[tor-commits] [Git][tpo/applications/tor-browser-build][main] Bug 40750: Solve rlbox reproducibility problems

Pier Angelo Vendrame (@pierov) git at gitlab.torproject.org
Mon Mar 6 08:58:28 UTC 2023 


Pier Angelo Vendrame pushed to branch main at The Tor Project / Applications / tor-browser-build


Commits:
76054058 by Pier Angelo Vendrame at 2023-03-03T18:42:49+01:00
Bug 40750: Solve rlbox reproducibility problems

The wasi-sandbox project was not reproducible, because libc.a was
filled in a non-deterministic order.
Its Makefile contains some wildcards, but adding a sort to them was not
enough to build libc.a deterministically.

After fixing this problem, Firefox build issue disappears, too.

Upstream issue: https://github.com/WebAssembly/wasi-libc/issues/398

- - - - -


4 changed files:

- + projects/wasi-sysroot/0001-Sort-the-object-list-passed-to-ar-in-the-Makefile.patch
- projects/wasi-sysroot/build
- projects/wasi-sysroot/config
- rbm.conf


Changes:

=====================================
projects/wasi-sysroot/0001-Sort-the-object-list-passed-to-ar-in-the-Makefile.patch
=====================================
@@ -0,0 +1,36 @@
+From ef21e4f17e104a34e7db89215db567cddd48832d Mon Sep 17 00:00:00 2001
+From: Pier Angelo Vendrame <pierov at torproject.org>
+Date: Wed, 1 Mar 2023 10:19:50 +0100
+Subject: [PATCH] Sort the object list passed to ar in the Makefile.
+
+This makes builds reproducible.
+---
+ Makefile | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index c31e3d7..f350ecb 100644
+--- a/Makefile
++++ b/Makefile
+@@ -488,13 +488,13 @@ $(SYSROOT_LIB)/libwasi-emulated-signal.a: $(LIBWASI_EMULATED_SIGNAL_OBJS) $(LIBW
+ %.a:
+ 	@mkdir -p "$(@D)"
+ 	# On Windows, the commandline for the ar invocation got too long, so it needs to be split up.
+-	$(AR) crs $@ $(wordlist 1, 199, $^)
+-	$(AR) crs $@ $(wordlist 200, 399, $^)
+-	$(AR) crs $@ $(wordlist 400, 599, $^)
+-	$(AR) crs $@ $(wordlist 600, 799, $^)
++	$(AR) crs $@ $(wordlist 1, 199, $(sort $^))
++	$(AR) crs $@ $(wordlist 200, 399, $(sort $^))
++	$(AR) crs $@ $(wordlist 400, 599, $(sort $^))
++	$(AR) crs $@ $(wordlist 600, 799, $(sort $^))
+ 	# This might eventually overflow again, but at least it'll do so in a loud way instead of
+ 	# silently dropping the tail.
+-	$(AR) crs $@ $(wordlist 800, 100000, $^)
++	$(AR) crs $@ $(wordlist 800, 100000, $(sort $^))
+ 
+ $(MUSL_PRINTSCAN_OBJS): CFLAGS += \
+ 	    -D__wasilibc_printscan_no_long_double \
+-- 
+2.39.2
+


=====================================
projects/wasi-sysroot/build
=====================================
@@ -28,6 +28,9 @@ mv clang-source llvm-project
 export LLVM_HOME=$(pwd)/llvm-project
 tar -xf $rootdir/[% c('input_files_by_name/wasi-libc') %]
 mv wasi-libc-* wasi-libc
+pushd wasi-libc
+patch -p1 < "$rootdir/0001-Sort-the-object-list-passed-to-ar-in-the-Makefile.patch"
+popd
 popd
 
 # What follows has been copied from Firefox's
@@ -53,11 +56,14 @@ cat > 'version.sh' << EOF
 echo '[% c("abbrev") %]'
 EOF
 
-# Build wasi-libc, libc++ and libc++abi.
+# Build wasi-libc, and re-pack it, to make sure we get a deterministic output.
+make PREFIX=/wasi build/wasi-libc.BUILT
+
+# We need to compile compiler-rt before building libc++ and libc++abi, because
+# we need to inject it to Clang.
 make \
   LLVM_PROJ_DIR=$LLVM_HOME \
   PREFIX=/wasi \
-  build/wasi-libc.BUILT \
   build/compiler-rt.BUILT \
   NINJA_FLAGS='-j[% c("num_procs") %]'
 
@@ -66,6 +72,7 @@ rtdir="build/llvm/lib/clang/$(ls build/llvm/lib/clang)/lib/wasi"
 mkdir -p "$rtdir"
 cp build/compiler-rt/lib/wasi/libclang_rt.builtins-wasm32.a "$rtdir/"
 
+# Now we can finally build libc++ and libc++abi.
 make \
   LLVM_PROJ_DIR=$LLVM_HOME \
   PREFIX=/wasi \


=====================================
projects/wasi-sysroot/config
=====================================
@@ -33,3 +33,4 @@ input_files:
     project: wasi-config
   - name: wasi-libc
     project: wasi-libc
+  - filename: '0001-Sort-the-object-list-passed-to-ar-in-the-Makefile.patch'


=====================================
rbm.conf
=====================================
@@ -170,7 +170,7 @@ var:
     - zh-rCN
     - zh-rTW
 
-  rlbox: 0
+  rlbox: 1
 
   sign_build: '[% ENV.RBM_SIGN_BUILD %]'
   sign_build_gpg_opts: '[% ENV.RBM_GPG_OPTS %]'



View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/760540587be5bef2bc4f7ae9c328c8e25c523920

-- 
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/760540587be5bef2bc4f7ae9c328c8e25c523920
You're receiving this email because of your account on gitlab.torproject.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-commits/attachments/20230306/da0d864f/attachment-0001.htm>

More information about the tor-commits mailing list