tbb-commits
Threads by month
- ----- 2025 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- 1 participants
- 18631 discussions

[tor-browser-bundle/master] Stop our multi lingual experiment on nightlies
by gk@torproject.org 10 May '17
by gk@torproject.org 10 May '17
10 May '17
commit db5cdfceb8fa095ad94eb9a413a35d30ccc60486
Author: Georg Koppen <gk(a)torproject.org>
Date: Wed May 10 07:48:17 2017 +0000
Stop our multi lingual experiment on nightlies
We are not showing the language prompt on first start anymore. Thus, the
multi lingual setup has stopped working for nightlies. We remove that
experiment until we solve #17400 properly or have a new prototype to
try.
---
gitian/versions.nightly | 4 ----
1 file changed, 4 deletions(-)
diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index 533aead..2189139 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -11,10 +11,6 @@ BUILD_PT_BUNDLES=1
# DATA_OUTSIDE_APP_DIR is only implemented for Mac OS.
DATA_OUTSIDE_APP_DIR=1
-# If you remove MULTI_LINGUAL=1, be sure to use a version of Tor Launcher
-# that does not include the language prompt.
-MULTI_LINGUAL=1
-
VERIFY_TAGS=0
FIREFOX_VERSION=52.1.0esr
1
0

[tor-browser-bundle/master] Bug 20683: Use signed selfrando tag from now on
by gk@torproject.org 10 May '17
by gk@torproject.org 10 May '17
10 May '17
commit 8fe0e322b950efa2456502428bee66dde8b4948a
Author: Georg Koppen <gk(a)torproject.org>
Date: Wed May 10 08:05:28 2017 +0000
Bug 20683: Use signed selfrando tag from now on
---
gitian/gpg/selfrando.gpg | Bin 0 -> 2759 bytes
gitian/verify-tags.sh | 2 +-
gitian/versions.alpha | 2 +-
gitian/versions.nightly | 2 +-
4 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/gitian/gpg/selfrando.gpg b/gitian/gpg/selfrando.gpg
new file mode 100644
index 0000000..276955d
Binary files /dev/null and b/gitian/gpg/selfrando.gpg differ
diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh
index 7d551b8..123719d 100755
--- a/gitian/verify-tags.sh
+++ b/gitian/verify-tags.sh
@@ -105,6 +105,7 @@ obfs4 obfs4proxy.gpg $OBFS4_TAG
https-everywhere https-everywhere.gpg $HTTPSE_TAG
cmake cmake.gpg $CMAKE_TAG
sandbox obfs4proxy.gpg $SANDBOX_TAG
+selfrando selfrando.gpg $SELFRANDO_TAG
EOF
while read dir commit; do
@@ -125,7 +126,6 @@ depot_tools $DEPOT_TOOLS_TAG
go-webrtc $GO_WEBRTC_TAG
snowflake $SNOWFLAKE_TAG
uniuri $UNIURI_TAG
-selfrando $SELFRANDO_TAG
EOF
# Verify signatures on signed packages
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index 33be86d..063ce76 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -47,7 +47,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou
GO_WEBRTC_TAG=ab1b64862e0c4b4182010699911c2c5818f0a101
SNOWFLAKE_TAG=9f2e9a6ecb696149708716ca06ce842df03cf492
UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a
-SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb
+SELFRANDO_TAG=tb-v0.2
GITIAN_TAG=tor-browser-builder-4-4
diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index 69ddb47..533aead 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -54,7 +54,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou
GO_WEBRTC_TAG=master
SNOWFLAKE_TAG=master
UNIURI_TAG=master
-SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb
+SELFRANDO_TAG=tb-v0.2
GITIAN_TAG=tor-browser-builder-4
1
0

[tor-browser/tor-browser-52.1.0esr-7.0-2] fixup! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter;
by gk@torproject.org 10 May '17
by gk@torproject.org 10 May '17
10 May '17
commit e6b99c78fdc1800988537c73ef13e75b56c28b3e
Author: Kathy Brade <brade(a)pearlcrescent.com>
Date: Tue May 9 15:29:43 2017 -0400
fixup! Omnibox: Add DDG, Startpage, Disconnect, Youtube, Twitter;
remove Amazon, eBay, bing.
Use a data: URL for the browser.search.defaultenginename preference value
so that the value is used when setting the default search engine.
Fixes bug #22044.
---
browser/app/profile/000-tor-browser.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index 27cfe53..d422694 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -267,7 +267,7 @@ pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"
// Putting the search engine prefs into this file to fix #11236.
// Default search engine
-pref("browser.search.defaultenginename", "DuckDuckGo");
+pref("browser.search.defaultenginename", "data:text/plain,browser.search.defaultenginename=DuckDuckGo");
// Make sure we use the same search engine regardless of locale
pref("browser.search.geoSpecificDefaults", false);
1
0

[tor-browser/tor-browser-52.1.0esr-7.0-2] Bug 16337: Round times exposed by Animation API to nearest 100ms
by gk@torproject.org 10 May '17
by gk@torproject.org 10 May '17
10 May '17
commit 77f0de013fa2b5bedb851507f5ec94a8f39f8b8c
Author: Arthur Edelstein <arthuredelstein(a)gmail.com>
Date: Wed May 3 23:47:53 2017 -0700
Bug 16337: Round times exposed by Animation API to nearest 100ms
---
dom/animation/AnimationUtils.h | 3 +-
dom/animation/test/mochitest.ini | 1 +
.../test/test_animation_time_rounding.html | 43 ++++++++++++++++++++++
3 files changed, 46 insertions(+), 1 deletion(-)
diff --git a/dom/animation/AnimationUtils.h b/dom/animation/AnimationUtils.h
index 82ae69b..e20f314 100644
--- a/dom/animation/AnimationUtils.h
+++ b/dom/animation/AnimationUtils.h
@@ -28,7 +28,8 @@ public:
dom::Nullable<double> result;
if (!aTime.IsNull()) {
- result.SetValue(aTime.Value().ToMilliseconds());
+ double unrounded = aTime.Value().ToMilliseconds();
+ result.SetValue(floor(unrounded / 100) * 100);
}
return result;
diff --git a/dom/animation/test/mochitest.ini b/dom/animation/test/mochitest.ini
index feb4245..49d230c 100644
--- a/dom/animation/test/mochitest.ini
+++ b/dom/animation/test/mochitest.ini
@@ -109,3 +109,4 @@ skip-if = toolkit == 'android'
[style/test_animation-seeking-with-start-time.html]
[style/test_animation-setting-effect.html]
[style/test_animation-setting-spacing.html]
+[test_animation_time_rounding.html]
diff --git a/dom/animation/test/test_animation_time_rounding.html b/dom/animation/test/test_animation_time_rounding.html
new file mode 100644
index 0000000..baad593
--- /dev/null
+++ b/dom/animation/test/test_animation_time_rounding.html
@@ -0,0 +1,43 @@
+<!DOCTYPE HTML>
+<html>
+ <!--
+ https://trac.torproject.org/16337
+ -->
+ <head>
+ <meta charset="utf-8">
+ <title>Test for Tor Bug 16337</title>
+ <script type="application/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
+ <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css"/>
+ </head>
+ <body>
+ <div id="testDiv">test</div>
+ <script type="application/javascript">
+ SimpleTest.waitForExplicitFinish();
+ let runTest = async function () {
+ await SpecialPowers.pushPrefEnv({ set: [["dom.animations-api.core.enabled", true]] });
+ let isRounded = x => (Math.floor(x/100)*100) === x;
+ let testDiv = document.getElementById("testDiv");
+ let animation = testDiv.animate({ opacity: [0,1] }, 100000);
+ animation.play();
+ SimpleTest.waitForCondition(
+ () => animation.currentTime > 1000,
+ function () {
+ ok(isRounded(animation.startTime),
+ "animation.startTime is rounded");
+ ok(isRounded(animation.currentTime),
+ "animation.currentTime is rounded");
+ ok(isRounded(animation.timeline.currentTime),
+ "animation.timeline.currentTime is rounded");
+ if (document.timeline) {
+ ok(isRounded(document.timeline.currentTime),
+ "document.timeline.currentTime is rounded");
+ }
+ SimpleTest.finish();
+ },
+ "animation failed to start");
+ }
+
+ window.onload = runTest;
+ </script>
+ </body>
+</html>
1
0

[tor-browser-bundle/master] Bug 20683: Integrate Selfrando into alpha Linux builds
by gk@torproject.org 08 May '17
by gk@torproject.org 08 May '17
08 May '17
commit 332c5b6c16f1b0915f537a4ad5af48295f80c733
Author: Georg Koppen <gk(a)torproject.org>
Date: Tue Apr 25 11:20:53 2017 +0000
Bug 20683: Integrate Selfrando into alpha Linux builds
Selfrando is a new defense against code reuse attacks developed by the
Redactor and Readactor++ people. We should give it a wider testing
audience by including it in the alpha series.
This is currently only available for 64bit Linux builds, though.
Supporting other platforms and architectures is work in progress.
---
RelativeLink/start-tor-browser | 1 +
gitian/descriptors/linux/gitian-firefox.yml | 17 +++++
gitian/descriptors/linux/gitian-utils.yml | 46 +++++++++++++
gitian/fetch-inputs.sh | 4 +-
gitian/gpg/ELFUTILS.gpg | Bin 0 -> 10483 bytes
gitian/mkbundle-linux.sh | 13 ++--
gitian/patches/binutils-224-gold.patch | 98 ++++++++++++++++++++++++++++
gitian/verify-tags.sh | 3 +-
gitian/versions.alpha | 4 ++
gitian/versions.nightly | 4 ++
10 files changed, 183 insertions(+), 7 deletions(-)
diff --git a/RelativeLink/start-tor-browser b/RelativeLink/start-tor-browser
index a78b367..2dd40fc 100755
--- a/RelativeLink/start-tor-browser
+++ b/RelativeLink/start-tor-browser
@@ -270,6 +270,7 @@ fi
LD_LIBRARY_PATH="${HOME}/TorBrowser/Tor/"
export LD_LIBRARY_PATH
+export SELFRANDO_write_layout_file=
function setControlPortPasswd() {
local ctrlPasswd=$1
diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml
index c9ced44..db4f232 100644
--- a/gitian/descriptors/linux/gitian-firefox.yml
+++ b/gitian/descriptors/linux/gitian-firefox.yml
@@ -27,6 +27,8 @@ reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://git.torproject.org/tor-browser.git"
"dir": "tor-browser"
+- "url": "https://github.com/immunant/selfrando.git"
+ "dir": "selfrando"
files:
- "binutils-linux32-utils.zip"
- "binutils-linux64-utils.zip"
@@ -36,6 +38,8 @@ files:
- "re-dzip.sh"
- "dzip.sh"
- "versions"
+# XXX: 64bits only for now :(, see #20683.
+- "selfrando-linux64-utils.zip"
script: |
source versions
INSTDIR="$HOME/install"
@@ -53,6 +57,11 @@ script: |
export DEB_BUILD_HARDENING_FORMAT=1
export DEB_BUILD_HARDENING_PIE=1
#
+ # XXX: 64bits only for now :(, see #20683.
+ if [ $GBUILD_BITS == "64" ];
+ then
+ unzip -d $INSTDIR selfrando-linux64-utils.zip
+ fi
# Preparing Binutils and GCC for Tor Browser
unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip
# Make sure gold is used with the hardening wrapper for full RELRO, see
@@ -94,6 +103,14 @@ script: |
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
rm -f configure
rm -f js/src/configure
+ # XXX: 64bits only for now :(, see #20683.
+ if [ $GBUILD_BITS == "64" ];
+ then
+ # Selfrando wrapper
+ export PATH="$HOME/build/selfrando/Tools/TorBrowser/tc-wrapper/:$PATH"
+ # We need to avoid the shuffling while building as this breaks compilation
+ export SELFRANDO_skip_shuffle=
+ fi
make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --with-distribution-id=org.torproject --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts"
find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME"
make $MAKEOPTS -f client.mk build
diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml
index d10422b..eb340b8 100644
--- a/gitian/descriptors/linux/gitian-utils.yml
+++ b/gitian/descriptors/linux/gitian-utils.yml
@@ -24,10 +24,14 @@ packages:
- "libssl-dev"
# Needed for binutils (64bit) as we are building with PIE enabled.
- "libstdc++6-4.7-pic"
+# Needed for Selfrando
+- "scons"
reference_datetime: "2000-01-01 00:00:00"
remotes:
- "url": "https://github.com/libevent/libevent.git"
"dir": "libevent"
+- "url": "https://github.com/immunant/selfrando.git"
+ "dir": "selfrando"
files:
- "binutils.tar.bz2"
- "gcc.tar.bz2"
@@ -37,6 +41,8 @@ files:
- "go.tar.gz"
- "versions"
- "dzip.sh"
+- "elfutils.tar.bz2"
+- "binutils-224-gold.patch"
script: |
INSTDIR="$HOME/install"
source versions
@@ -52,6 +58,12 @@ script: |
export DEB_BUILD_HARDENING_FORMAT=1
export DEB_BUILD_HARDENING_PIE=1
+ ARCH=""
+ if [ $GBUILD_BITS == "64" ];
+ then
+ ARCH="64"
+ fi
+
# Building Binutils
tar xjf binutils.tar.bz2
# The libstdc++ shipped by default is non-PIC which breaks the binutils build
@@ -63,6 +75,13 @@ script: |
export LDFLAGS="-L/home/debian -lstdc++"
fi
cd binutils*
+ # We need to work around a gold linker bug in 2.24 to get selfrando working,
+ # see bug 20683.
+ # XXX: 64bits only for now :(, see #20683.
+ if [ $GBUILD_BITS == "64" ];
+ then
+ patch -p1 < ../binutils-224-gold.patch
+ fi
# We want to use gold as the linker in our toolchain mainly as it is way
# faster when linking Tor Browser code (especially libxul). But apart from
# that it fixes #12103 and issues with ESR 31 and our Gitian setup as well
@@ -86,6 +105,28 @@ script: |
cd ..
export DEB_BUILD_HARDENING_FORMAT=1
+ export PATH="$INSTDIR/binutils/bin:$INSTDIR/gcc/bin:$PATH"
+ export LD_LIBRARY_PATH="$INSTDIR/gcc/lib$ARCH"
+
+ # XXX: 64bits only for now :(, see #20683.
+ if [ $GBUILD_BITS == "64" ];
+ then
+ # Building Elfutils
+ tar xjf elfutils.tar.bz2
+ cd elfutils*/
+ ./configure --prefix=$INSTDIR/elfutils
+ make $MAKEOPTS
+ make install
+ cd ..
+
+ # Building Selfrando
+ cd selfrando
+ scons -Q arch=x86_64 LIBELF_PATH="$INSTDIR/elfutils" FORCE_INPLACE=1 DEBUG_LEVEL=env WRITE_LAYOUTS=env LOG=console
+ mkdir -p $INSTDIR/selfrando
+ cp out/x86_64/bin/* $INSTDIR/selfrando/
+ cd ..
+ fi
+
# Building Libevent
cd libevent
./autogen.sh
@@ -157,4 +198,9 @@ script: |
~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-linux$GBUILD_BITS-utils.zip libevent
~/build/dzip.sh gmp-$GMP_VER-linux$GBUILD_BITS-utils.zip gmp
~/build/dzip.sh go-$GO_VER-linux$GBUILD_BITS-utils.zip go
+ # XXX: 64bits only for now :(, see #20683.
+ if [ $GBUILD_BITS == "64" ];
+ then
+ ~/build/dzip.sh selfrando-$SELFRANDO_TAG-linux$GBUILD_BITS-utils.zip selfrando
+ fi
cp *utils.zip $OUTDIR/
diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh
index b7fcf36..c110eb8 100755
--- a/gitian/fetch-inputs.sh
+++ b/gitian/fetch-inputs.sh
@@ -113,7 +113,7 @@ update_git() {
##############################################################################
# Get+verify sigs that exist
-for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI
+for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI ELFUTILS
do
PACKAGE="${i}_PACKAGE"
URL="${i}_URL"
@@ -252,6 +252,7 @@ ln -sf "$GO_PACKAGE" go.tar.gz
ln -sf "$NSIS_PACKAGE" nsis.tar.bz2
ln -sf "$NSIS_DEBIAN_PACKAGE" nsis-debian.tar.xz
ln -sf "$YASM_PACKAGE" yasm.tar.gz
+ln -sf "$ELFUTILS_PACKAGE" elfutils.tar.bz2
# Fetch latest gitian-builder itself
# XXX - this is broken if a non-standard inputs dir is selected using the command line flag.
@@ -303,6 +304,7 @@ depot_tools https://chromium.googlesource.com/chromium/tools/depot_too
go-webrtc https://github.com/keroserene/go-webrtc $GO_WEBRTC_TAG
snowflake https://git.torproject.org/pluggable-transports/snowflake.git $SNOWFLAKE_TAG
uniuri https://github.com/dchest/uniuri $UNIURI_TAG
+selfrando https://github.com/immunant/selfrando.git $SELFRANDO_TAG
EOF
# HTTPS-Everywhere is special, too. We need to initialize the git submodules and
diff --git a/gitian/gpg/ELFUTILS.gpg b/gitian/gpg/ELFUTILS.gpg
new file mode 100644
index 0000000..f1cd4b3
Binary files /dev/null and b/gitian/gpg/ELFUTILS.gpg differ
diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh
index 6dbbe51..0a1613f 100755
--- a/gitian/mkbundle-linux.sh
+++ b/gitian/mkbundle-linux.sh
@@ -35,7 +35,7 @@ fi
if [ -z "$VM_MEMORY" ];
then
- export VM_MEMORY=4000
+ export VM_MEMORY=6000
fi
./make-vms.sh
@@ -99,7 +99,7 @@ then
fi
cd $GITIAN_DIR
-
+# XXX: 64bits selfrando only for now :(, see #20683.
if [ ! -f inputs/binutils-$BINUTILS_VER-linux32-utils.zip -o \
! -f inputs/binutils-$BINUTILS_VER-linux64-utils.zip -o \
! -f inputs/gcc-$GCC_VER-linux32-utils.zip -o \
@@ -111,13 +111,14 @@ if [ ! -f inputs/binutils-$BINUTILS_VER-linux32-utils.zip -o \
! -f inputs/gmp-$GMP_VER-linux32-utils.zip -o \
! -f inputs/gmp-$GMP_VER-linux64-utils.zip -o \
! -f inputs/go-$GO_VER-linux32-utils.zip -o \
- ! -f inputs/go-$GO_VER-linux64-utils.zip ];
+ ! -f inputs/go-$GO_VER-linux64-utils.zip -o \
+ ! -f inputs/selfrando-$SELFRANDO_TAG-linux64-utils.zip ];
then
echo
echo "****** Starting Utilities Component of Linux Bundle (1/7 for Linux) ******"
echo
- ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libevent=$LIBEVENT_TAG $DESCRIPTOR_DIR/linux/gitian-utils.yml
+ ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libevent=$LIBEVENT_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-utils.yml
if [ $? -ne 0 ];
then
#mv var/build.log ./utils-fail-linux.log.`date +%Y%m%d%H%M%S`
@@ -138,6 +139,7 @@ then
ln -sf gmp-$GMP_VER-linux64-utils.zip gmp-linux64-utils.zip
ln -sf go-$GO_VER-linux32-utils.zip go-linux32-utils.zip
ln -sf go-$GO_VER-linux64-utils.zip go-linux64-utils.zip
+ ln -sf selfrando-$SELFRANDO_TAG-linux64-utils.zip selfrando-linux64-utils.zip
cd ..
#cp -a result/utils-linux-res.yml inputs/
else
@@ -159,6 +161,7 @@ else
ln -sf gmp-$GMP_VER-linux64-utils.zip gmp-linux64-utils.zip
ln -sf go-$GO_VER-linux32-utils.zip go-linux32-utils.zip
ln -sf go-$GO_VER-linux64-utils.zip go-linux64-utils.zip
+ ln -sf selfrando-$SELFRANDO_TAG-linux64-utils.zip selfrando-linux64-utils.zip
cd ..
fi
@@ -193,7 +196,7 @@ then
echo "****** Starting TorBrowser Component of Linux Bundle (3/7 for Linux) ******"
echo
- ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor-browser=$TORBROWSER_TAG,faketime=$FAKETIME_TAG $DESCRIPTOR_DIR/linux/gitian-firefox.yml
+ ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor-browser=$TORBROWSER_TAG,faketime=$FAKETIME_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-firefox.yml
if [ $? -ne 0 ];
then
#mv var/build.log ./firefox-fail-linux.log.`date +%Y%m%d%H%M%S`
diff --git a/gitian/patches/binutils-224-gold.patch b/gitian/patches/binutils-224-gold.patch
new file mode 100644
index 0000000..a45e49c
--- /dev/null
+++ b/gitian/patches/binutils-224-gold.patch
@@ -0,0 +1,98 @@
+From f984741df04cd68bb116073fdfa9405808810ab4 Mon Sep 17 00:00:00 2001
+From: Cary Coutant <ccoutant(a)google.com>
+Date: Wed, 5 Feb 2014 22:59:02 -0800
+Subject: [PATCH] Fix issues with gold undefined symbol diagnostics.
+
+PR binutils/15435 complains that gold issues a visibility error for an
+weak undefined symbol with hidden visibility. The message should be
+suppressed if the symbol is a weak undef.
+
+An earlier patch to add an extra note about key functions when a class's
+vtable symbol is undefined missed a case where the reference to the
+vtable came from a shared library. This patch moves the check to a
+lower-level routine that catches both cases.
+
+gold/
+
+2014-02-05 Cary Coutant <ccoutant(a)google.com>
+
+ * errors.cc (Errors::undefined_symbol): Move undef vtable symbol
+ check to here.
+ * target-reloc.h (is_strong_undefined): New function.
+ (relocate_section): Move undef vtable symbol check from here.
+ Check for is_strong_undefined.
+
+diff --git a/gold/ChangeLog b/gold/ChangeLog
+index dcf7ed41f8..dd7ef72980 100644
+--- a/gold/ChangeLog
++++ b/gold/ChangeLog
+@@ -1,3 +1,14 @@
++2014-02-05 Cary Coutant <ccoutant(a)google.com>
++
++ Fix issues with gold undefined symbol diagnostics.
++
++ PR binutils/15435
++ * errors.cc (Errors::undefined_symbol): Move undef vtable symbol
++ check to here.
++ * target-reloc.h (is_strong_undefined): New function.
++ (relocate_section): Move undef vtable symbol check from here.
++ Check for is_strong_undefined.
++
+ 2013-11-22 Cary Coutant <ccoutant(a)google.com>
+
+ * testsuite/Makefile.am (exception_x86_64_bnd_test): Use in-tree
+diff --git a/gold/errors.cc b/gold/errors.cc
+index b79764bd1d..98db0fdd86 100644
+--- a/gold/errors.cc
++++ b/gold/errors.cc
+@@ -193,6 +193,11 @@ Errors::undefined_symbol(const Symbol* sym, const std::string& location)
+ fprintf(stderr,
+ _("%s: %s: undefined reference to '%s', version '%s'\n"),
+ location.c_str(), zmsg, sym->demangled_name().c_str(), version);
++
++ if (sym->is_cxx_vtable())
++ gold_info(_("%s: the vtable symbol may be undefined because "
++ "the class is missing its key function"),
++ program_name);
+ }
+
+ // Issue a debugging message.
+diff --git a/gold/target-reloc.h b/gold/target-reloc.h
+index b544c78f37..d609bcbaa8 100644
+--- a/gold/target-reloc.h
++++ b/gold/target-reloc.h
+@@ -144,6 +144,12 @@ class Default_comdat_behavior
+ }
+ };
+
++inline bool
++is_strong_undefined(const Symbol* sym)
++{
++ return sym->is_undefined() && sym->binding() != elfcpp::STB_WEAK;
++}
++
+ // Give an error for a symbol with non-default visibility which is not
+ // defined locally.
+
+@@ -411,16 +417,10 @@ relocate_section(
+ }
+
+ if (issue_undefined_symbol_error(sym))
+- {
+- gold_undefined_symbol_at_location(sym, relinfo, i, offset);
+- if (sym->is_cxx_vtable())
+- gold_info(_("%s: the vtable symbol may be undefined because "
+- "the class is missing its key function"),
+- program_name);
+- }
++ gold_undefined_symbol_at_location(sym, relinfo, i, offset);
+ else if (sym != NULL
+ && sym->visibility() != elfcpp::STV_DEFAULT
+- && (sym->is_undefined() || sym->is_from_dynobj()))
++ && (is_strong_undefined(sym) || sym->is_from_dynobj()))
+ visibility_error(sym);
+
+ if (sym != NULL && sym->has_warning())
+--
+2.11.0
+
diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh
index dc207f5..7d551b8 100755
--- a/gitian/verify-tags.sh
+++ b/gitian/verify-tags.sh
@@ -125,10 +125,11 @@ depot_tools $DEPOT_TOOLS_TAG
go-webrtc $GO_WEBRTC_TAG
snowflake $SNOWFLAKE_TAG
uniuri $UNIURI_TAG
+selfrando $SELFRANDO_TAG
EOF
# Verify signatures on signed packages
-for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI
+for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI ELFUTILS
do
PACKAGE="${i}_PACKAGE"
URL="${i}_URL"
diff --git a/gitian/versions.alpha b/gitian/versions.alpha
index adb9dbf..33be86d 100755
--- a/gitian/versions.alpha
+++ b/gitian/versions.alpha
@@ -47,6 +47,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou
GO_WEBRTC_TAG=ab1b64862e0c4b4182010699911c2c5818f0a101
SNOWFLAKE_TAG=9f2e9a6ecb696149708716ca06ce842df03cf492
UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a
+SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb
GITIAN_TAG=tor-browser-builder-4-4
@@ -71,6 +72,7 @@ GO14_VER=1.4.3
GO_VER=1.8.1
NSIS_VER=2.51
YASM_VER=1.2.0
+ELFUTILS_VER=0.160
## File names for the source packages
OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
@@ -105,6 +107,7 @@ NOTOKRFONT_PACKAGE=NotoSansKR-Regular.otf
NOTOSCFONT_PACKAGE=NotoSansSC-Regular.otf
NOTOTCFONT_PACKAGE=NotoSansTC-Regular.otf
YASM_PACKAGE=yasm-${YASM_VER}.tar.gz
+ELFUTILS_PACKAGE=elfutils-${ELFUTILS_VER}.tar.bz2
# Hashes for packages with weak sigs or no sigs
OPENSSL_HASH=6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0
@@ -167,3 +170,4 @@ NOTOKRFONT_URL=${NOTOCJKBASE_URL}/${NOTOKRFONT_PACKAGE}
NOTOSCFONT_URL=${NOTOCJKBASE_URL}/${NOTOSCFONT_PACKAGE}
NOTOTCFONT_URL=${NOTOCJKBASE_URL}/${NOTOTCFONT_PACKAGE}
YASM_URL=https://www.tortall.net/projects/yasm/releases/${YASM_PACKAGE}
+ELFUTILS_URL=https://sourceware.org/elfutils/ftp/${ELFUTILS_VER}/${ELFUTILS_PACKAGE}
diff --git a/gitian/versions.nightly b/gitian/versions.nightly
index 4e1618c..69ddb47 100755
--- a/gitian/versions.nightly
+++ b/gitian/versions.nightly
@@ -54,6 +54,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou
GO_WEBRTC_TAG=master
SNOWFLAKE_TAG=master
UNIURI_TAG=master
+SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb
GITIAN_TAG=tor-browser-builder-4
@@ -78,6 +79,7 @@ GO14_VER=1.4.3
GO_VER=1.8.1
NSIS_VER=2.51
YASM_VER=1.2.0
+ELFUTILS_VER=0.166
## File names for the source packages
OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz
@@ -112,6 +114,7 @@ NOTOKRFONT_PACKAGE=NotoSansKR-Regular.otf
NOTOSCFONT_PACKAGE=NotoSansSC-Regular.otf
NOTOTCFONT_PACKAGE=NotoSansTC-Regular.otf
YASM_PACKAGE=yasm-${YASM_VER}.tar.gz
+ELFUTILS_PACKAGE=elfutils-${ELFUTILS_VER}.tar.bz2
# Hashes for packages with weak sigs or no sigs
OPENSSL_HASH=6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0
@@ -174,3 +177,4 @@ NOTOKRFONT_URL=${NOTOCJKBASE_URL}/${NOTOKRFONT_PACKAGE}
NOTOSCFONT_URL=${NOTOCJKBASE_URL}/${NOTOSCFONT_PACKAGE}
NOTOTCFONT_URL=${NOTOCJKBASE_URL}/${NOTOTCFONT_PACKAGE}
YASM_URL=https://www.tortall.net/projects/yasm/releases/${YASM_PACKAGE}
+ELFUTILS_URL=https://sourceware.org/elfutils/ftp/${ELFUTILS_VER}/${ELFUTILS_PACKAGE}
1
0

[tor-browser-build/master] Bug 22115: use i386 containers for the win32 build
by boklm@torproject.org 08 May '17
by boklm@torproject.org 08 May '17
08 May '17
commit bb32ec91b538ab17d309b645787149ff376d58e9
Author: Nicolas Vigier <boklm(a)torproject.org>
Date: Mon May 8 18:44:29 2017 +0200
Bug 22115: use i386 containers for the win32 build
---
projects/firefox/build | 1 +
projects/gcc/config | 3 +++
projects/mingw-w64/config | 1 +
projects/tor-browser/build | 13 -------------
projects/tor-browser/config | 12 ++----------
rbm.conf | 8 +++++++-
6 files changed, 14 insertions(+), 24 deletions(-)
diff --git a/projects/firefox/build b/projects/firefox/build
index 1cf9be1..f445454 100644
--- a/projects/firefox/build
+++ b/projects/firefox/build
@@ -1,4 +1,5 @@
#!/bin/bash
+[% c("var/setarch") -%]
[% c("var/set_default_env") -%]
[% IF c("var/windows") -%]
mkdir -p /var/tmp/dist
diff --git a/projects/gcc/config b/projects/gcc/config
index 676d1fb..d740a93 100644
--- a/projects/gcc/config
+++ b/projects/gcc/config
@@ -38,6 +38,9 @@ targets:
windows-i686:
var:
configure_opt: --disable-multilib --enable-languages=c,c++
+ arch_deps:
+ - libc6-dev
+ - zlib1g-dev
linux-i686:
var:
configure_opt: --enable-multilib --enable-languages=c,c++ --with-system-zlib
diff --git a/projects/mingw-w64/config b/projects/mingw-w64/config
index 21d498a..5e2c748 100644
--- a/projects/mingw-w64/config
+++ b/projects/mingw-w64/config
@@ -13,6 +13,7 @@ var:
- libmpc-dev
- g++-mingw-w64-i686
setup: |
+ [% c("var/setarch") -%]
mkdir -p /var/tmp/dist
tar -C /var/tmp/dist -xf [% c("compiler_tarfile") %]
export PATH="/var/tmp/dist/mingw-w64/helpers:/var/tmp/dist/mingw-w64/bin:$PATH"
diff --git a/projects/tor-browser/build b/projects/tor-browser/build
index 7134367..084ec7d 100644
--- a/projects/tor-browser/build
+++ b/projects/tor-browser/build
@@ -201,19 +201,6 @@ popd
[% IF c("var/windows") %]
- # We need to install a recent version of python-pefile so that it works
- # in a x86_64 container:
- # https://github.com/TheTorProject/tor-messenger-build/pull/10
- tar xf $rootdir/[% c('input_files_by_name/python-future') %]
- cd $(echo [% c('input_files_by_name/python-future') %] | sed s/\.tar\.gz$//)
- python setup.py install --user
- cd ..
-
- tar xf $rootdir/[% c('input_files_by_name/python-pefile') %]
- cd $(echo [% c('input_files_by_name/python-pefile') %] | sed s/\.tar\.gz$//)
- python setup.py install --user
- cd ..
-
tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/nsis') %]
export PATH="/var/tmp/dist/nsis/bin:$PATH"
diff --git a/projects/tor-browser/config b/projects/tor-browser/config
index c4c2521..805d7b6 100644
--- a/projects/tor-browser/config
+++ b/projects/tor-browser/config
@@ -27,8 +27,8 @@ targets:
windows-i686:
var:
mar_osname: win32
- container:
- suite: utopic
+ arch_deps:
+ - python-pefile
input_files:
- project: container-image
@@ -70,11 +70,3 @@ input_files:
enable: '[% c("var/windows") %]'
- filename: pe_checksum_fix.py
enable: '[% c("var/windows") %]'
- - name: python-future
- URL: https://pypi.python.org/packages/00/2b/8d082ddfed935f3608cc61140df6dcbf0ede…
- sha256sum: e39ced1ab767b5936646cedba8bcce582398233d6a627067d4c6a454c90cfedb
- enable: '[% c("var/windows") %]'
- - name: python-pefile
- URL: https://pypi.python.org/packages/92/c0/8589ce9734ffdba258bd3e5acd4afb2e3586…
- sha256sum: f24021085b5c3ef7b0898bb1f1d93eecd3839e03512769e22b0c5a10d9095f7b
- enable: '[% c("var/windows") %]'
diff --git a/rbm.conf b/rbm.conf
index 2060132..969922c 100644
--- a/rbm.conf
+++ b/rbm.conf
@@ -153,7 +153,7 @@ targets:
osname: windows-i686
container:
suite: precise
- arch: amd64
+ arch: i386
configure_opt: '--host=i686-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]"'
CFLAGS: '[% c("var/flag_mwindows") %] -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security'
LDFLAGS: '[% c("var/flag_mwindows") %] -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$gcclibs'
@@ -168,6 +168,12 @@ targets:
- zip
- unzip
faketime_path: /usr/lib/faketime/libfaketime.so.1
+ setarch: |
+ if test -z "$RBM_SETARCH"
+ then
+ export RBM_SETARCH=1
+ exec setarch i686 ./build
+ fi
torbrowser-osx-x86_64:
- osx-x86_64
1
0

[tor-browser-build/master] Bug 22115: use i386 containers for the linux32 build
by boklm@torproject.org 08 May '17
by boklm@torproject.org 08 May '17
08 May '17
commit d067aa03629fb87c47acf19f81ed51940ebc3ebb
Author: Nicolas Vigier <boklm(a)torproject.org>
Date: Mon May 1 19:58:30 2017 +0200
Bug 22115: use i386 containers for the linux32 build
---
projects/binutils/build | 3 ++-
projects/common/runc-config.json | 6 +++++-
projects/debootstrap-image/config | 22 ++++++++++++++++++++++
projects/firefox/config | 21 ++++-----------------
projects/gcc/build | 1 +
projects/gcc/config | 17 ++++++++++++-----
projects/go-webrtc/config | 8 +-------
projects/go/build | 1 +
projects/go/config | 1 +
projects/snowflake/config | 8 +-------
projects/tor/config | 14 +++++---------
projects/webrtc/config | 30 ++++++++----------------------
rbm.conf | 35 ++++++++++++++++-------------------
13 files changed, 79 insertions(+), 88 deletions(-)
diff --git a/projects/binutils/build b/projects/binutils/build
index 8d4f09f..bd949a5 100644
--- a/projects/binutils/build
+++ b/projects/binutils/build
@@ -8,7 +8,8 @@ distdir=/var/tmp/dist/binutils
export DEB_BUILD_HARDENING_FORTIFY=1
export DEB_BUILD_HARDENING_FORMAT=1
export DEB_BUILD_HARDENING_PIE=1
-
+[% END -%]
+[% IF c("var/linux-x86_64") %]
# The libstdc++ shipped by default is non-PIC which breaks the binutils build
# if we build with DEB_BUILD_HARDENING_PIE=1. We need to install a PIC one AND
# make sure it gets used before the non-PIC one would.
diff --git a/projects/common/runc-config.json b/projects/common/runc-config.json
index 4c231cd..3da6c24 100644
--- a/projects/common/runc-config.json
+++ b/projects/common/runc-config.json
@@ -2,7 +2,11 @@
"ociVersion": "1.0.0-rc1",
"platform": {
"os": "linux",
- "arch": "amd64"
+[% IF c("var/container/arch") == 'i386' -%]
+ "arch": "386"
+[% ELSE -%]
+ "arch": "[% c("var/container/arch") %]"
+[% END -%]
},
"process": {
"terminal": true,
diff --git a/projects/debootstrap-image/config b/projects/debootstrap-image/config
index bd204f5..15eec3b 100644
--- a/projects/debootstrap-image/config
+++ b/projects/debootstrap-image/config
@@ -27,23 +27,45 @@ targets:
container:
suite: wheezy
arch: amd64
+ wheezy-i386:
+ var:
+ container:
+ suite: wheezy
+ arch: i386
jessie-amd64:
var:
container:
suite: jessie
arch: amd64
+ jessie-i386:
+ var:
+ container:
+ suite: jessie
+ arch: i386
precise-amd64:
var:
container:
suite: precise
arch: amd64
debootstrap_opt: --keyring=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
+ precise-i386:
+ var:
+ container:
+ suite: precise
+ arch: i386
+ debootstrap_opt: --keyring=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
utopic-amd64:
var:
container:
suite: utopic
arch: amd64
debootstrap_mirror: http://old-releases.ubuntu.com/ubuntu/
+ utopic-i386:
+ var:
+ container:
+ suite: utopic
+ arch: i386
+ debootstrap_mirror: http://old-releases.ubuntu.com/ubuntu/
input_files:
- URL: 'http://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
diff --git a/projects/firefox/config b/projects/firefox/config
index d6a68fe..f5c765f 100644
--- a/projects/firefox/config
+++ b/projects/firefox/config
@@ -28,9 +28,8 @@ targets:
var:
torbrowser_update_channel: default
- linux-x86_64:
+ linux:
var:
- martools_filename: mar-tools-linux64.zip
arch_deps:
- libgtk2.0-dev
- libdbus-glib-1-dev
@@ -44,25 +43,13 @@ targets:
- libx11-xcb-dev
# We built GCC but not the libmpc2, thus we need to install it
- libmpc2
+ linux-x86_64:
+ var:
+ martools_filename: mar-tools-linux64.zip
linux-i686:
var:
martools_filename: mar-tools-linux32.zip
- sort_deps: 0
- arch_deps:
- - libc6-dev-i386
- - libgtk2.0-dev:i386
- - libdbus-glib-1-dev:i386
- - libxt-dev:i386
- # To pass configure since ESR 31.
- - libpulse-dev:i386
- # To pass configure since ESR 45.
- - libgconf2-dev:i386
- # To pass configure since ESR 52
- - libx11-xcb-dev:i386
- # We built GCC but not the libmpc2, thus we need to install it
- - libmpc2
- - hardening-wrapper
osx-x86_64:
var:
diff --git a/projects/gcc/build b/projects/gcc/build
index 1c24af7..e509aac 100644
--- a/projects/gcc/build
+++ b/projects/gcc/build
@@ -1,5 +1,6 @@
#!/bin/sh
[% c("var/set_default_env") -%]
+[% c("var/setarch") -%]
distdir=/var/tmp/dist/[% project %]
mkdir /var/tmp/build
tar -C /var/tmp/build -xf [% project %]-[% c("version") %].tar.bz2
diff --git a/projects/gcc/config b/projects/gcc/config
index 1acf30a..676d1fb 100644
--- a/projects/gcc/config
+++ b/projects/gcc/config
@@ -4,12 +4,11 @@ version: 5.1.0
var:
container:
use_container: 1
- configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686
deps:
- build-essential
- libmpc-dev
- - libc6-dev-i386
setup: |
+ [% c("var/setarch") -%]
mkdir -p /var/tmp/dist
tar -C /var/tmp/dist -xf $rootdir/[% c("compiler_tarfile") %]
export PATH="/var/tmp/dist/gcc/bin:$PATH"
@@ -36,12 +35,20 @@ var:
popd
targets:
- osx-x86_64:
- var:
- configure_opt: --enable-multilib --enable-languages=c,c++
windows-i686:
var:
configure_opt: --disable-multilib --enable-languages=c,c++
+ linux-i686:
+ var:
+ configure_opt: --enable-multilib --enable-languages=c,c++ --with-system-zlib
+ arch_deps:
+ - libc6-dev
+ - zlib1g-dev
+ linux-x86_64:
+ var:
+ configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686
+ arch_deps:
+ - libc6-dev-i386
input_files:
- project: container-image
- URL: 'https://ftp.gnu.org/gnu/gcc/gcc-[% c("version") %]/gcc-[% c("version") %].tar.bz2'
diff --git a/projects/go-webrtc/config b/projects/go-webrtc/config
index d7c31d6..673215b 100644
--- a/projects/go-webrtc/config
+++ b/projects/go-webrtc/config
@@ -31,17 +31,11 @@ var:
targets:
master:
git_hash: master
- linux-x86_64:
+ linux:
var:
arch_deps:
- pkg-config
- libx11-dev
- linux-i686:
- var:
- arch_deps:
- - pkg-config:i386
- - libx11-dev:i386
- - lib32stdc++6
input_files:
- project: container-image
diff --git a/projects/go/build b/projects/go/build
index 2f87bf5..b7fac08 100644
--- a/projects/go/build
+++ b/projects/go/build
@@ -1,5 +1,6 @@
#!/bin/bash
[% c("var/set_default_env") -%]
+[% c("var/setarch") -%]
distdir=/var/tmp/dist/[% project %]
mkdir -p /var/tmp/dist
diff --git a/projects/go/config b/projects/go/config
index ef9c411..b36f211 100644
--- a/projects/go/config
+++ b/projects/go/config
@@ -8,6 +8,7 @@ var:
use_container: 1
setup: |
+ [% c("var/setarch") -%]
mkdir -p /var/tmp/dist
tar -C /var/tmp/dist -xf $rootdir/[% c("go_tarfile") %]
export GOOS=[% c("var/GOOS") %]
diff --git a/projects/snowflake/config b/projects/snowflake/config
index 212e86c..89e3eb6 100644
--- a/projects/snowflake/config
+++ b/projects/snowflake/config
@@ -9,13 +9,7 @@ var:
use_container: 1
targets:
- linux-i686:
- var:
- arch_deps:
- - pkg-config
- - libx11-dev:i386
- - lib32stdc++6
- linux-x86_64:
+ linux:
var:
arch_deps:
- pkg-config
diff --git a/projects/tor/config b/projects/tor/config
index a9da811..c2d359c 100644
--- a/projects/tor/config
+++ b/projects/tor/config
@@ -21,22 +21,18 @@ targets:
git_hash: master
tag_gpg_id: 0
- linux-i686:
+ linux:
var:
- libdir: lib32
- sort_deps: 0
arch_deps:
- - libc6-dev-i386
- libtool
- - zlib1g-dev:i386
+ - zlib1g-dev
- hardening-wrapper
+ linux-i686:
+ var:
+ libdir: lib
linux-x86_64:
var:
libdir: lib64
- arch_deps:
- - libtool
- - zlib1g-dev
- - hardening-wrapper
osx-x86_64:
var:
arch_deps:
diff --git a/projects/webrtc/config b/projects/webrtc/config
index d46d821..6882e87 100644
--- a/projects/webrtc/config
+++ b/projects/webrtc/config
@@ -26,28 +26,6 @@ targets:
var:
webrtc:
os: linux
- linux-i686:
- var:
- sort_deps: 0
- arch_deps:
- - lib32asound2-dev
- - lib64expat1
- - libexpat1-dev:i386
- - libglib2.0-dev:i386
- - libgtk2.0-dev:i386
- - libudev-dev:i386
- - libx11-dev:i386
- - libxext-dev:i386
- - libxrandr-dev:i386
- - lib32stdc++6
- - pkg-config
- - hardening-wrapper
- webrtc:
- arch: ia32
- lib_arch: 386
- lib_path: lib/libwebrtc-linux-386-magic.a
- linux-x86_64:
- var:
arch_deps:
- libasound2-dev
- libexpat1-dev
@@ -58,6 +36,14 @@ targets:
- libxext-dev
- libxrandr-dev
- pkg-config
+ linux-i686:
+ var:
+ webrtc:
+ arch: ia32
+ lib_arch: 386
+ lib_path: lib/libwebrtc-linux-386-magic.a
+ linux-x86_64:
+ var:
webrtc:
arch: x64
lib_arch: amd64
diff --git a/rbm.conf b/rbm.conf
index 722c85a..2060132 100644
--- a/rbm.conf
+++ b/rbm.conf
@@ -111,26 +111,30 @@ targets:
var:
linux-x86_64: 1
osname: linux-x86_64
- deps:
- - build-essential
- - python
- - bison
- - hardening-wrapper
- - automake
- - libtool
- - zip
- - unzip
# We only build snowflake on linux-x86_64 for now
snowflake: 1
+ container:
+ arch: amd64
linux-i686:
arch: i686
var:
linux-i686: 1
osname: linux-i686
- configure_opt: '--host=i686-linux-gnu CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32'
- pre_pkginst: dpkg --add-architecture i386
+ container:
+ arch: i386
+ setarch: |
+ if test -z "$RBM_SETARCH"
+ then
+ export RBM_SETARCH=1
+ exec setarch i686 ./build
+ fi
+ linux:
+ var:
+ linux: 1
+ compiler: gcc
+ container:
+ suite: wheezy
deps:
- - libc6-dev-i386
- build-essential
- python
- bison
@@ -139,13 +143,6 @@ targets:
- libtool
- zip
- unzip
- linux:
- var:
- linux: 1
- compiler: gcc
- container:
- suite: wheezy
- arch: amd64
torbrowser-windows-i686:
- windows-i686
1
0

05 May '17
commit 2d98c063010fc5b0f8da3e386587a501e27507b9
Author: Nicolas Vigier <boklm(a)torproject.org>
Date: Tue Apr 25 22:06:10 2017 +0200
Bug 21824: use runc instead of docker
---
README | 25 ++----
keyring/ubuntu.gpg | Bin 0 -> 32904 bytes
projects/binutils/config | 5 +-
projects/cmake/config | 6 +-
projects/common/runc-config.json | 179 ++++++++++++++++++++++++++++++++++++++
projects/container-image/build | 3 +
projects/container-image/config | 86 ++++++++++++++++++
projects/debootstrap-image/build | 3 +
projects/debootstrap-image/config | 52 +++++++++++
projects/docker-image/build | 4 -
projects/docker-image/config | 51 -----------
projects/ed25519/config | 5 +-
projects/firefox/config | 5 +-
projects/fonts/config | 5 +-
projects/gcc/config | 5 +-
projects/gmp/config | 7 +-
projects/go-webrtc/config | 5 +-
projects/go/config | 5 +-
projects/goerrors/config | 5 +-
projects/gogb/config | 5 +-
projects/goptlib/config | 5 +-
projects/goxcrypto/config | 5 +-
projects/goxnet/config | 5 +-
projects/https-everywhere/config | 9 +-
projects/libdmg-hfsplus/config | 5 +-
projects/libevent/config | 7 +-
projects/llvm/config | 7 +-
projects/macosx-toolchain/config | 5 +-
projects/meek/config | 6 +-
projects/mingw-w64/config | 5 +-
projects/nsis/config | 5 +-
projects/obfs4/config | 7 +-
projects/openssl/config | 7 +-
projects/sandbox/config | 8 +-
projects/siphash/config | 5 +-
projects/snowflake/config | 7 +-
projects/tor-browser/config | 8 +-
projects/tor-launcher/config | 6 +-
projects/tor/config | 5 +-
projects/torbutton/config | 6 +-
projects/uniuri/config | 5 +-
projects/webrtc/config | 10 ++-
projects/yasm/config | 6 +-
projects/zlib/config | 7 +-
rbm | 2 +-
rbm.conf | 93 ++++++++++++++++++--
rbm.local.conf.example | 6 --
tools/clean-old | 21 -----
48 files changed, 549 insertions(+), 185 deletions(-)
diff --git a/README b/README
index 08904fb..fa968ff 100644
--- a/README
+++ b/README
@@ -5,13 +5,12 @@ Installing build dependencies
-----------------------------
To build Tor Browser, you need a Linux distribution that has support
-for Docker (such as Debian jessie, Ubuntu 14.04, Fedora 20, etc ...).
-The Docker package is usually named docker.io or docker-io.
-On Debian jessie, the docker.io package is available in backports.
+for runC (such as Debian jessie, Ubuntu 14.04, Fedora 20, etc ...).
+On Debian jessie, the runc package is available in backports.
-Your user account should have access to the docker command without using
-sudo, so it should be in the docker group. The docker daemon should
-also be running.
+Your user account should have access sudo access, which is required to
+be able to extract container file systems, start containers and copy
+files to and from containers.
The sources of most components are downloaded using git, which needs to
be installed. The sources of webrtc are downloaded using gclient, which
@@ -41,7 +40,7 @@ If you are running Debian or Ubuntu, you can install them with:
libio-captureoutput-perl libfile-slurp-perl \
libstring-shellquote-perl libsort-versions-perl \
libdigest-sha-perl libdata-uuid-perl libdata-dump-perl \
- libfile-copy-recursive-perl git libgtk2.0-dev curl
+ libfile-copy-recursive-perl git libgtk2.0-dev curl runc
Starting a build
@@ -184,18 +183,6 @@ of files and containers that would be removed without doing it, you can
use 'make clean-dry-run'.
-Multiple build directories on the same host
--------------------------------------------
-
-You can do multiple builds of Tor Browser in different directories on
-the same host. However the docker images namespace is global, so you
-may have some conflicts with the same image names used by the
-different builds. By default, the docker images are prefixed with
-tor-browser_$USER. You can change this prefix by defining the
-docker_image_prefix option in rbm.local.conf, using a different prefix
-for each of your build directories.
-
-
Common Build Errors
-------------------
diff --git a/keyring/ubuntu.gpg b/keyring/ubuntu.gpg
new file mode 100644
index 0000000..8b77bf0
Binary files /dev/null and b/keyring/ubuntu.gpg differ
diff --git a/projects/binutils/config b/projects/binutils/config
index 2975f14..0cb2088 100644
--- a/projects/binutils/config
+++ b/projects/binutils/config
@@ -1,9 +1,10 @@
# vim: filetype=yaml sw=2
version: 2.24
filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
var:
configure_opt: '--disable-multilib --enable-gold --enable-deterministic-archives --enable-plugins'
+ container:
+ use_container: 1
targets:
windows-i686:
@@ -15,7 +16,7 @@ input_files:
sig_ext: sig
file_gpg_id: 1
gpg_keyring: binutils.gpg
- - project: docker-image
+ - project: container-image
- filename: enable-reloc-section-ld.patch
enable: '[% c("var/windows") %]'
- filename: peXXigen.patch
diff --git a/projects/cmake/config b/projects/cmake/config
index 837d9e1..357370d 100644
--- a/projects/cmake/config
+++ b/projects/cmake/config
@@ -5,7 +5,9 @@ git_hash: 'v[% c("version") %]'
tag_gpg_id: 1
gpg_keyring: cmake.gpg
filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
+var:
+ container:
+ use_container: 1
input_files:
- - project: docker-image
+ - project: container-image
diff --git a/projects/common/runc-config.json b/projects/common/runc-config.json
new file mode 100644
index 0000000..4c231cd
--- /dev/null
+++ b/projects/common/runc-config.json
@@ -0,0 +1,179 @@
+{
+ "ociVersion": "1.0.0-rc1",
+ "platform": {
+ "os": "linux",
+ "arch": "amd64"
+ },
+ "process": {
+ "terminal": true,
+ "user": {
+ "uid": 0,
+ "gid": 0
+ },
+ "args": [
+ "/rbm/run"
+ ],
+ "env": [
+ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+ "TERM=xterm"
+ ],
+ "cwd": "/",
+ "capabilities": [
+ "CAP_AUDIT_WRITE",
+ "CAP_KILL",
+ "CAP_NET_BIND_SERVICE",
+ "CAP_SETGID",
+ "CAP_SETUID",
+ "CAP_MKNOD",
+ "CAP_SYS_CHROOT",
+[% IF c("var/container/CAP_SYS_ADMIN") -%]
+ "CAP_SYS_ADMIN",
+[% END -%]
+ "CAP_FSETID",
+ "CAP_FOWNER",
+ "CAP_DAC_OVERRIDE",
+ "CAP_CHOWN"
+ ],
+ "rlimits": [
+ {
+ "type": "RLIMIT_NOFILE",
+ "hard": 1024,
+ "soft": 1024
+ }
+ ],
+ "noNewPrivileges": true
+ },
+ "root": {
+ "path": "rootfs",
+ "readonly": false
+ },
+ "hostname": "runc",
+ "mounts": [
+ {
+ "destination": "/proc",
+ "type": "proc",
+ "source": "proc"
+ },
+ {
+ "type": "bind",
+ "source": "/etc/resolv.conf",
+ "destination": "/etc/resolv.conf",
+ "options": [
+ "rbind",
+ "ro"
+ ]
+ },
+ {
+ "destination": "/dev",
+ "type": "tmpfs",
+ "source": "tmpfs",
+ "options": [
+ "nosuid",
+ "strictatime",
+ "mode=755",
+ "size=65536k"
+ ]
+ },
+ {
+ "destination": "/dev/pts",
+ "type": "devpts",
+ "source": "devpts",
+ "options": [
+ "nosuid",
+ "noexec",
+ "newinstance",
+ "ptmxmode=0666",
+ "mode=0620",
+ "gid=5"
+ ]
+ },
+ {
+ "destination": "/dev/shm",
+ "type": "tmpfs",
+ "source": "shm",
+ "options": [
+ "nosuid",
+ "noexec",
+ "nodev",
+ "mode=1777",
+ "size=65536k"
+ ]
+ },
+ {
+ "destination": "/dev/mqueue",
+ "type": "mqueue",
+ "source": "mqueue",
+ "options": [
+ "nosuid",
+ "noexec",
+ "nodev"
+ ]
+ },
+ {
+ "destination": "/sys",
+ "type": "sysfs",
+ "source": "sysfs",
+ "options": [
+ "nosuid",
+ "noexec",
+ "nodev",
+ "ro"
+ ]
+ },
+ {
+ "destination": "/sys/fs/cgroup",
+ "type": "cgroup",
+ "source": "cgroup",
+ "options": [
+ "nosuid",
+ "noexec",
+ "nodev",
+ "relatime",
+ "ro"
+ ]
+ }
+ ],
+ "hooks": {},
+ "linux": {
+ "resources": {
+ "devices": [
+ {
+ "allow": false,
+ "access": "rwm"
+ }
+ ]
+ },
+ "namespaces": [
+ {
+ "type": "pid"
+ },
+ {
+ "type": "ipc"
+ },
+ {
+ "type": "uts"
+ },
+ {
+ "type": "mount"
+ }
+ ],
+ "maskedPaths": [
+ "/proc/kcore",
+ "/proc/latency_stats",
+ "/proc/timer_stats",
+ "/proc/sched_debug"
+ ],
+ "readonlyPaths": [
+ "/proc/asound",
+ "/proc/bus",
+ "/proc/fs",
+ "/proc/irq",
+ "/proc/sys",
+ "/proc/sysrq-trigger"
+ ]
+ },
+ "solaris": {
+ "cappedCPU": {},
+ "cappedMemory": {}
+ }
+}
diff --git a/projects/container-image/build b/projects/container-image/build
new file mode 100644
index 0000000..c7d1c46
--- /dev/null
+++ b/projects/container-image/build
@@ -0,0 +1,3 @@
+#!/bin/sh
+set -e
+# Doing nothing
diff --git a/projects/container-image/config b/projects/container-image/config
new file mode 100644
index 0000000..c9f377f
--- /dev/null
+++ b/projects/container-image/config
@@ -0,0 +1,86 @@
+# vim: filetype=yaml sw=2
+filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %]-[% sha256(c("pre")).substr(0, 12) %].tar.gz'
+pkg_type: build
+
+var:
+ container:
+ use_container: 1
+ suite: '[% pc(c("origin_project"), "var/container/suite") %]'
+ arch: '[% pc(c("origin_project"), "var/container/arch") %]'
+
+lsb_release:
+ id: Debian
+ codename: wheezy
+ release: 7.11
+
+pre: |
+ #!/bin/sh
+ # [% c('var/container/suite') %]
+ set -e
+ [% IF pc(c('origin_project'), 'var/pre_pkginst') -%]
+ [% pc(c('origin_project'), 'var/pre_pkginst') %]
+ [% END -%]
+ [% IF c("var/container/suite") == "precise" -%]
+ export INITRD=no
+ mkdir -p /etc/container_environment
+ echo -n no > /etc/container_environment/INITRD
+ dpkg-divert --local --rename --add /sbin/initctl
+ ln -s /bin/true /sbin/initctl
+ dpkg-divert --local --rename --add /usr/bin/ischroot
+ ln -sf /bin/true /usr/bin/ischroot
+ cat >> /etc/apt/sources.list << EOF
+ deb http://archive.ubuntu.com/ubuntu/ precise-updates main
+ deb-src http://archive.ubuntu.com/ubuntu/ precise-updates main
+
+ deb http://archive.ubuntu.com/ubuntu/ precise universe
+ deb-src http://archive.ubuntu.com/ubuntu/ precise universe
+ deb http://archive.ubuntu.com/ubuntu/ precise-updates universe
+ deb-src http://archive.ubuntu.com/ubuntu/ precise-updates universe
+
+ deb http://archive.ubuntu.com/ubuntu/ precise-security main
+ deb-src http://archive.ubuntu.com/ubuntu/ precise-security main
+ deb http://archive.ubuntu.com/ubuntu/ precise-security universe
+ deb-src http://archive.ubuntu.com/ubuntu/ precise-security universe
+ EOF
+ [% END -%]
+ apt-get update -y
+ apt-get upgrade -y
+ [%
+ deps = [];
+ IF pc(c('origin_project'), 'var/deps');
+ CALL deps.import(pc(c('origin_project'), 'var/deps'));
+ END;
+ IF pc(c('origin_project'), 'var/arch_deps');
+ CALL deps.import(pc(c('origin_project'), 'var/arch_deps'));
+ END;
+ IF deps.size;
+ IF pc(c('origin_project'), 'var/sort_deps');
+ deps = deps.sort;
+ END;
+ FOREACH pkg IN deps;
+ SET p = tmpl(pkg);
+ IF p;
+ GET c('install_package', { pkg_name => p });
+ GET "\n";
+ END;
+ END;
+ END;
+ -%]
+ [% IF pc(c('origin_project'), 'var/post_pkginst') -%]
+ [% pc(c('origin_project'), 'var/post_pkginst') %]
+ [% END -%]
+
+remote_get: |
+ #!/bin/sh
+ set -e
+ [%
+ SET src = shell_quote(c('get_src', { error_if_undef => 1 }));
+ SET dst = shell_quote(c('get_dst', { error_if_undef => 1 }));
+ -%]
+ mkdir -p "[% dst %]"
+ sudo tar -C "[% c("var/container/dir") %]/rootfs" -czf "[% dst %]/[% c("filename") %]" .
+
+input_files:
+ - project: debootstrap-image
+ target:
+ - '[% c("var/container/suite") %]-[% c("var/container/arch") %]'
diff --git a/projects/debootstrap-image/build b/projects/debootstrap-image/build
new file mode 100644
index 0000000..c7d1c46
--- /dev/null
+++ b/projects/debootstrap-image/build
@@ -0,0 +1,3 @@
+#!/bin/sh
+set -e
+# Doing nothing
diff --git a/projects/debootstrap-image/config b/projects/debootstrap-image/config
new file mode 100644
index 0000000..bd204f5
--- /dev/null
+++ b/projects/debootstrap-image/config
@@ -0,0 +1,52 @@
+# vim: filetype=yaml sw=2
+filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %].tar.gz'
+pkg_type: build
+
+var:
+ ubuntu_version: 17.04
+
+ container_dir: '[% c("tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]'
+ container_user: rbm
+
+ container:
+ use_container: 1
+ # We need CAP_SYS_ADMIN for debootstrap to work
+ CAP_SYS_ADMIN: 1
+
+pre: |
+ #!/bin/sh
+ set -e
+ apt-get update -y
+ apt-get install -y debian-archive-keyring ubuntu-keyring debootstrap
+ debootstrap --arch=[% c("var/container/arch") %] [% c("var/container/debootstrap_opt") %] [% c("var/container/suite") %] base-image [% c("var/container/debootstrap_mirror") %]
+ tar -C ./base-image -czf [% dest_dir %]/[% c("filename") %] .
+
+targets:
+ wheezy-amd64:
+ var:
+ container:
+ suite: wheezy
+ arch: amd64
+ jessie-amd64:
+ var:
+ container:
+ suite: jessie
+ arch: amd64
+ precise-amd64:
+ var:
+ container:
+ suite: precise
+ arch: amd64
+ debootstrap_opt: --keyring=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
+ utopic-amd64:
+ var:
+ container:
+ suite: utopic
+ arch: amd64
+ debootstrap_mirror: http://old-releases.ubuntu.com/ubuntu/
+
+input_files:
+ - URL: 'http://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
+ filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
+ sha256sum: df2c8fd540e474b8e1e29c0db8ed6b43a932918f1b9a8149bb82104a7c07ba2a
+
diff --git a/projects/docker-image/build b/projects/docker-image/build
deleted file mode 100644
index ced6ad3..0000000
--- a/projects/docker-image/build
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-set -e
-echo 1 > [% dest_dir %]/[% c('filename') %]
-echo Creating [% dest_dir %]/[% c('filename') %]
diff --git a/projects/docker-image/config b/projects/docker-image/config
deleted file mode 100644
index 1968b77..0000000
--- a/projects/docker-image/config
+++ /dev/null
@@ -1,51 +0,0 @@
-# vim: filetype=yaml sw=2
-filename: '[% sha256(c("pre")).substr(0, 12) %]'
-remote_docker: 1
-docker_save_image: '[% c("docker_image_prefix") %]:[% c("filename") %]'
-pkg_type: build
-
-docker_image: '[% c("lsb_release/id").lower %]:[% c("lsb_release/release") %]'
-
-lsb_release:
- id: '[% pc(c("origin_project", { no_distro => 1 }), "lsb_release/id", { no_distro => 1 }) %]'
- release: '[% pc(c("origin_project", { no_distro => 1 }), "lsb_release/release", { no_distro => 1 }) %]'
- codename: '[% pc(c("origin_project", { no_distro => 1 }), "lsb_release/codename", { no_distro => 1 }) %]'
-
-pre: |
- #!/bin/sh
- # [% c('docker_image') %]
- set -e
- [% IF c('lsb_release/release') == '14.10' -%]
- sed -i 's/archive\.ubuntu\.com/old-releases.ubuntu.com/' /etc/apt/sources.list
- [% END -%]
- [% IF pc(c('origin_project'), 'var/pre_pkginst') -%]
- [% pc(c('origin_project'), 'var/pre_pkginst') %]
- [% END -%]
- [% IF c('lsb_release/id') == 'Ubuntu' || c('lsb_release/id') == 'Debian' %]
- apt-get update -y
- apt-get upgrade -y
- [% END %]
- [%
- deps = [];
- IF pc(c('origin_project'), 'var/deps');
- CALL deps.import(pc(c('origin_project'), 'var/deps'));
- END;
- IF pc(c('origin_project'), 'var/arch_deps');
- CALL deps.import(pc(c('origin_project'), 'var/arch_deps'));
- END;
- IF deps.size;
- IF pc(c('origin_project'), 'var/sort_deps');
- deps = deps.sort;
- END;
- FOREACH pkg IN deps;
- SET p = tmpl(pkg);
- IF p;
- GET c('install_package', { pkg_name => p });
- GET "\n";
- END;
- END;
- END;
- -%]
- [% IF pc(c('origin_project'), 'var/post_pkginst') -%]
- [% pc(c('origin_project'), 'var/post_pkginst') %]
- [% END -%]
diff --git a/projects/ed25519/config b/projects/ed25519/config
index 5bab68b..c6790b8 100644
--- a/projects/ed25519/config
+++ b/projects/ed25519/config
@@ -3,16 +3,17 @@ version: '[% c("abbrev") %]'
git_url: https://github.com/agl/ed25519.git
git_hash: c4161f4c7483313562781c61b9a20aba73daf9de
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
build: '[% c("projects/go/var/build_go_lib") %]'
var:
+ container:
+ use_container: 1
go_lib: github.com/agl/ed25519
go_lib_install:
- github.com/agl/ed25519/extra25519
input_files:
- - project: docker-image
+ - project: container-image
- name: go
project: go
diff --git a/projects/firefox/config b/projects/firefox/config
index 2c74e4b..d6a68fe 100644
--- a/projects/firefox/config
+++ b/projects/firefox/config
@@ -5,7 +5,6 @@ git_hash: 'tor-browser-[% c("var/firefox_version") %]-[% c("var/torbrowser_branc
tag_gpg_id: 1
git_url: https://git.torproject.org/tor-browser.git
gpg_keyring: torbutton.gpg
-remote_docker: 1
var:
firefox_version: 52.1.0esr
@@ -19,6 +18,8 @@ var:
- autoconf2.13
- yasm
- python
+ container:
+ use_container: 1
targets:
nightly:
@@ -74,7 +75,7 @@ targets:
martools_filename: mar-tools-win32.zip
input_files:
- - project: docker-image
+ - project: container-image
- name: '[% c("var/compiler") %]'
project: '[% c("var/compiler") %]'
- filename: get-moz-build-date
diff --git a/projects/fonts/config b/projects/fonts/config
index 69e16b3..382804d 100644
--- a/projects/fonts/config
+++ b/projects/fonts/config
@@ -3,8 +3,9 @@ version: '[% c("abbrev") %]'
git_url: https://github.com/googlei18n/noto-fonts.git
git_hash: 720e34851382ee3c1ef024d8dffb68ffbfb234c2
filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].tar.gz"
-remote_docker: 1
var:
+ container:
+ use_container: 1
noto_fonts_hinted:
- Arimo-Regular.ttf
- Arimo-Bold.ttf
@@ -85,7 +86,7 @@ targets:
- NotoSansYi-Regular.ttf
input_files:
- - project: docker-image
+ - project: container-image
- URL: https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd05d6f382138a3d3adc…
sha256sum: 415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5
enable: '[% c("var/linux") %]'
diff --git a/projects/gcc/config b/projects/gcc/config
index 391e453..1acf30a 100644
--- a/projects/gcc/config
+++ b/projects/gcc/config
@@ -1,8 +1,9 @@
# vim: filetype=yaml sw=2
filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
version: 5.1.0
-remote_docker: 1
var:
+ container:
+ use_container: 1
configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686
deps:
- build-essential
@@ -42,6 +43,6 @@ targets:
var:
configure_opt: --disable-multilib --enable-languages=c,c++
input_files:
+ - project: container-image
- URL: 'https://ftp.gnu.org/gnu/gcc/gcc-[% c("version") %]/gcc-[% c("version") %].tar.bz2'
sha256sum: b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad
- - project: docker-image
diff --git a/projects/gmp/config b/projects/gmp/config
index 913f181..41eb630 100644
--- a/projects/gmp/config
+++ b/projects/gmp/config
@@ -1,7 +1,10 @@
# vim: filetype=yaml sw=2
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
version: 5.1.3
-remote_docker: 1
+
+var:
+ container:
+ use_container: 1
targets:
linux:
@@ -9,9 +12,9 @@ targets:
configure_opt_gmp: --enable-fat
input_files:
+ - project: container-image
- name: gmp
URL: 'https://ftp.gnu.org/gnu/gmp/gmp-[% c("version") %].tar.bz2'
sha256sum: 752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160
- name: '[% c("var/compiler") %]'
project: '[% c("var/compiler") %]'
- - project: docker-image
diff --git a/projects/go-webrtc/config b/projects/go-webrtc/config
index 3a1a9d4..d7c31d6 100644
--- a/projects/go-webrtc/config
+++ b/projects/go-webrtc/config
@@ -3,11 +3,12 @@ version: '[% c("abbrev") %]'
git_url: https://github.com/keroserene/go-webrtc.git
git_hash: ab1b64862e0c4b4182010699911c2c5818f0a101
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
build: '[% c("projects/go/var/build_go_lib") %]'
var:
+ container:
+ use_container: 1
go_lib: github.com/keroserene/go-webrtc
build_go_lib_pre: |
[% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %]
@@ -43,7 +44,7 @@ targets:
- lib32stdc++6
input_files:
- - project: docker-image
+ - project: container-image
- name: go
project: go
- name: webrtc
diff --git a/projects/go/config b/projects/go/config
index 89b4b45..ef9c411 100644
--- a/projects/go/config
+++ b/projects/go/config
@@ -1,10 +1,11 @@
# vim: filetype=yaml sw=2
version: 1.7.5
filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
var:
go14_version: 1.4.3
+ container:
+ use_container: 1
setup: |
mkdir -p /var/tmp/dist
@@ -69,7 +70,7 @@ targets:
GOARCH: 386
input_files:
- - project: docker-image
+ - project: container-image
- name: '[% c("var/compiler") %]'
project: '[% c("var/compiler") %]'
enable: '[% c("var/windows") || c("var/osx") %]'
diff --git a/projects/goerrors/config b/projects/goerrors/config
index 4451f7b..3c11fab 100644
--- a/projects/goerrors/config
+++ b/projects/goerrors/config
@@ -3,14 +3,15 @@ version: '[% c("abbrev") %]'
git_url: https://github.com/pkg/errors
git_hash: 248dadf4e9068a0b3e79f02ed0a610d935de5302
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
build: '[% c("projects/go/var/build_go_lib") %]'
var:
+ container:
+ use_container: 1
go_lib: github.com/pkg/errors
input_files:
- - project: docker-image
+ - project: container-image
- name: go
project: go
diff --git a/projects/gogb/config b/projects/gogb/config
index a358819..dcf30f6 100644
--- a/projects/gogb/config
+++ b/projects/gogb/config
@@ -3,18 +3,19 @@ version: '[% c("abbrev") %]'
git_url: https://github.com/constabulary/gb
git_hash: 06cc925cce6592e922dcc4839a8b44feb384e71e
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
build: '[% c("projects/go/var/build_go_lib") %]'
var:
+ container:
+ use_container: 1
go_lib: github.com/constabulary/gb
go_lib_install: github.com/constabulary/gb/cmd/gb
go_lib_deps:
- goerrors
input_files:
- - project: docker-image
+ - project: container-image
- name: go
project: go
- name: goerrors
diff --git a/projects/goptlib/config b/projects/goptlib/config
index dd520ec..c083763 100644
--- a/projects/goptlib/config
+++ b/projects/goptlib/config
@@ -5,14 +5,15 @@ git_hash: '[% c("version") %]'
tag_gpg_id: 1
gpg_keyring: goptlib.gpg
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
build: '[% c("projects/go/var/build_go_lib") %]'
var:
+ container:
+ use_container: 1
go_lib: git.torproject.org/pluggable-transports/goptlib.git
input_files:
- - project: docker-image
+ - project: container-image
- name: go
project: go
diff --git a/projects/goxcrypto/config b/projects/goxcrypto/config
index 8362f28..b51b578 100644
--- a/projects/goxcrypto/config
+++ b/projects/goxcrypto/config
@@ -3,11 +3,12 @@ version: '[% c("abbrev") %]'
git_url: https://go.googlesource.com/crypto
git_hash: 4ed45ec682102c643324fae5dff8dab085b6c300
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
build: '[% c("projects/go/var/build_go_lib") %]'
var:
+ container:
+ use_container: 1
go_lib: golang.org/x/crypto
go_lib_install:
- golang.org/x/crypto/curve25519
@@ -19,6 +20,6 @@ targets:
git_hash: master
input_files:
- - project: docker-image
+ - project: container-image
- name: go
project: go
diff --git a/projects/goxnet/config b/projects/goxnet/config
index 507f997..ec368a2 100644
--- a/projects/goxnet/config
+++ b/projects/goxnet/config
@@ -3,11 +3,12 @@ version: '[% c("abbrev") %]'
git_url: https://go.googlesource.com/net
git_hash: 7dbad50ab5b31073856416cdcfeb2796d682f844
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
build: '[% c("projects/go/var/build_go_lib") %]'
var:
+ container:
+ use_container: 1
go_lib: golang.org/x/net
go_lib_install:
- golang.org/x/net/proxy
@@ -17,6 +18,6 @@ targets:
git_hash: master
input_files:
- - project: docker-image
+ - project: container-image
- name: go
project: go
diff --git a/projects/https-everywhere/config b/projects/https-everywhere/config
index 3e5100e..f149cac 100644
--- a/projects/https-everywhere/config
+++ b/projects/https-everywhere/config
@@ -6,9 +6,11 @@ git_submodule: 1
gpg_keyring: https-everywhere.gpg
tag_gpg_id: 1
filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].xpi"
-remote_docker: 1
-distribution: Debian-7.11
var:
+ container:
+ use_container: 1
+ suite: wheezy
+ arch: amd64
deps:
- git
- python
@@ -19,8 +21,9 @@ var:
- rsync
- zip
- unzip
+
input_files:
- - project: docker-image
+ - project: container-image
targets:
nightly:
diff --git a/projects/libdmg-hfsplus/config b/projects/libdmg-hfsplus/config
index 9071078..67e8287 100644
--- a/projects/libdmg-hfsplus/config
+++ b/projects/libdmg-hfsplus/config
@@ -3,13 +3,14 @@ version: '[% c("abbrev") %]'
git_url: https://github.com/vasi/libdmg-hfsplus
git_hash: dfd5e5cc3dc1191e37d3c3a6118975afdd1d7014
filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
var:
+ container:
+ use_container: 1
deps:
- build-essential
- cmake
- zlib1g-dev
- libbz2-dev
input_files:
+ - project: container-image
- filename: libdmg.patch
- - project: docker-image
diff --git a/projects/libevent/config b/projects/libevent/config
index 15ada11..46cbb7e 100644
--- a/projects/libevent/config
+++ b/projects/libevent/config
@@ -5,7 +5,10 @@ git_hash: 'release-[% c("version") %]-stable'
tag_gpg_id: 1
gpg_keyring: libevent.gpg
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
+
+var:
+ container:
+ use_container: 1
targets:
osx-x86_64:
@@ -14,6 +17,6 @@ targets:
- faketime
input_files:
- - project: docker-image
+ - project: container-image
- name: '[% c("var/compiler") %]'
project: '[% c("var/compiler") %]'
diff --git a/projects/llvm/config b/projects/llvm/config
index 81f7aaa..f0a803b 100644
--- a/projects/llvm/config
+++ b/projects/llvm/config
@@ -1,10 +1,13 @@
# vim: filetype=yaml sw=2
version: 3.8.0
filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
+
+var:
+ container:
+ use_container: 1
input_files:
- - project: docker-image
+ - project: container-image
- project: cmake
name: cmake
- URL: 'http://releases.llvm.org/[% c("version") %]/llvm-[% c("version") %].src.tar.xz'
diff --git a/projects/macosx-toolchain/config b/projects/macosx-toolchain/config
index b237e4d..55fb554 100644
--- a/projects/macosx-toolchain/config
+++ b/projects/macosx-toolchain/config
@@ -1,8 +1,9 @@
# vim: filetype=yaml sw=2
filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
version: 10.7-1
-remote_docker: 1
var:
+ container:
+ use_container: 1
setup: |
mkdir -p /var/tmp/dist
tar -C /var/tmp/dist -xf [% c("compiler_tarfile") %]
@@ -15,6 +16,7 @@ var:
export LDFLAGS="[% c('var/LDFLAGS') %]"
input_files:
+ - project: container-image
- name: llvm
project: llvm
- name: cctools
@@ -23,4 +25,3 @@ input_files:
- name: SDK
URL: https://people.torproject.org/~mikeperry/mirrors/sources/MacOSX10.7.sdk.tar…
sha256sum: da77bb0003fcca5ea8c4e8cb2da8828ded750c54afdcac29ec6f3b46ad5e3adf
- - project: docker-image
diff --git a/projects/meek/config b/projects/meek/config
index 84ed2bd..46f4ec9 100644
--- a/projects/meek/config
+++ b/projects/meek/config
@@ -5,10 +5,12 @@ git_hash: '[% c("version") %]'
tag_gpg_id: 1
gpg_keyring: meek.gpg
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
+var:
+ container:
+ use_container: 1
input_files:
- - project: docker-image
+ - project: container-image
- name: go
project: go
- name: goptlib
diff --git a/projects/mingw-w64/config b/projects/mingw-w64/config
index 060857c..21d498a 100644
--- a/projects/mingw-w64/config
+++ b/projects/mingw-w64/config
@@ -3,8 +3,9 @@ filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
git_url: http://git.code.sf.net/p/mingw-w64/mingw-w64
git_hash: 98e5b4930a717eafddd8ca0f0dfeb7c57c6b026a
version: '[% c("abbrev") %]'
-remote_docker: 1
var:
+ container:
+ use_container: 1
gcc_version: 5.1.0
deps:
- automake
@@ -17,6 +18,7 @@ var:
export PATH="/var/tmp/dist/mingw-w64/helpers:/var/tmp/dist/mingw-w64/bin:$PATH"
export gcclibs=/var/tmp/dist/mingw-w64/gcclibs
input_files:
+ - project: container-image
- URL: 'https://ftp.gnu.org/gnu/gcc/gcc-[% c("var/gcc_version") %]/gcc-[% c("var/gcc_version") %].tar.bz2'
sha256sum: b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad
- name: binutils
@@ -24,4 +26,3 @@ input_files:
- filename: i686-w64-mingw32-g++
- filename: i686-w64-mingw32-gcc
- filename: i686-w64-mingw32-ld
- - project: docker-image
diff --git a/projects/nsis/config b/projects/nsis/config
index 6729101..2812a22 100644
--- a/projects/nsis/config
+++ b/projects/nsis/config
@@ -1,8 +1,9 @@
# vim: filetype=yaml sw=2
version: 2.51
filename: 'nsis-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
var:
+ container:
+ use_container: 1
deps:
- build-essential
- libmpc-dev
@@ -12,6 +13,7 @@ var:
- xsltproc
input_files:
+ - project: container-image
- filename: 'nsis-[% c("version") %].tar.bz2'
URL: 'http://downloads.sourceforge.net/nsis/nsis-[% c("version") %]-src.tar.bz2'
sha256sum: 43d4c9209847e35eb6e2c7cd5a7586e1445374c056c2c7899e40a080e17a1be7
@@ -21,4 +23,3 @@ input_files:
- filename: nsis-missing-unistd-include.patch
- name: '[% c("var/compiler") %]'
project: '[% c("var/compiler") %]'
- - project: docker-image
diff --git a/projects/obfs4/config b/projects/obfs4/config
index 952b054..44db79d 100644
--- a/projects/obfs4/config
+++ b/projects/obfs4/config
@@ -5,7 +5,10 @@ git_hash: 'obfs4proxy-[% c("version") %]'
tag_gpg_id: 1
gpg_keyring: obfs4.gpg
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
+
+var:
+ container:
+ use_container: 1
targets:
nightly:
@@ -13,7 +16,7 @@ targets:
tag_gpg_id: 0
input_files:
- - project: docker-image
+ - project: container-image
- name: go
project: go
- name: goptlib
diff --git a/projects/openssl/config b/projects/openssl/config
index 1a2e4dd..8b4ea4f 100644
--- a/projects/openssl/config
+++ b/projects/openssl/config
@@ -1,7 +1,10 @@
# vim: filetype=yaml sw=2
version: 1.0.2k
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
+
+var:
+ container:
+ use_container: 1
targets:
linux-x86_64:
@@ -18,7 +21,7 @@ targets:
configure_opts: --cross-compile-prefix=x86_64-apple-darwin10- darwin64-x86_64-cc enable-ec_nistp_64_gcc_128
input_files:
- - project: docker-image
+ - project: container-image
- name: '[% c("var/compiler") %]'
project: '[% c("var/compiler") %]'
- URL: 'https://www.openssl.org/source/openssl-[% c("version") %].tar.gz'
diff --git a/projects/sandbox/config b/projects/sandbox/config
index 218a276..3970322 100644
--- a/projects/sandbox/config
+++ b/projects/sandbox/config
@@ -5,10 +5,12 @@ git_hash: 'sandboxed-tor-browser-[% c("version") %]'
tag_gpg_id: 1
gpg_keyring: obfs4.gpg
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
-distribution: Debian-8.7
var:
+ container:
+ use_container: 1
+ suite: jessie
+ arch: amd64
deps:
- libx11-dev
- pkg-config
@@ -22,7 +24,7 @@ targets:
tag_gpg_id: 0
input_files:
- - project: docker-image
+ - project: container-image
- name: go
project: go
- name: gogb
diff --git a/projects/siphash/config b/projects/siphash/config
index 0f3f4b5..b2cb2a9 100644
--- a/projects/siphash/config
+++ b/projects/siphash/config
@@ -3,14 +3,15 @@ version: '[% c("abbrev") %]'
git_url: https://github.com/dchest/siphash.git
git_hash: 42ba037e748c9062a75e0924705c43b893edefcd
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
build: '[% c("projects/go/var/build_go_lib") %]'
var:
+ container:
+ use_container: 1
go_lib: github.com/dchest/siphash
input_files:
- - project: docker-image
+ - project: container-image
- name: go
project: go
diff --git a/projects/snowflake/config b/projects/snowflake/config
index 3233ba4..212e86c 100644
--- a/projects/snowflake/config
+++ b/projects/snowflake/config
@@ -3,7 +3,10 @@ version: '[% c("abbrev") %]'
git_url: https://git.torproject.org/pluggable-transports/snowflake.git
git_hash: 9f2e9a6ecb696149708716ca06ce842df03cf492
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
+
+var:
+ container:
+ use_container: 1
targets:
linux-i686:
@@ -19,7 +22,7 @@ targets:
- libx11-dev
input_files:
- - project: docker-image
+ - project: container-image
- name: go
project: go
- name: '[% c("var/compiler") %]'
diff --git a/projects/tor-browser/config b/projects/tor-browser/config
index 87cc6b2..c4c2521 100644
--- a/projects/tor-browser/config
+++ b/projects/tor-browser/config
@@ -1,9 +1,10 @@
# vim: filetype=yaml sw=2
version: '[% c("var/torbrowser_version") %]'
filename: 'tor-browser-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %]'
-remote_docker: 1
var:
+ container:
+ use_container: 1
ddmg: '[% INCLUDE ddmg.sh %]'
targets:
@@ -24,12 +25,13 @@ targets:
- bzip2
- faketime
windows-i686:
- distribution: Ubuntu-14.10
var:
mar_osname: win32
+ container:
+ suite: utopic
input_files:
- - project: docker-image
+ - project: container-image
- project: firefox
name: firefox
- project: tor
diff --git a/projects/tor-launcher/config b/projects/tor-launcher/config
index 70f8acd..9211844 100644
--- a/projects/tor-launcher/config
+++ b/projects/tor-launcher/config
@@ -5,9 +5,11 @@ git_hash: '[% c("version") %]'
gpg_keyring: torbutton.gpg
tag_gpg_id: 1
filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].xpi"
-remote_docker: 1
+var:
+ container:
+ use_container: 1
input_files:
- - project: docker-image
+ - project: container-image
targets:
nightly:
diff --git a/projects/tor/config b/projects/tor/config
index c8940dd..a9da811 100644
--- a/projects/tor/config
+++ b/projects/tor/config
@@ -5,9 +5,10 @@ git_hash: 'tor-[% c("version") %]'
git_url: https://git.torproject.org/tor.git
gpg_keyring: tor.gpg
tag_gpg_id: 1
-remote_docker: 1
var:
+ container:
+ use_container: 1
deps:
- build-essential
- automake
@@ -50,6 +51,7 @@ targets:
flag_mwindows: ''
input_files:
+ - project: container-image
- name: openssl
project: openssl
- name: libevent
@@ -59,4 +61,3 @@ input_files:
enable: '[% c("var/windows") %]'
- name: '[% c("var/compiler") %]'
project: '[% c("var/compiler") %]'
- - project: docker-image
diff --git a/projects/torbutton/config b/projects/torbutton/config
index b60e217..41d4d69 100644
--- a/projects/torbutton/config
+++ b/projects/torbutton/config
@@ -5,9 +5,11 @@ git_hash: '[% c("version") %]'
gpg_keyring: torbutton.gpg
tag_gpg_id: 1
filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].xpi"
-remote_docker: 1
+var:
+ container:
+ use_container: 1
input_files:
- - project: docker-image
+ - project: container-image
targets:
nightly:
diff --git a/projects/uniuri/config b/projects/uniuri/config
index 62fa8ef..e4c7294 100644
--- a/projects/uniuri/config
+++ b/projects/uniuri/config
@@ -3,11 +3,12 @@ version: '[% c("abbrev") %]'
git_url: https://github.com/dchest/uniuri
git_hash: 8902c56451e9b58ff940bbe5fec35d5f9c04584a
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
build: '[% c("projects/go/var/build_go_lib") %]'
var:
+ container:
+ use_container: 1
go_lib: github.com/dchest/uniuri
targets:
@@ -15,6 +16,6 @@ targets:
git_hash: master
input_files:
- - project: docker-image
+ - project: container-image
- name: go
project: go
diff --git a/projects/webrtc/config b/projects/webrtc/config
index bfd38c9..d46d821 100644
--- a/projects/webrtc/config
+++ b/projects/webrtc/config
@@ -1,13 +1,14 @@
# vim: filetype=yaml sw=2
version: '[% c("var/webrtc_tag") %]'
-remote_docker: 1
filename: 'webrtc-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
var:
+ container:
+ use_container: 1
webrtc_tag: c279861207c5b15fc51069e96595782350e0ac12
input_files:
- - project: docker-image
+ - project: container-image
- project: webrtc
pkg_type: fetch_sources
- project: depot_tools
@@ -27,7 +28,6 @@ targets:
os: linux
linux-i686:
var:
- dockerbuild: "[% pc('docker-image', 'pre') %]"
sort_deps: 0
arch_deps:
- lib32asound2-dev
@@ -65,7 +65,9 @@ targets:
steps:
fetch_sources:
- remote_docker: 0
+ var:
+ container:
+ use_container: 0
filename: 'webrtc-sources-[% c("var/webrtc_tag") %].tar.gz'
fetch_sources: |
#!/bin/bash
diff --git a/projects/yasm/config b/projects/yasm/config
index 3d8a28a..12d009b 100644
--- a/projects/yasm/config
+++ b/projects/yasm/config
@@ -1,10 +1,12 @@
# vim: filetype=yaml sw=2
version: 1.2.0
filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
-remote_docker: 1
+var:
+ container:
+ use_container: 1
input_files:
- - project: docker-image
+ - project: container-image
- URL: 'https://www.tortall.net/projects/yasm/releases/yasm-[% c("version") %].tar.gz'
name: yasm
sha256sum: 768ffab457b90a20a6d895c39749adb547c1b7cb5c108e84b151a838a23ccf31
diff --git a/projects/zlib/config b/projects/zlib/config
index 5219559..3ad562c 100644
--- a/projects/zlib/config
+++ b/projects/zlib/config
@@ -5,9 +5,12 @@ git_hash: 'v[% c("version") %]'
git_url: https://github.com/madler/zlib.git
gpg_keyring: zlib.gpg
tag_gpg_id: 1
-remote_docker: 1
+
+var:
+ container:
+ use_container: 1
input_files:
+ - project: container-image
- name: '[% c("var/compiler") %]'
project: '[% c("var/compiler") %]'
- - project: docker-image
diff --git a/rbm b/rbm
index 3f3886e..106e9b0 160000
--- a/rbm
+++ b/rbm
@@ -1 +1 @@
-Subproject commit 3f3886e1f210ad2853209c5aecd0951350a6f758
+Subproject commit 106e9b05aeff6309e241a3c9bae1781e0d551e7a
diff --git a/rbm.conf b/rbm.conf
index 651acfa..722c85a 100644
--- a/rbm.conf
+++ b/rbm.conf
@@ -20,12 +20,16 @@ var:
build_id_txt: |
[% c("version") %]
[% IF c("git_hash") || c("hg_hash"); GET c("abbrev"); END; %]
- [% IF c("remote_docker") -%]
- [% c("distribution") %]
+ [% IF c("var/container/use_container") -%]
+ [% c("var/container/suite") %]
+ [% c("var/container/arch") %]
[% END -%]
input_files: [% c("input_files_id") %]
build:
[% c("build", { filename => 'f', output_dir => '/out' }) %]
+ container:
+ dir: '[% c("tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]'
+ user: rbm
input_files_list: |
[% FOREACH file IN c("input_files_by_name").keys.sort -%]
[% c("input_files_by_name/" _ file) %]
@@ -136,19 +140,23 @@ targets:
- zip
- unzip
linux:
- distribution: Debian-7.11
var:
linux: 1
compiler: gcc
+ container:
+ suite: wheezy
+ arch: amd64
torbrowser-windows-i686:
- windows-i686
windows-i686:
- distribution: Ubuntu-12.04
arch: i686
var:
windows: 1
osname: windows-i686
+ container:
+ suite: precise
+ arch: amd64
configure_opt: '--host=i686-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]"'
CFLAGS: '[% c("var/flag_mwindows") %] -fstack-protector-all -Wstack-protector --param ssp-buffer-size=4 -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security'
LDFLAGS: '[% c("var/flag_mwindows") %] -Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -lssp -L$gcclibs'
@@ -167,11 +175,13 @@ targets:
torbrowser-osx-x86_64:
- osx-x86_64
osx-x86_64:
- distribution: Debian-8.7
arch: x86_64
var:
osx: 1
osname: osx-x86_64
+ container:
+ suite: jessie
+ arch: amd64
compiler: 'macosx-toolchain'
configure_opt: '--host=x86_64-apple-darwin10 CC="x86_64-apple-darwin10-clang [% c("var/FLAGS") %]" CXX="x86_64-apple-darwin10-clang++ [% c("var/FLAGS") %]"'
FLAGS: "-target x86_64-apple-darwin10 -mlinker-version=136 -B $cctoolsdir -isysroot $sysrootdir"
@@ -195,9 +205,6 @@ targets:
build_id: 1
-docker_image: '[% pc("docker-image", "docker_save_image") %]'
-docker_image_prefix: '[% GET c("var/project_name") ? c("var/project_name") : "rbm-build" %]_[% GET ENV.RBM_BUILDNAME ? ENV.RBM_BUILDNAME : ENV.USER ? ENV.USER : c("uid") %]'
-
# change the default gpg_wrapper to allow git tag signed using an
# expired key.
# https://bugs.torproject.org/19737
@@ -218,6 +225,76 @@ gpg_wrapper: |
exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@"
fi
+remote_start: '[% IF c("var/container/use_container") %][% c("runc/remote_start") %][% END %]'
+remote_exec: '[% IF c("var/container/use_container") %][% c("runc/remote_exec") %][% END %]'
+remote_put: '[% IF c("var/container/use_container") %][% c("runc/remote_put") %][% END %]'
+remote_get: '[% IF c("var/container/use_container") %][% c("runc/remote_get") %][% END %]'
+remote_finish: '[% IF c("var/container/use_container") %][% c("runc/remote_finish") %][% END %]'
+
+runc:
+ remote_start: |
+ #!/bin/sh
+ set -e
+ if [ $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'* | wc -l) -ne 1 ]
+ then
+ echo "Can't find container image in input files" >&2
+ ls -l '[% c("remote_srcdir") %]' >&2
+ exit 1
+ fi
+ mkdir -p '[% c("var/container/dir") %]'/rootfs/rbm
+ sudo tar -C '[% c("var/container/dir") %]'/rootfs -xf $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'*)
+ cat > '[% c("var/container/dir") %]'/config.json << EOF
+ [% INCLUDE 'runc-config.json' %]
+ EOF
+ [% SET user = c("var/container/user") -%]
+ [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'id ' _ user
+ _ ' >/dev/null 2>&1 || adduser -m ' _ user _ ' || useradd -m ' _ user }) %]
+
+ remote_exec: |
+ #!/bin/sh
+ set -e
+ mkdir -p '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/rbm
+ echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/cmd
+ echo [% shell_quote(c('exec_cmd')) %] >> '[% c("var/container/dir") %]'/rootfs/rbm/cmd
+ echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/run
+ [% IF c('exec_as_root'); SET user = 'root'; ELSE; SET user = c("var/container/user", { error_if_undef => 1 }); END; %]
+ echo 'su - [% user %] -c /rbm/cmd' >> '[% c("var/container/dir") %]'/rootfs/rbm/run
+ chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/cmd
+ chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/run
+ sudo runc start -b '[% c("var/container/dir") %]' rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]
+
+ remote_put: |
+ #!/bin/sh
+ set -e
+ [%
+ SET src = shell_quote(c('put_src', { error_if_undef => 1 }));
+ SET dst = shell_quote(c('put_dst', { error_if_undef => 1 }));
+ -%]
+ sudo mkdir -p '[% c("var/container/dir") %]'/rootfs/[% dst %]
+ sudo cp -aP [% src %] '[% c("var/container/dir") %]'/rootfs/[% dst %]
+ [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'chown -R ' _ c("var/container/user") _ ' ' _ dst }) %]
+
+ remote_get: |
+ #!/bin/sh
+ set -e
+ [%
+ SET src = shell_quote(c('get_src', { error_if_undef => 1 }));
+ SET dst = shell_quote(c('get_dst', { error_if_undef => 1 }));
+ -%]
+ mkdir -p [% dst %]
+ srcdir='[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/[% src %]
+ if [ $(ls -1 "$srcdir"/* 2> /dev/null | wc -l) -gt 0 ]
+ then
+ sudo chown $(whoami) "$srcdir"/*
+ sudo mv -f "$srcdir"/* [% dst %]/
+ fi
+
+ remote_finish: |
+ #!/bin/sh
+ set -e
+ sudo rm -Rf '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs '[% c("var/container/dir", { error_if_undef => 1 }) %]'/config.json
+ rmdir '[% c("var/container/dir") %]'
+
ENV:
TZ: UTC
LC_ALL: C
diff --git a/rbm.local.conf.example b/rbm.local.conf.example
index 78de08f..203ce5f 100644
--- a/rbm.local.conf.example
+++ b/rbm.local.conf.example
@@ -16,12 +16,6 @@
### this.
#debug: 0
-### If you are doing multiple builds in different directories on the
-### same host, you should define docker_image_prefix with a different
-### value for each build directory, so that the different builds don't
-### use the same docker image names.
-#docker_image_prefix: tor-browser_XXXXX
-
### The build_log option defines in which file the build logs of each
### component are stored. If you set it to '-' the logs are output on
### stdout and stderr.
diff --git a/tools/clean-old b/tools/clean-old
index 4d603fc..c7d9e0c 100755
--- a/tools/clean-old
+++ b/tools/clean-old
@@ -27,24 +27,6 @@ sub clean_file {
}
}
-sub clean_docker_images {
- my ($dockerdir, $used_files) = @_;
- my $imgprefix = RBM::project_config('docker-image', 'docker_image_prefix');
- my @imgs = read_dir($dockerdir);
- foreach my $dockerimage (@imgs) {
- next if $used_files->{"$dockerdir/$dockerimage"};
- my $img = "$imgprefix:$dockerimage";
- print "Cleaning docker image $img\n";
- next if $options{'dry-run'};
- my ($out, $err, $success) = capture_exec('docker', 'rmi', '-f', $img);
- if (!$success) {
- print STDERR "Error removing docker image $img:\n$err\n";
- exit 1;
- }
- unlink "$dockerdir/$dockerimage";
- }
-}
-
sub get_project_input_files {
my ($project, @targets) = @_;
print "Getting input files for $project ", join(' ', @targets), "\n";
@@ -108,7 +90,4 @@ foreach my $branch (keys %$clean) {
}
my %used_files = map { $_ => 1 } @files;
my $outdir = $RBM::config->{basedir} . '/out';
-# Don't clean docker-image files yet
-$used_files{"$outdir/docker-image"} = 1;
clean_file($outdir, \%used_files);
-clean_docker_images("$outdir/docker-image", \%used_files);
1
0

[tor-browser/tor-browser-52.1.0esr-7.0-2] Bug 21792: Suppress MediaError.message when privacy.resistFingerprinting = true
by gk@torproject.org 03 May '17
by gk@torproject.org 03 May '17
03 May '17
commit 58d186df19450f9aef0423c71e78f6eaa17679f8
Author: Arthur Edelstein <arthuredelstein(a)gmail.com>
Date: Thu Apr 27 15:00:14 2017 -0700
Bug 21792: Suppress MediaError.message when privacy.resistFingerprinting = true
---
dom/html/MediaError.cpp | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/dom/html/MediaError.cpp b/dom/html/MediaError.cpp
index 83b9ffc..fae0981 100644
--- a/dom/html/MediaError.cpp
+++ b/dom/html/MediaError.cpp
@@ -7,6 +7,7 @@
#include "mozilla/dom/MediaError.h"
#include "nsDOMClassInfoID.h"
#include "mozilla/dom/MediaErrorBinding.h"
+#include "nsContentUtils.h"
namespace mozilla {
namespace dom {
@@ -31,7 +32,12 @@ MediaError::MediaError(HTMLMediaElement* aParent, uint16_t aCode,
void
MediaError::GetMessage(nsAString& aResult) const
{
- CopyUTF8toUTF16(mMessage, aResult);
+ if (nsContentUtils::IsCallerChrome() ||
+ !nsContentUtils::ShouldResistFingerprinting()) {
+ CopyUTF8toUTF16(mMessage, aResult);
+ } else {
+ aResult.Truncate();
+ }
}
JSObject*
1
0

[tor-browser/tor-browser-52.1.0esr-7.0-2] fixup! TB4: Tor Browser's Firefox preference overrides.
by gk@torproject.org 02 May '17
by gk@torproject.org 02 May '17
02 May '17
commit 29b3b7af8e3b9528204ae49a396af80b3e4c4d61
Author: Arthur Edelstein <arthuredelstein(a)gmail.com>
Date: Wed Apr 26 15:38:30 2017 -0700
fixup! TB4: Tor Browser's Firefox preference overrides.
We fix bug 21675 by pretending every user has just one core available.
---
browser/app/profile/000-tor-browser.js | 1 +
1 file changed, 1 insertion(+)
diff --git a/browser/app/profile/000-tor-browser.js b/browser/app/profile/000-tor-browser.js
index 0715a01..27cfe53 100644
--- a/browser/app/profile/000-tor-browser.js
+++ b/browser/app/profile/000-tor-browser.js
@@ -151,6 +151,7 @@ pref("reader.parse-on-load.enabled", false);
pref("privacy.use_utc_timezone", true);
pref("media.webspeech.synth.enabled", false); // Bug 10283: Disable SpeechSynthesis API
pref("dom.webaudio.enabled", false); // Bug 13017: Disable Web Audio API
+pref("dom.maxHardwareConcurrency", 1); // Bug 21675: Spoof single-core cpu
// Third party stuff
pref("network.cookie.cookieBehavior", 1);
1
0