- tbb-commits - lists.torproject.org

[tor-browser-bundle/master] Bug 20683: Use signed selfrando tag from now on
by gk＠torproject.org 10 May '17

10 May '17

commit 8fe0e322b950efa2456502428bee66dde8b4948a Author: Georg Koppen <gk(a)torproject.org> Date: Wed May 10 08:05:28 2017 +0000 Bug 20683: Use signed selfrando tag from now on --- gitian/gpg/selfrando.gpg | Bin 0 -> 2759 bytes gitian/verify-tags.sh | 2 +- gitian/versions.alpha | 2 +- gitian/versions.nightly | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) diff --git a/gitian/gpg/selfrando.gpg b/gitian/gpg/selfrando.gpg new file mode 100644 index 0000000..276955d Binary files /dev/null and b/gitian/gpg/selfrando.gpg differ diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index 7d551b8..123719d 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -105,6 +105,7 @@ obfs4 obfs4proxy.gpg $OBFS4_TAG https-everywhere https-everywhere.gpg $HTTPSE_TAG cmake cmake.gpg $CMAKE_TAG sandbox obfs4proxy.gpg $SANDBOX_TAG +selfrando selfrando.gpg $SELFRANDO_TAG EOF while read dir commit; do @@ -125,7 +126,6 @@ depot_tools $DEPOT_TOOLS_TAG go-webrtc $GO_WEBRTC_TAG snowflake $SNOWFLAKE_TAG uniuri $UNIURI_TAG -selfrando $SELFRANDO_TAG EOF # Verify signatures on signed packages diff --git a/gitian/versions.alpha b/gitian/versions.alpha index 33be86d..063ce76 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -47,7 +47,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou GO_WEBRTC_TAG=ab1b64862e0c4b4182010699911c2c5818f0a101 SNOWFLAKE_TAG=9f2e9a6ecb696149708716ca06ce842df03cf492 UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a -SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb +SELFRANDO_TAG=tb-v0.2 GITIAN_TAG=tor-browser-builder-4-4 diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 69ddb47..533aead 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -54,7 +54,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou GO_WEBRTC_TAG=master SNOWFLAKE_TAG=master UNIURI_TAG=master -SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb +SELFRANDO_TAG=tb-v0.2 GITIAN_TAG=tor-browser-builder-4

1 0

[tor-browser/tor-browser-52.1.0esr-7.0-2] fixup! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter;
by gk＠torproject.org 10 May '17

10 May '17

commit e6b99c78fdc1800988537c73ef13e75b56c28b3e Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Tue May 9 15:29:43 2017 -0400 fixup! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter; remove Amazon, eBay, bing. Use a data: URL for the browser.search.defaultenginename preference value so that the value is used when setting the default search engine. Fixes bug #22044. --- browser/app/profile/000-tor-browser.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index 27cfe53..d422694 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -267,7 +267,7 @@ pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\" // Putting the search engine prefs into this file to fix #11236. // Default search engine -pref("browser.search.defaultenginename", "DuckDuckGo"); +pref("browser.search.defaultenginename", "data:text/plain,browser.search.defaultenginename=DuckDuckGo"); // Make sure we use the same search engine regardless of locale pref("browser.search.geoSpecificDefaults", false);

1 0

[tor-browser/tor-browser-52.1.0esr-7.0-2] Bug 16337: Round times exposed by Animation API to nearest 100ms
by gk＠torproject.org 10 May '17

10 May '17

commit 77f0de013fa2b5bedb851507f5ec94a8f39f8b8c Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Wed May 3 23:47:53 2017 -0700 Bug 16337: Round times exposed by Animation API to nearest 100ms --- dom/animation/AnimationUtils.h | 3 +- dom/animation/test/mochitest.ini | 1 + .../test/test_animation_time_rounding.html | 43 ++++++++++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) diff --git a/dom/animation/AnimationUtils.h b/dom/animation/AnimationUtils.h index 82ae69b..e20f314 100644 --- a/dom/animation/AnimationUtils.h +++ b/dom/animation/AnimationUtils.h @@ -28,7 +28,8 @@ public: dom::Nullable<double> result; if (!aTime.IsNull()) { - result.SetValue(aTime.Value().ToMilliseconds()); + double unrounded = aTime.Value().ToMilliseconds(); + result.SetValue(floor(unrounded / 100) * 100); } return result; diff --git a/dom/animation/test/mochitest.ini b/dom/animation/test/mochitest.ini index feb4245..49d230c 100644 --- a/dom/animation/test/mochitest.ini +++ b/dom/animation/test/mochitest.ini @@ -109,3 +109,4 @@ skip-if = toolkit == 'android' [style/test_animation-seeking-with-start-time.html] [style/test_animation-setting-effect.html] [style/test_animation-setting-spacing.html] +[test_animation_time_rounding.html] diff --git a/dom/animation/test/test_animation_time_rounding.html b/dom/animation/test/test_animation_time_rounding.html new file mode 100644 index 0000000..baad593 --- /dev/null +++ b/dom/animation/test/test_animation_time_rounding.html @@ -0,0 +1,43 @@ +<!DOCTYPE HTML> +<html> +  + <head> + <meta charset="utf-8"> + <title>Test for Tor Bug 16337</title> + <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/> + </head> + <body> + <div id="testDiv">test</div> + <script type="application/javascript"> + SimpleTest.waitForExplicitFinish(); + let runTest = async function () { + await SpecialPowers.pushPrefEnv({ set: [["dom.animations-api.core.enabled", true]] }); + let isRounded = x => (Math.floor(x/100)*100) === x; + let testDiv = document.getElementById("testDiv"); + let animation = testDiv.animate({ opacity: [0,1] }, 100000); + animation.play(); + SimpleTest.waitForCondition( + () => animation.currentTime > 1000, + function () { + ok(isRounded(animation.startTime), + "animation.startTime is rounded"); + ok(isRounded(animation.currentTime), + "animation.currentTime is rounded"); + ok(isRounded(animation.timeline.currentTime), + "animation.timeline.currentTime is rounded"); + if (document.timeline) { + ok(isRounded(document.timeline.currentTime), + "document.timeline.currentTime is rounded"); + } + SimpleTest.finish(); + }, + "animation failed to start"); + } + + window.onload = runTest; + </script> + </body> +</html>

1 0

[tor-browser-bundle/master] Bug 20683: Integrate Selfrando into alpha Linux builds
by gk＠torproject.org 08 May '17

08 May '17

commit 332c5b6c16f1b0915f537a4ad5af48295f80c733 Author: Georg Koppen <gk(a)torproject.org> Date: Tue Apr 25 11:20:53 2017 +0000 Bug 20683: Integrate Selfrando into alpha Linux builds Selfrando is a new defense against code reuse attacks developed by the Redactor and Readactor++ people. We should give it a wider testing audience by including it in the alpha series. This is currently only available for 64bit Linux builds, though. Supporting other platforms and architectures is work in progress. --- RelativeLink/start-tor-browser | 1 + gitian/descriptors/linux/gitian-firefox.yml | 17 +++++ gitian/descriptors/linux/gitian-utils.yml | 46 +++++++++++++ gitian/fetch-inputs.sh | 4 +- gitian/gpg/ELFUTILS.gpg | Bin 0 -> 10483 bytes gitian/mkbundle-linux.sh | 13 ++-- gitian/patches/binutils-224-gold.patch | 98 ++++++++++++++++++++++++++++ gitian/verify-tags.sh | 3 +- gitian/versions.alpha | 4 ++ gitian/versions.nightly | 4 ++ 10 files changed, 183 insertions(+), 7 deletions(-) diff --git a/RelativeLink/start-tor-browser b/RelativeLink/start-tor-browser index a78b367..2dd40fc 100755 --- a/RelativeLink/start-tor-browser +++ b/RelativeLink/start-tor-browser @@ -270,6 +270,7 @@ fi LD_LIBRARY_PATH="${HOME}/TorBrowser/Tor/" export LD_LIBRARY_PATH +export SELFRANDO_write_layout_file= function setControlPortPasswd() { local ctrlPasswd=$1 diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml index c9ced44..db4f232 100644 --- a/gitian/descriptors/linux/gitian-firefox.yml +++ b/gitian/descriptors/linux/gitian-firefox.yml @@ -27,6 +27,8 @@ reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "https://git.torproject.org/tor-browser.git" "dir": "tor-browser" +- "url": "https://github.com/immunant/selfrando.git" + "dir": "selfrando" files: - "binutils-linux32-utils.zip" - "binutils-linux64-utils.zip" @@ -36,6 +38,8 @@ files: - "re-dzip.sh" - "dzip.sh" - "versions" +# XXX: 64bits only for now :(, see #20683. +- "selfrando-linux64-utils.zip" script: | source versions INSTDIR="$HOME/install" @@ -53,6 +57,11 @@ script: | export DEB_BUILD_HARDENING_FORMAT=1 export DEB_BUILD_HARDENING_PIE=1 # + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + unzip -d $INSTDIR selfrando-linux64-utils.zip + fi # Preparing Binutils and GCC for Tor Browser unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip # Make sure gold is used with the hardening wrapper for full RELRO, see @@ -94,6 +103,14 @@ script: | find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" rm -f configure rm -f js/src/configure + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + # Selfrando wrapper + export PATH="$HOME/build/selfrando/Tools/TorBrowser/tc-wrapper/:$PATH" + # We need to avoid the shuffling while building as this breaks compilation + export SELFRANDO_skip_shuffle= + fi make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --with-distribution-id=org.torproject --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts" find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" make $MAKEOPTS -f client.mk build diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml index d10422b..eb340b8 100644 --- a/gitian/descriptors/linux/gitian-utils.yml +++ b/gitian/descriptors/linux/gitian-utils.yml @@ -24,10 +24,14 @@ packages: - "libssl-dev" # Needed for binutils (64bit) as we are building with PIE enabled. - "libstdc++6-4.7-pic" +# Needed for Selfrando +- "scons" reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "https://github.com/libevent/libevent.git" "dir": "libevent" +- "url": "https://github.com/immunant/selfrando.git" + "dir": "selfrando" files: - "binutils.tar.bz2" - "gcc.tar.bz2" @@ -37,6 +41,8 @@ files: - "go.tar.gz" - "versions" - "dzip.sh" +- "elfutils.tar.bz2" +- "binutils-224-gold.patch" script: | INSTDIR="$HOME/install" source versions @@ -52,6 +58,12 @@ script: | export DEB_BUILD_HARDENING_FORMAT=1 export DEB_BUILD_HARDENING_PIE=1 + ARCH="" + if [ $GBUILD_BITS == "64" ]; + then + ARCH="64" + fi + # Building Binutils tar xjf binutils.tar.bz2 # The libstdc++ shipped by default is non-PIC which breaks the binutils build @@ -63,6 +75,13 @@ script: | export LDFLAGS="-L/home/debian -lstdc++" fi cd binutils* + # We need to work around a gold linker bug in 2.24 to get selfrando working, + # see bug 20683. + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + patch -p1 < ../binutils-224-gold.patch + fi # We want to use gold as the linker in our toolchain mainly as it is way # faster when linking Tor Browser code (especially libxul). But apart from # that it fixes #12103 and issues with ESR 31 and our Gitian setup as well @@ -86,6 +105,28 @@ script: | cd .. export DEB_BUILD_HARDENING_FORMAT=1 + export PATH="$INSTDIR/binutils/bin:$INSTDIR/gcc/bin:$PATH" + export LD_LIBRARY_PATH="$INSTDIR/gcc/lib$ARCH" + + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + # Building Elfutils + tar xjf elfutils.tar.bz2 + cd elfutils*/ + ./configure --prefix=$INSTDIR/elfutils + make $MAKEOPTS + make install + cd .. + + # Building Selfrando + cd selfrando + scons -Q arch=x86_64 LIBELF_PATH="$INSTDIR/elfutils" FORCE_INPLACE=1 DEBUG_LEVEL=env WRITE_LAYOUTS=env LOG=console + mkdir -p $INSTDIR/selfrando + cp out/x86_64/bin/* $INSTDIR/selfrando/ + cd .. + fi + # Building Libevent cd libevent ./autogen.sh @@ -157,4 +198,9 @@ script: | ~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-linux$GBUILD_BITS-utils.zip libevent ~/build/dzip.sh gmp-$GMP_VER-linux$GBUILD_BITS-utils.zip gmp ~/build/dzip.sh go-$GO_VER-linux$GBUILD_BITS-utils.zip go + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + ~/build/dzip.sh selfrando-$SELFRANDO_TAG-linux$GBUILD_BITS-utils.zip selfrando + fi cp *utils.zip $OUTDIR/ diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index b7fcf36..c110eb8 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -113,7 +113,7 @@ update_git() { ############################################################################## # Get+verify sigs that exist -for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI +for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI ELFUTILS do PACKAGE="${i}_PACKAGE" URL="${i}_URL" @@ -252,6 +252,7 @@ ln -sf "$GO_PACKAGE" go.tar.gz ln -sf "$NSIS_PACKAGE" nsis.tar.bz2 ln -sf "$NSIS_DEBIAN_PACKAGE" nsis-debian.tar.xz ln -sf "$YASM_PACKAGE" yasm.tar.gz +ln -sf "$ELFUTILS_PACKAGE" elfutils.tar.bz2 # Fetch latest gitian-builder itself # XXX - this is broken if a non-standard inputs dir is selected using the command line flag. @@ -303,6 +304,7 @@ depot_tools https://chromium.googlesource.com/chromium/tools/depot_too go-webrtc https://github.com/keroserene/go-webrtc $GO_WEBRTC_TAG snowflake https://git.torproject.org/pluggable-transports/snowflake.git $SNOWFLAKE_TAG uniuri https://github.com/dchest/uniuri $UNIURI_TAG +selfrando https://github.com/immunant/selfrando.git $SELFRANDO_TAG EOF # HTTPS-Everywhere is special, too. We need to initialize the git submodules and diff --git a/gitian/gpg/ELFUTILS.gpg b/gitian/gpg/ELFUTILS.gpg new file mode 100644 index 0000000..f1cd4b3 Binary files /dev/null and b/gitian/gpg/ELFUTILS.gpg differ diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index 6dbbe51..0a1613f 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -35,7 +35,7 @@ fi if [ -z "$VM_MEMORY" ]; then - export VM_MEMORY=4000 + export VM_MEMORY=6000 fi ./make-vms.sh @@ -99,7 +99,7 @@ then fi cd $GITIAN_DIR - +# XXX: 64bits selfrando only for now :(, see #20683. if [ ! -f inputs/binutils-$BINUTILS_VER-linux32-utils.zip -o \ ! -f inputs/binutils-$BINUTILS_VER-linux64-utils.zip -o \ ! -f inputs/gcc-$GCC_VER-linux32-utils.zip -o \ @@ -111,13 +111,14 @@ if [ ! -f inputs/binutils-$BINUTILS_VER-linux32-utils.zip -o \ ! -f inputs/gmp-$GMP_VER-linux32-utils.zip -o \ ! -f inputs/gmp-$GMP_VER-linux64-utils.zip -o \ ! -f inputs/go-$GO_VER-linux32-utils.zip -o \ - ! -f inputs/go-$GO_VER-linux64-utils.zip ]; + ! -f inputs/go-$GO_VER-linux64-utils.zip -o \ + ! -f inputs/selfrando-$SELFRANDO_TAG-linux64-utils.zip ]; then echo echo "****** Starting Utilities Component of Linux Bundle (1/7 for Linux) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libevent=$LIBEVENT_TAG $DESCRIPTOR_DIR/linux/gitian-utils.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libevent=$LIBEVENT_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-utils.yml if [ $? -ne 0 ]; then #mv var/build.log ./utils-fail-linux.log.`date +%Y%m%d%H%M%S` @@ -138,6 +139,7 @@ then ln -sf gmp-$GMP_VER-linux64-utils.zip gmp-linux64-utils.zip ln -sf go-$GO_VER-linux32-utils.zip go-linux32-utils.zip ln -sf go-$GO_VER-linux64-utils.zip go-linux64-utils.zip + ln -sf selfrando-$SELFRANDO_TAG-linux64-utils.zip selfrando-linux64-utils.zip cd .. #cp -a result/utils-linux-res.yml inputs/ else @@ -159,6 +161,7 @@ else ln -sf gmp-$GMP_VER-linux64-utils.zip gmp-linux64-utils.zip ln -sf go-$GO_VER-linux32-utils.zip go-linux32-utils.zip ln -sf go-$GO_VER-linux64-utils.zip go-linux64-utils.zip + ln -sf selfrando-$SELFRANDO_TAG-linux64-utils.zip selfrando-linux64-utils.zip cd .. fi @@ -193,7 +196,7 @@ then echo "****** Starting TorBrowser Component of Linux Bundle (3/7 for Linux) ******" echo - ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor-browser=$TORBROWSER_TAG,faketime=$FAKETIME_TAG $DESCRIPTOR_DIR/linux/gitian-firefox.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor-browser=$TORBROWSER_TAG,faketime=$FAKETIME_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-firefox.yml if [ $? -ne 0 ]; then #mv var/build.log ./firefox-fail-linux.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/patches/binutils-224-gold.patch b/gitian/patches/binutils-224-gold.patch new file mode 100644 index 0000000..a45e49c --- /dev/null +++ b/gitian/patches/binutils-224-gold.patch @@ -0,0 +1,98 @@ +From f984741df04cd68bb116073fdfa9405808810ab4 Mon Sep 17 00:00:00 2001 +From: Cary Coutant <ccoutant(a)google.com> +Date: Wed, 5 Feb 2014 22:59:02 -0800 +Subject: [PATCH] Fix issues with gold undefined symbol diagnostics. + +PR binutils/15435 complains that gold issues a visibility error for an +weak undefined symbol with hidden visibility. The message should be +suppressed if the symbol is a weak undef. + +An earlier patch to add an extra note about key functions when a class's +vtable symbol is undefined missed a case where the reference to the +vtable came from a shared library. This patch moves the check to a +lower-level routine that catches both cases. + +gold/ + +2014-02-05 Cary Coutant <ccoutant(a)google.com> + + * errors.cc (Errors::undefined_symbol): Move undef vtable symbol + check to here. + * target-reloc.h (is_strong_undefined): New function. + (relocate_section): Move undef vtable symbol check from here. + Check for is_strong_undefined. + +diff --git a/gold/ChangeLog b/gold/ChangeLog +index dcf7ed41f8..dd7ef72980 100644 +--- a/gold/ChangeLog ++++ b/gold/ChangeLog +@@ -1,3 +1,14 @@ ++2014-02-05 Cary Coutant <ccoutant(a)google.com> ++ ++ Fix issues with gold undefined symbol diagnostics. ++ ++ PR binutils/15435 ++ * errors.cc (Errors::undefined_symbol): Move undef vtable symbol ++ check to here. ++ * target-reloc.h (is_strong_undefined): New function. ++ (relocate_section): Move undef vtable symbol check from here. ++ Check for is_strong_undefined. ++ + 2013-11-22 Cary Coutant <ccoutant(a)google.com> + + * testsuite/Makefile.am (exception_x86_64_bnd_test): Use in-tree +diff --git a/gold/errors.cc b/gold/errors.cc +index b79764bd1d..98db0fdd86 100644 +--- a/gold/errors.cc ++++ b/gold/errors.cc +@@ -193,6 +193,11 @@ Errors::undefined_symbol(const Symbol* sym, const std::string& location) + fprintf(stderr, + _("%s: %s: undefined reference to '%s', version '%s'\n"), + location.c_str(), zmsg, sym->demangled_name().c_str(), version); ++ ++ if (sym->is_cxx_vtable()) ++ gold_info(_("%s: the vtable symbol may be undefined because " ++ "the class is missing its key function"), ++ program_name); + } + + // Issue a debugging message. +diff --git a/gold/target-reloc.h b/gold/target-reloc.h +index b544c78f37..d609bcbaa8 100644 +--- a/gold/target-reloc.h ++++ b/gold/target-reloc.h +@@ -144,6 +144,12 @@ class Default_comdat_behavior + } + }; + ++inline bool ++is_strong_undefined(const Symbol* sym) ++{ ++ return sym->is_undefined() && sym->binding() != elfcpp::STB_WEAK; ++} ++ + // Give an error for a symbol with non-default visibility which is not + // defined locally. + +@@ -411,16 +417,10 @@ relocate_section( + } + + if (issue_undefined_symbol_error(sym)) +- { +- gold_undefined_symbol_at_location(sym, relinfo, i, offset); +- if (sym->is_cxx_vtable()) +- gold_info(_("%s: the vtable symbol may be undefined because " +- "the class is missing its key function"), +- program_name); +- } ++ gold_undefined_symbol_at_location(sym, relinfo, i, offset); + else if (sym != NULL + && sym->visibility() != elfcpp::STV_DEFAULT +- && (sym->is_undefined() || sym->is_from_dynobj())) ++ && (is_strong_undefined(sym) || sym->is_from_dynobj())) + visibility_error(sym); + + if (sym != NULL && sym->has_warning()) +-- +2.11.0 + diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index dc207f5..7d551b8 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -125,10 +125,11 @@ depot_tools $DEPOT_TOOLS_TAG go-webrtc $GO_WEBRTC_TAG snowflake $SNOWFLAKE_TAG uniuri $UNIURI_TAG +selfrando $SELFRANDO_TAG EOF # Verify signatures on signed packages -for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI +for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI ELFUTILS do PACKAGE="${i}_PACKAGE" URL="${i}_URL" diff --git a/gitian/versions.alpha b/gitian/versions.alpha index adb9dbf..33be86d 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -47,6 +47,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou GO_WEBRTC_TAG=ab1b64862e0c4b4182010699911c2c5818f0a101 SNOWFLAKE_TAG=9f2e9a6ecb696149708716ca06ce842df03cf492 UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a +SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb GITIAN_TAG=tor-browser-builder-4-4 @@ -71,6 +72,7 @@ GO14_VER=1.4.3 GO_VER=1.8.1 NSIS_VER=2.51 YASM_VER=1.2.0 +ELFUTILS_VER=0.160 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -105,6 +107,7 @@ NOTOKRFONT_PACKAGE=NotoSansKR-Regular.otf NOTOSCFONT_PACKAGE=NotoSansSC-Regular.otf NOTOTCFONT_PACKAGE=NotoSansTC-Regular.otf YASM_PACKAGE=yasm-${YASM_VER}.tar.gz +ELFUTILS_PACKAGE=elfutils-${ELFUTILS_VER}.tar.bz2 # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 @@ -167,3 +170,4 @@ NOTOKRFONT_URL=${NOTOCJKBASE_URL}/${NOTOKRFONT_PACKAGE} NOTOSCFONT_URL=${NOTOCJKBASE_URL}/${NOTOSCFONT_PACKAGE} NOTOTCFONT_URL=${NOTOCJKBASE_URL}/${NOTOTCFONT_PACKAGE} YASM_URL=https://www.tortall.net/projects/yasm/releases/${YASM_PACKAGE} +ELFUTILS_URL=https://sourceware.org/elfutils/ftp/${ELFUTILS_VER}/${ELFUTILS_PACKAGE} diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 4e1618c..69ddb47 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -54,6 +54,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou GO_WEBRTC_TAG=master SNOWFLAKE_TAG=master UNIURI_TAG=master +SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb GITIAN_TAG=tor-browser-builder-4 @@ -78,6 +79,7 @@ GO14_VER=1.4.3 GO_VER=1.8.1 NSIS_VER=2.51 YASM_VER=1.2.0 +ELFUTILS_VER=0.166 ## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -112,6 +114,7 @@ NOTOKRFONT_PACKAGE=NotoSansKR-Regular.otf NOTOSCFONT_PACKAGE=NotoSansSC-Regular.otf NOTOTCFONT_PACKAGE=NotoSansTC-Regular.otf YASM_PACKAGE=yasm-${YASM_VER}.tar.gz +ELFUTILS_PACKAGE=elfutils-${ELFUTILS_VER}.tar.bz2 # Hashes for packages with weak sigs or no sigs OPENSSL_HASH=6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 @@ -174,3 +177,4 @@ NOTOKRFONT_URL=${NOTOCJKBASE_URL}/${NOTOKRFONT_PACKAGE} NOTOSCFONT_URL=${NOTOCJKBASE_URL}/${NOTOSCFONT_PACKAGE} NOTOTCFONT_URL=${NOTOCJKBASE_URL}/${NOTOTCFONT_PACKAGE} YASM_URL=https://www.tortall.net/projects/yasm/releases/${YASM_PACKAGE} +ELFUTILS_URL=https://sourceware.org/elfutils/ftp/${ELFUTILS_VER}/${ELFUTILS_PACKAGE}

1 0

[tor-browser-build/master] Bug 22115: use i386 containers for the win32 build
by boklm＠torproject.org 08 May '17

08 May '17

commit bb32ec91b538ab17d309b645787149ff376d58e9 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon May 8 18:44:29 2017 +0200 Bug 22115: use i386 containers for the win32 build --- projects/firefox/build | 1 + projects/gcc/config | 3 +++ projects/mingw-w64/config | 1 + projects/tor-browser/build | 13 ------------- projects/tor-browser/config | 12 ++---------- rbm.conf | 8 +++++++- 6 files changed, 14 insertions(+), 24 deletions(-) diff --git a/projects/firefox/build b/projects/firefox/build index 1cf9be1..f445454 100644 --- a/projects/firefox/build +++ b/projects/firefox/build @@ -1,4 +1,5 @@ #!/bin/bash +[% c("var/setarch") -%] [% c("var/set_default_env") -%] [% IF c("var/windows") -%] mkdir -p /var/tmp/dist diff --git a/projects/gcc/config b/projects/gcc/config index 676d1fb..d740a93 100644 --- a/projects/gcc/config +++ b/projects/gcc/config @@ -38,6 +38,9 @@ targets: windows-i686: var: configure_opt: --disable-multilib --enable-languages=c,c++ + arch_deps: + - libc6-dev + - zlib1g-dev linux-i686: var: configure_opt: --enable-multilib --enable-languages=c,c++ --with-system-zlib diff --git a/projects/mingw-w64/config b/projects/mingw-w64/config index 21d498a..5e2c748 100644 --- a/projects/mingw-w64/config +++ b/projects/mingw-w64/config @@ -13,6 +13,7 @@ var: - libmpc-dev - g++-mingw-w64-i686 setup: | + [% c("var/setarch") -%] mkdir -p /var/tmp/dist tar -C /var/tmp/dist -xf [% c("compiler_tarfile") %] export PATH="/var/tmp/dist/mingw-w64/helpers:/var/tmp/dist/mingw-w64/bin:$PATH" diff --git a/projects/tor-browser/build b/projects/tor-browser/build index 7134367..084ec7d 100644 --- a/projects/tor-browser/build +++ b/projects/tor-browser/build @@ -201,19 +201,6 @@ popd [% IF c("var/windows") %] - # We need to install a recent version of python-pefile so that it works - # in a x86_64 container: - # https://github.com/TheTorProject/tor-messenger-build/pull/10 - tar xf $rootdir/[% c('input_files_by_name/python-future') %] - cd $(echo [% c('input_files_by_name/python-future') %] | sed s/\.tar\.gz$//) - python setup.py install --user - cd .. - - tar xf $rootdir/[% c('input_files_by_name/python-pefile') %] - cd $(echo [% c('input_files_by_name/python-pefile') %] | sed s/\.tar\.gz$//) - python setup.py install --user - cd .. - tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/nsis') %] export PATH="/var/tmp/dist/nsis/bin:$PATH" diff --git a/projects/tor-browser/config b/projects/tor-browser/config index c4c2521..805d7b6 100644 --- a/projects/tor-browser/config +++ b/projects/tor-browser/config @@ -27,8 +27,8 @@ targets: windows-i686: var: mar_osname: win32 - container: - suite: utopic + arch_deps: + - python-pefile input_files: - project: container-image @@ -70,11 +70,3 @@ input_files: enable: '[% c("var/windows") %]' - filename: pe_checksum_fix.py enable: '[% c("var/windows") %]' - - name: python-future - URL: https://pypi.python.org/packages/00/2b/8d082ddfed935f3608cc61140df6dcbf0ede… - sha256sum: e39ced1ab767b5936646cedba8bcce582398233d6a627067d4c6a454c90cfedb - enable: '[% c("var/windows") %]' - - name: python-pefile - URL: https://pypi.python.org/packages/92/c0/8589ce9734ffdba258bd3e5acd4afb2e3586… - sha256sum: f24021085b5c3ef7b0898bb1f1d93eecd3839e03512769e22b0c5a10d9095f7b - enable: '[% c("var/windows") %]' diff --git a/rbm.conf b/rbm.conf index 2060132..969922c 100644 --- a/rbm.conf +++ b/rbm.conf @@ -153,7 +153,7 @@ targets: osname: windows-i686 container: suite: precise - arch: amd64 + arch: i386 configure_opt: '--host=i686-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]"' CFLAGS: '[% c("var/flag_mwindows") %] -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security' LDFLAGS: '[% c("var/flag_mwindows") %] -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$gcclibs' @@ -168,6 +168,12 @@ targets: - zip - unzip faketime_path: /usr/lib/faketime/libfaketime.so.1 + setarch: | + if test -z "$RBM_SETARCH" + then + export RBM_SETARCH=1 + exec setarch i686 ./build + fi torbrowser-osx-x86_64: - osx-x86_64

1 0

[tor-browser-build/master] Bug 22115: use i386 containers for the linux32 build
by boklm＠torproject.org 08 May '17

08 May '17

commit d067aa03629fb87c47acf19f81ed51940ebc3ebb Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon May 1 19:58:30 2017 +0200 Bug 22115: use i386 containers for the linux32 build --- projects/binutils/build | 3 ++- projects/common/runc-config.json | 6 +++++- projects/debootstrap-image/config | 22 ++++++++++++++++++++++ projects/firefox/config | 21 ++++----------------- projects/gcc/build | 1 + projects/gcc/config | 17 ++++++++++++----- projects/go-webrtc/config | 8 +------- projects/go/build | 1 + projects/go/config | 1 + projects/snowflake/config | 8 +------- projects/tor/config | 14 +++++--------- projects/webrtc/config | 30 ++++++++---------------------- rbm.conf | 35 ++++++++++++++++------------------- 13 files changed, 79 insertions(+), 88 deletions(-) diff --git a/projects/binutils/build b/projects/binutils/build index 8d4f09f..bd949a5 100644 --- a/projects/binutils/build +++ b/projects/binutils/build @@ -8,7 +8,8 @@ distdir=/var/tmp/dist/binutils export DEB_BUILD_HARDENING_FORTIFY=1 export DEB_BUILD_HARDENING_FORMAT=1 export DEB_BUILD_HARDENING_PIE=1 - +[% END -%] +[% IF c("var/linux-x86_64") %] # The libstdc++ shipped by default is non-PIC which breaks the binutils build # if we build with DEB_BUILD_HARDENING_PIE=1. We need to install a PIC one AND # make sure it gets used before the non-PIC one would. diff --git a/projects/common/runc-config.json b/projects/common/runc-config.json index 4c231cd..3da6c24 100644 --- a/projects/common/runc-config.json +++ b/projects/common/runc-config.json @@ -2,7 +2,11 @@ "ociVersion": "1.0.0-rc1", "platform": { "os": "linux", - "arch": "amd64" +[% IF c("var/container/arch") == 'i386' -%] + "arch": "386" +[% ELSE -%] + "arch": "[% c("var/container/arch") %]" +[% END -%] }, "process": { "terminal": true, diff --git a/projects/debootstrap-image/config b/projects/debootstrap-image/config index bd204f5..15eec3b 100644 --- a/projects/debootstrap-image/config +++ b/projects/debootstrap-image/config @@ -27,23 +27,45 @@ targets: container: suite: wheezy arch: amd64 + wheezy-i386: + var: + container: + suite: wheezy + arch: i386 jessie-amd64: var: container: suite: jessie arch: amd64 + jessie-i386: + var: + container: + suite: jessie + arch: i386 precise-amd64: var: container: suite: precise arch: amd64 debootstrap_opt: --keyring=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg + precise-i386: + var: + container: + suite: precise + arch: i386 + debootstrap_opt: --keyring=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg utopic-amd64: var: container: suite: utopic arch: amd64 debootstrap_mirror: http://old-releases.ubuntu.com/ubuntu/ + utopic-i386: + var: + container: + suite: utopic + arch: i386 + debootstrap_mirror: http://old-releases.ubuntu.com/ubuntu/ input_files: - URL: 'http://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' diff --git a/projects/firefox/config b/projects/firefox/config index d6a68fe..f5c765f 100644 --- a/projects/firefox/config +++ b/projects/firefox/config @@ -28,9 +28,8 @@ targets: var: torbrowser_update_channel: default - linux-x86_64: + linux: var: - martools_filename: mar-tools-linux64.zip arch_deps: - libgtk2.0-dev - libdbus-glib-1-dev @@ -44,25 +43,13 @@ targets: - libx11-xcb-dev # We built GCC but not the libmpc2, thus we need to install it - libmpc2 + linux-x86_64: + var: + martools_filename: mar-tools-linux64.zip linux-i686: var: martools_filename: mar-tools-linux32.zip - sort_deps: 0 - arch_deps: - - libc6-dev-i386 - - libgtk2.0-dev:i386 - - libdbus-glib-1-dev:i386 - - libxt-dev:i386 - # To pass configure since ESR 31. - - libpulse-dev:i386 - # To pass configure since ESR 45. - - libgconf2-dev:i386 - # To pass configure since ESR 52 - - libx11-xcb-dev:i386 - # We built GCC but not the libmpc2, thus we need to install it - - libmpc2 - - hardening-wrapper osx-x86_64: var: diff --git a/projects/gcc/build b/projects/gcc/build index 1c24af7..e509aac 100644 --- a/projects/gcc/build +++ b/projects/gcc/build @@ -1,5 +1,6 @@ #!/bin/sh [% c("var/set_default_env") -%] +[% c("var/setarch") -%] distdir=/var/tmp/dist/[% project %] mkdir /var/tmp/build tar -C /var/tmp/build -xf [% project %]-[% c("version") %].tar.bz2 diff --git a/projects/gcc/config b/projects/gcc/config index 1acf30a..676d1fb 100644 --- a/projects/gcc/config +++ b/projects/gcc/config @@ -4,12 +4,11 @@ version: 5.1.0 var: container: use_container: 1 - configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686 deps: - build-essential - libmpc-dev - - libc6-dev-i386 setup: | + [% c("var/setarch") -%] mkdir -p /var/tmp/dist tar -C /var/tmp/dist -xf $rootdir/[% c("compiler_tarfile") %] export PATH="/var/tmp/dist/gcc/bin:$PATH" @@ -36,12 +35,20 @@ var: popd targets: - osx-x86_64: - var: - configure_opt: --enable-multilib --enable-languages=c,c++ windows-i686: var: configure_opt: --disable-multilib --enable-languages=c,c++ + linux-i686: + var: + configure_opt: --enable-multilib --enable-languages=c,c++ --with-system-zlib + arch_deps: + - libc6-dev + - zlib1g-dev + linux-x86_64: + var: + configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686 + arch_deps: + - libc6-dev-i386 input_files: - project: container-image - URL: 'https://ftp.gnu.org/gnu/gcc/gcc-[% c("version") %]/gcc-[% c("version") %].tar.bz2' diff --git a/projects/go-webrtc/config b/projects/go-webrtc/config index d7c31d6..673215b 100644 --- a/projects/go-webrtc/config +++ b/projects/go-webrtc/config @@ -31,17 +31,11 @@ var: targets: master: git_hash: master - linux-x86_64: + linux: var: arch_deps: - pkg-config - libx11-dev - linux-i686: - var: - arch_deps: - - pkg-config:i386 - - libx11-dev:i386 - - lib32stdc++6 input_files: - project: container-image diff --git a/projects/go/build b/projects/go/build index 2f87bf5..b7fac08 100644 --- a/projects/go/build +++ b/projects/go/build @@ -1,5 +1,6 @@ #!/bin/bash [% c("var/set_default_env") -%] +[% c("var/setarch") -%] distdir=/var/tmp/dist/[% project %] mkdir -p /var/tmp/dist diff --git a/projects/go/config b/projects/go/config index ef9c411..b36f211 100644 --- a/projects/go/config +++ b/projects/go/config @@ -8,6 +8,7 @@ var: use_container: 1 setup: | + [% c("var/setarch") -%] mkdir -p /var/tmp/dist tar -C /var/tmp/dist -xf $rootdir/[% c("go_tarfile") %] export GOOS=[% c("var/GOOS") %] diff --git a/projects/snowflake/config b/projects/snowflake/config index 212e86c..89e3eb6 100644 --- a/projects/snowflake/config +++ b/projects/snowflake/config @@ -9,13 +9,7 @@ var: use_container: 1 targets: - linux-i686: - var: - arch_deps: - - pkg-config - - libx11-dev:i386 - - lib32stdc++6 - linux-x86_64: + linux: var: arch_deps: - pkg-config diff --git a/projects/tor/config b/projects/tor/config index a9da811..c2d359c 100644 --- a/projects/tor/config +++ b/projects/tor/config @@ -21,22 +21,18 @@ targets: git_hash: master tag_gpg_id: 0 - linux-i686: + linux: var: - libdir: lib32 - sort_deps: 0 arch_deps: - - libc6-dev-i386 - libtool - - zlib1g-dev:i386 + - zlib1g-dev - hardening-wrapper + linux-i686: + var: + libdir: lib linux-x86_64: var: libdir: lib64 - arch_deps: - - libtool - - zlib1g-dev - - hardening-wrapper osx-x86_64: var: arch_deps: diff --git a/projects/webrtc/config b/projects/webrtc/config index d46d821..6882e87 100644 --- a/projects/webrtc/config +++ b/projects/webrtc/config @@ -26,28 +26,6 @@ targets: var: webrtc: os: linux - linux-i686: - var: - sort_deps: 0 - arch_deps: - - lib32asound2-dev - - lib64expat1 - - libexpat1-dev:i386 - - libglib2.0-dev:i386 - - libgtk2.0-dev:i386 - - libudev-dev:i386 - - libx11-dev:i386 - - libxext-dev:i386 - - libxrandr-dev:i386 - - lib32stdc++6 - - pkg-config - - hardening-wrapper - webrtc: - arch: ia32 - lib_arch: 386 - lib_path: lib/libwebrtc-linux-386-magic.a - linux-x86_64: - var: arch_deps: - libasound2-dev - libexpat1-dev @@ -58,6 +36,14 @@ targets: - libxext-dev - libxrandr-dev - pkg-config + linux-i686: + var: + webrtc: + arch: ia32 + lib_arch: 386 + lib_path: lib/libwebrtc-linux-386-magic.a + linux-x86_64: + var: webrtc: arch: x64 lib_arch: amd64 diff --git a/rbm.conf b/rbm.conf index 722c85a..2060132 100644 --- a/rbm.conf +++ b/rbm.conf @@ -111,26 +111,30 @@ targets: var: linux-x86_64: 1 osname: linux-x86_64 - deps: - - build-essential - - python - - bison - - hardening-wrapper - - automake - - libtool - - zip - - unzip # We only build snowflake on linux-x86_64 for now snowflake: 1 + container: + arch: amd64 linux-i686: arch: i686 var: linux-i686: 1 osname: linux-i686 - configure_opt: '--host=i686-linux-gnu CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32' - pre_pkginst: dpkg --add-architecture i386 + container: + arch: i386 + setarch: | + if test -z "$RBM_SETARCH" + then + export RBM_SETARCH=1 + exec setarch i686 ./build + fi + linux: + var: + linux: 1 + compiler: gcc + container: + suite: wheezy deps: - - libc6-dev-i386 - build-essential - python - bison @@ -139,13 +143,6 @@ targets: - libtool - zip - unzip - linux: - var: - linux: 1 - compiler: gcc - container: - suite: wheezy - arch: amd64 torbrowser-windows-i686: - windows-i686

1 0

[tor-browser-build/master] Bug 21824: use runc instead of docker
by boklm＠torproject.org 05 May '17

05 May '17

commit 2d98c063010fc5b0f8da3e386587a501e27507b9 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Tue Apr 25 22:06:10 2017 +0200 Bug 21824: use runc instead of docker --- README | 25 ++---- keyring/ubuntu.gpg | Bin 0 -> 32904 bytes projects/binutils/config | 5 +- projects/cmake/config | 6 +- projects/common/runc-config.json | 179 ++++++++++++++++++++++++++++++++++++++ projects/container-image/build | 3 + projects/container-image/config | 86 ++++++++++++++++++ projects/debootstrap-image/build | 3 + projects/debootstrap-image/config | 52 +++++++++++ projects/docker-image/build | 4 - projects/docker-image/config | 51 ----------- projects/ed25519/config | 5 +- projects/firefox/config | 5 +- projects/fonts/config | 5 +- projects/gcc/config | 5 +- projects/gmp/config | 7 +- projects/go-webrtc/config | 5 +- projects/go/config | 5 +- projects/goerrors/config | 5 +- projects/gogb/config | 5 +- projects/goptlib/config | 5 +- projects/goxcrypto/config | 5 +- projects/goxnet/config | 5 +- projects/https-everywhere/config | 9 +- projects/libdmg-hfsplus/config | 5 +- projects/libevent/config | 7 +- projects/llvm/config | 7 +- projects/macosx-toolchain/config | 5 +- projects/meek/config | 6 +- projects/mingw-w64/config | 5 +- projects/nsis/config | 5 +- projects/obfs4/config | 7 +- projects/openssl/config | 7 +- projects/sandbox/config | 8 +- projects/siphash/config | 5 +- projects/snowflake/config | 7 +- projects/tor-browser/config | 8 +- projects/tor-launcher/config | 6 +- projects/tor/config | 5 +- projects/torbutton/config | 6 +- projects/uniuri/config | 5 +- projects/webrtc/config | 10 ++- projects/yasm/config | 6 +- projects/zlib/config | 7 +- rbm | 2 +- rbm.conf | 93 ++++++++++++++++++-- rbm.local.conf.example | 6 -- tools/clean-old | 21 ----- 48 files changed, 549 insertions(+), 185 deletions(-) diff --git a/README b/README index 08904fb..fa968ff 100644 --- a/README +++ b/README @@ -5,13 +5,12 @@ Installing build dependencies ----------------------------- To build Tor Browser, you need a Linux distribution that has support -for Docker (such as Debian jessie, Ubuntu 14.04, Fedora 20, etc ...). -The Docker package is usually named docker.io or docker-io. -On Debian jessie, the docker.io package is available in backports. +for runC (such as Debian jessie, Ubuntu 14.04, Fedora 20, etc ...). +On Debian jessie, the runc package is available in backports. -Your user account should have access to the docker command without using -sudo, so it should be in the docker group. The docker daemon should -also be running. +Your user account should have access sudo access, which is required to +be able to extract container file systems, start containers and copy +files to and from containers. The sources of most components are downloaded using git, which needs to be installed. The sources of webrtc are downloaded using gclient, which @@ -41,7 +40,7 @@ If you are running Debian or Ubuntu, you can install them with: libio-captureoutput-perl libfile-slurp-perl \ libstring-shellquote-perl libsort-versions-perl \ libdigest-sha-perl libdata-uuid-perl libdata-dump-perl \ - libfile-copy-recursive-perl git libgtk2.0-dev curl + libfile-copy-recursive-perl git libgtk2.0-dev curl runc Starting a build @@ -184,18 +183,6 @@ of files and containers that would be removed without doing it, you can use 'make clean-dry-run'. -Multiple build directories on the same host -------------------------------------------- - -You can do multiple builds of Tor Browser in different directories on -the same host. However the docker images namespace is global, so you -may have some conflicts with the same image names used by the -different builds. By default, the docker images are prefixed with -tor-browser_$USER. You can change this prefix by defining the -docker_image_prefix option in rbm.local.conf, using a different prefix -for each of your build directories. - - Common Build Errors ------------------- diff --git a/keyring/ubuntu.gpg b/keyring/ubuntu.gpg new file mode 100644 index 0000000..8b77bf0 Binary files /dev/null and b/keyring/ubuntu.gpg differ diff --git a/projects/binutils/config b/projects/binutils/config index 2975f14..0cb2088 100644 --- a/projects/binutils/config +++ b/projects/binutils/config @@ -1,9 +1,10 @@ # vim: filetype=yaml sw=2 version: 2.24 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 var: configure_opt: '--disable-multilib --enable-gold --enable-deterministic-archives --enable-plugins' + container: + use_container: 1 targets: windows-i686: @@ -15,7 +16,7 @@ input_files: sig_ext: sig file_gpg_id: 1 gpg_keyring: binutils.gpg - - project: docker-image + - project: container-image - filename: enable-reloc-section-ld.patch enable: '[% c("var/windows") %]' - filename: peXXigen.patch diff --git a/projects/cmake/config b/projects/cmake/config index 837d9e1..357370d 100644 --- a/projects/cmake/config +++ b/projects/cmake/config @@ -5,7 +5,9 @@ git_hash: 'v[% c("version") %]' tag_gpg_id: 1 gpg_keyring: cmake.gpg filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 +var: + container: + use_container: 1 input_files: - - project: docker-image + - project: container-image diff --git a/projects/common/runc-config.json b/projects/common/runc-config.json new file mode 100644 index 0000000..4c231cd --- /dev/null +++ b/projects/common/runc-config.json @@ -0,0 +1,179 @@ +{ + "ociVersion": "1.0.0-rc1", + "platform": { + "os": "linux", + "arch": "amd64" + }, + "process": { + "terminal": true, + "user": { + "uid": 0, + "gid": 0 + }, + "args": [ + "/rbm/run" + ], + "env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm" + ], + "cwd": "/", + "capabilities": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE", + "CAP_SETGID", + "CAP_SETUID", + "CAP_MKNOD", + "CAP_SYS_CHROOT", +[% IF c("var/container/CAP_SYS_ADMIN") -%] + "CAP_SYS_ADMIN", +[% END -%] + "CAP_FSETID", + "CAP_FOWNER", + "CAP_DAC_OVERRIDE", + "CAP_CHOWN" + ], + "rlimits": [ + { + "type": "RLIMIT_NOFILE", + "hard": 1024, + "soft": 1024 + } + ], + "noNewPrivileges": true + }, + "root": { + "path": "rootfs", + "readonly": false + }, + "hostname": "runc", + "mounts": [ + { + "destination": "/proc", + "type": "proc", + "source": "proc" + }, + { + "type": "bind", + "source": "/etc/resolv.conf", + "destination": "/etc/resolv.conf", + "options": [ + "rbind", + "ro" + ] + }, + { + "destination": "/dev", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "nosuid", + "strictatime", + "mode=755", + "size=65536k" + ] + }, + { + "destination": "/dev/pts", + "type": "devpts", + "source": "devpts", + "options": [ + "nosuid", + "noexec", + "newinstance", + "ptmxmode=0666", + "mode=0620", + "gid=5" + ] + }, + { + "destination": "/dev/shm", + "type": "tmpfs", + "source": "shm", + "options": [ + "nosuid", + "noexec", + "nodev", + "mode=1777", + "size=65536k" + ] + }, + { + "destination": "/dev/mqueue", + "type": "mqueue", + "source": "mqueue", + "options": [ + "nosuid", + "noexec", + "nodev" + ] + }, + { + "destination": "/sys", + "type": "sysfs", + "source": "sysfs", + "options": [ + "nosuid", + "noexec", + "nodev", + "ro" + ] + }, + { + "destination": "/sys/fs/cgroup", + "type": "cgroup", + "source": "cgroup", + "options": [ + "nosuid", + "noexec", + "nodev", + "relatime", + "ro" + ] + } + ], + "hooks": {}, + "linux": { + "resources": { + "devices": [ + { + "allow": false, + "access": "rwm" + } + ] + }, + "namespaces": [ + { + "type": "pid" + }, + { + "type": "ipc" + }, + { + "type": "uts" + }, + { + "type": "mount" + } + ], + "maskedPaths": [ + "/proc/kcore", + "/proc/latency_stats", + "/proc/timer_stats", + "/proc/sched_debug" + ], + "readonlyPaths": [ + "/proc/asound", + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger" + ] + }, + "solaris": { + "cappedCPU": {}, + "cappedMemory": {} + } +} diff --git a/projects/container-image/build b/projects/container-image/build new file mode 100644 index 0000000..c7d1c46 --- /dev/null +++ b/projects/container-image/build @@ -0,0 +1,3 @@ +#!/bin/sh +set -e +# Doing nothing diff --git a/projects/container-image/config b/projects/container-image/config new file mode 100644 index 0000000..c9f377f --- /dev/null +++ b/projects/container-image/config @@ -0,0 +1,86 @@ +# vim: filetype=yaml sw=2 +filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %]-[% sha256(c("pre")).substr(0, 12) %].tar.gz' +pkg_type: build + +var: + container: + use_container: 1 + suite: '[% pc(c("origin_project"), "var/container/suite") %]' + arch: '[% pc(c("origin_project"), "var/container/arch") %]' + +lsb_release: + id: Debian + codename: wheezy + release: 7.11 + +pre: | + #!/bin/sh + # [% c('var/container/suite') %] + set -e + [% IF pc(c('origin_project'), 'var/pre_pkginst') -%] + [% pc(c('origin_project'), 'var/pre_pkginst') %] + [% END -%] + [% IF c("var/container/suite") == "precise" -%] + export INITRD=no + mkdir -p /etc/container_environment + echo -n no > /etc/container_environment/INITRD + dpkg-divert --local --rename --add /sbin/initctl + ln -s /bin/true /sbin/initctl + dpkg-divert --local --rename --add /usr/bin/ischroot + ln -sf /bin/true /usr/bin/ischroot + cat >> /etc/apt/sources.list << EOF + deb http://archive.ubuntu.com/ubuntu/ precise-updates main + deb-src http://archive.ubuntu.com/ubuntu/ precise-updates main + + deb http://archive.ubuntu.com/ubuntu/ precise universe + deb-src http://archive.ubuntu.com/ubuntu/ precise universe + deb http://archive.ubuntu.com/ubuntu/ precise-updates universe + deb-src http://archive.ubuntu.com/ubuntu/ precise-updates universe + + deb http://archive.ubuntu.com/ubuntu/ precise-security main + deb-src http://archive.ubuntu.com/ubuntu/ precise-security main + deb http://archive.ubuntu.com/ubuntu/ precise-security universe + deb-src http://archive.ubuntu.com/ubuntu/ precise-security universe + EOF + [% END -%] + apt-get update -y + apt-get upgrade -y + [% + deps = []; + IF pc(c('origin_project'), 'var/deps'); + CALL deps.import(pc(c('origin_project'), 'var/deps')); + END; + IF pc(c('origin_project'), 'var/arch_deps'); + CALL deps.import(pc(c('origin_project'), 'var/arch_deps')); + END; + IF deps.size; + IF pc(c('origin_project'), 'var/sort_deps'); + deps = deps.sort; + END; + FOREACH pkg IN deps; + SET p = tmpl(pkg); + IF p; + GET c('install_package', { pkg_name => p }); + GET "\n"; + END; + END; + END; + -%] + [% IF pc(c('origin_project'), 'var/post_pkginst') -%] + [% pc(c('origin_project'), 'var/post_pkginst') %] + [% END -%] + +remote_get: | + #!/bin/sh + set -e + [% + SET src = shell_quote(c('get_src', { error_if_undef => 1 })); + SET dst = shell_quote(c('get_dst', { error_if_undef => 1 })); + -%] + mkdir -p "[% dst %]" + sudo tar -C "[% c("var/container/dir") %]/rootfs" -czf "[% dst %]/[% c("filename") %]" . + +input_files: + - project: debootstrap-image + target: + - '[% c("var/container/suite") %]-[% c("var/container/arch") %]' diff --git a/projects/debootstrap-image/build b/projects/debootstrap-image/build new file mode 100644 index 0000000..c7d1c46 --- /dev/null +++ b/projects/debootstrap-image/build @@ -0,0 +1,3 @@ +#!/bin/sh +set -e +# Doing nothing diff --git a/projects/debootstrap-image/config b/projects/debootstrap-image/config new file mode 100644 index 0000000..bd204f5 --- /dev/null +++ b/projects/debootstrap-image/config @@ -0,0 +1,52 @@ +# vim: filetype=yaml sw=2 +filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %].tar.gz' +pkg_type: build + +var: + ubuntu_version: 17.04 + + container_dir: '[% c("tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]' + container_user: rbm + + container: + use_container: 1 + # We need CAP_SYS_ADMIN for debootstrap to work + CAP_SYS_ADMIN: 1 + +pre: | + #!/bin/sh + set -e + apt-get update -y + apt-get install -y debian-archive-keyring ubuntu-keyring debootstrap + debootstrap --arch=[% c("var/container/arch") %] [% c("var/container/debootstrap_opt") %] [% c("var/container/suite") %] base-image [% c("var/container/debootstrap_mirror") %] + tar -C ./base-image -czf [% dest_dir %]/[% c("filename") %] . + +targets: + wheezy-amd64: + var: + container: + suite: wheezy + arch: amd64 + jessie-amd64: + var: + container: + suite: jessie + arch: amd64 + precise-amd64: + var: + container: + suite: precise + arch: amd64 + debootstrap_opt: --keyring=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg + utopic-amd64: + var: + container: + suite: utopic + arch: amd64 + debootstrap_mirror: http://old-releases.ubuntu.com/ubuntu/ + +input_files: + - URL: 'http://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' + filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' + sha256sum: df2c8fd540e474b8e1e29c0db8ed6b43a932918f1b9a8149bb82104a7c07ba2a + diff --git a/projects/docker-image/build b/projects/docker-image/build deleted file mode 100644 index ced6ad3..0000000 --- a/projects/docker-image/build +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -set -e -echo 1 > [% dest_dir %]/[% c('filename') %] -echo Creating [% dest_dir %]/[% c('filename') %] diff --git a/projects/docker-image/config b/projects/docker-image/config deleted file mode 100644 index 1968b77..0000000 --- a/projects/docker-image/config +++ /dev/null @@ -1,51 +0,0 @@ -# vim: filetype=yaml sw=2 -filename: '[% sha256(c("pre")).substr(0, 12) %]' -remote_docker: 1 -docker_save_image: '[% c("docker_image_prefix") %]:[% c("filename") %]' -pkg_type: build - -docker_image: '[% c("lsb_release/id").lower %]:[% c("lsb_release/release") %]' - -lsb_release: - id: '[% pc(c("origin_project", { no_distro => 1 }), "lsb_release/id", { no_distro => 1 }) %]' - release: '[% pc(c("origin_project", { no_distro => 1 }), "lsb_release/release", { no_distro => 1 }) %]' - codename: '[% pc(c("origin_project", { no_distro => 1 }), "lsb_release/codename", { no_distro => 1 }) %]' - -pre: | - #!/bin/sh - # [% c('docker_image') %] - set -e - [% IF c('lsb_release/release') == '14.10' -%] - sed -i 's/archive\.ubuntu\.com/old-releases.ubuntu.com/' /etc/apt/sources.list - [% END -%] - [% IF pc(c('origin_project'), 'var/pre_pkginst') -%] - [% pc(c('origin_project'), 'var/pre_pkginst') %] - [% END -%] - [% IF c('lsb_release/id') == 'Ubuntu' || c('lsb_release/id') == 'Debian' %] - apt-get update -y - apt-get upgrade -y - [% END %] - [% - deps = []; - IF pc(c('origin_project'), 'var/deps'); - CALL deps.import(pc(c('origin_project'), 'var/deps')); - END; - IF pc(c('origin_project'), 'var/arch_deps'); - CALL deps.import(pc(c('origin_project'), 'var/arch_deps')); - END; - IF deps.size; - IF pc(c('origin_project'), 'var/sort_deps'); - deps = deps.sort; - END; - FOREACH pkg IN deps; - SET p = tmpl(pkg); - IF p; - GET c('install_package', { pkg_name => p }); - GET "\n"; - END; - END; - END; - -%] - [% IF pc(c('origin_project'), 'var/post_pkginst') -%] - [% pc(c('origin_project'), 'var/post_pkginst') %] - [% END -%] diff --git a/projects/ed25519/config b/projects/ed25519/config index 5bab68b..c6790b8 100644 --- a/projects/ed25519/config +++ b/projects/ed25519/config @@ -3,16 +3,17 @@ version: '[% c("abbrev") %]' git_url: https://github.com/agl/ed25519.git git_hash: c4161f4c7483313562781c61b9a20aba73daf9de filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: github.com/agl/ed25519 go_lib_install: - github.com/agl/ed25519/extra25519 input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/firefox/config b/projects/firefox/config index 2c74e4b..d6a68fe 100644 --- a/projects/firefox/config +++ b/projects/firefox/config @@ -5,7 +5,6 @@ git_hash: 'tor-browser-[% c("var/firefox_version") %]-[% c("var/torbrowser_branc tag_gpg_id: 1 git_url: https://git.torproject.org/tor-browser.git gpg_keyring: torbutton.gpg -remote_docker: 1 var: firefox_version: 52.1.0esr @@ -19,6 +18,8 @@ var: - autoconf2.13 - yasm - python + container: + use_container: 1 targets: nightly: @@ -74,7 +75,7 @@ targets: martools_filename: mar-tools-win32.zip input_files: - - project: docker-image + - project: container-image - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - filename: get-moz-build-date diff --git a/projects/fonts/config b/projects/fonts/config index 69e16b3..382804d 100644 --- a/projects/fonts/config +++ b/projects/fonts/config @@ -3,8 +3,9 @@ version: '[% c("abbrev") %]' git_url: https://github.com/googlei18n/noto-fonts.git git_hash: 720e34851382ee3c1ef024d8dffb68ffbfb234c2 filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].tar.gz" -remote_docker: 1 var: + container: + use_container: 1 noto_fonts_hinted: - Arimo-Regular.ttf - Arimo-Bold.ttf @@ -85,7 +86,7 @@ targets: - NotoSansYi-Regular.ttf input_files: - - project: docker-image + - project: container-image - URL: https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd05d6f382138a3d3adc… sha256sum: 415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5 enable: '[% c("var/linux") %]' diff --git a/projects/gcc/config b/projects/gcc/config index 391e453..1acf30a 100644 --- a/projects/gcc/config +++ b/projects/gcc/config @@ -1,8 +1,9 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' version: 5.1.0 -remote_docker: 1 var: + container: + use_container: 1 configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686 deps: - build-essential @@ -42,6 +43,6 @@ targets: var: configure_opt: --disable-multilib --enable-languages=c,c++ input_files: + - project: container-image - URL: 'https://ftp.gnu.org/gnu/gcc/gcc-[% c("version") %]/gcc-[% c("version") %].tar.bz2' sha256sum: b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad - - project: docker-image diff --git a/projects/gmp/config b/projects/gmp/config index 913f181..41eb630 100644 --- a/projects/gmp/config +++ b/projects/gmp/config @@ -1,7 +1,10 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' version: 5.1.3 -remote_docker: 1 + +var: + container: + use_container: 1 targets: linux: @@ -9,9 +12,9 @@ targets: configure_opt_gmp: --enable-fat input_files: + - project: container-image - name: gmp URL: 'https://ftp.gnu.org/gnu/gmp/gmp-[% c("version") %].tar.bz2' sha256sum: 752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160 - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - - project: docker-image diff --git a/projects/go-webrtc/config b/projects/go-webrtc/config index 3a1a9d4..d7c31d6 100644 --- a/projects/go-webrtc/config +++ b/projects/go-webrtc/config @@ -3,11 +3,12 @@ version: '[% c("abbrev") %]' git_url: https://github.com/keroserene/go-webrtc.git git_hash: ab1b64862e0c4b4182010699911c2c5818f0a101 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: github.com/keroserene/go-webrtc build_go_lib_pre: | [% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %] @@ -43,7 +44,7 @@ targets: - lib32stdc++6 input_files: - - project: docker-image + - project: container-image - name: go project: go - name: webrtc diff --git a/projects/go/config b/projects/go/config index 89b4b45..ef9c411 100644 --- a/projects/go/config +++ b/projects/go/config @@ -1,10 +1,11 @@ # vim: filetype=yaml sw=2 version: 1.7.5 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 var: go14_version: 1.4.3 + container: + use_container: 1 setup: | mkdir -p /var/tmp/dist @@ -69,7 +70,7 @@ targets: GOARCH: 386 input_files: - - project: docker-image + - project: container-image - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' enable: '[% c("var/windows") || c("var/osx") %]' diff --git a/projects/goerrors/config b/projects/goerrors/config index 4451f7b..3c11fab 100644 --- a/projects/goerrors/config +++ b/projects/goerrors/config @@ -3,14 +3,15 @@ version: '[% c("abbrev") %]' git_url: https://github.com/pkg/errors git_hash: 248dadf4e9068a0b3e79f02ed0a610d935de5302 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: github.com/pkg/errors input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/gogb/config b/projects/gogb/config index a358819..dcf30f6 100644 --- a/projects/gogb/config +++ b/projects/gogb/config @@ -3,18 +3,19 @@ version: '[% c("abbrev") %]' git_url: https://github.com/constabulary/gb git_hash: 06cc925cce6592e922dcc4839a8b44feb384e71e filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: github.com/constabulary/gb go_lib_install: github.com/constabulary/gb/cmd/gb go_lib_deps: - goerrors input_files: - - project: docker-image + - project: container-image - name: go project: go - name: goerrors diff --git a/projects/goptlib/config b/projects/goptlib/config index dd520ec..c083763 100644 --- a/projects/goptlib/config +++ b/projects/goptlib/config @@ -5,14 +5,15 @@ git_hash: '[% c("version") %]' tag_gpg_id: 1 gpg_keyring: goptlib.gpg filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: git.torproject.org/pluggable-transports/goptlib.git input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/goxcrypto/config b/projects/goxcrypto/config index 8362f28..b51b578 100644 --- a/projects/goxcrypto/config +++ b/projects/goxcrypto/config @@ -3,11 +3,12 @@ version: '[% c("abbrev") %]' git_url: https://go.googlesource.com/crypto git_hash: 4ed45ec682102c643324fae5dff8dab085b6c300 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: golang.org/x/crypto go_lib_install: - golang.org/x/crypto/curve25519 @@ -19,6 +20,6 @@ targets: git_hash: master input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/goxnet/config b/projects/goxnet/config index 507f997..ec368a2 100644 --- a/projects/goxnet/config +++ b/projects/goxnet/config @@ -3,11 +3,12 @@ version: '[% c("abbrev") %]' git_url: https://go.googlesource.com/net git_hash: 7dbad50ab5b31073856416cdcfeb2796d682f844 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: golang.org/x/net go_lib_install: - golang.org/x/net/proxy @@ -17,6 +18,6 @@ targets: git_hash: master input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/https-everywhere/config b/projects/https-everywhere/config index 3e5100e..f149cac 100644 --- a/projects/https-everywhere/config +++ b/projects/https-everywhere/config @@ -6,9 +6,11 @@ git_submodule: 1 gpg_keyring: https-everywhere.gpg tag_gpg_id: 1 filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].xpi" -remote_docker: 1 -distribution: Debian-7.11 var: + container: + use_container: 1 + suite: wheezy + arch: amd64 deps: - git - python @@ -19,8 +21,9 @@ var: - rsync - zip - unzip + input_files: - - project: docker-image + - project: container-image targets: nightly: diff --git a/projects/libdmg-hfsplus/config b/projects/libdmg-hfsplus/config index 9071078..67e8287 100644 --- a/projects/libdmg-hfsplus/config +++ b/projects/libdmg-hfsplus/config @@ -3,13 +3,14 @@ version: '[% c("abbrev") %]' git_url: https://github.com/vasi/libdmg-hfsplus git_hash: dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 var: + container: + use_container: 1 deps: - build-essential - cmake - zlib1g-dev - libbz2-dev input_files: + - project: container-image - filename: libdmg.patch - - project: docker-image diff --git a/projects/libevent/config b/projects/libevent/config index 15ada11..46cbb7e 100644 --- a/projects/libevent/config +++ b/projects/libevent/config @@ -5,7 +5,10 @@ git_hash: 'release-[% c("version") %]-stable' tag_gpg_id: 1 gpg_keyring: libevent.gpg filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 + +var: + container: + use_container: 1 targets: osx-x86_64: @@ -14,6 +17,6 @@ targets: - faketime input_files: - - project: docker-image + - project: container-image - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' diff --git a/projects/llvm/config b/projects/llvm/config index 81f7aaa..f0a803b 100644 --- a/projects/llvm/config +++ b/projects/llvm/config @@ -1,10 +1,13 @@ # vim: filetype=yaml sw=2 version: 3.8.0 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 + +var: + container: + use_container: 1 input_files: - - project: docker-image + - project: container-image - project: cmake name: cmake - URL: 'http://releases.llvm.org/[% c("version") %]/llvm-[% c("version") %].src.tar.xz' diff --git a/projects/macosx-toolchain/config b/projects/macosx-toolchain/config index b237e4d..55fb554 100644 --- a/projects/macosx-toolchain/config +++ b/projects/macosx-toolchain/config @@ -1,8 +1,9 @@ # vim: filetype=yaml sw=2 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' version: 10.7-1 -remote_docker: 1 var: + container: + use_container: 1 setup: | mkdir -p /var/tmp/dist tar -C /var/tmp/dist -xf [% c("compiler_tarfile") %] @@ -15,6 +16,7 @@ var: export LDFLAGS="[% c('var/LDFLAGS') %]" input_files: + - project: container-image - name: llvm project: llvm - name: cctools @@ -23,4 +25,3 @@ input_files: - name: SDK URL: https://people.torproject.org/~mikeperry/mirrors/sources/MacOSX10.7.sdk.tar… sha256sum: da77bb0003fcca5ea8c4e8cb2da8828ded750c54afdcac29ec6f3b46ad5e3adf - - project: docker-image diff --git a/projects/meek/config b/projects/meek/config index 84ed2bd..46f4ec9 100644 --- a/projects/meek/config +++ b/projects/meek/config @@ -5,10 +5,12 @@ git_hash: '[% c("version") %]' tag_gpg_id: 1 gpg_keyring: meek.gpg filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 +var: + container: + use_container: 1 input_files: - - project: docker-image + - project: container-image - name: go project: go - name: goptlib diff --git a/projects/mingw-w64/config b/projects/mingw-w64/config index 060857c..21d498a 100644 --- a/projects/mingw-w64/config +++ b/projects/mingw-w64/config @@ -3,8 +3,9 @@ filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' git_url: http://git.code.sf.net/p/mingw-w64/mingw-w64 git_hash: 98e5b4930a717eafddd8ca0f0dfeb7c57c6b026a version: '[% c("abbrev") %]' -remote_docker: 1 var: + container: + use_container: 1 gcc_version: 5.1.0 deps: - automake @@ -17,6 +18,7 @@ var: export PATH="/var/tmp/dist/mingw-w64/helpers:/var/tmp/dist/mingw-w64/bin:$PATH" export gcclibs=/var/tmp/dist/mingw-w64/gcclibs input_files: + - project: container-image - URL: 'https://ftp.gnu.org/gnu/gcc/gcc-[% c("var/gcc_version") %]/gcc-[% c("var/gcc_version") %].tar.bz2' sha256sum: b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad - name: binutils @@ -24,4 +26,3 @@ input_files: - filename: i686-w64-mingw32-g++ - filename: i686-w64-mingw32-gcc - filename: i686-w64-mingw32-ld - - project: docker-image diff --git a/projects/nsis/config b/projects/nsis/config index 6729101..2812a22 100644 --- a/projects/nsis/config +++ b/projects/nsis/config @@ -1,8 +1,9 @@ # vim: filetype=yaml sw=2 version: 2.51 filename: 'nsis-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 var: + container: + use_container: 1 deps: - build-essential - libmpc-dev @@ -12,6 +13,7 @@ var: - xsltproc input_files: + - project: container-image - filename: 'nsis-[% c("version") %].tar.bz2' URL: 'http://downloads.sourceforge.net/nsis/nsis-[% c("version") %]-src.tar.bz2' sha256sum: 43d4c9209847e35eb6e2c7cd5a7586e1445374c056c2c7899e40a080e17a1be7 @@ -21,4 +23,3 @@ input_files: - filename: nsis-missing-unistd-include.patch - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - - project: docker-image diff --git a/projects/obfs4/config b/projects/obfs4/config index 952b054..44db79d 100644 --- a/projects/obfs4/config +++ b/projects/obfs4/config @@ -5,7 +5,10 @@ git_hash: 'obfs4proxy-[% c("version") %]' tag_gpg_id: 1 gpg_keyring: obfs4.gpg filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 + +var: + container: + use_container: 1 targets: nightly: @@ -13,7 +16,7 @@ targets: tag_gpg_id: 0 input_files: - - project: docker-image + - project: container-image - name: go project: go - name: goptlib diff --git a/projects/openssl/config b/projects/openssl/config index 1a2e4dd..8b4ea4f 100644 --- a/projects/openssl/config +++ b/projects/openssl/config @@ -1,7 +1,10 @@ # vim: filetype=yaml sw=2 version: 1.0.2k filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 + +var: + container: + use_container: 1 targets: linux-x86_64: @@ -18,7 +21,7 @@ targets: configure_opts: --cross-compile-prefix=x86_64-apple-darwin10- darwin64-x86_64-cc enable-ec_nistp_64_gcc_128 input_files: - - project: docker-image + - project: container-image - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - URL: 'https://www.openssl.org/source/openssl-[% c("version") %].tar.gz' diff --git a/projects/sandbox/config b/projects/sandbox/config index 218a276..3970322 100644 --- a/projects/sandbox/config +++ b/projects/sandbox/config @@ -5,10 +5,12 @@ git_hash: 'sandboxed-tor-browser-[% c("version") %]' tag_gpg_id: 1 gpg_keyring: obfs4.gpg filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 -distribution: Debian-8.7 var: + container: + use_container: 1 + suite: jessie + arch: amd64 deps: - libx11-dev - pkg-config @@ -22,7 +24,7 @@ targets: tag_gpg_id: 0 input_files: - - project: docker-image + - project: container-image - name: go project: go - name: gogb diff --git a/projects/siphash/config b/projects/siphash/config index 0f3f4b5..b2cb2a9 100644 --- a/projects/siphash/config +++ b/projects/siphash/config @@ -3,14 +3,15 @@ version: '[% c("abbrev") %]' git_url: https://github.com/dchest/siphash.git git_hash: 42ba037e748c9062a75e0924705c43b893edefcd filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: github.com/dchest/siphash input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/snowflake/config b/projects/snowflake/config index 3233ba4..212e86c 100644 --- a/projects/snowflake/config +++ b/projects/snowflake/config @@ -3,7 +3,10 @@ version: '[% c("abbrev") %]' git_url: https://git.torproject.org/pluggable-transports/snowflake.git git_hash: 9f2e9a6ecb696149708716ca06ce842df03cf492 filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 + +var: + container: + use_container: 1 targets: linux-i686: @@ -19,7 +22,7 @@ targets: - libx11-dev input_files: - - project: docker-image + - project: container-image - name: go project: go - name: '[% c("var/compiler") %]' diff --git a/projects/tor-browser/config b/projects/tor-browser/config index 87cc6b2..c4c2521 100644 --- a/projects/tor-browser/config +++ b/projects/tor-browser/config @@ -1,9 +1,10 @@ # vim: filetype=yaml sw=2 version: '[% c("var/torbrowser_version") %]' filename: 'tor-browser-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %]' -remote_docker: 1 var: + container: + use_container: 1 ddmg: '[% INCLUDE ddmg.sh %]' targets: @@ -24,12 +25,13 @@ targets: - bzip2 - faketime windows-i686: - distribution: Ubuntu-14.10 var: mar_osname: win32 + container: + suite: utopic input_files: - - project: docker-image + - project: container-image - project: firefox name: firefox - project: tor diff --git a/projects/tor-launcher/config b/projects/tor-launcher/config index 70f8acd..9211844 100644 --- a/projects/tor-launcher/config +++ b/projects/tor-launcher/config @@ -5,9 +5,11 @@ git_hash: '[% c("version") %]' gpg_keyring: torbutton.gpg tag_gpg_id: 1 filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].xpi" -remote_docker: 1 +var: + container: + use_container: 1 input_files: - - project: docker-image + - project: container-image targets: nightly: diff --git a/projects/tor/config b/projects/tor/config index c8940dd..a9da811 100644 --- a/projects/tor/config +++ b/projects/tor/config @@ -5,9 +5,10 @@ git_hash: 'tor-[% c("version") %]' git_url: https://git.torproject.org/tor.git gpg_keyring: tor.gpg tag_gpg_id: 1 -remote_docker: 1 var: + container: + use_container: 1 deps: - build-essential - automake @@ -50,6 +51,7 @@ targets: flag_mwindows: '' input_files: + - project: container-image - name: openssl project: openssl - name: libevent @@ -59,4 +61,3 @@ input_files: enable: '[% c("var/windows") %]' - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - - project: docker-image diff --git a/projects/torbutton/config b/projects/torbutton/config index b60e217..41d4d69 100644 --- a/projects/torbutton/config +++ b/projects/torbutton/config @@ -5,9 +5,11 @@ git_hash: '[% c("version") %]' gpg_keyring: torbutton.gpg tag_gpg_id: 1 filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].xpi" -remote_docker: 1 +var: + container: + use_container: 1 input_files: - - project: docker-image + - project: container-image targets: nightly: diff --git a/projects/uniuri/config b/projects/uniuri/config index 62fa8ef..e4c7294 100644 --- a/projects/uniuri/config +++ b/projects/uniuri/config @@ -3,11 +3,12 @@ version: '[% c("abbrev") %]' git_url: https://github.com/dchest/uniuri git_hash: 8902c56451e9b58ff940bbe5fec35d5f9c04584a filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 build: '[% c("projects/go/var/build_go_lib") %]' var: + container: + use_container: 1 go_lib: github.com/dchest/uniuri targets: @@ -15,6 +16,6 @@ targets: git_hash: master input_files: - - project: docker-image + - project: container-image - name: go project: go diff --git a/projects/webrtc/config b/projects/webrtc/config index bfd38c9..d46d821 100644 --- a/projects/webrtc/config +++ b/projects/webrtc/config @@ -1,13 +1,14 @@ # vim: filetype=yaml sw=2 version: '[% c("var/webrtc_tag") %]' -remote_docker: 1 filename: 'webrtc-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' var: + container: + use_container: 1 webrtc_tag: c279861207c5b15fc51069e96595782350e0ac12 input_files: - - project: docker-image + - project: container-image - project: webrtc pkg_type: fetch_sources - project: depot_tools @@ -27,7 +28,6 @@ targets: os: linux linux-i686: var: - dockerbuild: "[% pc('docker-image', 'pre') %]" sort_deps: 0 arch_deps: - lib32asound2-dev @@ -65,7 +65,9 @@ targets: steps: fetch_sources: - remote_docker: 0 + var: + container: + use_container: 0 filename: 'webrtc-sources-[% c("var/webrtc_tag") %].tar.gz' fetch_sources: | #!/bin/bash diff --git a/projects/yasm/config b/projects/yasm/config index 3d8a28a..12d009b 100644 --- a/projects/yasm/config +++ b/projects/yasm/config @@ -1,10 +1,12 @@ # vim: filetype=yaml sw=2 version: 1.2.0 filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' -remote_docker: 1 +var: + container: + use_container: 1 input_files: - - project: docker-image + - project: container-image - URL: 'https://www.tortall.net/projects/yasm/releases/yasm-[% c("version") %].tar.gz' name: yasm sha256sum: 768ffab457b90a20a6d895c39749adb547c1b7cb5c108e84b151a838a23ccf31 diff --git a/projects/zlib/config b/projects/zlib/config index 5219559..3ad562c 100644 --- a/projects/zlib/config +++ b/projects/zlib/config @@ -5,9 +5,12 @@ git_hash: 'v[% c("version") %]' git_url: https://github.com/madler/zlib.git gpg_keyring: zlib.gpg tag_gpg_id: 1 -remote_docker: 1 + +var: + container: + use_container: 1 input_files: + - project: container-image - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - - project: docker-image diff --git a/rbm b/rbm index 3f3886e..106e9b0 160000 --- a/rbm +++ b/rbm @@ -1 +1 @@ -Subproject commit 3f3886e1f210ad2853209c5aecd0951350a6f758 +Subproject commit 106e9b05aeff6309e241a3c9bae1781e0d551e7a diff --git a/rbm.conf b/rbm.conf index 651acfa..722c85a 100644 --- a/rbm.conf +++ b/rbm.conf @@ -20,12 +20,16 @@ var: build_id_txt: | [% c("version") %] [% IF c("git_hash") || c("hg_hash"); GET c("abbrev"); END; %] - [% IF c("remote_docker") -%] - [% c("distribution") %] + [% IF c("var/container/use_container") -%] + [% c("var/container/suite") %] + [% c("var/container/arch") %] [% END -%] input_files: [% c("input_files_id") %] build: [% c("build", { filename => 'f', output_dir => '/out' }) %] + container: + dir: '[% c("tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]' + user: rbm input_files_list: | [% FOREACH file IN c("input_files_by_name").keys.sort -%] [% c("input_files_by_name/" _ file) %] @@ -136,19 +140,23 @@ targets: - zip - unzip linux: - distribution: Debian-7.11 var: linux: 1 compiler: gcc + container: + suite: wheezy + arch: amd64 torbrowser-windows-i686: - windows-i686 windows-i686: - distribution: Ubuntu-12.04 arch: i686 var: windows: 1 osname: windows-i686 + container: + suite: precise + arch: amd64 configure_opt: '--host=i686-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]"' CFLAGS: '[% c("var/flag_mwindows") %] -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security' LDFLAGS: '[% c("var/flag_mwindows") %] -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$gcclibs' @@ -167,11 +175,13 @@ targets: torbrowser-osx-x86_64: - osx-x86_64 osx-x86_64: - distribution: Debian-8.7 arch: x86_64 var: osx: 1 osname: osx-x86_64 + container: + suite: jessie + arch: amd64 compiler: 'macosx-toolchain' configure_opt: '--host=x86_64-apple-darwin10 CC="x86_64-apple-darwin10-clang [% c("var/FLAGS") %]" CXX="x86_64-apple-darwin10-clang++ [% c("var/FLAGS") %]"' FLAGS: "-target x86_64-apple-darwin10 -mlinker-version=136 -B $cctoolsdir -isysroot $sysrootdir" @@ -195,9 +205,6 @@ targets: build_id: 1 -docker_image: '[% pc("docker-image", "docker_save_image") %]' -docker_image_prefix: '[% GET c("var/project_name") ? c("var/project_name") : "rbm-build" %]_[% GET ENV.RBM_BUILDNAME ? ENV.RBM_BUILDNAME : ENV.USER ? ENV.USER : c("uid") %]' - # change the default gpg_wrapper to allow git tag signed using an # expired key. # https://bugs.torproject.org/19737 @@ -218,6 +225,76 @@ gpg_wrapper: | exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@" fi +remote_start: '[% IF c("var/container/use_container") %][% c("runc/remote_start") %][% END %]' +remote_exec: '[% IF c("var/container/use_container") %][% c("runc/remote_exec") %][% END %]' +remote_put: '[% IF c("var/container/use_container") %][% c("runc/remote_put") %][% END %]' +remote_get: '[% IF c("var/container/use_container") %][% c("runc/remote_get") %][% END %]' +remote_finish: '[% IF c("var/container/use_container") %][% c("runc/remote_finish") %][% END %]' + +runc: + remote_start: | + #!/bin/sh + set -e + if [ $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'* | wc -l) -ne 1 ] + then + echo "Can't find container image in input files" >&2 + ls -l '[% c("remote_srcdir") %]' >&2 + exit 1 + fi + mkdir -p '[% c("var/container/dir") %]'/rootfs/rbm + sudo tar -C '[% c("var/container/dir") %]'/rootfs -xf $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'*) + cat > '[% c("var/container/dir") %]'/config.json << EOF + [% INCLUDE 'runc-config.json' %] + EOF + [% SET user = c("var/container/user") -%] + [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'id ' _ user + _ ' >/dev/null 2>&1 || adduser -m ' _ user _ ' || useradd -m ' _ user }) %] + + remote_exec: | + #!/bin/sh + set -e + mkdir -p '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/rbm + echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/cmd + echo [% shell_quote(c('exec_cmd')) %] >> '[% c("var/container/dir") %]'/rootfs/rbm/cmd + echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/run + [% IF c('exec_as_root'); SET user = 'root'; ELSE; SET user = c("var/container/user", { error_if_undef => 1 }); END; %] + echo 'su - [% user %] -c /rbm/cmd' >> '[% c("var/container/dir") %]'/rootfs/rbm/run + chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/cmd + chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/run + sudo runc start -b '[% c("var/container/dir") %]' rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %] + + remote_put: | + #!/bin/sh + set -e + [% + SET src = shell_quote(c('put_src', { error_if_undef => 1 })); + SET dst = shell_quote(c('put_dst', { error_if_undef => 1 })); + -%] + sudo mkdir -p '[% c("var/container/dir") %]'/rootfs/[% dst %] + sudo cp -aP [% src %] '[% c("var/container/dir") %]'/rootfs/[% dst %] + [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'chown -R ' _ c("var/container/user") _ ' ' _ dst }) %] + + remote_get: | + #!/bin/sh + set -e + [% + SET src = shell_quote(c('get_src', { error_if_undef => 1 })); + SET dst = shell_quote(c('get_dst', { error_if_undef => 1 })); + -%] + mkdir -p [% dst %] + srcdir='[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/[% src %] + if [ $(ls -1 "$srcdir"/* 2> /dev/null | wc -l) -gt 0 ] + then + sudo chown $(whoami) "$srcdir"/* + sudo mv -f "$srcdir"/* [% dst %]/ + fi + + remote_finish: | + #!/bin/sh + set -e + sudo rm -Rf '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs '[% c("var/container/dir", { error_if_undef => 1 }) %]'/config.json + rmdir '[% c("var/container/dir") %]' + ENV: TZ: UTC LC_ALL: C diff --git a/rbm.local.conf.example b/rbm.local.conf.example index 78de08f..203ce5f 100644 --- a/rbm.local.conf.example +++ b/rbm.local.conf.example @@ -16,12 +16,6 @@ ### this. #debug: 0 -### If you are doing multiple builds in different directories on the -### same host, you should define docker_image_prefix with a different -### value for each build directory, so that the different builds don't -### use the same docker image names. -#docker_image_prefix: tor-browser_XXXXX - ### The build_log option defines in which file the build logs of each ### component are stored. If you set it to '-' the logs are output on ### stdout and stderr. diff --git a/tools/clean-old b/tools/clean-old index 4d603fc..c7d9e0c 100755 --- a/tools/clean-old +++ b/tools/clean-old @@ -27,24 +27,6 @@ sub clean_file { } } -sub clean_docker_images { - my ($dockerdir, $used_files) = @_; - my $imgprefix = RBM::project_config('docker-image', 'docker_image_prefix'); - my @imgs = read_dir($dockerdir); - foreach my $dockerimage (@imgs) { - next if $used_files->{"$dockerdir/$dockerimage"}; - my $img = "$imgprefix:$dockerimage"; - print "Cleaning docker image $img\n"; - next if $options{'dry-run'}; - my ($out, $err, $success) = capture_exec('docker', 'rmi', '-f', $img); - if (!$success) { - print STDERR "Error removing docker image $img:\n$err\n"; - exit 1; - } - unlink "$dockerdir/$dockerimage"; - } -} - sub get_project_input_files { my ($project, @targets) = @_; print "Getting input files for $project ", join(' ', @targets), "\n"; @@ -108,7 +90,4 @@ foreach my $branch (keys %$clean) { } my %used_files = map { $_ => 1 } @files; my $outdir = $RBM::config->{basedir} . '/out'; -# Don't clean docker-image files yet -$used_files{"$outdir/docker-image"} = 1; clean_file($outdir, \%used_files); -clean_docker_images("$outdir/docker-image", \%used_files);

1 0

[tor-browser/tor-browser-52.1.0esr-7.0-2] Bug 21792: Suppress MediaError.message when privacy.resistFingerprinting = true
by gk＠torproject.org 03 May '17

03 May '17

commit 58d186df19450f9aef0423c71e78f6eaa17679f8 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Thu Apr 27 15:00:14 2017 -0700 Bug 21792: Suppress MediaError.message when privacy.resistFingerprinting = true --- dom/html/MediaError.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/dom/html/MediaError.cpp b/dom/html/MediaError.cpp index 83b9ffc..fae0981 100644 --- a/dom/html/MediaError.cpp +++ b/dom/html/MediaError.cpp @@ -7,6 +7,7 @@ #include "mozilla/dom/MediaError.h" #include "nsDOMClassInfoID.h" #include "mozilla/dom/MediaErrorBinding.h" +#include "nsContentUtils.h" namespace mozilla { namespace dom { @@ -31,7 +32,12 @@ MediaError::MediaError(HTMLMediaElement* aParent, uint16_t aCode, void MediaError::GetMessage(nsAString& aResult) const { - CopyUTF8toUTF16(mMessage, aResult); + if (nsContentUtils::IsCallerChrome() || + !nsContentUtils::ShouldResistFingerprinting()) { + CopyUTF8toUTF16(mMessage, aResult); + } else { + aResult.Truncate(); + } } JSObject*

1 0

[tor-browser/tor-browser-52.1.0esr-7.0-2] fixup! TB4: Tor Browser's Firefox preference overrides.
by gk＠torproject.org 02 May '17

02 May '17

commit 29b3b7af8e3b9528204ae49a396af80b3e4c4d61 Author: Arthur Edelstein <arthuredelstein(a)gmail.com> Date: Wed Apr 26 15:38:30 2017 -0700 fixup! TB4: Tor Browser's Firefox preference overrides. We fix bug 21675 by pretending every user has just one core available. --- browser/app/profile/000-tor-browser.js | 1 + 1 file changed, 1 insertion(+) diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js index 0715a01..27cfe53 100644 --- a/browser/app/profile/000-tor-browser.js +++ b/browser/app/profile/000-tor-browser.js @@ -151,6 +151,7 @@ pref("reader.parse-on-load.enabled", false); pref("privacy.use_utc_timezone", true); pref("media.webspeech.synth.enabled", false); // Bug 10283: Disable SpeechSynthesis API pref("dom.webaudio.enabled", false); // Bug 13017: Disable Web Audio API +pref("dom.maxHardwareConcurrency", 1); // Bug 21675: Spoof single-core cpu // Third party stuff pref("network.cookie.cookieBehavior", 1);

1 0

[tor-browser-bundle/master] Fold in stable changelog
by gk＠torproject.org 02 May '17

02 May '17

commit a89f99a8b8700a04af9f795f4d2115fb1dd3eabb Author: Georg Koppen <gk(a)torproject.org> Date: Tue May 2 09:04:21 2017 +0000 Fold in stable changelog --- Bundle-Data/Docs/ChangeLog.txt | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Bundle-Data/Docs/ChangeLog.txt b/Bundle-Data/Docs/ChangeLog.txt index b2ee463..afe3999 100644 --- a/Bundle-Data/Docs/ChangeLog.txt +++ b/Bundle-Data/Docs/ChangeLog.txt @@ -83,6 +83,18 @@ Tor Browser 7.0a3 -- April 20 2017 * Bug 21960: Linux bundles based on ESR 52 are not reproducible anymore * Bug 21629: Fix broken ASan builds when switching to ESR 52 +Tor Browser 6.5.2 -- April 19 2017 + * All Platforms + * Update Firefox to 45.9.0esr + * Update HTTPS-Everywhere to 5.2.14 + * Update NoScript to 5.0.2 + * Bug 21555+16450: Don't remove Authorization header on subdomains (e.g. Twitter) + * Bug 19316: Make sure our Windows updates can deal with the SSE2 requirement + * Bug 21917: Add new obfs4 bridges + * Bug 21918: Move meek-amazon to d2cly7j4zqgua7.cloudfront.net backend + * Windows + * Bug 21795: Fix Tor Browser crashing on github.com + Tor Browser 7.0a2-hardened -- March 7 2017 * All Platforms * Update Firefox to 45.8.0esr

1 0