rbm.conf 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475
  1. # vim: filetype=yaml sw=2
  2. debug: '[% GET ! ENV.RBM_NO_DEBUG %]'
  3. compress_tar: gz
  4. output_dir: "out/[% project %]"
  5. tmp_dir: '[% c("basedir") %]/tmp'
  6. build_log: '[% GET ENV.RBM_LOGS_DIR ? ENV.RBM_LOGS_DIR : "logs" %]/[% project %][% IF c("var/osname") %]-[% c("var/osname") %][% END %].log'
  7. pkg_type: build
  8. steps:
  9. src-tarballs:
  10. compress_tar: xz
  11. src-tarballs: |
  12. #!/bin/bash
  13. set -e
  14. mkdir -p '[% dest_dir %]'
  15. mv -vf '[% project %]-[% c("version") %].tar.xz' '[% dest_dir %]/[% c("filename") %]'
  16. # buildconf contains build options that the user can change in rbm.local.conf
  17. # When adding a new option to buildconf, a default value should be defined
  18. # in var/build_id, so that changing this option does not affect the build_id.
  19. buildconf:
  20. num_procs: '[% GET ENV.RBM_NUM_PROCS ? ENV.RBM_NUM_PROCS : "4" %]'
  21. git_signtag_opt: '-s'
  22. var:
  23. torbrowser_version: '8.5a10'
  24. torbrowser_build: 'build1'
  25. torbrowser_incremental_from:
  26. - 8.5a8
  27. - 8.5a9
  28. project_name: tor-browser
  29. multi_lingual: 0
  30. build_mar: 1
  31. # By default, we sort the list of installed packages. This allows sharing
  32. # containers with identical list of packages, even if they are not listed
  33. # in the same order. In the cases where the installation order is
  34. # important, sort_deps should be set to 0.
  35. sort_deps: 1
  36. build_id: '[% sha256(c("var/build_id_txt", { buildconf => { num_procs => 4 } })).substr(0, 6) %]'
  37. build_id_txt: |
  38. [% c("version") %]
  39. [% IF c("git_hash") || c("hg_hash"); GET c("abbrev"); END; %]
  40. [% IF c("var/container/use_container") -%]
  41. [% c("var/container/suite") %]
  42. [% c("var/container/arch") %]
  43. [% END -%]
  44. input_files: [% c("input_files_id") %]
  45. build:
  46. [% c("build", { filename => 'f', output_dir => '/out' }) %]
  47. container:
  48. dir: '[% c("rbm_tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]'
  49. user: rbm
  50. input_files_list: |
  51. [% FOREACH file IN c("input_files_by_name").keys.sort -%]
  52. [% c("input_files_by_name/" _ file) %]
  53. [% END -%]
  54. faketime: "faketime -f \"[% USE date; GET date.format(c('timestamp'), format = '%Y-%m-%d %H:%M:%S') %]\""
  55. touch: "[% USE date %]touch -m -t [% date.format(c('timestamp'), format = '%Y%m%d%H%M') %]"
  56. locale_ja: ja
  57. locales:
  58. - ar
  59. - ca
  60. - cs
  61. - da
  62. - de
  63. - el
  64. - es-ES
  65. - fa
  66. - fr
  67. - ga-IE
  68. - he
  69. - hu
  70. - id
  71. - is
  72. - it
  73. - '[% c("var/locale_ja") %]'
  74. - ka
  75. - ko
  76. - nb-NO
  77. - nl
  78. - pl
  79. - pt-BR
  80. - ru
  81. - sv-SE
  82. - tr
  83. - vi
  84. - zh-CN
  85. - zh-TW
  86. sign_build: '[% ENV.RBM_SIGN_BUILD %]'
  87. sign_build_gpg_opts: '[% ENV.RBM_GPG_OPTS %]'
  88. rezip: |
  89. rezip_tmpdir=$(mktemp -d)
  90. mkdir -p "$rezip_tmpdir/z"
  91. unzip -d "$rezip_tmpdir/z" -- [% c("rezip_file") %] || [ $? -lt 3 ]
  92. pushd "$rezip_tmpdir/z"
  93. [% c("zip", {
  94. zip_src => [ '.' ],
  95. zip_args => '$rezip_tmpdir/new.zip',
  96. }) %]
  97. popd
  98. mv -f -- "$rezip_tmpdir/new.zip" [% c("rezip_file") %]
  99. rm -Rf "$rezip_tmpdir"
  100. set_default_env: |
  101. set -e
  102. [% FOREACH env = c('ENV') -%]
  103. export [% env.key %]="[% env.value %]"
  104. [% END -%]
  105. rootdir=$(pwd)
  106. export SHELL=/bin/bash
  107. export HOME=$rootdir
  108. umask 0022
  109. DOCSDIR_project: '[% project %]'
  110. set_PTDIR_DOCSDIR: |
  111. PTDIR="$distdir/TorBrowser/Tor/PluggableTransports"
  112. DOCSDIR="$distdir/TorBrowser/Docs/[% c("var/DOCSDIR_project") %]"
  113. targets:
  114. notarget: linux-x86_64
  115. noint:
  116. debug: 0
  117. release:
  118. var:
  119. release: 1
  120. channel: release
  121. alpha:
  122. var:
  123. alpha: 1
  124. channel: alpha
  125. nightly:
  126. fetch: 1
  127. var:
  128. nightly: 1
  129. channel: nightly
  130. torbrowser_version: tbb-nightly
  131. torbrowser-testbuild:
  132. - testbuild
  133. - alpha
  134. testbuild:
  135. var:
  136. testbuild: 1
  137. # Don't create mar files to save time
  138. build_mar: 0
  139. # The common-stretch target is used to build components that are common to all
  140. # platforms, using Debian stretch.
  141. common-stretch:
  142. var:
  143. common: 1
  144. container:
  145. suite: stretch
  146. arch: amd64
  147. deps:
  148. - build-essential
  149. - python
  150. - bison
  151. - automake
  152. - libtool
  153. - zip
  154. - unzip
  155. torbrowser-android-armv7:
  156. - android-armv7
  157. - android
  158. android-armv7:
  159. arch: armv7
  160. var:
  161. android-armv7: 1
  162. osname: android-armv7
  163. torbrowser-android-x86:
  164. - android-x86
  165. - android
  166. android-x86:
  167. arch: x86
  168. var:
  169. android-x86: 1
  170. osname: android-x86
  171. android:
  172. var:
  173. android: 1
  174. compiler: android-toolchain
  175. snowflake: 0
  176. fteproxy: 0
  177. container:
  178. suite: stretch
  179. arch: amd64
  180. deps:
  181. - build-essential
  182. - python
  183. - bison
  184. - automake
  185. - libtool
  186. - zip
  187. - unzip
  188. torbrowser-linux-x86_64:
  189. - linux-x86_64
  190. - linux
  191. torbrowser-linux-x86_64-debug:
  192. - linux-debug
  193. - linux-x86_64
  194. - linux
  195. torbrowser-linux-i686:
  196. - linux-i686
  197. - linux
  198. linux-x86_64:
  199. arch: x86_64
  200. var:
  201. linux-x86_64: 1
  202. osname: linux-x86_64
  203. linux-i686:
  204. arch: i686
  205. var:
  206. linux-i686: 1
  207. osname: linux-i686
  208. configure_opt_i686: '--host=i686-linux-gnu CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32'
  209. configure_opt: '[% c("var/configure_opt_i686") %]'
  210. linux:
  211. var:
  212. linux: 1
  213. compiler: gcc
  214. # We only build snowflake for linux and macOS on the alpha and nightly
  215. # channels for now.
  216. snowflake: '[% c("var/alpha") || c("var/nightly") %]'
  217. fteproxy: 1
  218. selfrando: '[% c("var/linux-x86_64") && ! c("var/release") %]'
  219. container:
  220. suite: wheezy
  221. arch: amd64
  222. pre_pkginst: dpkg --add-architecture i386
  223. deps:
  224. - libc6-dev-i386
  225. - lib32stdc++6
  226. - build-essential
  227. - python
  228. - bison
  229. - hardening-wrapper
  230. - automake
  231. - libtool
  232. - zip
  233. - unzip
  234. linux-debug:
  235. var:
  236. asan: 1
  237. torbrowser-windows-i686:
  238. - windows-i686
  239. - windows
  240. torbrowser-windows-x86_64:
  241. - windows-x86_64
  242. - windows
  243. windows-x86_64:
  244. arch: x86_64
  245. var:
  246. windows-x86_64: 1
  247. osname: windows-x86_64
  248. container:
  249. arch: amd64
  250. faketime_path: /usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
  251. # HEASLR is 64 bit only (see bug 12968)
  252. flag_HEASLR: '-Wl,--high-entropy-va'
  253. windows-i686:
  254. arch: i686
  255. var:
  256. windows-i686: 1
  257. osname: windows-i686
  258. container:
  259. arch: i386
  260. faketime_path: /usr/lib/i386-linux-gnu/faketime/libfaketime.so.1
  261. setarch: |
  262. if test -z "$RBM_SETARCH"
  263. then
  264. export RBM_SETARCH=1
  265. exec setarch i686 ./build
  266. fi
  267. fteproxy: 1
  268. windows:
  269. var:
  270. windows: 1
  271. container:
  272. suite: jessie
  273. configure_opt: '--host=[% c("arch") %]-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]"'
  274. CFLAGS: '-fstack-protector-strong -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security [% c("var/flag_mwindows") %]'
  275. LDFLAGS: '-Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -Wl,--no-insert-timestamp -lssp -L$gcclibs [% c("var/flag_HEASLR") %] [% c("var/flag_mwindows") %]'
  276. flag_mwindows: '-mwindows'
  277. compiler: mingw-w64
  278. deps:
  279. - build-essential
  280. - python
  281. - bison
  282. - automake
  283. - libtool
  284. - zip
  285. - unzip
  286. torbrowser-osx-x86_64:
  287. - osx-x86_64
  288. osx-x86_64:
  289. arch: x86_64
  290. var:
  291. osx: 1
  292. osname: osx-x86_64
  293. container:
  294. suite: jessie
  295. arch: amd64
  296. compiler: 'macosx-toolchain'
  297. configure_opt: '--host=x86_64-apple-darwin11 CC="x86_64-apple-darwin11-clang [% c("var/FLAGS") %]" CXX="x86_64-apple-darwin11-clang++ [% c("var/FLAGS") %]"'
  298. FLAGS: "-target x86_64-apple-darwin11 -B $cctoolsdir -isysroot $sysrootdir"
  299. LDFLAGS: "-Wl,-syslibroot,$sysrootdir -Wl,-dead_strip -Wl,-pie"
  300. locale_ja: ja-JP-mac
  301. # We only build snowflake for linux and macOS on the alpha and nightly
  302. # channels for now.
  303. snowflake: '[% c("var/alpha") || c("var/nightly") %]'
  304. deps:
  305. - build-essential
  306. - python
  307. - bison
  308. - automake
  309. - libtool
  310. - zip
  311. - unzip
  312. faketime_path: /usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
  313. set_PTDIR_DOCSDIR: |
  314. PTDIR="$distdir/Contents/MacOS/Tor/PluggableTransports"
  315. DOCSDIR="$distdir/Contents/Resources/TorBrowser/Docs/[% c("var/DOCSDIR_project") %]"
  316. # The no_build_id target can be useful if you want to quickly display
  317. # a build template or other option but don't want to spend time to
  318. # compute the various build ids
  319. no_build_id:
  320. # The defaut timestamp value will use the commit time of the
  321. # selected commit for the project, which will require cloning the
  322. # git repository if it is not present. When we use the no_build_id
  323. # target to display a script, we usually don't care about such
  324. # details, so we set timestamp to 0 to avoid unnecessary cloning.
  325. timestamp: 0
  326. var:
  327. build_id: 1
  328. # change the default gpg_wrapper to allow git tag signed using an
  329. # expired key.
  330. # https://bugs.torproject.org/19737
  331. gpg_wrapper: |
  332. #!/bin/bash
  333. export LC_ALL=C
  334. [%
  335. IF c('gpg_keyring');
  336. SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), path(c('gpg_keyring_dir'))) _ ' --no-default-keyring';
  337. END;
  338. -%]
  339. # git >= 2.10.0-rc0 is calling gpg with 5 args. See #20757
  340. if ( [ $# -eq 4 ] && [ "$1" = '--status-fd=1' ] \
  341. && [ "$2" = '--verify' ] ) \
  342. || ( [ $# -eq 5 ] && [ "$1" = '--status-fd=1' ] \
  343. && [ "$2" = '--keyid-format=long' ] && [ "$3" = '--verify' ] )
  344. then
  345. [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@" | sed 's/^\[GNUPG:\] EXPKEYSIG /\[GNUPG:\] GOODSIG /'
  346. exit ${PIPESTATUS[0]}
  347. else
  348. exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@"
  349. fi
  350. remote_start: '[% IF c("var/container/use_container") %][% c("runc/remote_start") %][% END %]'
  351. remote_exec: '[% IF c("var/container/use_container") %][% c("runc/remote_exec") %][% END %]'
  352. remote_put: '[% IF c("var/container/use_container") %][% c("runc/remote_put") %][% END %]'
  353. remote_get: '[% IF c("var/container/use_container") %][% c("runc/remote_get") %][% END %]'
  354. remote_finish: '[% IF c("var/container/use_container") %][% c("runc/remote_finish") %][% END %]'
  355. runc:
  356. remote_start: |
  357. #!/bin/sh
  358. set -e
  359. if [ $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'* | wc -l) -ne 1 ]
  360. then
  361. echo "Can't find container image in input files" >&2
  362. ls -l '[% c("remote_srcdir") %]' >&2
  363. exit 1
  364. fi
  365. mkdir -p '[% c("var/container/dir") %]'/rootfs/rbm
  366. sudo tar -C '[% c("var/container/dir") %]'/rootfs -xf $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'*)
  367. [% SET user = c("var/container/user") -%]
  368. [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'id ' _ user
  369. _ ' >/dev/null 2>&1 || adduser -m ' _ user _ ' || useradd -m ' _ user }) %]
  370. remote_exec: |
  371. #!/bin/sh
  372. set -e
  373. [% IF c("interactive") -%]
  374. echo Container directory: [% shell_quote(c("var/container/dir")) %]
  375. [% END -%]
  376. mkdir -p '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/rbm
  377. echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/cmd
  378. echo [% shell_quote(c('exec_cmd')) %] >> '[% c("var/container/dir") %]'/rootfs/rbm/cmd
  379. echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/run
  380. [% IF c('exec_as_root'); SET user = 'root'; ELSE; SET user = c("var/container/user", { error_if_undef => 1 }); END; %]
  381. echo 'su - [% user %] -c /rbm/cmd' >> '[% c("var/container/dir") %]'/rootfs/rbm/run
  382. chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/cmd
  383. chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/run
  384. cat > '[% c("var/container/dir") %]'/config.json << EOF
  385. [% INCLUDE 'runc-config.json' %]
  386. EOF
  387. sudo runc [% IF c("var_p/runc100") %]run[% ELSE %]start[% END %] -b '[% c("var/container/dir") %]' rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %] [% IF c("runc_hide_stderr") %]2>/dev/null[% END %]
  388. remote_put: |
  389. #!/bin/sh
  390. set -e
  391. [%
  392. SET src = shell_quote(c('put_src', { error_if_undef => 1 }));
  393. SET dst = shell_quote(c('put_dst', { error_if_undef => 1 }));
  394. -%]
  395. sudo mkdir -p '[% c("var/container/dir") %]'/rootfs/[% dst %]
  396. sudo cp -aP [% src %] '[% c("var/container/dir") %]'/rootfs/[% dst %]
  397. # On Ubuntu, the /root/.profile file contains a `mesg n` line which is
  398. # producing some `stdin: is not a tty` messages. To hide them, we hide
  399. # stderr from this part by setting runc_hide_stderr.
  400. [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'chown -R ' _ c("var/container/user") _ ' ' _ dst, runc_hide_stderr => 1 }) %]
  401. remote_get: |
  402. #!/bin/sh
  403. set -e
  404. [%
  405. SET src = shell_quote(c('get_src', { error_if_undef => 1 }));
  406. SET dst = shell_quote(c('get_dst', { error_if_undef => 1 }));
  407. -%]
  408. mkdir -p [% dst %]
  409. srcdir='[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/[% src %]
  410. sudo chown -R $(whoami) "$srcdir"
  411. if [ $(ls -1 "$srcdir"/* 2> /dev/null | wc -l) -gt 0 ]
  412. then
  413. for file in "$srcdir"/*
  414. do
  415. bname="$(basename "$file")"
  416. test -e [% dst %]/"$bname" && rm -Rf [% dst %]/"$bname"
  417. mv -f "$file" [% dst %]/
  418. done
  419. fi
  420. remote_finish: |
  421. #!/bin/sh
  422. set -e
  423. sudo rm -Rf '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs '[% c("var/container/dir", { error_if_undef => 1 }) %]'/config.json
  424. rmdir '[% c("var/container/dir") %]'
  425. ENV:
  426. TZ: UTC
  427. LC_ALL: C
  428. --- |
  429. # This part of the file contains options written in perl
  430. use IO::CaptureOutput qw(capture_exec);
  431. (
  432. var_p => {
  433. # runc100 is true if we are using runc >= 1.0.0
  434. # we assume that any version that is not 0.1.1 is >= 1.0.0
  435. runc100 => sub {
  436. my ($out) = capture_exec('sudo', 'runc', '--version');
  437. return !($out =~ m/^runc version 0.1.1/);
  438. },
  439. # runc_spec100 is true if runc spec is at least 1.0.0
  440. # We will need to update this when there is a new spec version available
  441. runc_spec100 => sub {
  442. my ($out) = capture_exec('sudo', 'runc', '--version');
  443. return $out =~ m/^.*spec: 1\.[0-9]+\.[0-9]+$/m;
  444. },
  445. },
  446. )