Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build Commits: 76054058 by Pier Angelo Vendrame at 2023-03-03T18:42:49+01:00 Bug 40750: Solve rlbox reproducibility problems The wasi-sandbox project was not reproducible, because libc.a was filled in a non-deterministic order. Its Makefile contains some wildcards, but adding a sort to them was not enough to build libc.a deterministically. After fixing this problem, Firefox build issue disappears, too. Upstream issue: https://github.com/WebAssembly/wasi-libc/issues/398 - - - - - 4 changed files: - + projects/wasi-sysroot/0001-Sort-the-object-list-passed-to-ar-in-the-Makefile.patch - projects/wasi-sysroot/build - projects/wasi-sysroot/config - rbm.conf Changes: ===================================== projects/wasi-sysroot/0001-Sort-the-object-list-passed-to-ar-in-the-Makefile.patch ===================================== @@ -0,0 +1,36 @@ +From ef21e4f17e104a34e7db89215db567cddd48832d Mon Sep 17 00:00:00 2001 +From: Pier Angelo Vendrame <pierov@torproject.org> +Date: Wed, 1 Mar 2023 10:19:50 +0100 +Subject: [PATCH] Sort the object list passed to ar in the Makefile. + +This makes builds reproducible. +--- + Makefile | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/Makefile b/Makefile +index c31e3d7..f350ecb 100644 +--- a/Makefile ++++ b/Makefile +@@ -488,13 +488,13 @@ $(SYSROOT_LIB)/libwasi-emulated-signal.a: $(LIBWASI_EMULATED_SIGNAL_OBJS) $(LIBW + %.a: + @mkdir -p "$(@D)" + # On Windows, the commandline for the ar invocation got too long, so it needs to be split up. +- $(AR) crs $@ $(wordlist 1, 199, $^) +- $(AR) crs $@ $(wordlist 200, 399, $^) +- $(AR) crs $@ $(wordlist 400, 599, $^) +- $(AR) crs $@ $(wordlist 600, 799, $^) ++ $(AR) crs $@ $(wordlist 1, 199, $(sort $^)) ++ $(AR) crs $@ $(wordlist 200, 399, $(sort $^)) ++ $(AR) crs $@ $(wordlist 400, 599, $(sort $^)) ++ $(AR) crs $@ $(wordlist 600, 799, $(sort $^)) + # This might eventually overflow again, but at least it'll do so in a loud way instead of + # silently dropping the tail. +- $(AR) crs $@ $(wordlist 800, 100000, $^) ++ $(AR) crs $@ $(wordlist 800, 100000, $(sort $^)) + + $(MUSL_PRINTSCAN_OBJS): CFLAGS += \ + -D__wasilibc_printscan_no_long_double \ +-- +2.39.2 + ===================================== projects/wasi-sysroot/build ===================================== @@ -28,6 +28,9 @@ mv clang-source llvm-project export LLVM_HOME=$(pwd)/llvm-project tar -xf $rootdir/[% c('input_files_by_name/wasi-libc') %] mv wasi-libc-* wasi-libc +pushd wasi-libc +patch -p1 < "$rootdir/0001-Sort-the-object-list-passed-to-ar-in-the-Makefile.patch" +popd popd # What follows has been copied from Firefox's @@ -53,11 +56,14 @@ cat > 'version.sh' << EOF echo '[% c("abbrev") %]' EOF -# Build wasi-libc, libc++ and libc++abi. +# Build wasi-libc, and re-pack it, to make sure we get a deterministic output. +make PREFIX=/wasi build/wasi-libc.BUILT + +# We need to compile compiler-rt before building libc++ and libc++abi, because +# we need to inject it to Clang. make \ LLVM_PROJ_DIR=$LLVM_HOME \ PREFIX=/wasi \ - build/wasi-libc.BUILT \ build/compiler-rt.BUILT \ NINJA_FLAGS='-j[% c("num_procs") %]' @@ -66,6 +72,7 @@ rtdir="build/llvm/lib/clang/$(ls build/llvm/lib/clang)/lib/wasi" mkdir -p "$rtdir" cp build/compiler-rt/lib/wasi/libclang_rt.builtins-wasm32.a "$rtdir/" +# Now we can finally build libc++ and libc++abi. make \ LLVM_PROJ_DIR=$LLVM_HOME \ PREFIX=/wasi \ ===================================== projects/wasi-sysroot/config ===================================== @@ -33,3 +33,4 @@ input_files: project: wasi-config - name: wasi-libc project: wasi-libc + - filename: '0001-Sort-the-object-list-passed-to-ar-in-the-Makefile.patch' ===================================== rbm.conf ===================================== @@ -170,7 +170,7 @@ var: - zh-rCN - zh-rTW - rlbox: 0 + rlbox: 1 sign_build: '[% ENV.RBM_SIGN_BUILD %]' sign_build_gpg_opts: '[% ENV.RBM_GPG_OPTS %]' View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/76... -- View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/76... You're receiving this email because of your account on gitlab.torproject.org.