- tbb-commits - lists.torproject.org

[tor-browser-bundle/master] Stop our multi lingual experiment on nightlies
by gk＠torproject.org 10 May '17

10 May '17

commit db5cdfceb8fa095ad94eb9a413a35d30ccc60486 Author: Georg Koppen <gk(a)torproject.org> Date: Wed May 10 07:48:17 2017 +0000 Stop our multi lingual experiment on nightlies We are not showing the language prompt on first start anymore. Thus, the multi lingual setup has stopped working for nightlies. We remove that experiment until we solve #17400 properly or have a new prototype to try. --- gitian/versions.nightly | 4 ---- 1 file changed, 4 deletions(-) diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 533aead..2189139 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -11,10 +11,6 @@ BUILD_PT_BUNDLES=1 # DATA_OUTSIDE_APP_DIR is only implemented for Mac OS. DATA_OUTSIDE_APP_DIR=1 -# If you remove MULTI_LINGUAL=1, be sure to use a version of Tor Launcher -# that does not include the language prompt. -MULTI_LINGUAL=1 - VERIFY_TAGS=0 FIREFOX_VERSION=52.1.0esr

1 0

[tor-browser-bundle/master] Bug 20683: Use signed selfrando tag from now on
by gk＠torproject.org 10 May '17

10 May '17

commit 8fe0e322b950efa2456502428bee66dde8b4948a Author: Georg Koppen <gk(a)torproject.org> Date: Wed May 10 08:05:28 2017 +0000 Bug 20683: Use signed selfrando tag from now on --- gitian/gpg/selfrando.gpg | Bin 0 -> 2759 bytes gitian/verify-tags.sh | 2 +- gitian/versions.alpha | 2 +- gitian/versions.nightly | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) diff --git a/gitian/gpg/selfrando.gpg b/gitian/gpg/selfrando.gpg new file mode 100644 index 0000000..276955d Binary files /dev/null and b/gitian/gpg/selfrando.gpg differ diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index 7d551b8..123719d 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -105,6 +105,7 @@ obfs4 obfs4proxy.gpg $OBFS4_TAG https-everywhere https-everywhere.gpg $HTTPSE_TAG cmake cmake.gpg $CMAKE_TAG sandbox obfs4proxy.gpg $SANDBOX_TAG +selfrando selfrando.gpg $SELFRANDO_TAG EOF while read dir commit; do @@ -125,7 +126,6 @@ depot_tools $DEPOT_TOOLS_TAG go-webrtc $GO_WEBRTC_TAG snowflake $SNOWFLAKE_TAG uniuri $UNIURI_TAG -selfrando $SELFRANDO_TAG EOF # Verify signatures on signed packages diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 33be86d..063ce76 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -47,7 +47,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou GO_WEBRTC_TAG=ab1b64862e0c4b4182010699911c2c5818f0a101 SNOWFLAKE_TAG=9f2e9a6ecb696149708716ca06ce842df03cf492 UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a -SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb +SELFRANDO_TAG=tb-v0.2 GITIAN_TAG=tor-browser-builder-4-4 diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 69ddb47..533aead 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -54,7 +54,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou GO_WEBRTC_TAG=master SNOWFLAKE_TAG=master UNIURI_TAG=master -SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb +SELFRANDO_TAG=tb-v0.2 GITIAN_TAG=tor-browser-builder-4

1 0

[tor-browser/tor-browser-52.1.0esr-7.0-2] fixup! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter;
by gk＠torproject.org 10 May '17

10 May '17

commit e6b99c78fdc1800988537c73ef13e75b56c28b3e Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Tue May 9 15:29:43 2017 -0400 fixup! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing. Use a data: URL for the browser.search.defaultenginename preference value so that the value is used when setting the default search engine. Fixes bug #22044. --- browser/app/profile/000-tor-browser.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index 27cfe53..d422694 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -267,7 +267,7 @@ pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\" // Putting the search engine prefs into this file to fix #11236. // Default search engine -pref("browser.search.defaultenginename", "DuckDuckGo"); +pref("browser.search.defaultenginename", "data:text/plain,browser.search.defaultenginename=DuckDuckGo"); // Make sure we use the same search engine regardless of locale pref("browser.search.geoSpecificDefaults", false);

1 0

[tor-browser/tor-browser-52.1.0esr-7.0-2] Bug 16337: Round times exposed by Animation API to nearest 100ms
by gk＠torproject.org 10 May '17

10 May '17

commit 77f0de013fa2b5bedb851507f5ec94a8f39f8b8c Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Wed May 3 23:47:53 2017 -0700 Bug 16337: Round times exposed by Animation API to nearest 100ms --- dom/animation/AnimationUtils.h | 3 +- dom/animation/test/mochitest.ini | 1 + .../test/test_animation_time_rounding.html | 43 ++++++++++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) diff --git a/dom/animation/AnimationUtils.h b/dom/animation/AnimationUtils.h index 82ae69b..e20f314 100644 --- a/dom/animation/AnimationUtils.h +++ b/dom/animation/AnimationUtils.h @@ -28,7 +28,8 @@ public: dom::Nullable<double> result; if (!aTime.IsNull()) { - result.SetValue(aTime.Value().ToMilliseconds()); + double unrounded = aTime.Value().ToMilliseconds(); + result.SetValue(floor(unrounded / 100) * 100); } return result; diff --git a/dom/animation/test/mochitest.ini b/dom/animation/test/mochitest.ini index feb4245..49d230c 100644 --- a/dom/animation/test/mochitest.ini +++ b/dom/animation/test/mochitest.ini @@ -109,3 +109,4 @@ skip-if = toolkit == 'android' [style/test_animation-seeking-with-start-time.html] [style/test_animation-setting-effect.html] [style/test_animation-setting-spacing.html] +[test_animation_time_rounding.html] diff --git a/dom/animation/test/test_animation_time_rounding.html b/dom/animation/test/test_animation_time_rounding.html new file mode 100644 index 0000000..baad593 --- /dev/null +++ b/dom/animation/test/test_animation_time_rounding.html @@ -0,0 +1,43 @@ +<!DOCTYPE HTML> +<html> +  + <head> + <meta charset="utf-8"> + <title>Test for Tor Bug 16337</title> + <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> + </head> + <body> + <div id="testDiv">test</div> + <script type="application/javascript"> + SimpleTest.waitForExplicitFinish(); + let runTest = async function () { + await SpecialPowers.pushPrefEnv({ set: [["dom.animations-api.core.enabled", true]] }); + let isRounded = x => (Math.floor(x/100)*100) === x; + let testDiv = document.getElementById("testDiv"); + let animation = testDiv.animate({ opacity: [0,1] }, 100000); + animation.play(); + SimpleTest.waitForCondition( + () => animation.currentTime > 1000, + function () { + ok(isRounded(animation.startTime), + "animation.startTime is rounded"); + ok(isRounded(animation.currentTime), + "animation.currentTime is rounded"); + ok(isRounded(animation.timeline.currentTime), + "animation.timeline.currentTime is rounded"); + if (document.timeline) { + ok(isRounded(document.timeline.currentTime), + "document.timeline.currentTime is rounded"); + } + SimpleTest.finish(); + }, + "animation failed to start"); + } + + window.onload = runTest; + </script> + </body> +</html>

1 0

[tor-browser-bundle/master] Bug 20683: Integrate Selfrando into alpha Linux builds
by gk＠torproject.org 08 May '17

08 May '17

commit 332c5b6c16f1b0915f537a4ad5af48295f80c733 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Apr 25 11:20:53 2017 +0000 Bug 20683: Integrate Selfrando into alpha Linux builds Selfrando is a new defense against code reuse attacks developed by the Redactor and Readactor++ people. We should give it a wider testing audience by including it in the alpha series. This is currently only available for 64bit Linux builds, though. Supporting other platforms and architectures is work in progress. --- RelativeLink/start-tor-browser | 1 + gitian/descriptors/linux/gitian-firefox.yml | 17 +++++ gitian/descriptors/linux/gitian-utils.yml | 46 +++++++++++++ gitian/fetch-inputs.sh | 4 +- gitian/gpg/ELFUTILS.gpg | Bin 0 -> 10483 bytes gitian/mkbundle-linux.sh | 13 ++-- gitian/patches/binutils-224-gold.patch | 98 ++++++++++++++++++++++++++++ gitian/verify-tags.sh | 3 +- gitian/versions.alpha | 4 ++ gitian/versions.nightly | 4 ++ 10 files changed, 183 insertions(+), 7 deletions(-) diff --git a/RelativeLink/start-tor-browser b/RelativeLink/start-tor-browser index a78b367..2dd40fc 100755 --- a/RelativeLink/start-tor-browser +++ b/RelativeLink/start-tor-browser @@ -270,6 +270,7 @@ fi LD_LIBRARY_PATH="${HOME}/TorBrowser/Tor/" export LD_LIBRARY_PATH +export SELFRANDO_write_layout_file= function setControlPortPasswd() { local ctrlPasswd=$1 diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml index c9ced44..db4f232 100644 --- a/gitian/descriptors/linux/gitian-firefox.yml +++ b/gitian/descriptors/linux/gitian-firefox.yml @@ -27,6 +27,8 @@ reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "https://git.torproject.org/tor-browser.git" "dir": "tor-browser" +- "url": "https://github.com/immunant/selfrando.git" + "dir": "selfrando" files: - "binutils-linux32-utils.zip" - "binutils-linux64-utils.zip" @@ -36,6 +38,8 @@ files: - "re-dzip.sh" - "dzip.sh" - "versions" +# XXX: 64bits only for now :(, see #20683. +- "selfrando-linux64-utils.zip" script: | source versions INSTDIR="$HOME/install" @@ -53,6 +57,11 @@ script: | export DEB_BUILD_HARDENING_FORMAT=1 export DEB_BUILD_HARDENING_PIE=1 # + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + unzip -d $INSTDIR selfrando-linux64-utils.zip + fi # Preparing Binutils and GCC for Tor Browser unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip # Make sure gold is used with the hardening wrapper for full RELRO, see @@ -94,6 +103,14 @@ script: | find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" rm -f configure rm -f js/src/configure + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + # Selfrando wrapper + export PATH="$HOME/build/selfrando/Tools/TorBrowser/tc-wrapper/:$PATH" + # We need to avoid the shuffling while building as this breaks compilation + export SELFRANDO_skip_shuffle= + fi make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --with-distribution-id=org.torproject --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts" find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" make $MAKEOPTS -f client.mk build diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml index d10422b..eb340b8 100644 --- a/gitian/descriptors/linux/gitian-utils.yml +++ b/gitian/descriptors/linux/gitian-utils.yml @@ -24,10 +24,14 @@ packages: - "libssl-dev" # Needed for binutils (64bit) as we are building with PIE enabled. - "libstdc++6-4.7-pic" +# Needed for Selfrando +- "scons" reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "https://github.com/libevent/libevent.git" "dir": "libevent" +- "url": "https://github.com/immunant/selfrando.git" + "dir": "selfrando" files: - "binutils.tar.bz2" - "gcc.tar.bz2" @@ -37,6 +41,8 @@ files: - "go.tar.gz" - "versions" - "dzip.sh" +- "elfutils.tar.bz2" +- "binutils-224-gold.patch" script: | INSTDIR="$HOME/install" source versions @@ -52,6 +58,12 @@ script: | export DEB_BUILD_HARDENING_FORMAT=1 export DEB_BUILD_HARDENING_PIE=1 + ARCH="" + if [ $GBUILD_BITS == "64" ]; + then + ARCH="64" + fi + # Building Binutils tar xjf binutils.tar.bz2 # The libstdc++ shipped by default is non-PIC which breaks the binutils build @@ -63,6 +75,13 @@ script: | export LDFLAGS="-L/home/debian -lstdc++" fi cd binutils* + # We need to work around a gold linker bug in 2.24 to get selfrando working, + # see bug 20683. + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + patch -p1 < ../binutils-224-gold.patch + fi # We want to use gold as the linker in our toolchain mainly as it is way # faster when linking Tor Browser code (especially libxul). But apart from # that it fixes #12103 and issues with ESR 31 and our Gitian setup as well @@ -86,6 +105,28 @@ script: | cd .. export DEB_BUILD_HARDENING_FORMAT=1 + export PATH="$INSTDIR/binutils/bin:$INSTDIR/gcc/bin:$PATH" + export LD_LIBRARY_PATH="$INSTDIR/gcc/lib$ARCH" + + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + # Building Elfutils + tar xjf elfutils.tar.bz2 + cd elfutils*/ + ./configure --prefix=$INSTDIR/elfutils + make $MAKEOPTS + make install + cd .. + + # Building Selfrando + cd selfrando + scons -Q arch=x86_64 LIBELF_PATH="$INSTDIR/elfutils" FORCE_INPLACE=1 DEBUG_LEVEL=env WRITE_LAYOUTS=env LOG=console + mkdir -p $INSTDIR/selfrando + cp out/x86_64/bin/* $INSTDIR/selfrando/ + cd .. + fi + # Building Libevent cd libevent ./autogen.sh @@ -157,4 +198,9 @@ script: | ~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-linux$GBUILD_BITS-utils.zip libevent ~/build/dzip.sh gmp-$GMP_VER-linux$GBUILD_BITS-utils.zip gmp ~/build/dzip.sh go-$GO_VER-linux$GBUILD_BITS-utils.zip go + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + ~/build/dzip.sh selfrando-$SELFRANDO_TAG-linux$GBUILD_BITS-utils.zip selfrando + fi cp *utils.zip $OUTDIR/ diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index b7fcf36..c110eb8 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -113,7 +113,7 @@ update_git() { ############################################################################## # Get+verify sigs that exist -for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI +for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI ELFUTILS do PACKAGE="${i}_PACKAGE" URL="${i}_URL" @@ -252,6 +252,7 @@ ln -sf "$GO_PACKAGE" go.tar.gz ln -sf "$NSIS_PACKAGE" nsis.tar.bz2 ln -sf "$NSIS_DEBIAN_PACKAGE" nsis-debian.tar.xz ln -sf "$YASM_PACKAGE" yasm.tar.gz +ln -sf "$ELFUTILS_PACKAGE" elfutils.tar.bz2 # Fetch latest gitian-builder itself # XXX - this is broken if a non-standard inputs dir is selected using the command line flag. @@ -303,6 +304,7 @@ depot_tools https://chromium.googlesource.com/chromium/tools/depot_too go-webrtc https://github.com/keroserene/go-webrtc $GO_WEBRTC_TAG snowflake https://git.torproject.org/pluggable-transports/snowflake.git $SNOWFLAKE_TAG uniuri https://github.com/dchest/uniuri $UNIURI_TAG +selfrando https://github.com/immunant/selfrando.git $SELFRANDO_TAG EOF # HTTPS-Everywhere is special, too. We need to initialize the git submodules and diff --git a/gitian/gpg/ELFUTILS.gpg b/gitian/gpg/ELFUTILS.gpg new file mode 100644 index 0000000..f1cd4b3 Binary files /dev/null and b/gitian/gpg/ELFUTILS.gpg differ diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index 6dbbe51..0a1613f 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -35,7 +35,7 @@ fi if [ -z "$VM_MEMORY" ]; then - export VM_MEMORY=4000 + export VM_MEMORY=6000 fi ./make-vms.sh @@ -99,7 +99,7 @@ then fi cd $GITIAN_DIR - +# XXX: 64bits selfrando only for now :(, see #20683. if [ ! -f inputs/binutils-$BINUTILS_VER-linux32-utils.zip -o \ ! -f inputs/binutils-$BINUTILS_VER-linux64-utils.zip -o \ ! -f inputs/gcc-$GCC_VER-linux32-utils.zip -o \ @@ -111,13 +111,14 @@ if [ ! -f inputs/binutils-$BINUTILS_VER-linux32-utils.zip -o \ ! -f inputs/gmp-$GMP_VER-linux32-utils.zip -o \ ! -f inputs/gmp-$GMP_VER-linux64-utils.zip -o \ ! -f inputs/go-$GO_VER-linux32-utils.zip -o \ - ! -f inputs/go-$GO_VER-linux64-utils.zip ]; + ! -f inputs/go-$GO_VER-linux64-utils.zip -o \ + ! -f inputs/selfrando-$SELFRANDO_TAG-linux64-utils.zip ]; then echo echo "****** Starting Utilities Component of Linux Bundle (1/7 for Linux) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libevent=$LIBEVENT_TAG $DESCRIPTOR_DIR/linux/gitian-utils.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libevent=$LIBEVENT_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-utils.yml if [ $? -ne 0 ]; then #mv var/build.log ./utils-fail-linux.log.`date +%Y%m%d%H%M%S` @@ -138,6 +139,7 @@ then ln -sf gmp-$GMP_VER-linux64-utils.zip gmp-linux64-utils.zip ln -sf go-$GO_VER-linux32-utils.zip go-linux32-utils.zip ln -sf go-$GO_VER-linux64-utils.zip go-linux64-utils.zip + ln -sf selfrando-$SELFRANDO_TAG-linux64-utils.zip selfrando-linux64-utils.zip cd .. #cp -a result/utils-linux-res.yml inputs/ else @@ -159,6 +161,7 @@ else ln -sf gmp-$GMP_VER-linux64-utils.zip gmp-linux64-utils.zip ln -sf go-$GO_VER-linux32-utils.zip go-linux32-utils.zip ln -sf go-$GO_VER-linux64-utils.zip go-linux64-utils.zip + ln -sf selfrando-$SELFRANDO_TAG-linux64-utils.zip selfrando-linux64-utils.zip cd .. fi @@ -193,7 +196,7 @@ then echo "****** Starting TorBrowser Component of Linux Bundle (3/7 for Linux) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor-browser=$TORBROWSER_TAG,faketime=$FAKETIME_TAG $DESCRIPTOR_DIR/linux/gitian-firefox.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor-browser=$TORBROWSER_TAG,faketime=$FAKETIME_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-firefox.yml if [ $? -ne 0 ]; then #mv var/build.log ./firefox-fail-linux.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/patches/binutils-224-gold.patch b/gitian/patches/binutils-224-gold.patch new file mode 100644 index 0000000..a45e49c --- /dev/null +++ b/gitian/patches/binutils-224-gold.patch @@ -0,0 +1,98 @@ +From f984741df04cd68bb116073fdfa9405808810ab4 Mon Sep 17 00:00:00 2001 +From: Cary Coutant <ccoutant(a)google.com> +Date: Wed, 5 Feb 2014 22:59:02 -0800 +Subject: [PATCH] Fix issues with gold undefined symbol diagnostics. + +PR binutils/15435 complains that gold issues a visibility error for an +weak undefined symbol with hidden visibility. The message should be +suppressed if the symbol is a weak undef. + +An earlier patch to add an extra note about key functions when a class's +vtable symbol is undefined missed a case where the reference to the +vtable came from a shared library. This patch moves the check to a +lower-level routine that catches both cases. + +gold/ + +2014-02-05 Cary Coutant <ccoutant(a)google.com> + + * errors.cc (Errors::undefined_symbol): Move undef vtable symbol + check to here. + * target-reloc.h (is_strong_undefined): New function. + (relocate_section): Move undef vtable symbol check from here. + Check for is_strong_undefined. + +diff --git a/gold/ChangeLog b/gold/ChangeLog +index dcf7ed41f8..dd7ef72980 100644 +--- a/gold/ChangeLog ++++ b/gold/ChangeLog +@@ -1,3 +1,14 @@ ++2014-02-05 Cary Coutant <ccoutant(a)google.com> ++ ++ Fix issues with gold undefined symbol diagnostics. ++ ++ PR binutils/15435 ++ * errors.cc (Errors::undefined_symbol): Move undef vtable symbol ++ check to here. ++ * target-reloc.h (is_strong_undefined): New function. ++ (relocate_section): Move undef vtable symbol check from here. ++ Check for is_strong_undefined. ++ + 2013-11-22 Cary Coutant <ccoutant(a)google.com> + + * testsuite/Makefile.am (exception_x86_64_bnd_test): Use in-tree +diff --git a/gold/errors.cc b/gold/errors.cc +index b79764bd1d..98db0fdd86 100644 +--- a/gold/errors.cc ++++ b/gold/errors.cc +@@ -193,6 +193,11 @@ Errors::undefined_symbol(const Symbol* sym, const std::string& location) + fprintf(stderr, + _("%s: %s: undefined reference to '%s', version '%s'\n"), + location.c_str(), zmsg, sym->demangled_name().c_str(), version); ++ ++ if (sym->is_cxx_vtable()) ++ gold_info(_("%s: the vtable symbol may be undefined because " ++ "the class is missing its key function"), ++ program_name); + } + + // Issue a debugging message. +diff --git a/gold/target-reloc.h b/gold/target-reloc.h +index b544c78f37..d609bcbaa8 100644 +--- a/gold/target-reloc.h ++++ b/gold/target-reloc.h +@@ -144,6 +144,12 @@ class Default_comdat_behavior + } + }; + ++inline bool ++is_strong_undefined(const Symbol* sym) ++{ ++ return sym->is_undefined() && sym->binding() != elfcpp::STB_WEAK; ++} ++ + // Give an error for a symbol with non-default visibility which is not + // defined locally. + +@@ -411,16 +417,10 @@ relocate_section( + } + + if (issue_undefined_symbol_error(sym)) +- { +- gold_undefined_symbol_at_location(sym, relinfo, i, offset); +- if (sym->is_cxx_vtable()) +- gold_info(_("%s: the vtable symbol may be undefined because " +- "the class is missing its key function"), +- program_name); +- } ++ gold_undefined_symbol_at_location(sym, relinfo, i, offset); + else if (sym != NULL + && sym->visibility() != elfcpp::STV_DEFAULT +- && (sym->is_undefined() || sym->is_from_dynobj())) ++ && (is_strong_undefined(sym) || sym->is_from_dynobj())) + visibility_error(sym); + + if (sym != NULL && sym->has_warning()) +-- +2.11.0 + diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index dc207f5..7d551b8 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -125,10 +125,11 @@ depot_tools $DEPOT_TOOLS_TAG go-webrtc $GO_WEBRTC_TAG snowflake $SNOWFLAKE_TAG uniuri $UNIURI_TAG +selfrando $SELFRANDO_TAG EOF # Verify signatures on signed packages -for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI +for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI ELFUTILS do PACKAGE="${i}_PACKAGE" URL="${i}_URL" diff --git a/gitian/versions.alpha b/gitian/versions.alpha index adb9dbf..33be86d 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -47,6 +47,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou GO_WEBRTC_TAG=ab1b64862e0c4b4182010699911c2c5818f0a101 SNOWFLAKE_TAG=9f2e9a6ecb696149708716ca06ce842df03cf492 UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a +SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb GITIAN_TAG=tor-browser-builder-4-4 @@ -71,6 +72,7 @@ GO14_VER=1.4.3 GO_VER=1.8.1 NSIS_VER=2.51 YASM_VER=1.2.0 +ELFUTILS_VER=0.160 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -105,6 +107,7 @@ NOTOKRFONT_PACKAGE=NotoSansKR-Regular.otf NOTOSCFONT_PACKAGE=NotoSansSC-Regular.otf NOTOTCFONT_PACKAGE=NotoSansTC-Regular.otf YASM_PACKAGE=yasm-${YASM_VER}.tar.gz +ELFUTILS_PACKAGE=elfutils-${ELFUTILS_VER}.tar.bz2 # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 @@ -167,3 +170,4 @@ NOTOKRFONT_URL=${NOTOCJKBASE_URL}/${NOTOKRFONT_PACKAGE} NOTOSCFONT_URL=${NOTOCJKBASE_URL}/${NOTOSCFONT_PACKAGE} NOTOTCFONT_URL=${NOTOCJKBASE_URL}/${NOTOTCFONT_PACKAGE} YASM_URL=https://www.tortall.net/projects/yasm/releases/${YASM_PACKAGE} +ELFUTILS_URL=https://sourceware.org/elfutils/ftp/${ELFUTILS_VER}/${ELFUTILS_PACKAGE} diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 4e1618c..69ddb47 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -54,6 +54,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou GO_WEBRTC_TAG=master SNOWFLAKE_TAG=master UNIURI_TAG=master +SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb GITIAN_TAG=tor-browser-builder-4 @@ -78,6 +79,7 @@ GO14_VER=1.4.3 GO_VER=1.8.1 NSIS_VER=2.51 YASM_VER=1.2.0 +ELFUTILS_VER=0.166 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -112,6 +114,7 @@ NOTOKRFONT_PACKAGE=NotoSansKR-Regular.otf NOTOSCFONT_PACKAGE=NotoSansSC-Regular.otf NOTOTCFONT_PACKAGE=NotoSansTC-Regular.otf YASM_PACKAGE=yasm-${YASM_VER}.tar.gz +ELFUTILS_PACKAGE=elfutils-${ELFUTILS_VER}.tar.bz2 # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 @@ -174,3 +177,4 @@ NOTOKRFONT_URL=${NOTOCJKBASE_URL}/${NOTOKRFONT_PACKAGE} NOTOSCFONT_URL=${NOTOCJKBASE_URL}/${NOTOSCFONT_PACKAGE} NOTOTCFONT_URL=${NOTOCJKBASE_URL}/${NOTOTCFONT_PACKAGE} YASM_URL=https://www.tortall.net/projects/yasm/releases/${YASM_PACKAGE} +ELFUTILS_URL=https://sourceware.org/elfutils/ftp/${ELFUTILS_VER}/${ELFUTILS_PACKAGE}

1 0

[tor-browser-build/master] Bug 22115: use i386 containers for the win32 build
by boklm＠torproject.org 08 May '17

08 May '17

commit bb32ec91b538ab17d309b645787149ff376d58e9 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon May 8 18:44:29 2017 +0200 Bug 22115: use i386 containers for the win32 build --- projects/firefox/build | 1 + projects/gcc/config | 3 +++ projects/mingw-w64/config | 1 + projects/tor-browser/build | 13 ------------- projects/tor-browser/config | 12 ++---------- rbm.conf | 8 +++++++- 6 files changed, 14 insertions(+), 24 deletions(-) diff --git a/projects/firefox/build b/projects/firefox/build index 1cf9be1..f445454 100644 --- a/projects/firefox/build +++ b/projects/firefox/build @@ -1,4 +1,5 @@ #!/bin/bash +[% c("var/setarch") -%] [% c("var/set_default_env") -%] [% IF c("var/windows") -%] mkdir -p /var/tmp/dist diff --git a/projects/gcc/config b/projects/gcc/config index 676d1fb..d740a93 100644 --- a/projects/gcc/config +++ b/projects/gcc/config @@ -38,6 +38,9 @@ targets: windows-i686: var: configure_opt: --disable-multilib --enable-languages=c,c++ + arch_deps: + - libc6-dev + - zlib1g-dev linux-i686: var: configure_opt: --enable-multilib --enable-languages=c,c++ --with-system-zlib diff --git a/projects/mingw-w64/config b/projects/mingw-w64/config index 21d498a..5e2c748 100644 --- a/projects/mingw-w64/config +++ b/projects/mingw-w64/config @@ -13,6 +13,7 @@ var: - libmpc-dev - g++-mingw-w64-i686 setup: | + [% c("var/setarch") -%] mkdir -p /var/tmp/dist tar -C /var/tmp/dist -xf [% c("compiler_tarfile") %] export PATH="/var/tmp/dist/mingw-w64/helpers:/var/tmp/dist/mingw-w64/bin:$PATH" diff --git a/projects/tor-browser/build b/projects/tor-browser/build index 7134367..084ec7d 100644 --- a/projects/tor-browser/build +++ b/projects/tor-browser/build @@ -201,19 +201,6 @@ popd [% IF c("var/windows") %] - # We need to install a recent version of python-pefile so that it works - # in a x86_64 container: - # https://github.com/TheTorProject/tor-messenger-build/pull/10 - tar xf $rootdir/[% c('input_files_by_name/python-future') %] - cd $(echo [% c('input_files_by_name/python-future') %] | sed s/\.tar\.gz$//) - python setup.py install --user - cd .. - - tar xf $rootdir/[% c('input_files_by_name/python-pefile') %] - cd $(echo [% c('input_files_by_name/python-pefile') %] | sed s/\.tar\.gz$//) - python setup.py install --user - cd .. - tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/nsis') %] export PATH="/var/tmp/dist/nsis/bin:$PATH" diff --git a/projects/tor-browser/config b/projects/tor-browser/config index c4c2521..805d7b6 100644 --- a/projects/tor-browser/config +++ b/projects/tor-browser/config @@ -27,8 +27,8 @@ targets: windows-i686: var: mar_osname: win32 - container: - suite: utopic + arch_deps: + - python-pefile input_files: - project: container-image @@ -70,11 +70,3 @@ input_files: enable: '[% c("var/windows") %]' - filename: pe_checksum_fix.py enable: '[% c("var/windows") %]' - - name: python-future - URL: https://pypi.python.org/packages/00/2b/8d082ddfed935f3608cc61140df6dcbf0ede… - sha256sum: e39ced1ab767b5936646cedba8bcce582398233d6a627067d4c6a454c90cfedb - enable: '[% c("var/windows") %]' - - name: python-pefile - URL: https://pypi.python.org/packages/92/c0/8589ce9734ffdba258bd3e5acd4afb2e3586… - sha256sum: f24021085b5c3ef7b0898bb1f1d93eecd3839e03512769e22b0c5a10d9095f7b - enable: '[% c("var/windows") %]' diff --git a/rbm.conf b/rbm.conf index 2060132..969922c 100644 --- a/rbm.conf +++ b/rbm.conf @@ -153,7 +153,7 @@ targets: osname: windows-i686 container: suite: precise - arch: amd64 + arch: i386 configure_opt: '--host=i686-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]"' CFLAGS: '[% c("var/flag_mwindows") %] -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security' LDFLAGS: '[% c("var/flag_mwindows") %] -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$gcclibs' @@ -168,6 +168,12 @@ targets: - zip - unzip faketime_path: /usr/lib/faketime/libfaketime.so.1 + setarch: | + if test -z "$RBM_SETARCH" + then + export RBM_SETARCH=1 + exec setarch i686 ./build + fi torbrowser-osx-x86_64: - osx-x86_64

1 0

[tor-browser-build/master] Bug 22115: use i386 containers for the linux32 build
by boklm＠torproject.org 08 May '17

08 May '17

commit d067aa03629fb87c47acf19f81ed51940ebc3ebb Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon May 1 19:58:30 2017 +0200 Bug 22115: use i386 containers for the linux32 build --- projects/binutils/build | 3 ++- projects/common/runc-config.json | 6 +++++- projects/debootstrap-image/config | 22 ++++++++++++++++++++++ projects/firefox/config | 21 ++++----------------- projects/gcc/build | 1 + projects/gcc/config | 17 ++++++++++++----- projects/go-webrtc/config | 8 +------- projects/go/build | 1 + projects/go/config | 1 + projects/snowflake/config | 8 +------- projects/tor/config | 14 +++++--------- projects/webrtc/config | 30 ++++++++---------------------- rbm.conf | 35 ++++++++++++++++------------------- 13 files changed, 79 insertions(+), 88 deletions(-) diff --git a/projects/binutils/build b/projects/binutils/build index 8d4f09f..bd949a5 100644 --- a/projects/binutils/build +++ b/projects/binutils/build @@ -8,7 +8,8 @@ distdir=/var/tmp/dist/binutils export DEB_BUILD_HARDENING_FORTIFY=1 export DEB_BUILD_HARDENING_FORMAT=1 export DEB_BUILD_HARDENING_PIE=1 - +[% END -%] +[% IF c("var/linux-x86_64") %] # The libstdc++ shipped by default is non-PIC which breaks the binutils build # if we build with DEB_BUILD_HARDENING_PIE=1. We need to install a PIC one AND # make sure it gets used before the non-PIC one would. diff --git a/projects/common/runc-config.json b/projects/common/runc-config.json index 4c231cd..3da6c24 100644 --- a/projects/common/runc-config.json +++ b/projects/common/runc-config.json @@ -2,7 +2,11 @@ "ociVersion": "1.0.0-rc1", "platform": { "os": "linux", - "arch": "amd64" +[% IF c("var/container/arch") == 'i386' -%] + "arch": "386" +[% ELSE -%] + "arch": "[% c("var/container/arch") %]" +[% END -%] }, "process": { "terminal": true, diff --git a/projects/debootstrap-image/config b/projects/debootstrap-image/config index bd204f5..15eec3b 100644 --- a/projects/debootstrap-image/config +++ b/projects/debootstrap-image/config @@ -27,23 +27,45 @@ targets: container: suite: wheezy arch: amd64 + wheezy-i386: + var: + container: + suite: wheezy + arch: i386 jessie-amd64: var: container: suite: jessie arch: amd64 + jessie-i386: + var: + container: + suite: jessie + arch: i386 precise-amd64: var: container: suite: precise arch: amd64 debootstrap_opt: --keyring=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg + precise-i386: + var: + container: + suite: precise + arch: i386 + debootstrap_opt: --keyring=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg utopic-amd64: var: container: suite: utopic arch: amd64 debootstrap_mirror: http://old-releases.ubuntu.com/ubuntu/ + utopic-i386: + var: + container: + suite: utopic + arch: i386 + debootstrap_mirror: http://old-releases.ubuntu.com/ubuntu/ input_files: - URL: 'http://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' diff --git a/projects/firefox/config b/projects/firefox/config index d6a68fe..f5c765f 100644 --- a/projects/firefox/config +++ b/projects/firefox/config @@ -28,9 +28,8 @@ targets: var: torbrowser_update_channel: default - linux-x86_64: + linux: var: - martools_filename: mar-tools-linux64.zip arch_deps: - libgtk2.0-dev - libdbus-glib-1-dev @@ -44,25 +43,13 @@ targets: - libx11-xcb-dev # We built GCC but not the libmpc2, thus we need to install it - libmpc2 + linux-x86_64: + var: + martools_filename: mar-tools-linux64.zip linux-i686: var: martools_filename: mar-tools-linux32.zip - sort_deps: 0 - arch_deps: - - libc6-dev-i386 - - libgtk2.0-dev:i386 - - libdbus-glib-1-dev:i386 - - libxt-dev:i386 - # To pass configure since ESR 31. - - libpulse-dev:i386 - # To pass configure since ESR 45. - - libgconf2-dev:i386 - # To pass configure since ESR 52 - - libx11-xcb-dev:i386 - # We built GCC but not the libmpc2, thus we need to install it - - libmpc2 - - hardening-wrapper osx-x86_64: var: diff --git a/projects/gcc/build b/projects/gcc/build index 1c24af7..e509aac 100644 --- a/projects/gcc/build +++ b/projects/gcc/build @@ -1,5 +1,6 @@ #!/bin/sh [% c("var/set_default_env") -%] +[% c("var/setarch") -%] distdir=/var/tmp/dist/[% project %] mkdir /var/tmp/build tar -C /var/tmp/build -xf [% project %]-[% c("version") %].tar.bz2 diff --git a/projects/gcc/config b/projects/gcc/config index 1acf30a..676d1fb 100644 --- a/projects/gcc/config +++ b/projects/gcc/config @@ -4,12 +4,11 @@ version: 5.1.0 var: container: use_container: 1 - configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686 deps: - build-essential - libmpc-dev - - libc6-dev-i386 setup: | + [% c("var/setarch") -%] mkdir -p /var/tmp/dist tar -C /var/tmp/dist -xf $rootdir/[% c("compiler_tarfile") %] export PATH="/var/tmp/dist/gcc/bin:$PATH" @@ -36,12 +35,20 @@ var: popd targets: - osx-x86_64: - var: - configure_opt: --enable-multilib --enable-languages=c,c++ windows-i686: var: configure_opt: --disable-multilib --enable-languages=c,c++ + linux-i686: + var: + configure_opt: --enable-multilib --enable-languages=c,c++ --with-system-zlib + arch_deps: + - libc6-dev + - zlib1g-dev + linux-x86_64: + var: + configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686 + arch_deps: + - libc6-dev-i386 input_files: - project: container-image - URL: 'https://ftp.gnu.org/gnu/gcc/gcc-[% c("version") %]/gcc-[% c("version") %].tar.bz2' diff --git a/projects/go-webrtc/config b/projects/go-webrtc/config index d7c31d6..673215b 100644 --- a/projects/go-webrtc/config +++ b/projects/go-webrtc/config @@ -31,17 +31,11 @@ var: targets: master: git_hash: master - linux-x86_64: + linux: var: arch_deps: - pkg-config - libx11-dev - linux-i686: - var: - arch_deps: - - pkg-config:i386 - - libx11-dev:i386 - - lib32stdc++6 input_files: - project: container-image diff --git a/projects/go/build b/projects/go/build index 2f87bf5..b7fac08 100644 --- a/projects/go/build +++ b/projects/go/build @@ -1,5 +1,6 @@ #!/bin/bash [% c("var/set_default_env") -%] +[% c("var/setarch") -%] distdir=/var/tmp/dist/[% project %] mkdir -p /var/tmp/dist diff --git a/projects/go/config b/projects/go/config index ef9c411..b36f211 100644 --- a/projects/go/config +++ b/projects/go/config @@ -8,6 +8,7 @@ var: use_container: 1 setup: | + [% c("var/setarch") -%] mkdir -p /var/tmp/dist tar -C /var/tmp/dist -xf $rootdir/[% c("go_tarfile") %] export GOOS=[% c("var/GOOS") %] diff --git a/projects/snowflake/config b/projects/snowflake/config index 212e86c..89e3eb6 100644 --- a/projects/snowflake/config +++ b/projects/snowflake/config @@ -9,13 +9,7 @@ var: use_container: 1 targets: - linux-i686: - var: - arch_deps: - - pkg-config - - libx11-dev:i386 - - lib32stdc++6 - linux-x86_64: + linux: var: arch_deps: - pkg-config diff --git a/projects/tor/config b/projects/tor/config index a9da811..c2d359c 100644 --- a/projects/tor/config +++ b/projects/tor/config @@ -21,22 +21,18 @@ targets: git_hash: master tag_gpg_id: 0 - linux-i686: + linux: var: - libdir: lib32 - sort_deps: 0 arch_deps: - - libc6-dev-i386 - libtool - - zlib1g-dev:i386 + - zlib1g-dev - hardening-wrapper + linux-i686: + var: + libdir: lib linux-x86_64: var: libdir: lib64 - arch_deps: - - libtool - - zlib1g-dev - - hardening-wrapper osx-x86_64: var: arch_deps: diff --git a/projects/webrtc/config b/projects/webrtc/config index d46d821..6882e87 100644 --- a/projects/webrtc/config +++ b/projects/webrtc/config @@ -26,28 +26,6 @@ targets: var: webrtc: os: linux - linux-i686: - var: - sort_deps: 0 - arch_deps: - - lib32asound2-dev - - lib64expat1 - - libexpat1-dev:i386 - - libglib2.0-dev:i386 - - libgtk2.0-dev:i386 - - libudev-dev:i386 - - libx11-dev:i386 - - libxext-dev:i386 - - libxrandr-dev:i386 - - lib32stdc++6 - - pkg-config - - hardening-wrapper - webrtc: - arch: ia32 - lib_arch: 386 - lib_path: lib/libwebrtc-linux-386-magic.a - linux-x86_64: - var: arch_deps: - libasound2-dev - libexpat1-dev @@ -58,6 +36,14 @@ targets: - libxext-dev - libxrandr-dev - pkg-config + linux-i686: + var: + webrtc: + arch: ia32 + lib_arch: 386 + lib_path: lib/libwebrtc-linux-386-magic.a + linux-x86_64: + var: webrtc: arch: x64 lib_arch: amd64 diff --git a/rbm.conf b/rbm.conf index 722c85a..2060132 100644 --- a/rbm.conf +++ b/rbm.conf @@ -111,26 +111,30 @@ targets: var: linux-x86_64: 1 osname: linux-x86_64 - deps: - - build-essential - - python - - bison - - hardening-wrapper - - automake - - libtool - - zip - - unzip # We only build snowflake on linux-x86_64 for now snowflake: 1 + container: + arch: amd64 linux-i686: arch: i686 var: linux-i686: 1 osname: linux-i686 - configure_opt: '--host=i686-linux-gnu CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32' - pre_pkginst: dpkg --add-architecture i386 + container: + arch: i386 + setarch: | + if test -z "$RBM_SETARCH" + then + export RBM_SETARCH=1 + exec setarch i686 ./build + fi + linux: + var: + linux: 1 + compiler: gcc + container: + suite: wheezy deps: - - libc6-dev-i386 - build-essential - python - bison @@ -139,13 +143,6 @@ targets: - libtool - zip - unzip - linux: - var: - linux: 1 - compiler: gcc - container: - suite: wheezy - arch: amd64 torbrowser-windows-i686: - windows-i686

1 0

[tor-browser-build/master] Bug 21824: use runc instead of docker
by boklm＠torproject.org 05 May '17

05 May '17

commit 2d98c063010fc5b0f8da3e386587a501e27507b9 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Tue Apr 25 22:06:10 2017 +0200 Bug 21824: use runc instead of docker --- README | 25 ++---- keyring/ubuntu.gpg | Bin 0 -> 32904 bytes projects/binutils/config | 5 +- projects/cmake/config | 6 +- projects/common/runc-config.json | 179 ++++++++++++++++++++++++++++++++++++++ projects/container-image/build | 3 + projects/container-image/config | 86 ++++++++++++++++++ projects/debootstrap-image/build | 3 + projects/debootstrap-image/config | 52 +++++++++++ projects/docker-image/build | 4 - projects/docker-image/config | 51 ----------- projects/ed25519/config | 5 +- projects/firefox/config | 5 +- projects/fonts/config | 5 +- projects/gcc/config | 5 +- projects/gmp/config | 7 +- projects/go-webrtc/config | 5 +- projects/go/config | 5 +- projects/goerrors/config | 5 +- projects/gogb/config | 5 +- projects/goptlib/config | 5 +- projects/goxcrypto/config | 5 +- projects/goxnet/config | 5 +- projects/https-everywhere/config | 9 +- projects/libdmg-hfsplus/config | 5 +- projects/libevent/config | 7 +- projects/llvm/config | 7 +- projects/macosx-toolchain/config | 5 +- projects/meek/config | 6 +- projects/mingw-w64/config | 5 +- projects/nsis/config | 5 +- projects/obfs4/config | 7 +- projects/openssl/config | 7 +- projects/sandbox/config | 8 +- projects/siphash/config | 5 +- projects/snowflake/config | 7 +- projects/tor-browser/config | 8 +- projects/tor-launcher/config | 6 +- projects/tor/config | 5 +- projects/torbutton/config | 6 +- projects/uniuri/config | 5 +- projects/webrtc/config | 10 ++- projects/yasm/config | 6 +- projects/zlib/config | 7 +- rbm | 2 +- rbm.conf | 93 ++++++++++++++++++-- rbm.local.conf.example | 6 -- tools/clean-old | 21 ----- 48 files changed, 549 insertions(+), 185 deletions(-) diff --git a/README b/README index 08904fb..fa968ff 100644 --- a/README +++ b/README @@ -5,13 +5,12 @@ Installing build dependencies ----------------------------- To build Tor Browser, you need a Linux distribution that has support -for Docker (such as Debian jessie, Ubuntu 14.04, Fedora 20, etc ...). -The Docker package is usually named docker.io or docker-io. -On Debian jessie, the docker.io package is available in backports. +for runC (such as Debian jessie, Ubuntu 14.04, Fedora 20, etc ...). +On Debian jessie, the runc package is available in backports. -Your user account should have access to the docker command without using -sudo, so it should be in the docker group. The docker daemon should -also be running. +Your user account should have access sudo access, which is required to +be able to extract container file systems, start containers and copy +files to and from containers. The sources of most components are downloaded using git, which needs to be installed. The sources of webrtc are downloaded using gclient, which @@ -41,7 +40,7 @@ If you are running Debian or Ubuntu, you can install them with: libio-captureoutput-perl libfile-slurp-perl \ libstring-shellquote-perl libsort-versions-perl \ libdigest-sha-perl libdata-uuid-perl libdata-dump-perl \ - libfile-copy-recursive-perl git libgtk2.0-dev curl + libfile-copy-recursive-perl git libgtk2.0-dev curl runc Starting a build @@ -184,18 +183,6 @@ of files and containers that would be removed without doing it, you can use 'make clean-dry-run'. -Multiple build directories on the same host -------------------------------------------- - -You can do multiple builds of Tor Browser in different directories on -the same host. However the docker images namespace is global, so you -may have some conflicts with the same image names used by the -different builds. By default, the docker images are prefixed with -tor-browser_$USER. You can change this prefix by defining the -docker_image_prefix option in rbm.local.conf, using a different prefix -for each of your build directories. - - Common Build Errors ------------------- diff --git a/keyring/ubuntu.gpg b/keyring/ubuntu.gpg new file mode 100644 index 0000000..8b77bf0 Binary files /dev/null and b/keyring/ubuntu.gpg differ diff --git a/projects/binutils/config b/projects/binutils/config index 2975f14..0cb2088 100644 --- a/projects/binutils/config +++ b/projects/binutils/config @@ -1,9 +1,10 @@ # vim: filetype=yaml sw=2 version: 2.24 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 var: configure_opt: '--disable-multilib --enable-gold --enable-deterministic-archives --enable-plugins' + container: + use_container: 1 targets: windows-i686: @@ -15,7 +16,7 @@ input_files: sig_ext: sig file_gpg_id: 1 gpg_keyring: binutils.gpg - - project: docker-image + - project: container-image - filename: enable-reloc-section-ld.patch enable: '[% c("var/windows") %]' - filename: peXXigen.patch diff --git a/projects/cmake/config b/projects/cmake/config index 837d9e1..357370d 100644 --- a/projects/cmake/config +++ b/projects/cmake/config @@ -5,7 +5,9 @@ git_hash: 'v[% c("version") %]' tag_gpg_id: 1 gpg_keyring: cmake.gpg filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 +var: + container: + use_container: 1 input_files: - - project: docker-image + - project: container-image diff --git a/projects/common/runc-config.json b/projects/common/runc-config.json new file mode 100644 index 0000000..4c231cd --- /dev/null +++ b/projects/common/runc-config.json @@ -0,0 +1,179 @@ +{ + "ociVersion": "1.0.0-rc1", + "platform": { + "os": "linux", + "arch": "amd64" + }, + "process": { + "terminal": true, + "user": { + "uid": 0, + "gid": 0 + }, + "args": [ + "/rbm/run" + ], + "env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm" + ], + "cwd": "/", + "capabilities": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE", + "CAP_SETGID", + "CAP_SETUID", + "CAP_MKNOD", + "CAP_SYS_CHROOT", +[% IF c("var/container/CAP_SYS_ADMIN") -%] + "CAP_SYS_ADMIN", +[% END -%] + "CAP_FSETID", + "CAP_FOWNER", + "CAP_DAC_OVERRIDE", + "CAP_CHOWN" + ], + "rlimits": [ + { + "type": "RLIMIT_NOFILE", + "hard": 1024, + "soft": 1024 + } + ], + "noNewPrivileges": true + }, + "root": { + "path": "rootfs", + "readonly": false + }, + "hostname": "runc", + "mounts": [ + { + "destination": "/proc", + "type": "proc", + "source": "proc" + }, + { + "type": "bind", + "source": "/etc/resolv.conf", + "destination": "/etc/resolv.conf", + "options": [ + "rbind", + "ro" + ] + }, + { + "destination": "/dev", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "nosuid", + "strictatime", + "mode=755", + "size=65536k" + ] + }, + { + "destination": "/dev/pts", + "type": "devpts", + "source": "devpts", + "options": [ + "nosuid", + "noexec", + "newinstance", + "ptmxmode=0666", + "mode=0620", + "gid=5" + ] + }, + { + "destination": "/dev/shm", + "type": "tmpfs", + "source": "shm", + "options": [ + "nosuid", + "noexec", + "nodev", + "mode=1777", + "size=65536k" + ] + }, + { + "destination": "/dev/mqueue", + "type": "mqueue", + "source": "mqueue", + "options": [ + "nosuid", + "noexec", + "nodev" + ] + }, + { + "destination": "/sys", + "type": "sysfs", + "source": "sysfs", + "options": [ + "nosuid", + "noexec", + "nodev", + "ro" + ] + }, + { + "destination": "/sys/fs/cgroup", + "type": "cgroup", + "source": "cgroup", + "options": [ + "nosuid", + "noexec", + "nodev", + "relatime", + "ro" + ] + } + ], + "hooks": {}, + "linux": { + "resources": { + "devices": [ + { + "allow": false, + "access": "rwm" + } + ] + }, + "namespaces": [ + { + "type": "pid" + }, + { + "type": "ipc" + }, + { + "type": "uts" + }, + { + "type": "mount" + } + ], + "maskedPaths": [ + "/proc/kcore", + "/proc/latency_stats", + "/proc/timer_stats", + "/proc/sched_debug" + ], + "readonlyPaths": [ + "/proc/asound", + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger" + ] + }, + "solaris": { + "cappedCPU": {}, + "cappedMemory": {} + } +} diff --git a/projects/container-image/build b/projects/container-image/build new file mode 100644 index 0000000..c7d1c46 --- /dev/null +++ b/projects/container-image/build @@ -0,0 +1,3 @@ +#!/bin/sh +set -e +# Doing nothing diff --git a/projects/container-image/config b/projects/container-image/config new file mode 100644 index 0000000..c9f377f --- /dev/null +++ b/projects/container-image/config @@ -0,0 +1,86 @@ +# vim: filetype=yaml sw=2 +filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %]-[% sha256(c("pre")).substr(0, 12) %].tar.gz' +pkg_type: build + +var: + container: + use_container: 1 + suite: '[% pc(c("origin_project"), "var/container/suite") %]' + arch: '[% pc(c("origin_project"), "var/container/arch") %]' + +lsb_release: + id: Debian + codename: wheezy + release: 7.11 + +pre: | + #!/bin/sh + # [% c('var/container/suite') %] + set -e + [% IF pc(c('origin_project'), 'var/pre_pkginst') -%] + [% pc(c('origin_project'), 'var/pre_pkginst') %] + [% END -%] + [% IF c("var/container/suite") == "precise" -%] + export INITRD=no + mkdir -p /etc/container_environment + echo -n no > /etc/container_environment/INITRD + dpkg-divert --local --rename --add /sbin/initctl + ln -s /bin/true /sbin/initctl + dpkg-divert --local --rename --add /usr/bin/ischroot + ln -sf /bin/true /usr/bin/ischroot + cat >> /etc/apt/sources.list << EOF + deb http://archive.ubuntu.com/ubuntu/ precise-updates main + deb-src http://archive.ubuntu.com/ubuntu/ precise-updates main + + deb http://archive.ubuntu.com/ubuntu/ precise universe + deb-src http://archive.ubuntu.com/ubuntu/ precise universe + deb http://archive.ubuntu.com/ubuntu/ precise-updates universe + deb-src http://archive.ubuntu.com/ubuntu/ precise-updates universe + + deb http://archive.ubuntu.com/ubuntu/ precise-security main + deb-src http://archive.ubuntu.com/ubuntu/ precise-security main + deb http://archive.ubuntu.com/ubuntu/ precise-security universe + deb-src http://archive.ubuntu.com/ubuntu/ precise-security universe + EOF + [% END -%] + apt-get update -y + apt-get upgrade -y + [% + deps = []; + IF pc(c('origin_project'), 'var/deps'); + CALL deps.import(pc(c('origin_project'), 'var/deps')); + END; + IF pc(c('origin_project'), 'var/arch_deps'); + CALL deps.import(pc(c('origin_project'), 'var/arch_deps')); + END; + IF deps.size; + IF pc(c('origin_project'), 'var/sort_deps'); + deps = deps.sort; + END; + FOREACH pkg IN deps; + SET p = tmpl(pkg); + IF p; + GET c('install_package', { pkg_name => p }); + GET "\n"; + END; + END; + END; + -%] + [% IF pc(c('origin_project'), 'var/post_pkginst') -%] + [% pc(c('origin_project'), 'var/post_pkginst') %] + [% END -%] + +remote_get: | + #!/bin/sh + set -e + [% + SET src = shell_quote(c('get_src', { error_if_undef => 1 })); + SET dst = shell_quote(c('get_dst', { error_if_undef => 1 })); + -%] + mkdir -p "[% dst %]" + sudo tar -C "[% c("var/container/dir") %]/rootfs" -czf "[% dst %]/[% c("filename") %]" . + +input_files: + - project: debootstrap-image + target: + - '[% c("var/container/suite") %]-[% c("var/container/arch") %]' diff --git a/projects/debootstrap-image/build b/projects/debootstrap-image/build new file mode 100644 index 0000000..c7d1c46 --- /dev/null +++ b/projects/debootstrap-image/build @@ -0,0 +1,3 @@ +#!/bin/sh +set -e +# Doing nothing diff --git a/projects/debootstrap-image/config b/projects/debootstrap-image/config new file mode 100644 index 0000000..bd204f5 --- /dev/null +++ b/projects/debootstrap-image/config @@ -0,0 +1,52 @@ +# vim: filetype=yaml sw=2 +filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %].tar.gz' +pkg_type: build + +var: + ubuntu_version: 17.04 + + container_dir: '[% c("tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]' + container_user: rbm + + container: + use_container: 1 + # We need CAP_SYS_ADMIN for debootstrap to work + CAP_SYS_ADMIN: 1 + +pre: | + #!/bin/sh + set -e + apt-get update -y + apt-get install -y debian-archive-keyring ubuntu-keyring debootstrap + debootstrap --arch=[% c("var/container/arch") %] [% c("var/container/debootstrap_opt") %] [% c("var/container/suite") %] base-image [% c("var/container/debootstrap_mirror") %] + tar -C ./base-image -czf [% dest_dir %]/[% c("filename") %] . + +targets: + wheezy-amd64: + var: + container: + suite: wheezy + arch: amd64 + jessie-amd64: + var: + container: + suite: jessie + arch: amd64 + precise-amd64: + var: + container: + suite: precise + arch: amd64 + debootstrap_opt: --keyring=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg + utopic-amd64: + var: + container: + suite: utopic + arch: amd64 + debootstrap_mirror: http://old-releases.ubuntu.com/ubuntu/ + +input_files: + - URL: 'http://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' + filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' + sha256sum: df2c8fd540e474b8e1e29c0db8ed6b43a932918f1b9a8149bb82104a7c07ba2a + diff --git a/projects/docker-image/build b/projects/docker-image/build deleted file mode 100644 index ced6ad3..0000000 --- a/projects/docker-image/build +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -e -echo 1 > [% dest_dir %]/[% c('filename') %] -echo Creating [% dest_dir %]/[% c('filename') %] diff --git a/projects/docker-image/config b/projects/docker-image/config deleted file mode 100644 index 1968b77..0000000 --- a/projects/docker-image/config +++ /dev/null @@ -1,51 +0,0 @@ -# vim: filetype=yaml sw=2 -filename: '[% sha256(c("pre")).substr(0, 12) %]' -remote_docker: 1 -docker_save_image: '[% c("docker_image_prefix") %]:[% c("filename") %]' -pkg_type: build - -docker_image: '[% c("lsb_release/id").lower %]:[% c("lsb_release/release") %]' - -lsb_release: - id: '[% pc(c("origin_project", { no_distro => 1 }), "lsb_release/id", { no_distro => 1 }) %]' - release: '[% pc(c("origin_project", { no_distro => 1 }), "lsb_release/release", { no_distro => 1 }) %]' - codename: '[% pc(c("origin_project", { no_distro => 1 }), "lsb_release/codename", { no_distro => 1 }) %]' - -pre: | - #!/bin/sh - # [% c('docker_image') %] - set -e - [% IF c('lsb_release/release') == '14.10' -%] - sed -i 's/archive\.ubuntu\.com/old-releases.ubuntu.com/' /etc/apt/sources.list - [% END -%] - [% IF pc(c('origin_project'), 'var/pre_pkginst') -%] - [% pc(c('origin_project'), 'var/pre_pkginst') %] - [% END -%] - [% IF c('lsb_release/id') == 'Ubuntu' || c('lsb_release/id') == 'Debian' %] - apt-get update -y - apt-get upgrade -y - [% END %] - [% - deps = []; - IF pc(c('origin_project'), 'var/deps'); - CALL deps.import(pc(c('origin_project'), 'var/deps')); - END; - IF pc(c('origin_project'), 'var/arch_deps'); - CALL deps.import(pc(c('origin_project'), 'var/arch_deps')); - END; - IF deps.size; - IF pc(c('origin_project'), 'var/sort_deps'); - deps = deps.sort; - END; - FOREACH pkg IN deps; - SET p = tmpl(pkg); - IF p; - GET c('install_package', { pkg_name => p }); - GET "\n"; - END; - END; - END; - -%] - [% IF pc(c('origin_project'), 'var/post_pkginst') -%] - [% pc(c('origin_project'), 'var/post_pkginst') %] - [% END -%] diff --git a/projects/ed25519/config b/projects/ed25519/config index 5bab68b..c6790b8 100644 --- a/projects/ed25519/config +++ b/projects/ed25519/config @@ -3,16 +3,17 @@ version: '[% c("abbrev") %]' git_url: https://github.com/agl/ed25519.git git_hash: c4161f4c7483313562781c61b9a20aba73daf9de filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: github.com/agl/ed25519 go_lib_install: - github.com/agl/ed25519/extra25519 input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/firefox/config b/projects/firefox/config index 2c74e4b..d6a68fe 100644 --- a/projects/firefox/config +++ b/projects/firefox/config @@ -5,7 +5,6 @@ git_hash: 'tor-browser-[% c("var/firefox_version") %]-[% c("var/torbrowser_branc tag_gpg_id: 1 git_url: https://git.torproject.org/tor-browser.git gpg_keyring: torbutton.gpg -remote_docker: 1 var: firefox_version: 52.1.0esr @@ -19,6 +18,8 @@ var: - autoconf2.13 - yasm - python + container: + use_container: 1 targets: nightly: @@ -74,7 +75,7 @@ targets: martools_filename: mar-tools-win32.zip input_files: - - project: docker-image + - project: container-image - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - filename: get-moz-build-date diff --git a/projects/fonts/config b/projects/fonts/config index 69e16b3..382804d 100644 --- a/projects/fonts/config +++ b/projects/fonts/config @@ -3,8 +3,9 @@ version: '[% c("abbrev") %]' git_url: https://github.com/googlei18n/noto-fonts.git git_hash: 720e34851382ee3c1ef024d8dffb68ffbfb234c2 filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].tar.gz" -remote_docker: 1 var: + container: + use_container: 1 noto_fonts_hinted: - Arimo-Regular.ttf - Arimo-Bold.ttf @@ -85,7 +86,7 @@ targets: - NotoSansYi-Regular.ttf input_files: - - project: docker-image + - project: container-image - URL: https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd05d6f382138a3d3adc… sha256sum: 415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 enable: '[% c("var/linux") %]' diff --git a/projects/gcc/config b/projects/gcc/config index 391e453..1acf30a 100644 --- a/projects/gcc/config +++ b/projects/gcc/config @@ -1,8 +1,9 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' version: 5.1.0 -remote_docker: 1 var: + container: + use_container: 1 configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686 deps: - build-essential @@ -42,6 +43,6 @@ targets: var: configure_opt: --disable-multilib --enable-languages=c,c++ input_files: + - project: container-image - URL: 'https://ftp.gnu.org/gnu/gcc/gcc-[% c("version") %]/gcc-[% c("version") %].tar.bz2' sha256sum: b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad - - project: docker-image diff --git a/projects/gmp/config b/projects/gmp/config index 913f181..41eb630 100644 --- a/projects/gmp/config +++ b/projects/gmp/config @@ -1,7 +1,10 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' version: 5.1.3 -remote_docker: 1 + +var: + container: + use_container: 1 targets: linux: @@ -9,9 +12,9 @@ targets: configure_opt_gmp: --enable-fat input_files: + - project: container-image - name: gmp URL: 'https://ftp.gnu.org/gnu/gmp/gmp-[% c("version") %].tar.bz2' sha256sum: 752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - - project: docker-image diff --git a/projects/go-webrtc/config b/projects/go-webrtc/config index 3a1a9d4..d7c31d6 100644 --- a/projects/go-webrtc/config +++ b/projects/go-webrtc/config @@ -3,11 +3,12 @@ version: '[% c("abbrev") %]' git_url: https://github.com/keroserene/go-webrtc.git git_hash: ab1b64862e0c4b4182010699911c2c5818f0a101 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: github.com/keroserene/go-webrtc build_go_lib_pre: | [% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %] @@ -43,7 +44,7 @@ targets: - lib32stdc++6 input_files: - - project: docker-image + - project: container-image - name: go project: go - name: webrtc diff --git a/projects/go/config b/projects/go/config index 89b4b45..ef9c411 100644 --- a/projects/go/config +++ b/projects/go/config @@ -1,10 +1,11 @@ # vim: filetype=yaml sw=2 version: 1.7.5 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 var: go14_version: 1.4.3 + container: + use_container: 1 setup: | mkdir -p /var/tmp/dist @@ -69,7 +70,7 @@ targets: GOARCH: 386 input_files: - - project: docker-image + - project: container-image - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' enable: '[% c("var/windows") || c("var/osx") %]' diff --git a/projects/goerrors/config b/projects/goerrors/config index 4451f7b..3c11fab 100644 --- a/projects/goerrors/config +++ b/projects/goerrors/config @@ -3,14 +3,15 @@ version: '[% c("abbrev") %]' git_url: https://github.com/pkg/errors git_hash: 248dadf4e9068a0b3e79f02ed0a610d935de5302 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: github.com/pkg/errors input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/gogb/config b/projects/gogb/config index a358819..dcf30f6 100644 --- a/projects/gogb/config +++ b/projects/gogb/config @@ -3,18 +3,19 @@ version: '[% c("abbrev") %]' git_url: https://github.com/constabulary/gb git_hash: 06cc925cce6592e922dcc4839a8b44feb384e71e filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: github.com/constabulary/gb go_lib_install: github.com/constabulary/gb/cmd/gb go_lib_deps: - goerrors input_files: - - project: docker-image + - project: container-image - name: go project: go - name: goerrors diff --git a/projects/goptlib/config b/projects/goptlib/config index dd520ec..c083763 100644 --- a/projects/goptlib/config +++ b/projects/goptlib/config @@ -5,14 +5,15 @@ git_hash: '[% c("version") %]' tag_gpg_id: 1 gpg_keyring: goptlib.gpg filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: git.torproject.org/pluggable-transports/goptlib.git input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/goxcrypto/config b/projects/goxcrypto/config index 8362f28..b51b578 100644 --- a/projects/goxcrypto/config +++ b/projects/goxcrypto/config @@ -3,11 +3,12 @@ version: '[% c("abbrev") %]' git_url: https://go.googlesource.com/crypto git_hash: 4ed45ec682102c643324fae5dff8dab085b6c300 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: golang.org/x/crypto go_lib_install: - golang.org/x/crypto/curve25519 @@ -19,6 +20,6 @@ targets: git_hash: master input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/goxnet/config b/projects/goxnet/config index 507f997..ec368a2 100644 --- a/projects/goxnet/config +++ b/projects/goxnet/config @@ -3,11 +3,12 @@ version: '[% c("abbrev") %]' git_url: https://go.googlesource.com/net git_hash: 7dbad50ab5b31073856416cdcfeb2796d682f844 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: golang.org/x/net go_lib_install: - golang.org/x/net/proxy @@ -17,6 +18,6 @@ targets: git_hash: master input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/https-everywhere/config b/projects/https-everywhere/config index 3e5100e..f149cac 100644 --- a/projects/https-everywhere/config +++ b/projects/https-everywhere/config @@ -6,9 +6,11 @@ git_submodule: 1 gpg_keyring: https-everywhere.gpg tag_gpg_id: 1 filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].xpi" -remote_docker: 1 -distribution: Debian-7.11 var: + container: + use_container: 1 + suite: wheezy + arch: amd64 deps: - git - python @@ -19,8 +21,9 @@ var: - rsync - zip - unzip + input_files: - - project: docker-image + - project: container-image targets: nightly: diff --git a/projects/libdmg-hfsplus/config b/projects/libdmg-hfsplus/config index 9071078..67e8287 100644 --- a/projects/libdmg-hfsplus/config +++ b/projects/libdmg-hfsplus/config @@ -3,13 +3,14 @@ version: '[% c("abbrev") %]' git_url: https://github.com/vasi/libdmg-hfsplus git_hash: dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 var: + container: + use_container: 1 deps: - build-essential - cmake - zlib1g-dev - libbz2-dev input_files: + - project: container-image - filename: libdmg.patch - - project: docker-image diff --git a/projects/libevent/config b/projects/libevent/config index 15ada11..46cbb7e 100644 --- a/projects/libevent/config +++ b/projects/libevent/config @@ -5,7 +5,10 @@ git_hash: 'release-[% c("version") %]-stable' tag_gpg_id: 1 gpg_keyring: libevent.gpg filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 + +var: + container: + use_container: 1 targets: osx-x86_64: @@ -14,6 +17,6 @@ targets: - faketime input_files: - - project: docker-image + - project: container-image - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' diff --git a/projects/llvm/config b/projects/llvm/config index 81f7aaa..f0a803b 100644 --- a/projects/llvm/config +++ b/projects/llvm/config @@ -1,10 +1,13 @@ # vim: filetype=yaml sw=2 version: 3.8.0 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 + +var: + container: + use_container: 1 input_files: - - project: docker-image + - project: container-image - project: cmake name: cmake - URL: 'http://releases.llvm.org/[% c("version") %]/llvm-[% c("version") %].src.tar.xz' diff --git a/projects/macosx-toolchain/config b/projects/macosx-toolchain/config index b237e4d..55fb554 100644 --- a/projects/macosx-toolchain/config +++ b/projects/macosx-toolchain/config @@ -1,8 +1,9 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' version: 10.7-1 -remote_docker: 1 var: + container: + use_container: 1 setup: | mkdir -p /var/tmp/dist tar -C /var/tmp/dist -xf [% c("compiler_tarfile") %] @@ -15,6 +16,7 @@ var: export LDFLAGS="[% c('var/LDFLAGS') %]" input_files: + - project: container-image - name: llvm project: llvm - name: cctools @@ -23,4 +25,3 @@ input_files: - name: SDK URL: https://people.torproject.org/~mikeperry/mirrors/sources/MacOSX10.7.sdk.tar… sha256sum: da77bb0003fcca5ea8c4e8cb2da8828ded750c54afdcac29ec6f3b46ad5e3adf - - project: docker-image diff --git a/projects/meek/config b/projects/meek/config index 84ed2bd..46f4ec9 100644 --- a/projects/meek/config +++ b/projects/meek/config @@ -5,10 +5,12 @@ git_hash: '[% c("version") %]' tag_gpg_id: 1 gpg_keyring: meek.gpg filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 +var: + container: + use_container: 1 input_files: - - project: docker-image + - project: container-image - name: go project: go - name: goptlib diff --git a/projects/mingw-w64/config b/projects/mingw-w64/config index 060857c..21d498a 100644 --- a/projects/mingw-w64/config +++ b/projects/mingw-w64/config @@ -3,8 +3,9 @@ filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' git_url: http://git.code.sf.net/p/mingw-w64/mingw-w64 git_hash: 98e5b4930a717eafddd8ca0f0dfeb7c57c6b026a version: '[% c("abbrev") %]' -remote_docker: 1 var: + container: + use_container: 1 gcc_version: 5.1.0 deps: - automake @@ -17,6 +18,7 @@ var: export PATH="/var/tmp/dist/mingw-w64/helpers:/var/tmp/dist/mingw-w64/bin:$PATH" export gcclibs=/var/tmp/dist/mingw-w64/gcclibs input_files: + - project: container-image - URL: 'https://ftp.gnu.org/gnu/gcc/gcc-[% c("var/gcc_version") %]/gcc-[% c("var/gcc_version") %].tar.bz2' sha256sum: b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad - name: binutils @@ -24,4 +26,3 @@ input_files: - filename: i686-w64-mingw32-g++ - filename: i686-w64-mingw32-gcc - filename: i686-w64-mingw32-ld - - project: docker-image diff --git a/projects/nsis/config b/projects/nsis/config index 6729101..2812a22 100644 --- a/projects/nsis/config +++ b/projects/nsis/config @@ -1,8 +1,9 @@ # vim: filetype=yaml sw=2 version: 2.51 filename: 'nsis-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 var: + container: + use_container: 1 deps: - build-essential - libmpc-dev @@ -12,6 +13,7 @@ var: - xsltproc input_files: + - project: container-image - filename: 'nsis-[% c("version") %].tar.bz2' URL: 'http://downloads.sourceforge.net/nsis/nsis-[% c("version") %]-src.tar.bz2' sha256sum: 43d4c9209847e35eb6e2c7cd5a7586e1445374c056c2c7899e40a080e17a1be7 @@ -21,4 +23,3 @@ input_files: - filename: nsis-missing-unistd-include.patch - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - - project: docker-image diff --git a/projects/obfs4/config b/projects/obfs4/config index 952b054..44db79d 100644 --- a/projects/obfs4/config +++ b/projects/obfs4/config @@ -5,7 +5,10 @@ git_hash: 'obfs4proxy-[% c("version") %]' tag_gpg_id: 1 gpg_keyring: obfs4.gpg filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 + +var: + container: + use_container: 1 targets: nightly: @@ -13,7 +16,7 @@ targets: tag_gpg_id: 0 input_files: - - project: docker-image + - project: container-image - name: go project: go - name: goptlib diff --git a/projects/openssl/config b/projects/openssl/config index 1a2e4dd..8b4ea4f 100644 --- a/projects/openssl/config +++ b/projects/openssl/config @@ -1,7 +1,10 @@ # vim: filetype=yaml sw=2 version: 1.0.2k filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 + +var: + container: + use_container: 1 targets: linux-x86_64: @@ -18,7 +21,7 @@ targets: configure_opts: --cross-compile-prefix=x86_64-apple-darwin10- darwin64-x86_64-cc enable-ec_nistp_64_gcc_128 input_files: - - project: docker-image + - project: container-image - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - URL: 'https://www.openssl.org/source/openssl-[% c("version") %].tar.gz' diff --git a/projects/sandbox/config b/projects/sandbox/config index 218a276..3970322 100644 --- a/projects/sandbox/config +++ b/projects/sandbox/config @@ -5,10 +5,12 @@ git_hash: 'sandboxed-tor-browser-[% c("version") %]' tag_gpg_id: 1 gpg_keyring: obfs4.gpg filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 -distribution: Debian-8.7 var: + container: + use_container: 1 + suite: jessie + arch: amd64 deps: - libx11-dev - pkg-config @@ -22,7 +24,7 @@ targets: tag_gpg_id: 0 input_files: - - project: docker-image + - project: container-image - name: go project: go - name: gogb diff --git a/projects/siphash/config b/projects/siphash/config index 0f3f4b5..b2cb2a9 100644 --- a/projects/siphash/config +++ b/projects/siphash/config @@ -3,14 +3,15 @@ version: '[% c("abbrev") %]' git_url: https://github.com/dchest/siphash.git git_hash: 42ba037e748c9062a75e0924705c43b893edefcd filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: github.com/dchest/siphash input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/snowflake/config b/projects/snowflake/config index 3233ba4..212e86c 100644 --- a/projects/snowflake/config +++ b/projects/snowflake/config @@ -3,7 +3,10 @@ version: '[% c("abbrev") %]' git_url: https://git.torproject.org/pluggable-transports/snowflake.git git_hash: 9f2e9a6ecb696149708716ca06ce842df03cf492 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 + +var: + container: + use_container: 1 targets: linux-i686: @@ -19,7 +22,7 @@ targets: - libx11-dev input_files: - - project: docker-image + - project: container-image - name: go project: go - name: '[% c("var/compiler") %]' diff --git a/projects/tor-browser/config b/projects/tor-browser/config index 87cc6b2..c4c2521 100644 --- a/projects/tor-browser/config +++ b/projects/tor-browser/config @@ -1,9 +1,10 @@ # vim: filetype=yaml sw=2 version: '[% c("var/torbrowser_version") %]' filename: 'tor-browser-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %]' -remote_docker: 1 var: + container: + use_container: 1 ddmg: '[% INCLUDE ddmg.sh %]' targets: @@ -24,12 +25,13 @@ targets: - bzip2 - faketime windows-i686: - distribution: Ubuntu-14.10 var: mar_osname: win32 + container: + suite: utopic input_files: - - project: docker-image + - project: container-image - project: firefox name: firefox - project: tor diff --git a/projects/tor-launcher/config b/projects/tor-launcher/config index 70f8acd..9211844 100644 --- a/projects/tor-launcher/config +++ b/projects/tor-launcher/config @@ -5,9 +5,11 @@ git_hash: '[% c("version") %]' gpg_keyring: torbutton.gpg tag_gpg_id: 1 filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].xpi" -remote_docker: 1 +var: + container: + use_container: 1 input_files: - - project: docker-image + - project: container-image targets: nightly: diff --git a/projects/tor/config b/projects/tor/config index c8940dd..a9da811 100644 --- a/projects/tor/config +++ b/projects/tor/config @@ -5,9 +5,10 @@ git_hash: 'tor-[% c("version") %]' git_url: https://git.torproject.org/tor.git gpg_keyring: tor.gpg tag_gpg_id: 1 -remote_docker: 1 var: + container: + use_container: 1 deps: - build-essential - automake @@ -50,6 +51,7 @@ targets: flag_mwindows: '' input_files: + - project: container-image - name: openssl project: openssl - name: libevent @@ -59,4 +61,3 @@ input_files: enable: '[% c("var/windows") %]' - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - - project: docker-image diff --git a/projects/torbutton/config b/projects/torbutton/config index b60e217..41d4d69 100644 --- a/projects/torbutton/config +++ b/projects/torbutton/config @@ -5,9 +5,11 @@ git_hash: '[% c("version") %]' gpg_keyring: torbutton.gpg tag_gpg_id: 1 filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].xpi" -remote_docker: 1 +var: + container: + use_container: 1 input_files: - - project: docker-image + - project: container-image targets: nightly: diff --git a/projects/uniuri/config b/projects/uniuri/config index 62fa8ef..e4c7294 100644 --- a/projects/uniuri/config +++ b/projects/uniuri/config @@ -3,11 +3,12 @@ version: '[% c("abbrev") %]' git_url: https://github.com/dchest/uniuri git_hash: 8902c56451e9b58ff940bbe5fec35d5f9c04584a filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: github.com/dchest/uniuri targets: @@ -15,6 +16,6 @@ targets: git_hash: master input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/webrtc/config b/projects/webrtc/config index bfd38c9..d46d821 100644 --- a/projects/webrtc/config +++ b/projects/webrtc/config @@ -1,13 +1,14 @@ # vim: filetype=yaml sw=2 version: '[% c("var/webrtc_tag") %]' -remote_docker: 1 filename: 'webrtc-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' var: + container: + use_container: 1 webrtc_tag: c279861207c5b15fc51069e96595782350e0ac12 input_files: - - project: docker-image + - project: container-image - project: webrtc pkg_type: fetch_sources - project: depot_tools @@ -27,7 +28,6 @@ targets: os: linux linux-i686: var: - dockerbuild: "[% pc('docker-image', 'pre') %]" sort_deps: 0 arch_deps: - lib32asound2-dev @@ -65,7 +65,9 @@ targets: steps: fetch_sources: - remote_docker: 0 + var: + container: + use_container: 0 filename: 'webrtc-sources-[% c("var/webrtc_tag") %].tar.gz' fetch_sources: | #!/bin/bash diff --git a/projects/yasm/config b/projects/yasm/config index 3d8a28a..12d009b 100644 --- a/projects/yasm/config +++ b/projects/yasm/config @@ -1,10 +1,12 @@ # vim: filetype=yaml sw=2 version: 1.2.0 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 +var: + container: + use_container: 1 input_files: - - project: docker-image + - project: container-image - URL: 'https://www.tortall.net/projects/yasm/releases/yasm-[% c("version") %].tar.gz' name: yasm sha256sum: 768ffab457b90a20a6d895c39749adb547c1b7cb5c108e84b151a838a23ccf31 diff --git a/projects/zlib/config b/projects/zlib/config index 5219559..3ad562c 100644 --- a/projects/zlib/config +++ b/projects/zlib/config @@ -5,9 +5,12 @@ git_hash: 'v[% c("version") %]' git_url: https://github.com/madler/zlib.git gpg_keyring: zlib.gpg tag_gpg_id: 1 -remote_docker: 1 + +var: + container: + use_container: 1 input_files: + - project: container-image - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - - project: docker-image diff --git a/rbm b/rbm index 3f3886e..106e9b0 160000 --- a/rbm +++ b/rbm @@ -1 +1 @@ -Subproject commit 3f3886e1f210ad2853209c5aecd0951350a6f758 +Subproject commit 106e9b05aeff6309e241a3c9bae1781e0d551e7a diff --git a/rbm.conf b/rbm.conf index 651acfa..722c85a 100644 --- a/rbm.conf +++ b/rbm.conf @@ -20,12 +20,16 @@ var: build_id_txt: | [% c("version") %] [% IF c("git_hash") || c("hg_hash"); GET c("abbrev"); END; %] - [% IF c("remote_docker") -%] - [% c("distribution") %] + [% IF c("var/container/use_container") -%] + [% c("var/container/suite") %] + [% c("var/container/arch") %] [% END -%] input_files: [% c("input_files_id") %] build: [% c("build", { filename => 'f', output_dir => '/out' }) %] + container: + dir: '[% c("tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]' + user: rbm input_files_list: | [% FOREACH file IN c("input_files_by_name").keys.sort -%] [% c("input_files_by_name/" _ file) %] @@ -136,19 +140,23 @@ targets: - zip - unzip linux: - distribution: Debian-7.11 var: linux: 1 compiler: gcc + container: + suite: wheezy + arch: amd64 torbrowser-windows-i686: - windows-i686 windows-i686: - distribution: Ubuntu-12.04 arch: i686 var: windows: 1 osname: windows-i686 + container: + suite: precise + arch: amd64 configure_opt: '--host=i686-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]"' CFLAGS: '[% c("var/flag_mwindows") %] -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security' LDFLAGS: '[% c("var/flag_mwindows") %] -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$gcclibs' @@ -167,11 +175,13 @@ targets: torbrowser-osx-x86_64: - osx-x86_64 osx-x86_64: - distribution: Debian-8.7 arch: x86_64 var: osx: 1 osname: osx-x86_64 + container: + suite: jessie + arch: amd64 compiler: 'macosx-toolchain' configure_opt: '--host=x86_64-apple-darwin10 CC="x86_64-apple-darwin10-clang [% c("var/FLAGS") %]" CXX="x86_64-apple-darwin10-clang++ [% c("var/FLAGS") %]"' FLAGS: "-target x86_64-apple-darwin10 -mlinker-version=136 -B $cctoolsdir -isysroot $sysrootdir" @@ -195,9 +205,6 @@ targets: build_id: 1 -docker_image: '[% pc("docker-image", "docker_save_image") %]' -docker_image_prefix: '[% GET c("var/project_name") ? c("var/project_name") : "rbm-build" %]_[% GET ENV.RBM_BUILDNAME ? ENV.RBM_BUILDNAME : ENV.USER ? ENV.USER : c("uid") %]' - # change the default gpg_wrapper to allow git tag signed using an # expired key. # https://bugs.torproject.org/19737 @@ -218,6 +225,76 @@ gpg_wrapper: | exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@" fi +remote_start: '[% IF c("var/container/use_container") %][% c("runc/remote_start") %][% END %]' +remote_exec: '[% IF c("var/container/use_container") %][% c("runc/remote_exec") %][% END %]' +remote_put: '[% IF c("var/container/use_container") %][% c("runc/remote_put") %][% END %]' +remote_get: '[% IF c("var/container/use_container") %][% c("runc/remote_get") %][% END %]' +remote_finish: '[% IF c("var/container/use_container") %][% c("runc/remote_finish") %][% END %]' + +runc: + remote_start: | + #!/bin/sh + set -e + if [ $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'* | wc -l) -ne 1 ] + then + echo "Can't find container image in input files" >&2 + ls -l '[% c("remote_srcdir") %]' >&2 + exit 1 + fi + mkdir -p '[% c("var/container/dir") %]'/rootfs/rbm + sudo tar -C '[% c("var/container/dir") %]'/rootfs -xf $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'*) + cat > '[% c("var/container/dir") %]'/config.json << EOF + [% INCLUDE 'runc-config.json' %] + EOF + [% SET user = c("var/container/user") -%] + [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'id ' _ user + _ ' >/dev/null 2>&1 || adduser -m ' _ user _ ' || useradd -m ' _ user }) %] + + remote_exec: | + #!/bin/sh + set -e + mkdir -p '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/rbm + echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/cmd + echo [% shell_quote(c('exec_cmd')) %] >> '[% c("var/container/dir") %]'/rootfs/rbm/cmd + echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/run + [% IF c('exec_as_root'); SET user = 'root'; ELSE; SET user = c("var/container/user", { error_if_undef => 1 }); END; %] + echo 'su - [% user %] -c /rbm/cmd' >> '[% c("var/container/dir") %]'/rootfs/rbm/run + chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/cmd + chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/run + sudo runc start -b '[% c("var/container/dir") %]' rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %] + + remote_put: | + #!/bin/sh + set -e + [% + SET src = shell_quote(c('put_src', { error_if_undef => 1 })); + SET dst = shell_quote(c('put_dst', { error_if_undef => 1 })); + -%] + sudo mkdir -p '[% c("var/container/dir") %]'/rootfs/[% dst %] + sudo cp -aP [% src %] '[% c("var/container/dir") %]'/rootfs/[% dst %] + [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'chown -R ' _ c("var/container/user") _ ' ' _ dst }) %] + + remote_get: | + #!/bin/sh + set -e + [% + SET src = shell_quote(c('get_src', { error_if_undef => 1 })); + SET dst = shell_quote(c('get_dst', { error_if_undef => 1 })); + -%] + mkdir -p [% dst %] + srcdir='[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/[% src %] + if [ $(ls -1 "$srcdir"/* 2> /dev/null | wc -l) -gt 0 ] + then + sudo chown $(whoami) "$srcdir"/* + sudo mv -f "$srcdir"/* [% dst %]/ + fi + + remote_finish: | + #!/bin/sh + set -e + sudo rm -Rf '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs '[% c("var/container/dir", { error_if_undef => 1 }) %]'/config.json + rmdir '[% c("var/container/dir") %]' + ENV: TZ: UTC LC_ALL: C diff --git a/rbm.local.conf.example b/rbm.local.conf.example index 78de08f..203ce5f 100644 --- a/rbm.local.conf.example +++ b/rbm.local.conf.example @@ -16,12 +16,6 @@ ### this. #debug: 0 -### If you are doing multiple builds in different directories on the -### same host, you should define docker_image_prefix with a different -### value for each build directory, so that the different builds don't -### use the same docker image names. -#docker_image_prefix: tor-browser_XXXXX - ### The build_log option defines in which file the build logs of each ### component are stored. If you set it to '-' the logs are output on ### stdout and stderr. diff --git a/tools/clean-old b/tools/clean-old index 4d603fc..c7d9e0c 100755 --- a/tools/clean-old +++ b/tools/clean-old @@ -27,24 +27,6 @@ sub clean_file { } } -sub clean_docker_images { - my ($dockerdir, $used_files) = @_; - my $imgprefix = RBM::project_config('docker-image', 'docker_image_prefix'); - my @imgs = read_dir($dockerdir); - foreach my $dockerimage (@imgs) { - next if $used_files->{"$dockerdir/$dockerimage"}; - my $img = "$imgprefix:$dockerimage"; - print "Cleaning docker image $img\n"; - next if $options{'dry-run'}; - my ($out, $err, $success) = capture_exec('docker', 'rmi', '-f', $img); - if (!$success) { - print STDERR "Error removing docker image $img:\n$err\n"; - exit 1; - } - unlink "$dockerdir/$dockerimage"; - } -} - sub get_project_input_files { my ($project, @targets) = @_; print "Getting input files for $project ", join(' ', @targets), "\n"; @@ -108,7 +90,4 @@ foreach my $branch (keys %$clean) { } my %used_files = map { $_ => 1 } @files; my $outdir = $RBM::config->{basedir} . '/out'; -# Don't clean docker-image files yet -$used_files{"$outdir/docker-image"} = 1; clean_file($outdir, \%used_files); -clean_docker_images("$outdir/docker-image", \%used_files);

1 0

[tor-browser/tor-browser-52.1.0esr-7.0-2] Bug 21792: Suppress MediaError.message when privacy.resistFingerprinting = true
by gk＠torproject.org 03 May '17

03 May '17

commit 58d186df19450f9aef0423c71e78f6eaa17679f8 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Thu Apr 27 15:00:14 2017 -0700 Bug 21792: Suppress MediaError.message when privacy.resistFingerprinting = true --- dom/html/MediaError.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/dom/html/MediaError.cpp b/dom/html/MediaError.cpp index 83b9ffc..fae0981 100644 --- a/dom/html/MediaError.cpp +++ b/dom/html/MediaError.cpp @@ -7,6 +7,7 @@ #include "mozilla/dom/MediaError.h" #include "nsDOMClassInfoID.h" #include "mozilla/dom/MediaErrorBinding.h" +#include "nsContentUtils.h" namespace mozilla { namespace dom { @@ -31,7 +32,12 @@ MediaError::MediaError(HTMLMediaElement* aParent, uint16_t aCode, void MediaError::GetMessage(nsAString& aResult) const { - CopyUTF8toUTF16(mMessage, aResult); + if (nsContentUtils::IsCallerChrome() || + !nsContentUtils::ShouldResistFingerprinting()) { + CopyUTF8toUTF16(mMessage, aResult); + } else { + aResult.Truncate(); + } } JSObject*

1 0

[tor-browser/tor-browser-52.1.0esr-7.0-2] fixup! TB4: Tor Browser's Firefox preference overrides.
by gk＠torproject.org 02 May '17

02 May '17

commit 29b3b7af8e3b9528204ae49a396af80b3e4c4d61 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Wed Apr 26 15:38:30 2017 -0700 fixup! TB4: Tor Browser's Firefox preference overrides. We fix bug 21675 by pretending every user has just one core available. --- browser/app/profile/000-tor-browser.js | 1 + 1 file changed, 1 insertion(+) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index 0715a01..27cfe53 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -151,6 +151,7 @@ pref("reader.parse-on-load.enabled", false); pref("privacy.use_utc_timezone", true); pref("media.webspeech.synth.enabled", false); // Bug 10283: Disable SpeechSynthesis API pref("dom.webaudio.enabled", false); // Bug 13017: Disable Web Audio API +pref("dom.maxHardwareConcurrency", 1); // Bug 21675: Spoof single-core cpu // Third party stuff pref("network.cookie.cookieBehavior", 1);

1 0