From 81e88ccff1a208930774a327d989a7b4183d3621 Mon Sep 17 00:00:00 2001 From: Hugo Landau Date: Fri, 5 Apr 2019 00:13:21 +0100 Subject: [PATCH] Switch to using tor-browser-build submodule --- .gitmodules | 3 + projects/common | 1 + projects/common/runc-config.json | 268 ------------------------------ projects/container-image | 1 + projects/container-image/build | 2 - projects/container-image/config | 62 ------- projects/debootstrap-image | 1 + projects/debootstrap-image/build | 2 - projects/debootstrap-image/config | 55 ------ projects/go | 1 + projects/go/build | 51 ------ projects/go/config | 90 ---------- projects/golang.org,x,net | 1 + projects/golang.org,x,net/config | 19 --- tor-browser-build | 1 + 15 files changed, 9 insertions(+), 549 deletions(-) create mode 120000 projects/common delete mode 100644 projects/common/runc-config.json create mode 120000 projects/container-image delete mode 100755 projects/container-image/build delete mode 100644 projects/container-image/config create mode 120000 projects/debootstrap-image delete mode 100755 projects/debootstrap-image/build delete mode 100644 projects/debootstrap-image/config create mode 120000 projects/go delete mode 100755 projects/go/build delete mode 100644 projects/go/config create mode 120000 projects/golang.org,x,net delete mode 100644 projects/golang.org,x,net/config create mode 160000 tor-browser-build diff --git a/.gitmodules b/.gitmodules index 2c1c6e6..af44286 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "rbm"] path = rbm url = https://git.torproject.org/builders/rbm.git +[submodule "tor-browser-build"] + path = tor-browser-build + url = https://git.torproject.org/builders/tor-browser-build.git diff --git a/projects/common b/projects/common new file mode 120000 index 0000000..250232a --- /dev/null +++ b/projects/common @@ -0,0 +1 @@ +../tor-browser-build/projects/common/ \ No newline at end of file diff --git a/projects/common/runc-config.json b/projects/common/runc-config.json deleted file mode 100644 index a3b5a08..0000000 --- a/projects/common/runc-config.json +++ /dev/null @@ -1,268 +0,0 @@ -{ - "ociVersion": "1.0.0[% IF !c("var_p/runc_spec100") %]-rc1[% END %]", - "platform": { - "os": "linux", - "arch": "amd64" - }, - "process": { - "terminal": [% IF c("interactive") %]true[% ELSE %]false[% END %], - "user": { - "uid": 0, - "gid": 0 - }, - "args": [ - "/rbm/run" - ], - "env": [ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "TERM=xterm" - ], - "cwd": "/", -[% IF c("var_p/runc_spec100") -%] - "capabilities": { - "bounding": [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE", - "CAP_SETGID", - "CAP_SETUID", - "CAP_MKNOD", - "CAP_SYS_CHROOT", -[% IF c("var/container/CAP_SYS_ADMIN") -%] - "CAP_SYS_ADMIN", -[% END -%] - "CAP_FSETID", - "CAP_FOWNER", - "CAP_DAC_OVERRIDE", - "CAP_CHOWN" - ], - "effective": [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE", - "CAP_SETGID", - "CAP_SETUID", - "CAP_MKNOD", - "CAP_SYS_CHROOT", -[% IF c("var/container/CAP_SYS_ADMIN") -%] - "CAP_SYS_ADMIN", -[% END -%] - "CAP_FSETID", - "CAP_FOWNER", - "CAP_DAC_OVERRIDE", - "CAP_CHOWN" - ], - "inheritable": [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE", - "CAP_SETGID", - "CAP_SETUID", - "CAP_MKNOD", - "CAP_SYS_CHROOT", -[% IF c("var/container/CAP_SYS_ADMIN") -%] - "CAP_SYS_ADMIN", -[% END -%] - "CAP_FSETID", - "CAP_FOWNER", - "CAP_DAC_OVERRIDE", - "CAP_CHOWN" - ], - "permitted": [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE", - "CAP_SETGID", - "CAP_SETUID", - "CAP_MKNOD", - "CAP_SYS_CHROOT", -[% IF c("var/container/CAP_SYS_ADMIN") -%] - "CAP_SYS_ADMIN", -[% END -%] - "CAP_FSETID", - "CAP_FOWNER", - "CAP_DAC_OVERRIDE", - "CAP_CHOWN" - ], - "ambient": [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE", - "CAP_SETGID", - "CAP_SETUID", - "CAP_MKNOD", - "CAP_SYS_CHROOT", -[% IF c("var/container/CAP_SYS_ADMIN") -%] - "CAP_SYS_ADMIN", -[% END -%] - "CAP_FSETID", - "CAP_FOWNER", - "CAP_DAC_OVERRIDE", - "CAP_CHOWN" - ] - }, -[% ELSE -%] - "capabilities": [ - "CAP_AUDIT_WRITE", - "CAP_KILL", - "CAP_NET_BIND_SERVICE", - "CAP_SETGID", - "CAP_SETUID", - "CAP_MKNOD", - "CAP_SYS_CHROOT", -[% IF c("var/container/CAP_SYS_ADMIN") -%] - "CAP_SYS_ADMIN", -[% END -%] - "CAP_FSETID", - "CAP_FOWNER", - "CAP_DAC_OVERRIDE", - "CAP_CHOWN" - ], -[% END -%] - "rlimits": [ - { - "type": "RLIMIT_NOFILE", - "hard": 1024, - "soft": 1024 - } - ], - "noNewPrivileges": true - }, - "root": { - "path": "rootfs", - "readonly": false - }, - "hostname": "runc", - "mounts": [ - { - "destination": "/proc", - "type": "proc", - "source": "proc" - }, - { - "type": "bind", - "source": "/etc/resolv.conf", - "destination": "/etc/resolv.conf", - "options": [ - "rbind", - "ro" - ] - }, - { - "destination": "/dev", - "type": "tmpfs", - "source": "tmpfs", - "options": [ - "nosuid", - "strictatime", - "mode=755", - "size=65536k" - ] - }, - { - "destination": "/dev/pts", - "type": "devpts", - "source": "devpts", - "options": [ - "nosuid", - "noexec", - "newinstance", - "ptmxmode=0666", - "mode=0620", - "gid=5" - ] - }, - { - "destination": "/dev/shm", - "type": "tmpfs", - "source": "shm", - "options": [ - "nosuid", - "noexec", - "nodev", - "mode=1777", - "size=65536k" - ] - }, - { - "destination": "/dev/mqueue", - "type": "mqueue", - "source": "mqueue", - "options": [ - "nosuid", - "noexec", - "nodev" - ] - }, - { - "destination": "/sys", - "type": "sysfs", - "source": "sysfs", - "options": [ - "nosuid", - "noexec", - "nodev", - "ro" - ] - }, - { - "destination": "/sys/fs/cgroup", - "type": "cgroup", - "source": "cgroup", - "options": [ - "nosuid", - "noexec", - "nodev", - "relatime", - "ro" - ] - } - ], - "hooks": {}, - "linux": { - "resources": { - "devices": [ - { - "allow": false, - "access": "rwm" - } - ] - }, - "namespaces": [ - { - "type": "pid" - }, - { - "type": "ipc" - }, - { - "type": "uts" - }, - { - "type": "mount" - } - ], - "maskedPaths": [ - "/proc/kcore", - "/proc/latency_stats", - "/proc/timer_stats", -[% IF c("var_p/runc_spec100") -%] - "/proc/timer_list", - "/sys/firmware", -[% END -%] - "/proc/sched_debug" - ], - "readonlyPaths": [ - "/proc/asound", - "/proc/bus", - "/proc/fs", - "/proc/irq", - "/proc/sys", - "/proc/sysrq-trigger" - ] - }, - "solaris": { - "cappedCPU": {}, - "cappedMemory": {} - } -} diff --git a/projects/container-image b/projects/container-image new file mode 120000 index 0000000..45931ed --- /dev/null +++ b/projects/container-image @@ -0,0 +1 @@ +../tor-browser-build/projects/container-image/ \ No newline at end of file diff --git a/projects/container-image/build b/projects/container-image/build deleted file mode 100755 index d37118b..0000000 --- a/projects/container-image/build +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -set -e diff --git a/projects/container-image/config b/projects/container-image/config deleted file mode 100644 index 1f85ade..0000000 --- a/projects/container-image/config +++ /dev/null @@ -1,62 +0,0 @@ -filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %]-[% sha256(c("pre")).substr(0,12) %].tar.gz' -pkg_type: build - -var: - container: - use_container: 1 - suite: '[% pc(c("origin_project"), "var/container/suite") %]' - arch: '[% pc(c("origin_project"), "var/container/arch") %]' - -lsb_release: - id: Debian - codename: wheezy - release: 7.11 - -pre: | - #!/bin/sh - # [% c('var/container/suite') %] - set -e - [% IF pc(c('origin_project'), 'var/pre_pkginst') -%] - [% pc(c('origin_project'), 'var/pre_pkginst') %] - [% END -%] - apt-get update -y - apt-get upgrade -y - [% - deps = []; - IF pc(c('origin_project'), 'var/deps'); - CALL deps.import(pc(c('origin_project'), 'var/deps')); - END; - IF pc(c('origin_project'), 'var/arch_deps'); - CALL deps.import(pc(c('origin_project'), 'var/arch_deps')); - END; - IF deps.size; - IF pc(c('origin_project'), 'var/sort_deps'); - deps = deps.sort; - END; - FOREACH pkg IN deps; - SET p = tmpl(pkg); - IF p; - GET c('install_package', { pkg_name => p }); - GET "\n"; - END; - END; - END; - -%] - [% IF pc(c('origin_project'), 'var/post_pkginst') -%] - [% pc(c('origin_project'), 'var/post_pkginst') %] - [% END -%] - -remote_get: | - #!/bin/sh - set -e - [% - SET src = shell_quote(c('get_src', { error_if_undef => 1 })); - SET dst = shell_quote(c('get_dst', { error_if_undef => 1 })); - -%] - mkdir -p "[% dst %]" - sudo tar -C "[% c("var/container/dir") %]/rootfs" -czf "[% dst %]/[% c("filename") %]" . - -input_files: - - project: debootstrap-image - target: - - '[% c("var/container/suite") %]-[% c("var/container/arch") %]' diff --git a/projects/debootstrap-image b/projects/debootstrap-image new file mode 120000 index 0000000..58b1d28 --- /dev/null +++ b/projects/debootstrap-image @@ -0,0 +1 @@ +../tor-browser-build/projects/debootstrap-image/ \ No newline at end of file diff --git a/projects/debootstrap-image/build b/projects/debootstrap-image/build deleted file mode 100755 index d37118b..0000000 --- a/projects/debootstrap-image/build +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/sh -set -e diff --git a/projects/debootstrap-image/config b/projects/debootstrap-image/config deleted file mode 100644 index 9481a0e..0000000 --- a/projects/debootstrap-image/config +++ /dev/null @@ -1,55 +0,0 @@ -filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %].tar.gz' -pkg_type: build - -var: - ubuntu_version: 18.04.1 - - container: - use_container: 1 - # We need CAP_SYS_ADMIN for debootstrap to work - CAP_SYS_ADMIN: 1 - -pre: | - #!/bin/sh - set -e - apt-get update -y - apt-get install -y debian-archive-keyring ubuntu-keyring debootstrap - container=systemd-nspawn debootstrap --arch=[% c("var/container/arch") %] [% c("var/container/debootstrap_opt") %] [% c("var/container/suite") %] base-image [% c("var/container/debootstrap_mirror") %] - tar -C ./base-image -czf [% dest_dir %]/[% c("filename") %] . - -targets: - wheezy-amd64: - var: - container: - suite: wheezy - arch: amd64 - wheezy-i386: - var: - container: - suite: wheezy - arch: i386 - jessie-amd64: - var: - container: - suite: jessie - arch: amd64 - jessie-i386: - var: - container: - suite: jessie - arch: i386 - buster-amd64: - var: - container: - suite: buster - arch: amd64 - stretch-amd64: - var: - container: - suite: stretch - arch: amd64 - -input_files: - - URL: 'http://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' - filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz' - sha256sum: ed76e649f65548a80b361b68011085ec4dde7bb762d667657acbef87765e1a12 diff --git a/projects/go b/projects/go new file mode 120000 index 0000000..a2abbd4 --- /dev/null +++ b/projects/go @@ -0,0 +1 @@ +../tor-browser-build/projects/go \ No newline at end of file diff --git a/projects/go/build b/projects/go/build deleted file mode 100755 index 5a114f4..0000000 --- a/projects/go/build +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash -[% c("var/set_default_env") -%] -[% c("var/setarch") -%] -distdir=/var/tmp/dist/[% project %] -mkdir -p /var/tmp/dist - -[% IF c("var/linux") %] - # Config options for hardening-wrapper - export DEB_BUILD_HARDENING=1 - export DEB_BUILD_HARDENING_STACKPROTECTOR=1 - export DEB_BUILD_HARDENING_FORTIFY=1 - export DEB_BUILD_HARDENING_FORMAT=1 - export DEB_BUILD_HARDENING_PIE=1 -[% END %] - -mkdir -p /var/tmp/build - -# Building go 1.4.x -# This is needed to bootstrap the go that we actually use -# https://golang.org/doc/install/source#go14 -tar -C /var/tmp/build --transform='s,^go\>,go1.4,' -xf $rootdir/[% c('input_files_by_name/go14') %] -cd /var/tmp/build/go1.4/src -# Disable cgo to avoid conflicts with newer GCC. cgo is not needed for the bootstrap go. -# https://github.com/golang/go/issues/13114#issuecomment-186922245 -# Disable CC etc. that are set up for cross builds. -CGO_ENABLED=0 CC= CFLAGS= LDFLAGS= ./make.bash -export GOROOT_BOOTSTRAP="/var/tmp/build/go1.4" - -cd $rootdir -[% IF ! c("var/linux") %] - [% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %] -[% END %] - -# Building go -# http://golang.org/doc/install/source#environment -tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/go') %] -export GOROOT="$distdir" -cd /var/tmp/dist/go/src -[% IF c("var/linux") %] - ./make.bash -[% ELSIF c("var/osx") %] - # TODO -[% ELSIF c("var/windows") %] - # TODO -[% END -%] - -cd /var/tmp/dist -[% c('tar', { - tar_src => [ project ], - tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'), - }) %] diff --git a/projects/go/config b/projects/go/config deleted file mode 100644 index d5eed7e..0000000 --- a/projects/go/config +++ /dev/null @@ -1,90 +0,0 @@ -version: 1.11.1 -filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz' - -var: - go14_version: 1.4.3 - container: - use_container: 1 - - setup: | - [% c("var/setarch") -%] - mkdir -p /var/tmp/dist - tar -C /var/tmp/dist -xf $rootdir/[% c("go_tarfile") %] - export GOOS=[% c("var/GOOS") %] - export GOARCH=[% c("var/GOARCH") %] - export GOPATH=/var/tmp/dist/gopath - export PATH=/var/tmp/dist/go/bin:/var/tmp/dist/gopath/bin:"$PATH" - - # Template build script for building a go library. - # This can be called as projects/go/var/build_go_lib. - # You need to define /var/go_lib, and optionally var/go_lib_install as a list - # of install targets. - build_go_lib: | - #!/bin/sh - [% c("var/set_default_env") -%] - [% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %] - distdir=/var/tmp/dist/[% project %] - mkdir -p /var/tmp/build - tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz - [% FOREACH dep = c("var/go_lib_deps") -%] - tar -C /var/tmp/dist -xf [% c('input_files_by_name/' _ dep) %] - [% END -%] - mkdir -p $(dirname "$GOPATH/src/[% c("var/go_lib") %]") - mv /var/tmp/build/[% project %]-[% c('version') %] "$GOPATH/src/[% c("var/go_lib") %]" - cd "$GOPATH/src/[% c("var/go_lib") %]" - for p in $(ls -1 $rootdir/*.patch 2> /dev/null | sort) - do - patch -p1 < $p - done - [% IF c("var/build_go_lib_pre"); GET c("var/build_go_lib_pre"); END; -%] - [% IF c("var/go_lib_install") -%] - [% FOREACH inst IN c("var/go_lib_install") %] - go install [% inst %] - [% END %] - [% ELSE %] - go install [% c("var/go_lib") %] - [% END %] - cd /var/tmp/dist - [% c('tar', { - tar_src => [ 'gopath' ], - tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'), - }) %] - -targets: - windows: - var: - GOOS: windows - windows-i686: - var: - GOARCH: 386 - windows-x86_64: - var: - GOARCH: amd64 - osx-x86_64: - var: - GOOS: darwin - GOARCH: amd64 - arch_deps: - - faketime - linux: - var: - GOOS: linux - linux-x86_64: - var: - GOARCH: amd64 - linux-i686: - var: - GOARCH: 386 - -input_files: - - project: container-image - - name: '[% c("var/compiler") %]' - project: '[% c("var/compiler") %]' - enable: '[% c("var/windows") || c("var/osx") %]' - - URL: 'https://golang.org/dl/go[% c("version") %].src.tar.gz' - name: go - sha256sum: 558f8c169ae215e25b81421596e8de7572bd3ba824b79add22fba6e284db1117 - - URL: 'https://golang.org/dl/go[% c("var/go14_version") %].src.tar.gz' - name: go14 - sha256sum: 9947fc705b0b841b5938c48b22dc33e9647ec0752bae66e50278df4f23f64959 - diff --git a/projects/golang.org,x,net b/projects/golang.org,x,net new file mode 120000 index 0000000..b004f8b --- /dev/null +++ b/projects/golang.org,x,net @@ -0,0 +1 @@ +../tor-browser-build/projects/goxnet \ No newline at end of file diff --git a/projects/golang.org,x,net/config b/projects/golang.org,x,net/config deleted file mode 100644 index bd930d3..0000000 --- a/projects/golang.org,x,net/config +++ /dev/null @@ -1,19 +0,0 @@ -version: '[% c("abbrev") %]' -git_url: https://go.googlesource.com/net -git_hash: '[% config.var_p.id.${"golang.org/x/net"} %]' -filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz' - -build: '[% c("projects/go/var/build_go_lib") %]' - -var: - container: - use_container: 1 - go_lib: golang.org/x/net - go_lib_install: - - golang.org/x/net/context - go_lib_deps: [] - -input_files: - - project: container-image - - name: go - project: go diff --git a/tor-browser-build b/tor-browser-build new file mode 160000 index 0000000..d8f156e --- /dev/null +++ b/tor-browser-build @@ -0,0 +1 @@ +Subproject commit d8f156e110afe00e0b366cff8ff0e0c53b4a58c9