Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build
Commits: 3c17b385 by Pier Angelo Vendrame at 2024-01-10T10:10:45+01:00 Bug 40606: Use Clang to compile NSIS
NSIS officially supports only MSVC and GCC as compilers, so it was one of the two projects forcing us to keep a GCC toolchain for Windows. With this commit, we adapt the tricks Mozilla uses to build NSIS with Clang, and remove the dependency on mingw-w64.
The main trick is to use the GNU assembler instead of Clang's internal one to build NSIS's system plugin. Luckily, it can be found in binutils, without a full GCC build.
- - - - - 018b7e26 by Pier Angelo Vendrame at 2024-01-10T11:11:19+01:00 Bug 40900: Update NSIS to 3.09.
The update allows us to delete the no-reloc-section patch, and while we are at it, we can replace the no-insert-timestamp patch with SOURCE_DATE_EPOCH, which we set as the creation date of the Source directory form the tarball.
- - - - -
5 changed files:
- projects/nsis/build - projects/nsis/config - − projects/nsis/no-insert-timestamp.patch - − projects/nsis/no-reloc-section.diff - + projects/nsis/resource-reproducible.diff
Changes:
===================================== projects/nsis/build ===================================== @@ -4,21 +4,41 @@ mkdir -p /var/tmp/build tar -C /var/tmp/build -xf nsis-[% c('version') %].tar.bz2
+# We need the GNU assembler for the system plugin +tar -C /var/tmp/dist -xf [% c('input_files_by_name/binutils') %] + # NSIS requires zlib and we later set the path using ZLIB_W32. tar -C /var/tmp/build -xf [% c('input_files_by_name/zlib') %]
+# This trick is adapted from Firefox's +# taskcluster/scripts/misc/build-mingw32-nsis.sh +compiler_prefix=/var/tmp/dist/mingw-w64-clang/bin/[% c("arch") %]-w64-mingw32 +cat <<'EOF' >"$compiler_prefix-gcc" +#!/bin/sh +# SCons ignores the external $PATH, so we add binutils here. +export PATH=/var/tmp/dist/binutils/bin:$PATH +case "$@" in +*/Call*.S) + $(dirname $0)/[% c("arch") %]-w64-mingw32-clang -fno-integrated-as "$@" + ;; +*) + $(dirname $0)/[% c("arch") %]-w64-mingw32-clang "$@" + ;; +esac +EOF + +chmod +x "$compiler_prefix-gcc" +ln -s "$compiler_prefix-clang++" "$compiler_prefix-g++" + cd /var/tmp/build/nsis-[% c('version') %]-src -# Adding --no-insert-timestamp to APPEND_LINKFLAGS is not working as it -# is used for both the host and cross-compiled parts, but this option is -# only valid for the Windows linker. Therefore we add it using a patch -# to the cross-compilation part only. Still needed as of 3.06.1, see: #40090. -patch -p1 < $rootdir/no-insert-timestamp.patch -# tor-browser-build#40822: NSIS adds a flag to tell it supports ASLR, but it -# does so only to pass MS certifications. According to the NSIS forums, they -# intended not to ship the .reloc to save space. But, according to the bug -# tracker, binutils 2.36 started adding a .reloc section by default, and we need -# to disable it with this patch. -patch -p1 < $rootdir/no-reloc-section.diff + +# These two sed commands also come from build-mingw32-nsis.sh +sed -i 's/-Wl,--exclude-libs,msvcrt.a/-Wl,-Xlink=-fixed/' SCons/Config/gnu +sed -i '2i extern "C"' SCons/Config/{memcpy,memset}.c + +export SOURCE_DATE_EPOCH=$(stat -c '%Y' Source) +# Resource.dll does not obey the source date epoch... +patch -p1 < "$rootdir/resource-reproducible.diff"
[% IF c("var/windows-x86_64") %] # Seems like setting TARGET_ARCH is not enough so we need to patch build.cpp @@ -30,8 +50,7 @@ patch -p1 < $rootdir/no-reloc-section.diff [% END %]
[% SET scons_args = 'VERSION=' _ c("version") - _ ' APPEND_CCFLAGS="-fgnu89-inline"' - _ " SKIPUTILS='NSIS Menu' XGCC_W32_PREFIX=" _ c("arch") _ "-w64-mingw32-" + _ " SKIPUTILS='NSIS Menu,Makensisw' XGCC_W32_PREFIX=" _ c("arch") _ "-w64-mingw32-" _ " TARGET_ARCH=" _ target _ " ZLIB_W32=/var/tmp/build/zlib/" _ ' PREFIX=/var/tmp/dist/nsis' -%]
===================================== projects/nsis/config ===================================== @@ -1,5 +1,5 @@ # vim: filetype=yaml sw=2 -version: 3.08 +version: 3.09 filename: 'nsis-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]' container: use_container: 1 @@ -11,21 +11,16 @@ var: - zlib1g-dev - libcppunit-dev - xsltproc - # NSIS has an assembly part that cannot be compiled with Clang. - # Mozilla uses -fno-integrated-as (see - # taskcluster/scripts/misc/build-mingw32-nsis.sh) but for some reason this - # does not seem to work for us, so just keep GCC for the moment, since we are - # already using it for Rust anyway. - compiler: mingw-w64
input_files: - project: container-image - filename: 'nsis-[% c("version") %].tar.bz2' URL: 'https://downloads.sourceforge.net/nsis/nsis-%5B% c("version") %]-src.tar.bz2' - sha256sum: a85270ad5386182abecb2470e3d7e9bec9fe4efd95210b13551cb386830d1e87 - - filename: no-insert-timestamp.patch - - filename: no-reloc-section.diff + sha256sum: 0cd846c6e9c59068020a87bfca556d4c630f2c5d554c1098024425242ddc56e2 - name: '[% c("var/compiler") %]' project: '[% c("var/compiler") %]' + - name: binutils + project: binutils - name: zlib project: zlib + - filename: resource-reproducible.diff
===================================== projects/nsis/no-insert-timestamp.patch deleted ===================================== @@ -1,27 +0,0 @@ -diff -ur nsis-3.03-src/SCons/Config/gnu nsis-3.03-src.n/SCons/Config/gnu ---- nsis-3.03-src/SCons/Config/gnu 2017-10-06 15:30:20.000000000 -0400 -+++ nsis-3.03-src.n/SCons/Config/gnu 2018-06-17 13:26:05.945495151 -0400 -@@ -102,6 +102,7 @@ - stub_env.Append(LINKFLAGS = ['$NODEFLIBS_FLAG']) # no standard libraries - stub_env.Append(LINKFLAGS = ['$ALIGN_FLAG']) # 512 bytes align - stub_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file -+stub_env.Append(LINKFLAGS = ['-Wl,--no-insert-timestamp']) # remove timestamps for reproducible builds - - stub_uenv = stub_env.Clone() - stub_uenv.Append(CPPDEFINES = ['_UNICODE', 'UNICODE']) -@@ -142,6 +143,7 @@ - plugin_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file - plugin_env.Append(LINKFLAGS = ['-static-libgcc']) # remove libgcc*.dll dependency - plugin_env.Append(LINKFLAGS = ['-static-libstdc++']) # remove libstdc++*.dll dependency -+plugin_env.Append(LINKFLAGS = ['-Wl,--no-insert-timestamp']) # remove timestamps for reproducible builds - - plugin_uenv = plugin_env.Clone() - plugin_uenv.Append(CPPDEFINES = ['_UNICODE', 'UNICODE']) -@@ -181,6 +183,7 @@ - - util_env.Append(LINKFLAGS = ['-mwindows']) # build windows executables - util_env.Append(LINKFLAGS = ['$ALIGN_FLAG']) # 512 bytes align -+util_env.Append(LINKFLAGS = ['-Wl,--no-insert-timestamp']) # remove timestamps for reproducible builds - - - conf = FlagsConfigure(util_env)
===================================== projects/nsis/no-reloc-section.diff deleted ===================================== @@ -1,14 +0,0 @@ -diff -Naur nsis-3.08-orig/SCons/Config/gnu nsis-3.08-src/SCons/Config/gnu ---- nsis-3.08-orig/SCons/Config/gnu 2023-03-23 09:22:46.315471779 +0100 -+++ nsis-3.08-src/SCons/Config/gnu 2023-03-23 09:24:05.260933879 +0100 -@@ -103,6 +103,10 @@ - stub_env.Append(LINKFLAGS = ['$ALIGN_FLAG']) # 512 bytes align - stub_env.Append(LINKFLAGS = ['$MAP_FLAG']) # generate map file - -+# https://sourceforge.net/p/nsis/bugs/1283/?limit=25#e303, -+# https://sourceforge.net/p/nsis/bugs/1283/?limit=25#e303/e90f -+stub_env.Append(LINKFLAGS = ['-Wl,--disable-reloc-section']) -+ - conf = FlagsConfigure(stub_env) - conf.CheckCompileFlag('-fno-tree-loop-distribute-patterns') # GCC 10: Don't generate msvcrt!memmove calls (bug #1248) - conf.Finish()
===================================== projects/nsis/resource-reproducible.diff ===================================== @@ -0,0 +1,10 @@ +diff '--color=auto' -rupN nsis-3.09-orig/Contrib/System/SConscript nsis-3.09-src/Contrib/System/SConscript +--- nsis-3.09-orig/Contrib/System/SConscript 2024-01-10 11:07:15.161175520 +0100 ++++ nsis-3.09-src/Contrib/System/SConscript 2024-01-10 11:08:47.338628667 +0100 +@@ -76,4 +76,5 @@ resources = Split(""" + + env.Depends(res_target, resources) + +-env.SharedLibrary('Resource', res_target + res_main) ++resource = env.SharedLibrary('Resource', res_target + res_main) ++env.MakeReproducible(resource)
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/compare/4...