c
index 6800fa062b..5dace3a8a2 100644
--- a/src/lib/sandbox/sandbox.c
+++ b/src/lib/sandbox/sandbox.c
@@ -220,6 +220,10 @@ static int filter_nopar_gen[] = {
 #endif
     // glob uses this..
     SCMP_SYS(lstat),
+#ifdef __NR_membarrier
+    /* Inter-processor synchronization, needed for tracing support */
+    SCMP_SYS(membarrier),
+#endif
     SCMP_SYS(mkdir),
     SCMP_SYS(mlockall),
 #ifdef __NR_mmap
@@ -1165,7 +1169,8 @@ sb_rt_sigprocmask(scmp_filter_ctx ctx, sandbox_cfg_t *filter)
   int rc = 0;
   (void) filter;
 
-#ifdef ENABLE_FRAGILE_HARDENING
+#if defined(ENABLE_FRAGILE_HARDENING) || \
+    defined(USE_TRACING_INSTRUMENTATION_LTTNG)
   rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask),
       SCMP_CMP(0, SCMP_CMP_EQ, SIG_BLOCK));
   if (rc)

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.
