commit 918acde2b07acc72313ed8f69f0fd4a2622d772a Author: Nicolas Vigier boklm@torproject.org Date: Mon Feb 6 13:58:21 2017 +0100
Add linux sandbox --- projects/go/config | 9 ++++++++- projects/goerrors/config | 16 ++++++++++++++++ projects/gogb/config | 22 ++++++++++++++++++++++ projects/gogb/gb-build-dir.patch | 31 +++++++++++++++++++++++++++++++ projects/release/config | 8 ++++++++ projects/sandbox/build | 27 +++++++++++++++++++++++++++ projects/sandbox/config | 29 +++++++++++++++++++++++++++++ 7 files changed, 141 insertions(+), 1 deletion(-)
diff --git a/projects/go/config b/projects/go/config index a5920f5..9341f98 100644 --- a/projects/go/config +++ b/projects/go/config @@ -12,7 +12,7 @@ var: export GOOS=[% c("var/GOOS") %] export GOARCH=[% c("var/GOARCH") %] export GOPATH=/var/tmp/dist/gopath - export PATH=/var/tmp/dist/go/bin:"$PATH" + export PATH=/var/tmp/dist/go/bin:/var/tmp/dist/gopath/bin:"$PATH"
# Template build script for building a go library. # This can be called as projects/go/var/build_go_lib. @@ -26,9 +26,16 @@ var: distdir=/var/tmp/dist/[% project %] mkdir -p /var/tmp/build tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz + [% FOREACH dep = c("var/go_lib_deps") -%] + tar -C /var/tmp/dist -xf [% c('input_files_by_name/' _ dep) %] + [% END -%] mkdir -p $(dirname "$GOPATH/src/[% c("var/go_lib") %]") mv /var/tmp/build/[% project %]-[% c('version') %] "$GOPATH/src/[% c("var/go_lib") %]" cd "$GOPATH/src/[% c("var/go_lib") %]" + for p in $(ls -1 $rootdir/*.patch 2> /dev/null | sort) + do + patch -p1 < $p + done [% IF c("var/go_lib_install") -%] [% FOREACH inst IN c("var/go_lib_install") %] go install [% inst %] diff --git a/projects/goerrors/config b/projects/goerrors/config new file mode 100644 index 0000000..4451f7b --- /dev/null +++ b/projects/goerrors/config @@ -0,0 +1,16 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/pkg/errors +git_hash: 248dadf4e9068a0b3e79f02ed0a610d935de5302 +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +remote_docker: 1 + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + go_lib: github.com/pkg/errors + +input_files: + - project: docker-image + - name: go + project: go diff --git a/projects/gogb/config b/projects/gogb/config new file mode 100644 index 0000000..a358819 --- /dev/null +++ b/projects/gogb/config @@ -0,0 +1,22 @@ +# vim: filetype=yaml sw=2 +version: '[% c("abbrev") %]' +git_url: https://github.com/constabulary/gb +git_hash: 06cc925cce6592e922dcc4839a8b44feb384e71e +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +remote_docker: 1 + +build: '[% c("projects/go/var/build_go_lib") %]' + +var: + go_lib: github.com/constabulary/gb + go_lib_install: github.com/constabulary/gb/cmd/gb + go_lib_deps: + - goerrors + +input_files: + - project: docker-image + - name: go + project: go + - name: goerrors + project: goerrors + - filename: gb-build-dir.patch diff --git a/projects/gogb/gb-build-dir.patch b/projects/gogb/gb-build-dir.patch new file mode 100644 index 0000000..a52ca69 --- /dev/null +++ b/projects/gogb/gb-build-dir.patch @@ -0,0 +1,31 @@ +From a7b198e3a32509197150d7c2767262a7319ff339 Mon Sep 17 00:00:00 2001 +From: Georg Koppen gk@torproject.org +Date: Tue, 6 Dec 2016 21:34:16 +0000 +Subject: [PATCH] Make the gb build directory deterministic + + +diff --git a/context.go b/context.go +index 53c00da..d040082 100644 +--- a/context.go ++++ b/context.go +@@ -3,7 +3,6 @@ package gb + import ( + "fmt" + "io" +- "io/ioutil" + "os" + "os/exec" + "path/filepath" +@@ -136,7 +135,8 @@ func NewContext(p Project, opts ...func(*Context) error) (*Context, error) { + }, + GcToolchain(), + } +- workdir, err := ioutil.TempDir("", "gb") ++ workdir := filepath.Join(os.TempDir(), "gb") ++ err := os.Mkdir(workdir, 0777) + if err != nil { + return nil, err + } +-- +2.10.2 + diff --git a/projects/release/config b/projects/release/config index 26dd8b7..527e269 100644 --- a/projects/release/config +++ b/projects/release/config @@ -75,6 +75,13 @@ input_files: - '[% c("var/build_target") %]' - torbrowser-linux-x86_64
+ - name: sandbox-linux-x86_64 + project: sandbox + enable: '[% c("var/torbrowser-linux-x86_64") %]' + target: + - '[% c("var/build_target") %]' + - torbrowser-linux-x86_64 + - name: linux-i686 project: tor-browser enable: '[% c("var/torbrowser-linux-i686") %]' @@ -114,6 +121,7 @@ build: | [% END -%] [% IF c("var/torbrowser-linux-x86_64") -%] mv [% c('input_files_by_name/linux-x86_64') %]/* "$destdir"/ + mv [% c('input_files_by_name/sandbox-linux-x86_64') %] "$destdir"/sandbox-[% pc('sandbox', 'version') %]-linux64.zip [% END -%] cd "$destdir" sha256sum $(ls -1 *.exe *.tar.xz *.dmg *.mar | grep -v '.incremental.mar$' | sort) > sha256sums-unsigned-build.txt diff --git a/projects/sandbox/build b/projects/sandbox/build new file mode 100644 index 0000000..28b5a48 --- /dev/null +++ b/projects/sandbox/build @@ -0,0 +1,27 @@ +#!/bin/bash +set -e +rootdir=$(pwd) +[% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %] +distdir=/var/tmp/dist/[% project %] +mkdir -p $distdir + +tar -C /var/tmp/dist -xf [% c('input_files_by_name/gogb') %] + +mkdir -p /var/tmp/build +tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz +cd /var/tmp/build/[% project %]-[% c('version') %] + +# we don't have access to the git repository during the build +sed -i Makefile -e 's|git rev-parse --short HEAD > data/revision|echo [% c("abbrev") %] > data/revision|' +# Unset GOOS and GOARCH as they change some file names, and we don't need +# them as we are only building on x86_64 +unset GOOS +unset GOARCH +make +cp bin/sandboxed-tor-browser $distdir + +cd $distdir/.. +[% c('zip', { + zip_src => [ project ], + zip_args => dest_dir _ '/' _ c('filename'), + }) %] diff --git a/projects/sandbox/config b/projects/sandbox/config new file mode 100644 index 0000000..54fe4df --- /dev/null +++ b/projects/sandbox/config @@ -0,0 +1,29 @@ +# vim: filetype=yaml sw=2 +version: 0.0.3 +git_url: https://git.schwanenlied.me/yawning/sandboxed-tor-browser +git_hash: 'sandboxed-tor-browser-[% c("version") %]' +tag_gpg_id: 1 +gpg_keyring: obfs4.gpg +filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' +remote_docker: 1 +distribution: Debian-8.7 + +var: + deps: + - libx11-dev + - pkg-config + - libgtk-3-dev + - libnotify-dev + - zip + +targets: + nightly: + git_hash: master + tag_gpg_id: 0 + +input_files: + - project: docker-image + - name: go + project: go + - name: gogb + project: gogb