- tbb-commits - lists.torproject.org

[tor-browser-build/master] Add a README.BUILD_ERRORS file listing some common errors
by boklm＠torproject.org 12 Feb '17

12 Feb '17

commit 88146b2f6e947d35d672f0b82e39283a46dfe0d4 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Feb 13 00:06:13 2017 +0100 Add a README.BUILD_ERRORS file listing some common errors --- README | 7 +++++++ README.BUILD_ERRORS | 44 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) diff --git a/README b/README index 2c36d74..775f782 100644 --- a/README +++ b/README @@ -164,3 +164,10 @@ Cleaning obsolete files and containers images There will be a script to clean old build files and containers that are no longer used, but it has not been added yet. + +Common Build Errors +------------------- + +You can look at the README.BUILD_ERRORS file for a list of common build +errors and their solutions. + diff --git a/README.BUILD_ERRORS b/README.BUILD_ERRORS new file mode 100644 index 0000000..c1ee70c --- /dev/null +++ b/README.BUILD_ERRORS @@ -0,0 +1,44 @@ +This file lists some common build errors and their solutions. + + +Error starting remote +--------------------- + +If you have an error like this: + +---- +Error: Error starting remote: +/bin/sh: 1: adduser: not found +Segmentation fault (core dumped) +---- + +You might be having this issue: +https://github.com/docker/docker/issues/28705 + +When the kernel is configured with CONFIG_LEGACY_VSYSCALL_NONE, running +Debian Wheezy containers fails with a segfault. This should be fixed by +adding "vsyscall=emulate"to the kernel cmdline. + +If you are building inside Qubes, you can change the kernel cmdline for +the VM you are using with something like this in dom0: + +---- +$ qvm-pref --get [vmname] kernelopts +nopat +$ qvm-pref --set [vmname] kernelopts 'nopat vsyscall=emulate' +---- + + +tmp partition is full +--------------------- + +If your /tmp partition is small, you will get a 'No space left on device' +error during the build. To select an other directory with more space +available to store temporary files, you can define the TMPDIR environment +variable: + +---- +$ mkdir /home/user/tmp +$ export TMPDIR=/home/user/tmp +---- +

1 0

[rbm/master] If the TMPDIR env var exists, use it instead of /tmp
by boklm＠torproject.org 12 Feb '17

12 Feb '17

commit af970a558f122acaba080e0b015e3293f74509fb Author: Nicolas Vigier <boklm(a)torproject.org> Date: Sun Feb 12 23:24:09 2017 +0100 If the TMPDIR env var exists, use it instead of /tmp --- lib/RBM/DefaultConfig.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/RBM/DefaultConfig.pm b/lib/RBM/DefaultConfig.pm index 8eaf9dd..8172f04 100644 --- a/lib/RBM/DefaultConfig.pm +++ b/lib/RBM/DefaultConfig.pm @@ -103,7 +103,7 @@ sub docker_version { our %default_config = ( sysconf_file => '/etc/rbm.conf', - tmp_dir => '/tmp', + tmp_dir => '[% GET ENV.TMPDIR ? ENV.TMPDIR : "/tmp"; %]', projects_dir => 'projects', output_dir => 'out', git_clone_dir => 'git_clones',

1 0

[rbm/master] Fix docker_remote_finish for docker >= 1.10.0
by boklm＠torproject.org 12 Feb '17

12 Feb '17

commit dbd2143279680104971dc2b08877f252a38a1b2c Author: Nicolas Vigier <boklm(a)torproject.org> Date: Sun Feb 12 23:11:13 2017 +0100 Fix docker_remote_finish for docker >= 1.10.0 With docker >= 1.10.0, the -f flag on 'docker tag' is deprecated: https://docs.docker.com/engine/deprecated/#/f-flag-on-docker-tag However we need it when using an older version of docker. To add it only when needed, we parse the output from 'docker version'. --- lib/RBM/DefaultConfig.pm | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/lib/RBM/DefaultConfig.pm b/lib/RBM/DefaultConfig.pm index 100ad2c..8eaf9dd 100644 --- a/lib/RBM/DefaultConfig.pm +++ b/lib/RBM/DefaultConfig.pm @@ -86,6 +86,21 @@ sub get_arch { return $stdout; } +sub docker_version { + my ($stdout, $stderr, $success) + = capture_exec('docker', 'version', '--format', '{{.Client.Version}}'); + if ($success) { + chomp $stdout; + return $stdout; + } + ($stdout, $stderr, $success) = capture_exec('docker', 'version'); + RBM::exit_error("Error running 'docker version'") unless $success; + foreach my $line (split "\n", $stdout) { + return $1 if ($line =~ m/Client version: (.*)$/); + } + RBM::exit_error("Could not find docker version"); +} + our %default_config = ( sysconf_file => '/etc/rbm.conf', tmp_dir => '/tmp', @@ -382,6 +397,10 @@ OPT_END #### #### #### + docker_version => \&docker_version, +#### +#### +#### docker_build_image => 'rbm-[% sha256(c("build_id")).substr(0, 12) %]', #### #### @@ -408,7 +427,7 @@ OPT_END #!/bin/sh set -e [% IF c('docker_save_image') -%] -docker tag -f [% c('docker_build_image') %] [% c('docker_save_image') %] +docker tag [% IF versioncmp(c('docker_version'), '1.10.0') == -1; GET '-f'; END; %] [% c('docker_build_image') %] [% c('docker_save_image') %] [% END -%] docker rmi -f [% c('docker_build_image') %] > /dev/null OPT_END

1 0

[tor-browser-build/master] Bug 21326: Update the "Using a system-installed Tor" section.
by boklm＠torproject.org 09 Feb '17

09 Feb '17

commit 176897d72a0bf89008648d865e1bf4f2b8909fda Author: Kathy Brade <brade(a)pearlcrescent.com> Date: Thu Jan 26 14:06:44 2017 -0500 Bug 21326: Update the "Using a system-installed Tor" section. Adjust the comments to account for recent Torbutton changes. --- projects/tor-browser/RelativeLink/start-tor-browser | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/projects/tor-browser/RelativeLink/start-tor-browser b/projects/tor-browser/RelativeLink/start-tor-browser index f556389..a78b367 100755 --- a/projects/tor-browser/RelativeLink/start-tor-browser +++ b/projects/tor-browser/RelativeLink/start-tor-browser @@ -3,7 +3,7 @@ # GNU/Linux does not really require something like RelativeLink.c # However, we do want to have the same look and feel with similar features. # -# Copyright 2015 The Tor Project. See LICENSE for licensing information. +# Copyright 2017 The Tor Project. See LICENSE for licensing information. complain_dialog_title="Tor Browser" @@ -316,17 +316,13 @@ EOF # torrc): # # SETTING NAME VALUE -# extensions.torbutton.banned_ports [...],<SocksPort>,<ControlPort> -# extensions.torbutton.block_disk false -# extensions.torbutton.custom.socks_host 127.0.0.1 -# extensions.torbutton.custom.socks_port <SocksPort> +# network.security.ports.banned [...],<SocksPort>,<ControlPort> +# network.proxy.socks 127.0.0.1 +# network.proxy.socks_port <SocksPort> # extensions.torbutton.inserted_button true # extensions.torbutton.launch_warning false # extensions.torbutton.loglevel 2 # extensions.torbutton.logmethod 0 -# extensions.torbutton.settings_method custom -# extensions.torbutton.socks_port <SocksPort> -# extensions.torbutton.use_privoxy false # extensions.torlauncher.control_port <ControlPort> # extensions.torlauncher.loglevel 2 # extensions.torlauncher.logmethod 0

1 0

[tor-browser-build/master] Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge.
by boklm＠torproject.org 09 Feb '17

09 Feb '17

commit d3fc9ca42b27291e3a03ca8baca6f73547105800 Author: David Fifield <david(a)bamsoftware.com> Date: Mon Jan 23 17:48:50 2017 -0800 Bug 21342: Move meek-azure to the meek.azureedge.net backend and cymrubridge02 bridge. https://lists.torproject.org/pipermail/tor-project/2017-January/000906.html --- projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js b/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js index bd92585..c56d316 100644 --- a/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js +++ b/projects/tor-browser/Bundle-Data/PTConfigs/bridge_prefs.js @@ -37,6 +37,6 @@ pref("extensions.torlauncher.default_bridge.obfs4.19", "obfs4 192.95.36.142:443 pref("extensions.torlauncher.default_bridge.obfs4.20", "obfs4 85.17.30.79:443 FC259A04A328A07FED1413E9FC6526530D9FD87A cert=RutxZlu8BtyP+y0NX7bAVD41+J/qXNhHUrKjFkRSdiBAhIHIQLhKQ2HxESAKZprn/lR3KA iat-mode=0"); pref("extensions.torlauncher.default_bridge.meek-amazon.1", "meek 0.0.2.0:2 B9E7141C594AF25699E0079C1F0146F409495296 url=https://d2zfqthxsdq309.cloudfront.net/ front=a0.awsstatic.com"); -pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:3 A2C13B7DFCAB1CBF3A884B6EB99A98067AB6EF44 url=https://az786092.vo.msecnd.net/ front=ajax.aspnetcdn.com"); +pref("extensions.torlauncher.default_bridge.meek-azure.1", "meek 0.0.2.0:3 97700DFE9F483596DDA6264C4D7DF7641E1E39CE url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com"); pref("extensions.torlauncher.default_bridge.snowflake.1", "snowflake 0.0.3.0:1 B05EC36590AC0374F0E4D36DDA77908FD59D97F3");

1 0

[tor-browser-build/master] Use OpenSSL 1.0.2k in nightlies
by boklm＠torproject.org 09 Feb '17

09 Feb '17

commit cf76fe40cbf2b58d69cde9613fcf60527550d48c Author: Nicolas Vigier <boklm(a)torproject.org> Date: Thu Feb 9 12:29:46 2017 +0100 Use OpenSSL 1.0.2k in nightlies --- projects/openssl/config | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/projects/openssl/config b/projects/openssl/config index dcdac50..637f3d1 100644 --- a/projects/openssl/config +++ b/projects/openssl/config @@ -24,9 +24,15 @@ targets: pre_pkginst: dpkg --add-architecture i386 compiler: macosx-toolchain-gcc + nightly: + version: 1.0.2k + input_files: - project: docker-image - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' - URL: 'https://www.openssl.org/source/openssl-[% c("version") %].tar.gz' sha256sum: e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 + targets: + nightly: + sha256sum: 6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0

1 0

[tor-browser-build/master] Add option to sign the sha256sums-unsigned-build.txt file
by boklm＠torproject.org 06 Feb '17

06 Feb '17

commit c0242adc7a6a414bb183a3f07dddd64b7e3a51bc Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Feb 6 19:23:44 2017 +0100 Add option to sign the sha256sums-unsigned-build.txt file --- README | 9 +++++++++ projects/release/config | 3 +++ 2 files changed, 12 insertions(+) diff --git a/README b/README index 0b8e510..2c36d74 100644 --- a/README +++ b/README @@ -149,6 +149,15 @@ the build files in the tor-browser-builds/ directory (unless you changed the publish_dir option). +Signing builds +-------------- + +If the environment variable RBM_SIGN_BUILD is set to 1, the +sha256sums-unsigned-build.txt file will be signed with gpg. +You can use the RBM_GPG_OPTS environment variable to add some options +to the gpg command used to sign the file. + + Cleaning obsolete files and containers images --------------------------------------------- diff --git a/projects/release/config b/projects/release/config index 09b4c0e..daa78dd 100644 --- a/projects/release/config +++ b/projects/release/config @@ -125,4 +125,7 @@ build: | [% END -%] cd "$destdir" sha256sum $(ls -1 *.exe *.tar.xz *.dmg *.mar *.zip | grep -v '\.incremental\.mar$' | sort) > sha256sums-unsigned-build.txt + [% IF ENV.RBM_SIGN_BUILD -%] + gpg -abs [% ENV.RBM_GPG_OPTS %] sha256sums-unsigned-build.txt + [% END -%] cat sha256sums-unsigned-build.txt

1 0

[tor-browser-build/master] Include *.zip files in sha256sums-unsigned-build.txt
by boklm＠torproject.org 06 Feb '17

06 Feb '17

commit 444f6e2210d62b5fd6ab8c204a1c93594bf37ec4 Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Feb 6 14:04:06 2017 +0100 Include *.zip files in sha256sums-unsigned-build.txt --- projects/release/config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/release/config b/projects/release/config index 527e269..09b4c0e 100644 --- a/projects/release/config +++ b/projects/release/config @@ -124,5 +124,5 @@ build: | mv [% c('input_files_by_name/sandbox-linux-x86_64') %] "$destdir"/sandbox-[% pc('sandbox', 'version') %]-linux64.zip [% END -%] cd "$destdir" - sha256sum $(ls -1 *.exe *.tar.xz *.dmg *.mar | grep -v '\.incremental\.mar$' | sort) > sha256sums-unsigned-build.txt + sha256sum $(ls -1 *.exe *.tar.xz *.dmg *.mar *.zip | grep -v '\.incremental\.mar$' | sort) > sha256sums-unsigned-build.txt cat sha256sums-unsigned-build.txt

1 0

[tor-browser-bundle/master] Bug 21402: verify sandbox git tag's gpg signature
by gk＠torproject.org 06 Feb '17

06 Feb '17

commit 917d38c1d58c8cb11ff5b016054d2589d313882e Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Feb 6 13:43:44 2017 +0100 Bug 21402: verify sandbox git tag's gpg signature --- gitian/verify-tags.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index e8dfe3f..4b17550 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -104,6 +104,7 @@ meek meek.gpg $MEEK_TAG obfs4 obfs4proxy.gpg $OBFS4_TAG https-everywhere https-everywhere.gpg $HTTPSE_TAG cmake cmake.gpg $CMAKE_TAG +sandbox obfs4proxy.gpg $SANDBOX_TAG EOF while read dir commit; do

1 0

[tor-browser-build/master] Add linux sandbox
by boklm＠torproject.org 06 Feb '17

06 Feb '17

commit 918acde2b07acc72313ed8f69f0fd4a2622d772a Author: Nicolas Vigier <boklm(a)torproject.org> Date: Mon Feb 6 13:58:21 2017 +0100 Add linux sandbox --- projects/go/config | 9 ++++++++- projects/goerrors/config | 16 ++++++++++++++++ projects/gogb/config | 22 ++++++++++++++++++++++ projects/gogb/gb-build-dir.patch | 31 +++++++++++++++++++++++++++++++ projects/release/config | 8 ++++++++ projects/sandbox/build | 27 +++++++++++++++++++++++++++ projects/sandbox/config | 29 +++++++++++++++++++++++++++++ 7 files changed, 141 insertions(+), 1 deletion(-) diff --git a/projects/go/config b/projects/go/config index a5920f5..9341f98 100644 --- a/projects/go/config +++ b/projects/go/config @@ -12,7 +12,7 @@ var: export GOOS=[% c("var/GOOS") %] export GOARCH=[% c("var/GOARCH") %] export GOPATH=/var/tmp/dist/gopath - export PATH=/var/tmp/dist/go/bin:"$PATH" + export PATH=/var/tmp/dist/go/bin:/var/tmp/dist/gopath/bin:"$PATH" # Template build script for building a go library. # This can be called as projects/go/var/build_go_lib. @@ -26,9 +26,16 @@ var: distdir=/var/tmp/dist/[% project %] mkdir -p /var/tmp/build tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz + [% FOREACH dep = c("var/go_lib_deps") -%] + tar -C /var/tmp/dist -xf [% c('input_files_by_name/' _ dep) %] + [% END -%] mkdir -p $(dirname "$GOPATH/src/[% c("var/go_lib") %]") mv /var/tmp/build/[% project %]-[% c('version') %] "$GOPATH/src/[% c("var/go_lib") %]" cd "$GOPATH/src/[% c("var/go_lib") %]" + for p in $(ls -1 $rootdir/*.patch 2> /dev/null | sort) + do + patch -p1 < $p + done [% IF c("var/go_lib_install") -%] [% FOREACH inst IN c("var/go_lib_install") %] go install [% inst %] diff --git a/projects/goerrors/config b/projects/goerrors/config new file mode 100644 index 0000000..4451f7b --- /dev/null +++ b/projects/goerrors/config @@ -0,0 +1,16 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/pkg/errors +git_hash: 248dadf4e9068a0b3e79f02ed0a610d935de5302 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +remote_docker: 1 + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + go_lib: github.com/pkg/errors + +input_files: + - project: docker-image + - name: go + project: go diff --git a/projects/gogb/config b/projects/gogb/config new file mode 100644 index 0000000..a358819 --- /dev/null +++ b/projects/gogb/config @@ -0,0 +1,22 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/constabulary/gb +git_hash: 06cc925cce6592e922dcc4839a8b44feb384e71e +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +remote_docker: 1 + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + go_lib: github.com/constabulary/gb + go_lib_install: github.com/constabulary/gb/cmd/gb + go_lib_deps: + - goerrors + +input_files: + - project: docker-image + - name: go + project: go + - name: goerrors + project: goerrors + - filename: gb-build-dir.patch diff --git a/projects/gogb/gb-build-dir.patch b/projects/gogb/gb-build-dir.patch new file mode 100644 index 0000000..a52ca69 --- /dev/null +++ b/projects/gogb/gb-build-dir.patch @@ -0,0 +1,31 @@ +From a7b198e3a32509197150d7c2767262a7319ff339 Mon Sep 17 00:00:00 2001 +From: Georg Koppen <gk(a)torproject.org> +Date: Tue, 6 Dec 2016 21:34:16 +0000 +Subject: [PATCH] Make the gb build directory deterministic + + +diff --git a/context.go b/context.go +index 53c00da..d040082 100644 +--- a/context.go ++++ b/context.go +@@ -3,7 +3,6 @@ package gb + import ( + "fmt" + "io" +- "io/ioutil" + "os" + "os/exec" + "path/filepath" +@@ -136,7 +135,8 @@ func NewContext(p Project, opts ...func(*Context) error) (*Context, error) { + }, + GcToolchain(), + } +- workdir, err := ioutil.TempDir("", "gb") ++ workdir := filepath.Join(os.TempDir(), "gb") ++ err := os.Mkdir(workdir, 0777) + if err != nil { + return nil, err + } +-- +2.10.2 + diff --git a/projects/release/config b/projects/release/config index 26dd8b7..527e269 100644 --- a/projects/release/config +++ b/projects/release/config @@ -75,6 +75,13 @@ input_files: - '[% c("var/build_target") %]' - torbrowser-linux-x86_64 + - name: sandbox-linux-x86_64 + project: sandbox + enable: '[% c("var/torbrowser-linux-x86_64") %]' + target: + - '[% c("var/build_target") %]' + - torbrowser-linux-x86_64 + - name: linux-i686 project: tor-browser enable: '[% c("var/torbrowser-linux-i686") %]' @@ -114,6 +121,7 @@ build: | [% END -%] [% IF c("var/torbrowser-linux-x86_64") -%] mv [% c('input_files_by_name/linux-x86_64') %]/* "$destdir"/ + mv [% c('input_files_by_name/sandbox-linux-x86_64') %] "$destdir"/sandbox-[% pc('sandbox', 'version') %]-linux64.zip [% END -%] cd "$destdir" sha256sum $(ls -1 *.exe *.tar.xz *.dmg *.mar | grep -v '\.incremental\.mar$' | sort) > sha256sums-unsigned-build.txt diff --git a/projects/sandbox/build b/projects/sandbox/build new file mode 100644 index 0000000..28b5a48 --- /dev/null +++ b/projects/sandbox/build @@ -0,0 +1,27 @@ +#!/bin/bash +set -e +rootdir=$(pwd) +[% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %] +distdir=/var/tmp/dist/[% project %] +mkdir -p $distdir + +tar -C /var/tmp/dist -xf [% c('input_files_by_name/gogb') %] + +mkdir -p /var/tmp/build +tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz +cd /var/tmp/build/[% project %]-[% c('version') %] + +# we don't have access to the git repository during the build +sed -i Makefile -e 's|git rev-parse --short HEAD > data/revision|echo [% c("abbrev") %] > data/revision|' +# Unset GOOS and GOARCH as they change some file names, and we don't need +# them as we are only building on x86_64 +unset GOOS +unset GOARCH +make +cp bin/sandboxed-tor-browser $distdir + +cd $distdir/.. +[% c('zip', { + zip_src => [ project ], + zip_args => dest_dir _ '/' _ c('filename'), + }) %] diff --git a/projects/sandbox/config b/projects/sandbox/config new file mode 100644 index 0000000..54fe4df --- /dev/null +++ b/projects/sandbox/config @@ -0,0 +1,29 @@ +# vim: filetype=yaml sw=2 +version: 0.0.3 +git_url: https://git.schwanenlied.me/yawning/sandboxed-tor-browser +git_hash: 'sandboxed-tor-browser-[% c("version") %]' +tag_gpg_id: 1 +gpg_keyring: obfs4.gpg +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +remote_docker: 1 +distribution: Debian-8.7 + +var: + deps: + - libx11-dev + - pkg-config + - libgtk-3-dev + - libnotify-dev + - zip + +targets: + nightly: + git_hash: master + tag_gpg_id: 0 + +input_files: + - project: docker-image + - name: go + project: go + - name: gogb + project: gogb

1 0