This is an automated email from the git hooks/post-receive script.
dgoulet pushed a change to branch main in repository tor.
from 925201c946 Merge branch 'tor-gitlab/mr/713' new 3036bedf30 Update CI builds to Debian Bullseye, fix associated compatibility bugs new d77f1e7aea Merge branch 'tor-gitlab/mr/714' into maint-0.4.7 new 066da91521 changes: Add file for MR 714 new 97008526db Merge branch 'maint-0.4.7'
The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
Summary of changes: .gitlab-ci.yml | 21 ++++++++++++--------- changes/ticket40799 | 6 ++++++ src/lib/sandbox/sandbox.c | 7 ++++++- 3 files changed, 24 insertions(+), 10 deletions(-) create mode 100644 changes/ticket40799
This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main in repository tor.
commit 3036bedf30d413e8236ec962b9c91b66988c2204 Author: Micah Elizabeth Scott beth@torproject.org AuthorDate: Tue May 30 09:53:09 2023 -0700
Update CI builds to Debian Bullseye, fix associated compatibility bugs
This is a change intended for 0.4.7 maintenance as well as main.
The CI builds use Debian Buster which is now end of life, and I was experiencing inconsistent CI failures with accessing its security update server. I wanted to update CI to a distro that isn't EOL, and Bullseye is the current stable release of Debian.
This opened up a small can of worms that this commit also deals with. In particular there's a docker engine bug that we work around by removing the docker-specific apt cleanup script if it exists, and there's a new incompatibility between tracing and sandbox support.
The tracing/sandbox incompatibility itself had two parts:
- The membarrier() syscall is used to deliver inter-processor synchronization events, and the external "userspace-rcu" data structure library would make assumptions that if membarrier is available at initialization it always will be. This caused segfaults in some cases when running trace + sandbox. Resolved this by allowing membarrier entirely, in the sandbox.
- userspace-rcu also assumes it can block signals, and fails hard if this can't be done. We already include a similar carveout to allow this in the sandbox for fragile-hardening, so I extended that to cover tracing as well.
Addresses issue #40799
Signed-off-by: Micah Elizabeth Scott beth@torproject.org --- .gitlab-ci.yml | 21 ++++++++++++--------- src/lib/sandbox/sandbox.c | 7 ++++++- 2 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d033b7ca30..3bb2a9a40f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -49,6 +49,7 @@ variables: echo Etc/UTC > /etc/timezone mkdir -p apt-cache export APT_CACHE_DIR="$(pwd)/apt-cache" + rm -f /etc/apt/apt.conf.d/docker-clean echo 'quiet "1";' \ 'APT::Install-Recommends "0";' \ 'APT::Install-Suggests "0";' \ @@ -79,9 +80,11 @@ variables: - *apt-template # Install patches unconditionally. - apt-get install + apt-utils automake build-essential ca-certificates + file git libevent-dev liblzma-dev @@ -106,7 +109,7 @@ variables: # Minimal check on debian: just make, make check. # debian-minimal: - image: debian:buster + image: debian:bullseye <<: *debian-template script: - ./scripts/ci/ci-driver.sh @@ -114,7 +117,7 @@ debian-minimal: # Minmal check on debian/i386: just make, make check. # debian-i386-minimal: - image: i386/debian:buster + image: i386/debian:bullseye <<: *debian-template script: - ./scripts/ci/ci-driver.sh @@ -137,7 +140,7 @@ debian-hardened: ##### # Distcheck on debian stable debian-distcheck: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: DISTCHECK: "yes" @@ -148,7 +151,7 @@ debian-distcheck: ##### # Documentation tests on debian stable: doxygen and asciidoc. debian-docs: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: DOXYGEN: "yes" @@ -166,7 +169,7 @@ debian-docs: # with the 'artifacts' mechanism, in theory, but it would be good to # avoid having to have a system with hundreds of artifacts. debian-integration: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: CHECK: "no" @@ -180,7 +183,7 @@ debian-integration: ##### # Tracing build on Debian stable. debian-tracing: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: TRACING: "yes" @@ -192,7 +195,7 @@ debian-tracing: ##### # No-authority mode debian-disable-dirauth: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: DISABLE_DIRAUTH: "yes" @@ -202,7 +205,7 @@ debian-disable-dirauth: ##### # No-relay mode debian-disable-relay: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: DISABLE_RELAY: "yes" @@ -212,7 +215,7 @@ debian-disable-relay: ##### # NSS check on debian debian-nss: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: NSS: "yes" diff --git a/src/lib/sandbox/sandbox.c b/src/lib/sandbox/sandbox.c index 6800fa062b..5dace3a8a2 100644 --- a/src/lib/sandbox/sandbox.c +++ b/src/lib/sandbox/sandbox.c @@ -220,6 +220,10 @@ static int filter_nopar_gen[] = { #endif // glob uses this.. SCMP_SYS(lstat), +#ifdef __NR_membarrier + /* Inter-processor synchronization, needed for tracing support */ + SCMP_SYS(membarrier), +#endif SCMP_SYS(mkdir), SCMP_SYS(mlockall), #ifdef __NR_mmap @@ -1165,7 +1169,8 @@ sb_rt_sigprocmask(scmp_filter_ctx ctx, sandbox_cfg_t *filter) int rc = 0; (void) filter;
-#ifdef ENABLE_FRAGILE_HARDENING +#if defined(ENABLE_FRAGILE_HARDENING) || \ + defined(USE_TRACING_INSTRUMENTATION_LTTNG) rc = seccomp_rule_add_1(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rt_sigprocmask), SCMP_CMP(0, SCMP_CMP_EQ, SIG_BLOCK)); if (rc)
This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main in repository tor.
commit d77f1e7aea12e39b0aa2214d63c5a90be07f2d68 Merge: 33d5a7da9e 3036bedf30 Author: David Goulet dgoulet@torproject.org AuthorDate: Wed May 31 14:28:44 2023 -0400
Merge branch 'tor-gitlab/mr/714' into maint-0.4.7
.gitlab-ci.yml | 21 ++++++++++++--------- src/lib/sandbox/sandbox.c | 7 ++++++- 2 files changed, 18 insertions(+), 10 deletions(-)
This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main in repository tor.
commit 066da91521946fa45c637e6006f4e397fc65ee90 Author: David Goulet dgoulet@torproject.org AuthorDate: Wed May 31 14:31:59 2023 -0400
changes: Add file for MR 714
Signed-off-by: David Goulet dgoulet@torproject.org --- changes/ticket40799 | 6 ++++++ 1 file changed, 6 insertions(+)
diff --git a/changes/ticket40799 b/changes/ticket40799 new file mode 100644 index 0000000000..4e2afe6e4b --- /dev/null +++ b/changes/ticket40799 @@ -0,0 +1,6 @@ + o Minor bugfixes (sandbox): + - Allow membarrier for the sandbox. And allow rt_sigprocmask when compiled + with LTTng. Fixes bug 40799; bugfix on 0.3.5.1-alpha. + + o Minor feature (CI): + - Update CI to use Debian Bullseye for runners.
This is an automated email from the git hooks/post-receive script.
dgoulet pushed a commit to branch main in repository tor.
commit 97008526db53ce77cc65fbf93a4f5760c242082b Merge: 925201c946 066da91521 Author: David Goulet dgoulet@torproject.org AuthorDate: Wed May 31 14:32:07 2023 -0400
Merge branch 'maint-0.4.7'
.gitlab-ci.yml | 21 ++++++++++++--------- changes/ticket40799 | 6 ++++++ src/lib/sandbox/sandbox.c | 7 ++++++- 3 files changed, 24 insertions(+), 10 deletions(-)
diff --cc .gitlab-ci.yml index 6839f76a6b,3bb2a9a40f..17ce0af43b --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@@ -113,10 -114,10 +116,10 @@@ debian-minimal script: - ./scripts/ci/ci-driver.sh
-# Minmal check on debian/i386: just make, make check. +# Minimal check on debian/i386: just make, make check. # debian-i386-minimal: - image: i386/debian:buster + image: i386/debian:bullseye <<: *debian-template script: - ./scripts/ci/ci-driver.sh
tor-commits@lists.torproject.org