[Git][tpo/applications/tor-browser-build][maint-12.0] 4 commits: Bug 40689: Update Ubuntu version in projects/mmdebstrap-image to 22.04.1

9 Dec 2022


      boklm pushed to branch maint-12.0 at The Tor Project / Applications / tor-browser-build


Commits:
530ece27 by Nicolas Vigier at 2022-12-09T11:30:15+01:00
Bug 40689: Update Ubuntu version in projects/mmdebstrap-image to 22.04.1

- - - - -
6b48ead1 by Nicolas Vigier at 2022-12-09T11:30:50+01:00
Bug 40693: Patch apt-key to accept expired keys for jessie

- - - - -
bf8ef3b5 by Nicolas Vigier at 2022-12-09T11:30:55+01:00
Bug 40693: use faketime to run `apt-get update` on jessie

- - - - -
4d2e38cd by Pier Angelo Vendrame at 2022-12-09T11:31:31+01:00
Bug 40653: Do not build compiler-rt with Clang

Specifying compiler-rt as a project in LLVM is going to be deprecated.
It should be compiled with runtimes, instead, or alone, if it will be
still allowed.

The only platform in which we were compiling compiler-rt with LLVM was
Linux. But Firefox seems not to actually use it, and just use GCC's
runtime, instead.

However, we were also compiling compiler-rt for Android in the same
project, which prevents to share the artifact with Windows and macOS.
So, I have moved it to another project on its own.

- - - - -


9 changed files:

- projects/clang/build
- projects/clang/config
- + projects/compiler-rt/build
- + projects/compiler-rt/config
- projects/container-image/config
- projects/geckoview/build
- projects/geckoview/config
- + projects/mmdebstrap-image/apt-key-allow-expired-key.patch
- projects/mmdebstrap-image/config


Changes:

=====================================
projects/clang/build
=====================================
@@ -3,16 +3,12 @@
 distdir=/var/tmp/dist/[% project %]
 mkdir -p /var/tmp/dist
 tar -C /var/tmp/dist -xf [% c('input_files_by_name/cmake') %]
-export PATH="/var/tmp/dist/cmake/bin:$PATH"
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/ninja') %]
+export PATH="/var/tmp/dist/ninja:/var/tmp/dist/cmake/bin:$PATH"
 [% IF c("var/linux") %]
   [% pc('gcc', 'var/setup', { compiler_tarfile => c('input_files_by_name/gcc'),
                               hardened_gcc => 0 }) %]
   [% pc('python', 'var/setup', { python_tarfile => c('input_files_by_name/python') }) %]
-[% END -%]
-[% IF c("var/android") %]
-  [% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %]
-[% END -%]
-[% IF c("var/linux") || c("var/android") -%]
   tar -C /var/tmp/dist -xf [% c('input_files_by_name/binutils') %]
   export PATH="/var/tmp/dist/binutils/bin:$PATH"
 [% END -%]
@@ -25,57 +21,15 @@ mkdir build
 cd build
 # LLVM_ENABLE_ZLIB solves the "contains a compressed section, but zlib is not available" on lld
 # LLVM_INSTALL_UTILS allows this LLVM to be used to compile Rust
-cmake ../llvm -G "Unix Makefiles" \
+cmake ../llvm -GNinja \
               -DCMAKE_INSTALL_PREFIX=$distdir \
               -DCMAKE_BUILD_TYPE=Release \
-            [% IF c("var/android") || c("var/macos") -%]
-              -DLLVM_TARGETS_TO_BUILD="X86;ARM;AArch64" \
-            [% END -%]
-            [% IF c("var/rlbox") -%]-DLLVM_EXPERIMENTAL_TARGETS_TO_BUILD=WebAssembly[% END %] \
-              -DLLVM_ENABLE_PROJECTS="clang;clang-tools-extra;compiler-rt;lld" \
+              -DLLVM_TARGETS_TO_BUILD="X86;ARM;AArch64[% IF c("var/rlbox") -%];WebAssembly[% END %]" \
+              -DLLVM_ENABLE_PROJECTS="clang;lld" \
               -DLLVM_ENABLE_ZLIB=ON \
               -DLLVM_INSTALL_UTILS=ON \
 
-make -j[% c("num_procs") %]
-make install
-cd ..
-
-[% IF c("var/android") -%]
-  echo "Compiling compiler-rt (Android only)"
-  rtdistdir=/var/tmp/build/rtdist
-  mkdir $rtdistdir
-
-  make_compilerrt () {
-    mkdir "build-compilerrt-$1"
-    cd "build-compilerrt-$1"
-    cmake ../compiler-rt/ -G "Unix Makefiles" \
-      -DCMAKE_INSTALL_PREFIX=$rtdistdir \
-      -DCMAKE_BUILD_TYPE=Release \
-      -DCMAKE_SYSTEM_NAME=Android \
-      -DCMAKE_ANDROID_ARCH_ABI=$1 \
-      -DCMAKE_ANDROID_NDK="$ANDROID_NDK_HOME" \
-      -DCMAKE_C_FLAGS="$3 -fuse-ld=lld --rtlib=compiler-rt" \
-      -DCMAKE_CXX_FLAGS="$3 -fuse-ld=lld --rtlib=compiler-rt" \
-      -DCMAKE_EXE_LINKER_FLAGS="-L$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/$2" \
-      -DCOMPILER_RT_BUILD_BUILTINS=ON \
-      -DCOMPILER_RT_BUILD_LIBFUZZER=OFF \
-      -DCOMPILER_RT_BUILD_MEMPROF=OFF \
-      -DCOMPILER_RT_BUILD_ORC=OFF \
-      -DCOMPILER_RT_BUILD_PROFILE=OFF \
-      -DCOMPILER_RT_BUILD_SANITIZERS=OFF \
-      -DCOMPILER_RT_BUILD_XRAY=OFF
-    make -j[% c("num_procs") %]
-    make install
-    cd ..
-  }
-
-  make_compilerrt "armeabi-v7a" "arm-linux-androideabi/lib" "-DARMEABI_V7A"
-  make_compilerrt "arm64-v8a" "aarch64-linux-android/lib64"
-  make_compilerrt "x86" "i686-linux-android/lib"
-  make_compilerrt "x86_64" "x86_64-linux-android/lib64"
-
-  mv $rtdistdir/lib/linux/libclang_rt.builtins-*-android.a $distdir/lib/clang/[% c("var/llvm_version") %]/lib/linux/
-[% END -%]
+ninja -j[% c("num_procs") %] -v install
 
 cd /var/tmp/dist
 [% c('tar', {


=====================================
projects/clang/config
=====================================
@@ -11,14 +11,16 @@ input_files:
   - project: container-image
   - name: '[% c("var/compiler") %]'
     project: '[% c("var/compiler") %]'
-    enable: '[% c("var/linux") || c("var/android") %]'
+    enable: '[% c("var/linux") %]'
   - name: binutils
     project: binutils
-    enable: '[% c("var/linux") || c("var/android") %]'
+    enable: '[% c("var/linux") %]'
   - project: cmake
     name: cmake
   - project: llvm-project
     name: clang-source
+  - project: ninja
+    name: ninja
   - project: python
     name: python
     enable: '[% c("var/linux") %]'


=====================================
projects/compiler-rt/build
=====================================
@@ -0,0 +1,51 @@
+#!/bin/bash
+[% c("var/set_default_env") -%]
+distdir=/var/tmp/dist/[% project %]
+mkdir -p /var/tmp/dist
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/cmake') %]
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/ninja') %]
+export PATH="/var/tmp/dist/ninja:/var/tmp/dist/cmake/bin:$PATH"
+
+[% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %]
+
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/binutils') %]
+export PATH="/var/tmp/dist/binutils/bin:$PATH"
+
+mkdir -p /var/tmp/build
+cd /var/tmp/build
+tar -xf $rootdir/[% c('input_files_by_name/clang-source') %]
+cd clang-source
+export LLVM_HOME=$(pwd)
+mkdir build
+cd build
+
+installdir=/var/tmp/build/install
+mkdir -p $installdir
+
+cmake ../compiler-rt/ -GNinja \
+  -DCMAKE_INSTALL_PREFIX=$installdir \
+  -DCMAKE_BUILD_TYPE=Release \
+  -DCMAKE_SYSTEM_NAME=Android \
+  -DCMAKE_ANDROID_ARCH_ABI="[% c('var/abi') %]" \
+  -DCMAKE_ANDROID_NDK="$ANDROID_NDK_HOME" \
+  -DCMAKE_C_FLAGS="-fuse-ld=lld --rtlib=compiler-rt $defines" \
+  -DCMAKE_CXX_FLAGS="-fuse-ld=lld --rtlib=compiler-rt $defines" \
+  -DCMAKE_EXE_LINKER_FLAGS="-L$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/[% c('var/libdir') %]" \
+  -DCOMPILER_RT_BUILD_BUILTINS=ON \
+  -DCOMPILER_RT_BUILD_LIBFUZZER=OFF \
+  -DCOMPILER_RT_BUILD_MEMPROF=OFF \
+  -DCOMPILER_RT_BUILD_ORC=OFF \
+  -DCOMPILER_RT_BUILD_PROFILE=OFF \
+  -DCOMPILER_RT_BUILD_SANITIZERS=OFF \
+  -DCOMPILER_RT_BUILD_XRAY=OFF
+
+ninja -j[% c("num_procs") %] -v install
+
+mkdir -p $distdir/lib/clang/[% c("var/llvm_version") %]/lib/linux/
+mv $installdir/lib/linux/libclang_rt.builtins-*-android.a $distdir/lib/clang/[% c("var/llvm_version") %]/lib/linux/
+
+cd /var/tmp/dist
+[% c('tar', {
+    tar_src => [ project ],
+    tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
+  }) %]


=====================================
projects/compiler-rt/config
=====================================
@@ -0,0 +1,38 @@
+# vim: filetype=yaml sw=2
+version: '[% c("var/llvm_version") %]'
+filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
+container:
+  use_container: 1
+
+var:
+  llvm_version: '[% pc("llvm-project", "version") %]'
+
+targets:
+  android-armv7:
+    var:
+      libdir: 'arm-linux-androideabi/lib'
+  android-aarch64:
+    var:
+      libdir: 'aarch64-linux-android/lib64'
+  android-x86:
+    var:
+      libdir: 'i686-linux-android/lib'
+  android-x86_64:
+    var:
+      libdir: 'x86_64-linux-android/lib64'
+
+input_files:
+  - project: container-image
+  - name: '[% c("var/compiler") %]'
+    project: '[% c("var/compiler") %]'
+  - name: binutils
+    project: binutils
+  - project: cmake
+    name: cmake
+  - project: llvm-project
+    name: clang-source
+  - project: ninja
+    name: ninja
+  - project: python
+    name: python
+    enable: '[% c("var/linux") %]'


=====================================
projects/container-image/config
=====================================
@@ -37,9 +37,14 @@ pre: |
   [% IF c("var/linux-cross") -%]
     dpkg --add-architecture [% c("var/arch_debian") %]
   [% END -%]
+  [% IF c("var/container/suite") == "jessie" -%]
+    # We need to use faketime to run `apt-get update` on jessie, because of
+    # expired key. See tor-browser-build#40693
+    dpkg -i ./libfaketime_0.9.6-3_amd64.deb ./faketime_0.9.6-3_amd64.deb
+  [% END -%]
   # Update the package cache again because `pre_pkginst` may change the
   # package manager configuration.
-  apt-get update -y -q
+  [% IF c("var/container/suite") == "jessie" %]faketime '2018-12-24 08:15:42' [% END %]apt-get update -y -q
   [% END -%]
   apt-get upgrade -y -q
   [%
@@ -82,3 +87,9 @@ input_files:
   - project: mmdebstrap-image
     target:
       - '[% c("var/container/suite") %]-[% c("var/container/arch") %]'
+  - URL: http://deb.debian.org/debian/pool/main/f/faketime/faketime_0.9.6-3_amd64.deb
+    sha256sum: 19b2a01a2fae7e6d5a8b741fc0bc626451cb4c2cc884ee79f1136dd3c2c26213
+    enable: '[% c("var/container/suite") == "jessie" %]'
+  - URL: http://deb.debian.org/debian/pool/main/f/faketime/libfaketime_0.9.6-3_amd64....
+    sha256sum: 82747d5815b226cfed7f6f9a751bf8c20d457f3ba786add6017d6904dea4fdb4
+    enable: '[% c("var/container/suite") == "jessie" %]'


=====================================
projects/geckoview/build
=====================================
@@ -21,6 +21,8 @@ tar -C /var/tmp/dist -xf [% c('input_files_by_name/nasm') %]
 tar -C /var/tmp/dist -xf [% c('input_files_by_name/node') %]
 tar -C /var/tmp/dist -xf [% c('input_files_by_name/clang') %]
 export LLVM_CONFIG="/var/tmp/dist/clang/bin/llvm-config"
+tar -C /var/tmp/dist -xf [% c('input_files_by_name/compiler-rt') %]
+cp -r /var/tmp/dist/compiler-rt/* /var/tmp/dist/clang/
 tar -C /var/tmp/dist -xf [% c('input_files_by_name/binutils') %]
 export PATH="/var/tmp/dist/rust/bin:/var/tmp/dist/cbindgen:/var/tmp/dist/nasm/bin:/var/tmp/dist/node/bin:/var/tmp/dist/clang/bin:/var/tmp/dist/binutils/bin:$PATH"
 


=====================================
projects/geckoview/config
=====================================
@@ -171,6 +171,8 @@ input_files:
     name: nasm
   - project: clang
     name: clang
+  - project: 'compiler-rt'
+    name: 'compiler-rt'
   - filename: 'gradle-dependencies-[% c("var/gradle_dependencies_version") %]'
     name: gradle-dependencies
     exec: '[% INCLUDE "fetch-gradle-dependencies" %]'


=====================================
projects/mmdebstrap-image/apt-key-allow-expired-key.patch
=====================================
@@ -0,0 +1,23 @@
+--- o/apt-key	2022-11-30 14:57:12.742026261 +0000
++++ n/apt-key	2022-12-01 08:38:08.170140893 +0000
+@@ -815,11 +815,18 @@
+ 	    create_gpg_home
+ 	fi
+ 	setup_merged_keyring
++	tmpfile=$(mktemp)
++	set +e
+ 	if [ -n "$FORCED_KEYRING" ]; then
+-	    "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "$(dearmor_filename "${FORCED_KEYRING}")" --ignore-time-conflict "$@"
++	    (eval "exec ${GPGSTATUSFD}>$tmpfile"; "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "$(dearmor_filename "${FORCED_KEYRING}")" --ignore-time-conflict "$@")
+ 	else
+-	    "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@"
++	    (eval "exec ${GPGSTATUSFD}>$tmpfile"; "$GPGV" --homedir "${GPGHOMEDIR}" --keyring "${GPGHOMEDIR}/pubring.gpg" --ignore-time-conflict "$@")
+ 	fi
++	err=$?
++	set -e
++	cat "$tmpfile" | sed 's/^\[GNUPG:\] EXPKEYSIG /\[GNUPG:\] GOODSIG /' >&${GPGSTATUSFD}
++	rm -f "$tmpfile"
++	exit $err
+ 	;;
+     help)
+         usage


=====================================
projects/mmdebstrap-image/config
=====================================
@@ -6,7 +6,7 @@ container:
   use_container: 1
 
 var:
-  ubuntu_version: 22.04
+  ubuntu_version: 22.04.1
 
 pre: |
   #!/bin/sh
@@ -16,6 +16,14 @@ pre: |
   apt-get update -y -q
   apt-get install -y -q debian-archive-keyring ubuntu-keyring mmdebstrap gnupg
 
+  [% IF c("var/container/suite") == "jessie" -%]
+    apt-get install -y -q patch
+    cd /usr/bin
+    # The gpg key for jessie is expired. We patch apt-key to accept expired keys.
+    patch -p1 < $rootdir/apt-key-allow-expired-key.patch
+    cd $rootdir
+  [% END -%]
+
   export SOURCE_DATE_EPOCH='[% c("timestamp") %]'
   tar -xf [% c('input_files_by_name/mmdebstrap') %]
   ./mmdebstrap/mmdebstrap --mode=unshare [% c("var/container/mmdebstrap_opt") %] [% c("var/container/suite") %] output.tar.gz [% c("var/container/debian_mirror") %]
@@ -55,4 +63,6 @@ input_files:
     name: mmdebstrap
   - URL: 'https://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
     filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
-    sha256sum: df6fe77cee11bd216ac532f0ee082bdc4da3c0cc1f1d9cb20f3f743196bc4b07
+    sha256sum: e1f9200c99da008a473c9ae7b51e13f5ea05dc4c2e12beb43f0f9cbbbf6216f4
+  - filename: apt-key-allow-expired-key.patch
+    enable: '[% c("var/container/suite") == "jessie" %]'



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/b...

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/b...
You're receiving this email because of your account on gitlab.torproject.org.

    

boklm (＠boklm)

tags

participants (1)