Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits:
-
7b12e72e
by Pier Angelo Vendrame at 2025-03-05T14:48:49+01:00
3 changed files:
Changes:
1 | -Go 1.4 was the last version written in C.
|
|
2 | -All the later versions need a Go compiler, that we provide with this project.
|
|
1 | +This project downloads the official Go binaries to use them for bootstrapping
|
|
2 | +purposes.
|
|
3 | 3 | |
4 | -Also, starting from Go 1.20.x, Go introduced a new policy: Go 1.y.z needs at
|
|
5 | -least Go 1.(y - 3) to build. E.g., Go 1.19 can build Go 1.20, 1.21 and 1.22, but
|
|
6 | -no Go 1.23, which will need Go 1.20 or later.
|
|
4 | +We used to start with Go 1.4 (the last version written in C) and build all the
|
|
5 | +versions needed to then build the most recent Go toolchain.
|
|
7 | 6 | |
8 | -So, right now we build Go 1.4 with Debian's GCC, then we use it to build Go
|
|
9 | -1.19.9, but at a certain point we will have to add another Go compiler.
|
|
7 | +However, starting with Go 1.21,
|
|
8 | +[the official binaries are reproducible](https://go.dev/blog/rebuild).
|
|
10 | 9 | |
11 | -Other alternatives are:
|
|
12 | -- use Debian's Go compiler (but we use a very old version of Debian for wider
|
|
13 | - binary compatibility, so it's likely not to ship a recent enough compiler for
|
|
14 | - bootstrapping purposes)
|
|
15 | -- use the [official binaries](https://go.dev/dl/) to bootstrap, like we do for
|
|
16 | - Rust |
|
10 | +So, we checked that the Go 1.23.6 binaries we produced with our old procedure
|
|
11 | +at 80f16f97e7c2973e9aa4458606c9afd2c63c2d60 matched the official binaries.
|
|
12 | + |
|
13 | +## How to update
|
|
14 | + |
|
15 | +1. In `projects/go/config`, update version to the version we want to be the new
|
|
16 | + go-bootstrap version
|
|
17 | +2. Build `go` with
|
|
18 | + `./rbm/rbm build --target torbrowser-linux-x86_64 --target alpha go` and
|
|
19 | + compare the result with the official build
|
|
20 | +3. If it is matching or if we can explain the differences, update the
|
|
21 | + `go-bootstrap` version of the bin that we download.
|
|
22 | +4. Build the same version of go again with the command from above and check the
|
|
23 | + two archives have the same exact hash. |
1 | 1 | #!/bin/bash
|
2 | 2 | [% c("var/set_default_env") -%]
|
3 | 3 | |
4 | -# This project is expected to be built only on Linux.
|
|
5 | -# Then the actual Go compiler will be built for each platform.
|
|
4 | +tar -xf $rootdir/[% c('input_files_by_name/go') %]
|
|
6 | 5 | |
7 | -distdir=/var/tmp/dist/[% project %]
|
|
8 | -mkdir -p /var/tmp/build /var/tmp/dist
|
|
6 | +pushd go
|
|
7 | +# Disable go autoupdates (tor-browser-build#41345)
|
|
8 | +# See https://go.dev/doc/toolchain
|
|
9 | +sed -i -e 's/^GOTOOLCHAIN=.*/GOTOOLCHAIN=local/' go.env
|
|
10 | +popd
|
|
11 | +mv go [% project %]
|
|
9 | 12 | |
10 | -# Building go 1.4.x
|
|
11 | -# This is needed to bootstrap the go that we actually use
|
|
12 | -# https://golang.org/doc/install/source#go14
|
|
13 | -tar -C /var/tmp/build --transform='s,^go\>,go1.4,' -xf $rootdir/[% c('input_files_by_name/go14') %]
|
|
14 | -cd /var/tmp/build/go1.4/src
|
|
15 | -# Disable cgo to avoid conflicts with newer GCC. cgo is not needed for the bootstrap go.
|
|
16 | -# https://github.com/golang/go/issues/13114#issuecomment-186922245
|
|
17 | -# Disable CC etc. that are set up for cross builds.
|
|
18 | -CGO_ENABLED=0 CC= CFLAGS= LDFLAGS= ./make.bash
|
|
19 | -export GOROOT_BOOTSTRAP="/var/tmp/build/go1.4"
|
|
20 | - |
|
21 | -# Building go 1.19.X
|
|
22 | -cd $rootdir
|
|
23 | -tar -C /var/tmp/build --transform='s,^go\>,go1.19,' -xf $rootdir/[% c('input_files_by_name/go119') %]
|
|
24 | -cd /var/tmp/build/go1.19/src
|
|
25 | - |
|
26 | -./make.bash
|
|
27 | -export GOROOT_BOOTSTRAP="/var/tmp/build/go1.19"
|
|
28 | - |
|
29 | -# Building go 1.21.X
|
|
30 | -cd $rootdir
|
|
31 | -tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/go') %]
|
|
32 | -export GOROOT="$distdir"
|
|
33 | -mv /var/tmp/dist/go $distdir
|
|
34 | -cd $distdir/src
|
|
35 | - |
|
36 | -./make.bash
|
|
37 | - |
|
38 | -# This directory is non-reproducible and doesn't exist in official Go releases,
|
|
39 | -# so remove it to preserve reproducibility of the output.
|
|
40 | -rm -rf $distdir/pkg/obj/go-build/
|
|
41 | - |
|
42 | -cd /var/tmp/dist
|
|
43 | 13 | [% c('tar', {
|
44 | 14 | tar_src => [ project ],
|
45 | 15 | tar_args => '-caf ' _ dest_dir _ '/' _ c('filename'),
|
1 | 1 | # vim: filetype=yaml sw=2
|
2 | -version: 1.21.12
|
|
2 | +# Make sure we can reproduce the official binaries before updating.
|
|
3 | +# Check README.md for more information before updating this version.
|
|
4 | +version: 1.23.6
|
|
3 | 5 | filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]'
|
4 | 6 | container:
|
5 | - use_container: 1
|
|
6 | - |
|
7 | -var:
|
|
8 | - no_crosscompile: 1
|
|
7 | + use_container: 0
|
|
9 | 8 | |
10 | 9 | input_files:
|
11 | - - project: container-image
|
|
12 | - - URL: 'https://go.dev/dl/go[% c("version") %].src.tar.gz'
|
|
10 | + - URL: 'https://go.dev/dl/go[% c("version") %].linux-amd64.tar.gz'
|
|
13 | 11 | name: go
|
14 | - sha256sum: 30e68af27bc1f1df231e3ab74f3d17d3b8d52a089c79bcaab573b4f1b807ed4f
|
|
15 | - - URL: https://go.dev/dl/go1.19.13.src.tar.gz
|
|
16 | - sha256sum: ccf36b53fb0024a017353c3ddb22c1f00bc7a8073c6aac79042da24ee34434d3
|
|
17 | - name: go119
|
|
18 | - - URL: https://dl.google.com/go/go1.4-bootstrap-20171003.tar.gz
|
|
19 | - name: go14
|
|
20 | - sha256sum: f4ff5b5eb3a3cae1c993723f3eab519c5bae18866b5e5f96fe1102f0cb5c3e52 |
|
12 | + # Make sure we can reproduce the official binaries before updating.
|
|
13 | + # Check README.md for more information before updating this hash.
|
|
14 | + sha256sum: 9379441ea310de000f33a4dc767bd966e72ab2826270e038e78b2c53c2e7802d |