[tor-commits] [tor-browser-build/master] Bug 32389: Enable WASM sandbox for Linux builds

[sysrqb at torproject.org]

commit b7d40046c0609e77cd9eb088f5e05775edd1c4a2
Author: Georg Koppen <gk at torproject.org>
Date:   Tue Jun 16 19:56:35 2020 +0000

    Bug 32389: Enable WASM sandbox for Linux builds
---
 projects/firefox/build  | 14 ++++++++++++++
 projects/firefox/config |  6 ++++++
 2 files changed, 20 insertions(+)

diff --git a/projects/firefox/build b/projects/firefox/build
index 9461034..294e35a 100644
--- a/projects/firefox/build
+++ b/projects/firefox/build
@@ -39,6 +39,20 @@ export LLVM_CONFIG="/var/tmp/dist/clang/bin/llvm-config"
   [% END -%]
 [% END -%]
 
+[% IF c("var/rlbox") -%]
+  tar -C /var/tmp/dist -xf [% c('input_files_by_name/wasi-sysroot') %]
+  # XXX: We need the libclang_rt.builtins-wasm32.a in our clang lib directory.
+  # Copy it over.
+  # https://searchfox.org/mozilla-central/source/build/build-clang/build-clang.py#890,
+  # include it directly in our clang
+  mkdir /var/tmp/dist/clang/lib/clang/[% pc("clang", "version") %]/lib/wasi
+  cp /var/tmp/dist/wasi-sysroot/lib/clang/9.0.0/lib/wasi/libclang_rt.builtins-wasm32.a /var/tmp/dist/clang/lib/clang/[% pc("clang", "version") %]/lib/wasi
+  tar -C /var/tmp/dist -xf [% c('input_files_by_name/lucetc') %]
+  export PATH="/var/tmp/dist/lucetc/bin:$PATH"
+  export WASM_SANDBOXED_LIBRARIES=graphite,ogg
+  export WASI_SYSROOT=/var/tmp/dist/wasi-sysroot/share/wasi-sysroot
+[% END -%]
+
 tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
 
 [% IF c("var/osx") %]
diff --git a/projects/firefox/config b/projects/firefox/config
index 7c700a8..0ecce9d 100644
--- a/projects/firefox/config
+++ b/projects/firefox/config
@@ -135,6 +135,12 @@ input_files:
     name: rust
   - project: cbindgen
     name: cbindgen
+  - project: wasi-sysroot
+    name: wasi-sysroot
+    enable: '[% c("var/rlbox") %]'
+  - project: lucetc
+    name: lucetc
+    enable: '[% c("var/rlbox") %]'
   - project: node
     name: node
   - project: nasm