|
|
|
# vim: filetype=yaml sw=2
|
|
|
|
debug: '[% GET ! ENV.RBM_NO_DEBUG %]'
|
|
|
|
compress_tar: gz
|
|
|
|
output_dir: "out/[% project %]"
|
|
|
|
tmp_dir: '[% c("basedir") %]/tmp'
|
|
|
|
build_log: '[% GET ENV.RBM_LOGS_DIR ? ENV.RBM_LOGS_DIR : "logs" %]/[% project %][% IF c("var/osname") %]-[% c("var/osname") %][% END %].log'
|
|
|
|
|
|
|
|
pkg_type: build
|
|
|
|
|
|
|
|
steps:
|
|
|
|
src-tarballs:
|
|
|
|
compress_tar: xz
|
|
|
|
src-tarballs: |
|
|
|
|
#!/bin/bash
|
|
|
|
set -e
|
|
|
|
mkdir -p '[% dest_dir %]'
|
|
|
|
mv -vf '[% project %]-[% c("version") %].tar.xz' '[% dest_dir %]/[% c("filename") %]'
|
|
|
|
|
|
|
|
# buildconf contains build options that the user can change in rbm.local.conf
|
|
|
|
# When adding a new option to buildconf, a default value should be defined
|
|
|
|
# in var/build_id, so that changing this option does not affect the build_id.
|
|
|
|
buildconf:
|
|
|
|
num_procs: '[% GET ENV.RBM_NUM_PROCS ? ENV.RBM_NUM_PROCS : "4" %]'
|
|
|
|
git_signtag_opt: '-s'
|
|
|
|
|
|
|
|
var:
|
|
|
|
ncdns_version: '10.5a10'
|
|
|
|
ncdns_build: 'build1'
|
|
|
|
ncdns_incremental_from:
|
|
|
|
- 10.5a8
|
|
|
|
project_name: tor-browser
|
|
|
|
multi_lingual: 0
|
|
|
|
build_mar: 1
|
|
|
|
# By default, we sort the list of installed packages. This allows sharing
|
|
|
|
# containers with identical list of packages, even if they are not listed
|
|
|
|
# in the same order. In the cases where the installation order is
|
|
|
|
# important, sort_deps should be set to 0.
|
|
|
|
sort_deps: 1
|
|
|
|
build_id: '[% sha256(c("var/build_id_txt", { buildconf => { num_procs => 4 } })).substr(0, 6) %]'
|
|
|
|
build_id_txt: |
|
|
|
|
[% c("version") %]
|
|
|
|
[% IF c("git_hash") || c("hg_hash"); GET c("abbrev"); END; %]
|
|
|
|
[% IF c("var/container/use_container") && ! c("var/container/global_disable") -%]
|
|
|
|
[% c("var/container/suite") %]
|
|
|
|
[% c("var/container/arch") %]
|
|
|
|
[% END -%]
|
|
|
|
input_files: [% c("input_files_id") %]
|
|
|
|
build:
|
|
|
|
[% SET step = c("step") -%]
|
|
|
|
[% c(step, { filename => 'f', output_dir => '/out', norec => {} }) %]
|
|
|
|
container:
|
|
|
|
dir: '[% c("rbm_tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]'
|
|
|
|
user: rbm
|
|
|
|
disable_network:
|
|
|
|
# disable network in the build scripts
|
|
|
|
build: 1
|
|
|
|
input_files_list: |
|
|
|
|
[% FOREACH file IN c("input_files_by_name").keys.sort -%]
|
|
|
|
[% c("input_files_by_name/" _ file) %]
|
|
|
|
[% END -%]
|
|
|
|
|
|
|
|
faketime: "faketime -f \"[% USE date; GET date.format(c('timestamp'), format = '%Y-%m-%d %H:%M:%S') %]\""
|
|
|
|
touch: "[% USE date %]touch -m -t [% date.format(c('timestamp'), format = '%Y%m%d%H%M') %]"
|
|
|
|
|
|
|
|
locale_ja: ja
|
|
|
|
locales:
|
|
|
|
- ar
|
|
|
|
- ca
|
|
|
|
- cs
|
|
|
|
- da
|
|
|
|
- de
|
|
|
|
- el
|
|
|
|
- es-AR
|
|
|
|
- es-ES
|
|
|
|
- fa
|
|
|
|
- fr
|
|
|
|
- ga-IE
|
|
|
|
- he
|
|
|
|
- hu
|
|
|
|
- id
|
|
|
|
- is
|
|
|
|
- it
|
|
|
|
- '[% c("var/locale_ja") %]'
|
|
|
|
- ka
|
|
|
|
- ko
|
|
|
|
- lt
|
|
|
|
- mk
|
|
|
|
- ms
|
|
|
|
- nb-NO
|
|
|
|
- nl
|
|
|
|
- pl
|
|
|
|
- pt-BR
|
|
|
|
- ro
|
|
|
|
- ru
|
|
|
|
- sv-SE
|
|
|
|
- th
|
|
|
|
- tr
|
|
|
|
- vi
|
|
|
|
- zh-CN
|
|
|
|
- zh-TW
|
|
|
|
locales_mobile:
|
|
|
|
- ar
|
|
|
|
- ca
|
|
|
|
- cs
|
|
|
|
- da
|
|
|
|
- de
|
|
|
|
- el
|
|
|
|
- es-rAR
|
|
|
|
- es-rES
|
|
|
|
- fa
|
|
|
|
- fr
|
|
|
|
- ga-rIE
|
|
|
|
- hu
|
|
|
|
- in
|
|
|
|
- is
|
|
|
|
- it
|
|
|
|
- iw
|
|
|
|
- ja
|
|
|
|
- ka
|
|
|
|
- ko
|
|
|
|
- lt
|
|
|
|
- nb-rNO
|
|
|
|
- nl
|
|
|
|
- pl
|
|
|
|
- pt-rBR
|
|
|
|
- ro
|
|
|
|
- ru
|
|
|
|
- sv-rSE
|
|
|
|
- th
|
|
|
|
- tr
|
|
|
|
- vi
|
|
|
|
- zh-rCN
|
|
|
|
- zh-rTW
|
|
|
|
|
|
|
|
sign_build: '[% ENV.RBM_SIGN_BUILD %]'
|
|
|
|
sign_build_gpg_opts: '[% ENV.RBM_GPG_OPTS %]'
|
|
|
|
|
|
|
|
rezip: |
|
|
|
|
rezip_tmpdir=$(mktemp -d)
|
|
|
|
mkdir -p "$rezip_tmpdir/z"
|
|
|
|
unzip -d "$rezip_tmpdir/z" -- [% c("rezip_file") %] || [ $? -lt 3 ]
|
|
|
|
pushd "$rezip_tmpdir/z"
|
|
|
|
[% c("zip", {
|
|
|
|
zip_src => [ '.' ],
|
|
|
|
zip_args => '$rezip_tmpdir/new.zip',
|
|
|
|
}) %]
|
|
|
|
popd
|
|
|
|
mv -f -- "$rezip_tmpdir/new.zip" [% c("rezip_file") %]
|
|
|
|
rm -Rf "$rezip_tmpdir"
|
|
|
|
|
|
|
|
set_default_env: |
|
|
|
|
set -e
|
|
|
|
[% FOREACH env = c('ENV') -%]
|
|
|
|
export [% env.key %]="[% env.value %]"
|
|
|
|
[% END -%]
|
|
|
|
rootdir=$(pwd)
|
|
|
|
export SHELL=/bin/bash
|
|
|
|
export HOME=$rootdir
|
|
|
|
umask 0022
|
|
|
|
[% IF c("var/container/global_disable") -%]
|
|
|
|
rm -Rf /var/tmp/build /var/tmp/dist
|
|
|
|
[% END -%]
|
|
|
|
|
|
|
|
DOCSDIR_project: '[% project %]'
|
|
|
|
set_PTDIR_DOCSDIR: |
|
|
|
|
PTDIR="$distdir/TorBrowser/Tor/PluggableTransports"
|
|
|
|
DOCSDIR="$distdir/TorBrowser/Docs/[% c("var/DOCSDIR_project") %]"
|
|
|
|
|
|
|
|
targets:
|
|
|
|
notarget: linux-x86_64
|
|
|
|
noint:
|
|
|
|
debug: 0
|
|
|
|
|
|
|
|
release:
|
|
|
|
var:
|
|
|
|
release: 1
|
|
|
|
channel: release
|
|
|
|
alpha:
|
|
|
|
var:
|
|
|
|
alpha: 1
|
|
|
|
channel: alpha
|
|
|
|
nightly:
|
|
|
|
fetch: 1
|
|
|
|
var:
|
|
|
|
nightly: 1
|
|
|
|
channel: nightly
|
|
|
|
ncdns_version: |
|
|
|
|
[%
|
|
|
|
IF ENV.TORBROWSER_NIGHTLY_VERSION;
|
|
|
|
GET ENV.TORBROWSER_NIGHTLY_VERSION;
|
|
|
|
ELSIF c("var/testbuild");
|
|
|
|
GET "testbuild";
|
|
|
|
ELSE;
|
|
|
|
GET c("var_p/nightly_ncdns_version");
|
|
|
|
END;
|
|
|
|
-%]
|
|
|
|
# For nightly builds, we support updates for a limited set of locales
|
|
|
|
mar_locales:
|
|
|
|
- de
|
|
|
|
- es-ES
|
|
|
|
- fr
|
|
|
|
- ru
|
|
|
|
max_ncdns_incremental_from: 2
|
|
|
|
build_infos_json: 1
|
|
|
|
|
|
|
|
ncdns-testbuild:
|
|
|
|
- testbuild
|
|
|
|
- alpha
|
|
|
|
testbuild:
|
|
|
|
var:
|
|
|
|
testbuild: 1
|
|
|
|
# Don't create mar files to save time
|
|
|
|
build_mar: 0
|
|
|
|
|
|
|
|
# The common-buster target is used to build components that are common to all
|
|
|
|
# platforms, using Debian Buster.
|
|
|
|
common-buster:
|
|
|
|
var:
|
|
|
|
common: 1
|
|
|
|
container:
|
|
|
|
suite: buster
|
|
|
|
arch: amd64
|
|
|
|
pre_pkginst: ''
|
|
|
|
deps:
|
|
|
|
- build-essential
|
|
|
|
- python
|
|
|
|
- automake
|
|
|
|
- libtool
|
|
|
|
- zip
|
|
|
|
- unzip
|
|
|
|
|
|
|
|
ncdns-android-armv7:
|
|
|
|
- android-armv7
|
|
|
|
- android
|
|
|
|
android-armv7:
|
|
|
|
arch: armv7
|
|
|
|
var:
|
|
|
|
android-armv7: 1
|
|
|
|
osname: android-armv7
|
|
|
|
toolchain_arch: arm
|
|
|
|
abi: armeabi-v7a
|
|
|
|
cross_prefix: armv7a-linux-androideabi
|
|
|
|
ncdns-android-x86:
|
|
|
|
- android-x86
|
|
|
|
- android
|
|
|
|
android-x86:
|
|
|
|
arch: x86
|
|
|
|
var:
|
|
|
|
android-x86: 1
|
|
|
|
osname: android-x86
|
|
|
|
toolchain_arch: x86
|
|
|
|
abi: x86
|
|
|
|
cross_prefix: i686-linux-android
|
|
|
|
ncdns-android-x86_64:
|
|
|
|
- android-x86_64
|
|
|
|
- android
|
|
|
|
android-x86_64:
|
|
|
|
arch: x86_64
|
|
|
|
var:
|
|
|
|
android-x86_64: 1
|
|
|
|
osname: android-x86_64
|
|
|
|
toolchain_arch: x86_64
|
|
|
|
abi: x86_64
|
|
|
|
cross_prefix: x86_64-linux-android
|
|
|
|
ncdns-android-aarch64:
|
|
|
|
- android-aarch64
|
|
|
|
- android
|
|
|
|
android-aarch64:
|
|
|
|
arch: aarch64
|
|
|
|
var:
|
|
|
|
android-aarch64: 1
|
|
|
|
osname: android-aarch64
|
|
|
|
toolchain_arch: arm64
|
|
|
|
abi: arm64-v8a
|
|
|
|
cross_prefix: aarch64-linux-android
|
|
|
|
android:
|
|
|
|
var:
|
|
|
|
android: 1
|
|
|
|
compiler: android-toolchain
|
|
|
|
android_min_api: '[% GET c("var/android_min_api_" _ c("arch")) %]'
|
|
|
|
CC: '[% c("var/cross_prefix") %][% c("var/android_min_api") %]-clang'
|
|
|
|
CXX: '[% c("var/cross_prefix") %][% c("var/android_min_api") %]-clang'
|
|
|
|
# API 16 is the minimum we currently support for 32 bit on Android
|
|
|
|
android_min_api_armv7: 16
|
|
|
|
android_min_api_x86: 16
|
|
|
|
# API 21 is the minimum we currently support for 64 bit on Android
|
|
|
|
android_min_api_x86_64: 21
|
|
|
|
android_min_api_aarch64: 21
|
|
|
|
# This is needed to get the offline build part for Glean right.
|
|
|
|
glean_parser: 1.29.0
|
|
|
|
# We only build snowflake on the alpha and nightly
|
|
|
|
# channels for now.
|
|
|
|
snowflake: '[% c("var/alpha") || c("var/nightly") %]'
|
|
|
|
container:
|
|
|
|
suite: buster
|
|
|
|
arch: amd64
|
|
|
|
disable_network:
|
|
|
|
# Disable network in the script for merging GeckoView .aar files
|
|
|
|
merge_aars: 1
|
|
|
|
deps:
|
|
|
|
- build-essential
|
|
|
|
- python
|
|
|
|
- automake
|
|
|
|
- libtool
|
|
|
|
- zip
|
|
|
|
- unzip
|
|
|
|
- libtinfo5
|
|
|
|
configure_opt: '--host=[% c("var/cross_prefix") %] CC=[% c("var/CC") %] [% c("var/configure_opt_project") %]'
|
|
|
|
|
|
|
|
pre_pkginst: |
|
|
|
|
SNAPSHOT_VERSION=20191201T212855Z
|
|
|
|
OPENJDK_URL=https://snapshot.debian.org/archive/debian/$SNAPSHOT_VERSION/pool/main/o/openjdk-8
|
|
|
|
JDK_VERSION=8u232-b09-1~deb9u1_amd64
|
|
|
|
apt-get install -y -q wget ca-certificates-java
|
|
|
|
wget $OPENJDK_URL/openjdk-8-jdk-headless_$JDK_VERSION.deb
|
|
|
|
wget $OPENJDK_URL/openjdk-8-jre-headless_$JDK_VERSION.deb
|
|
|
|
echo 92b4f8fb77d793a86e0b03b3b0750592b40a26a5d75956d10dd984a7b3aad4c9 openjdk-8-jdk-headless_$JDK_VERSION.deb | sha256sum -c
|
|
|
|
echo 84bf52b6cce20ead08b0d5b9fd9b81b4aa3da385ca951b313fe11d5cb1aa4d17 openjdk-8-jre-headless_$JDK_VERSION.deb | sha256sum -c
|
|
|
|
dpkg -i ./openjdk-8-jre-headless_$JDK_VERSION.deb ./openjdk-8-jdk-headless_$JDK_VERSION.deb
|
|
|
|
ncdns-linux-x86_64:
|
|
|
|
- linux-x86_64
|
|
|
|
- linux
|
|
|
|
ncdns-linux-x86_64-asan:
|
|
|
|
- linux-asan
|
|
|
|
- linux-x86_64
|
|
|
|
- linux
|
|
|
|
ncdns-linux-i686:
|
|
|
|
- linux-i686
|
|
|
|
- linux
|
|
|
|
linux-x86_64:
|
|
|
|
arch: x86_64
|
|
|
|
var:
|
|
|
|
linux-x86_64: 1
|
|
|
|
osname: linux-x86_64
|
|
|
|
# We only support RLBox on the nightly channel and x86_64 for now
|
|
|
|
rlbox: '[% c("var/nightly") %]'
|
|
|
|
linux-i686:
|
|
|
|
arch: i686
|
|
|
|
var:
|
|
|
|
linux-i686: 1
|
|
|
|
osname: linux-i686
|
|
|
|
configure_opt: '--host=i686-linux-gnu CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32 [% c("var/configure_opt_project") %]'
|
|
|
|
linux:
|
|
|
|
var:
|
|
|
|
linux: 1
|
|
|
|
compiler: gcc
|
|
|
|
configure_opt: '[% c("var/configure_opt_project") %]'
|
|
|
|
# We only build snowflake on the alpha and nightly
|
|
|
|
# channels for now.
|
|
|
|
snowflake: '[% c("var/alpha") || c("var/nightly") %]'
|
|
|
|
# Only build Namecoin for linux on nightly
|
|
|
|
namecoin: '[% c("var/nightly") %]'
|
|
|
|
container:
|
|
|
|
suite: jessie
|
|
|
|
arch: amd64
|
|
|
|
pre_pkginst: dpkg --add-architecture i386
|
|
|
|
deps:
|
|
|
|
- libc6-dev-i386
|
|
|
|
- lib32stdc++6
|
|
|
|
- build-essential
|
|
|
|
- python
|
|
|
|
- bison
|
|
|
|
- hardening-wrapper
|
|
|
|
- automake
|
|
|
|
- libtool
|
|
|
|
- zip
|
|
|
|
- unzip
|
|
|
|
linux-asan:
|
|
|
|
var:
|
|
|
|
asan: 1
|
|
|
|
# RLBox needs clang to create .wasm files but we use mostly GCC for our
|
|
|
|
# ASan builds. Thus, the compilation currently breaks with RLBox enabled.
|
|
|
|
# See: tor-browser-build#40063.
|
|
|
|
rlbox: 0
|
|
|
|
|
|
|
|
ncdns-windows-i686:
|
|
|
|
- windows-i686
|
|
|
|
- windows
|
|
|
|
ncdns-windows-x86_64:
|
|
|
|
- windows-x86_64
|
|
|
|
- windows
|
|
|
|
windows-x86_64:
|
|
|
|
arch: x86_64
|
|
|
|
var:
|
|
|
|
windows-x86_64: 1
|
|
|
|
windows-i686: 0
|
|
|
|
osname: windows-x86_64
|
|
|
|
# HEASLR is 64 bit only (see bug 12968)
|
|
|
|
flag_HEASLR: '-Wl,--high-entropy-va'
|
|
|
|
windows-i686:
|
|
|
|
arch: i686
|
|
|
|
var:
|
|
|
|
windows-i686: 1
|
|
|
|
windows-x86_64: 0
|
|
|
|
osname: windows-i686
|
|
|
|
# mingw-w64 does not support SEH on 32bit systems. Be explicit about that.
|
|
|
|
flag_noSEH: '-Wl,--no-seh'
|
|
|
|
windows:
|
|
|
|
var:
|
|
|
|
windows: 1
|
|
|
|
container:
|
|
|
|
suite: buster
|
|
|
|
arch: amd64
|
|
|
|
configure_opt: '--host=[% c("arch") %]-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]" [% c("var/configure_opt_project") %]'
|
|
|
|
CFLAGS: '-fstack-protector-strong -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security [% c("var/flag_mwindows") %]'
|
|
|
|
LDFLAGS: '-Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -Wl,--no-insert-timestamp -lssp -L$gcclibs [% c("var/flag_HEASLR") %] [% c("var/flag_noSEH") %] [% c("var/flag_mwindows") %]'
|
|
|
|
flag_mwindows: '-mwindows'
|
|
|
|
compiler: mingw-w64
|
|
|
|
faketime_path: /usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
|
|
|
|
# We only build snowflake on the alpha and nightly
|
|
|
|
# channels for now.
|
|
|
|
snowflake: '[% c("var/alpha") || c("var/nightly") %]'
|
|
|
|
deps:
|
|
|
|
- build-essential
|
|
|
|
- python
|
|
|
|
- bison
|
|
|
|
- automake
|
|
|
|
- libtool
|
|
|
|
- zip
|
|
|
|
- unzip
|
|
|
|
|
|
|
|
ncdns-osx-x86_64:
|
|
|
|
- osx-x86_64
|
|
|
|
osx-x86_64:
|
|
|
|
arch: x86_64
|
|
|
|
var:
|
|
|
|
osx: 1
|
|
|
|
osname: osx-x86_64
|
|
|
|
container:
|
|
|
|
suite: buster
|
|
|
|
arch: amd64
|
|
|
|
compiler: 'macosx-toolchain'
|
|
|
|
configure_opt: '--host=x86_64-apple-darwin CC="x86_64-apple-darwin-clang [% c("var/FLAGS") %]" CXX="x86_64-apple-darwin-clang++ [% c("var/FLAGS") %]" [% c("var/configure_opt_project") %]'
|
|
|
|
FLAGS: "-target x86_64-apple-darwin -B $cctoolsdir -isysroot $sysrootdir"
|
|
|
|
LDFLAGS: "-Wl,-syslibroot,$sysrootdir -Wl,-dead_strip -Wl,-pie"
|
|
|
|
macosx_deployment_target: '10.9'
|
|
|
|
locale_ja: ja-JP-mac
|
|
|
|
# We only support RLBox on the nightly channel for now
|
|
|
|
rlbox: '[% c("var/nightly") %]'
|
|
|
|
# We only build snowflake on the alpha and nightly
|
|
|
|
# channels for now.
|
|
|
|
snowflake: '[% c("var/alpha") || c("var/nightly") %]'
|
|
|
|
deps:
|
|
|
|
- build-essential
|
|
|
|
- python
|
|
|
|
- automake
|
|
|
|
- libtool
|
|
|
|
- zip
|
|
|
|
- unzip
|
|
|
|
faketime_path: /usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
|
|
|
|
set_PTDIR_DOCSDIR: |
|
|
|
|
PTDIR="$distdir/Contents/MacOS/Tor/PluggableTransports"
|
|
|
|
DOCSDIR="$distdir/Contents/Resources/TorBrowser/Docs/[% c("var/DOCSDIR_project") %]"
|
|
|
|
|
|
|
|
# The no_build_id target can be useful if you want to quickly display
|
|
|
|
# a build template or other option but don't want to spend time to
|
|
|
|
# compute the various build ids
|
|
|
|
no_build_id:
|
|
|
|
# The defaut timestamp value will use the commit time of the
|
|
|
|
# selected commit for the project, which will require cloning the
|
|
|
|
# git repository if it is not present. When we use the no_build_id
|
|
|
|
# target to display a script, we usually don't care about such
|
|
|
|
# details, so we set timestamp to 0 to avoid unnecessary cloning.
|
|
|
|
timestamp: 0
|
|
|
|
var:
|
|
|
|
build_id: 1
|
|
|
|
|
|
|
|
no_containers:
|
|
|
|
var:
|
|
|
|
container:
|
|
|
|
global_disable: 1
|
|
|
|
|
|
|
|
# change the default gpg_wrapper to allow git tag signed using an
|
|
|
|
# expired key.
|
|
|
|
# https://bugs.torproject.org/19737
|
|
|
|
gpg_wrapper: |
|
|
|
|
#!/bin/bash
|
|
|
|
export LC_ALL=C
|
|
|
|
[%
|
|
|
|
IF c('gpg_keyring');
|
|
|
|
SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), path(c('gpg_keyring_dir'))) _ ' --no-default-keyring';
|
|
|
|
END;
|
|
|
|
-%]
|
|
|
|
gpg_verify=0
|
|
|
|
for opt in "$@"
|
|
|
|
do
|
|
|
|
test "$opt" = '--verify' && gpg_verify=1
|
|
|
|
done
|
|
|
|
if [ $gpg_verify = 1 ]
|
|
|
|
then
|
|
|
|
[% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@" | sed 's/^\[GNUPG:\] EXPKEYSIG /\[GNUPG:\] GOODSIG /'
|
|
|
|
exit ${PIPESTATUS[0]}
|
|
|
|
else
|
|
|
|
exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@"
|
|
|
|
fi
|
|
|
|
|
|
|
|
remote_start: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_start") %][% END %]'
|
|
|
|
remote_exec: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_exec") %][% END %]'
|
|
|
|
remote_put: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_put") %][% END %]'
|
|
|
|
remote_get: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_get") %][% END %]'
|
|
|
|
remote_finish: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_finish") %][% END %]'
|
|
|
|
|
|
|
|
runc:
|
|
|
|
remote_start: |
|
|
|
|
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
if [ $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'* | wc -l) -ne 1 ]
|
|
|
|
then
|
|
|
|
echo "Can't find container image in input files" >&2
|
|
|
|
ls -l '[% c("remote_srcdir") %]' >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
mkdir -p '[% c("var/container/dir") %]'/rootfs/rbm
|
|
|
|
sudo tar -C '[% c("var/container/dir") %]'/rootfs -xf $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'*)
|
|
|
|
[% SET user = c("var/container/user") -%]
|
|
|
|
[% c("remote_exec", { exec_as_root => 1, exec_cmd => 'id ' _ user
|
|
|
|
_ ' >/dev/null 2>&1 || adduser -m ' _ user _ ' || useradd -m ' _ user }) %]
|
|
|
|
|
|
|
|
remote_exec: |
|
|
|
|
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
[% IF c("interactive") -%]
|
|
|
|
echo Container directory: [% shell_quote(c("var/container/dir")) %]
|
|
|
|
[% END -%]
|
|
|
|
mkdir -p '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/rbm
|
|
|
|
echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/cmd
|
|
|
|
echo [% shell_quote(c('exec_cmd')) %] >> '[% c("var/container/dir") %]'/rootfs/rbm/cmd
|
|
|
|
echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/run
|
|
|
|
[% IF c('exec_as_root'); SET user = 'root'; ELSE; SET user = c("var/container/user", { error_if_undef => 1 }); END; %]
|
|
|
|
echo 'su - [% user %] -c /rbm/cmd' >> '[% c("var/container/dir") %]'/rootfs/rbm/run
|
|
|
|
chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/cmd
|
|
|
|
chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/run
|
|
|
|
cat > '[% c("var/container/dir") %]'/config.json << EOF
|
|
|
|
[% INCLUDE 'runc-config.json' %]
|
|
|
|
EOF
|
|
|
|
[% IF c("var/container/disable_network/" _ c("exec_name")) -%]
|
|
|
|
sudo ip netns add 'rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]'
|
|
|
|
# make sure the lo interface is up (see bug 31293)
|
|
|
|
sudo ip netns exec 'rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]' ip link set lo up
|
|
|
|
[% END -%]
|
|
|
|
sudo runc [% IF c("var_p/runc100") %]run[% ELSE %]start[% END %] -b '[% c("var/container/dir") %]' rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %] [% IF c("runc_hide_stderr") %]2>/dev/null[% END %]
|
|
|
|
[% IF c("var/container/disable_network/" _ c("exec_name")) -%]
|
|
|
|
sudo ip netns delete 'rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]'
|
|
|
|
[% END -%]
|
|
|
|
|
|
|
|
remote_put: |
|
|
|
|
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
[%
|
|
|
|
SET src = shell_quote(c('put_src', { error_if_undef => 1 }));
|
|
|
|
SET dst = shell_quote(c('put_dst', { error_if_undef => 1 }));
|
|
|
|
-%]
|
|
|
|
sudo mkdir -p '[% c("var/container/dir") %]'/rootfs/[% dst %]
|
|
|
|
sudo cp -aP [% src %] '[% c("var/container/dir") %]'/rootfs/[% dst %]
|
|
|
|
# On Ubuntu, the /root/.profile file contains a `mesg n` line which is
|
|
|
|
# producing some `stdin: is not a tty` messages. To hide them, we hide
|
|
|
|
# stderr from this part by setting runc_hide_stderr.
|
|
|
|
[% c("remote_exec", { exec_as_root => 1, exec_cmd => 'chown -R ' _ c("var/container/user") _ ' ' _ dst, runc_hide_stderr => 1 }) %]
|
|
|
|
|
|
|
|
remote_get: |
|
|
|
|
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
[%
|
|
|
|
SET src = shell_quote(c('get_src', { error_if_undef => 1 }));
|
|
|
|
SET dst = shell_quote(c('get_dst', { error_if_undef => 1 }));
|
|
|
|
-%]
|
|
|
|
mkdir -p [% dst %]
|
|
|
|
srcdir='[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/[% src %]
|
|
|
|
sudo chown -R $(whoami) "$srcdir"
|
|
|
|
if [ $(ls -1 "$srcdir"/* 2> /dev/null | wc -l) -gt 0 ]
|
|
|
|
then
|
|
|
|
for file in "$srcdir"/*
|
|
|
|
do
|
|
|
|
bname="$(basename "$file")"
|
|
|
|
test -e [% dst %]/"$bname" && rm -Rf [% dst %]/"$bname"
|
|
|
|
mv -f "$file" [% dst %]/
|
|
|
|
done
|
|
|
|
fi
|
|
|
|
|
|
|
|
remote_finish: |
|
|
|
|
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
sudo rm -Rf '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs '[% c("var/container/dir", { error_if_undef => 1 }) %]'/config.json
|
|
|
|
rmdir '[% c("var/container/dir") %]'
|
|
|
|
|
|
|
|
ENV:
|
|
|
|
TZ: UTC
|
|
|
|
LC_ALL: C
|
|
|
|
--- |
|
|
|
|
# This part of the file contains options written in perl
|
|
|
|
use IO::CaptureOutput qw(capture_exec);
|
|
|
|
(
|
|
|
|
var_p => {
|
|
|
|
# runc100 is true if we are using runc >= 1.0.0
|
|
|
|
# we assume that any version that is not 0.1.1 is >= 1.0.0
|
|
|
|
runc100 => sub {
|
|
|
|
my ($out) = capture_exec('sudo', 'runc', '--version');
|
|
|
|
return !($out =~ m/^runc version 0.1.1/);
|
|
|
|
},
|
|
|
|
# runc_spec100 is true if runc spec is at least 1.0.0
|
|
|
|
# We will need to update this when there is a new spec version available
|
|
|
|
runc_spec100 => sub {
|
|
|
|
my ($out) = capture_exec('sudo', 'runc', '--version');
|
|
|
|
return $out =~ m/^.*spec: 1\.[0-9]+\.[0-9]+(?:-dev)?$/m;
|
|
|
|
},
|
|
|
|
nightly_ncdns_version => sub {
|
|
|
|
state $version = '';
|
|
|
|
return $version if $version;
|
|
|
|
my (undef, undef, undef, $day, $mon, $year) = gmtime;
|
|
|
|
$version = sprintf("tbb-nightly.%u.%02u.%02u", $year + 1900, $mon + 1, $day);
|
|
|
|
return $version;
|
|
|
|
},
|
|
|
|
nightly_ncdns_incremental_from => sub {
|
|
|
|
my ($project, $options) = @_;
|
|
|
|
my $nightly_dir = project_config($project, 'basedir', $options) . '/nightly';
|
|
|
|
my $current_version = project_config($project, 'var/ncdns_version', $options);
|
|
|
|
use Path::Tiny;
|
|
|
|
return [] unless -d $nightly_dir;
|
|
|
|
my @dirs = sort map { $_->basename } path($nightly_dir)->children(qr/^tbb-nightly\./);
|
|
|
|
my $nb_incr = project_config($project, ['var', 'max_ncdns_incremental_from'], $options);
|
|
|
|
my @res;
|
|
|
|
while ($nb_incr > 0) {
|
|
|
|
my $dir = pop @dirs;
|
|
|
|
last unless $dir;
|
|
|
|
next if $dir eq $current_version;
|
|
|
|
$nb_incr--;
|
|
|
|
push @res, $dir;
|
|
|
|
}
|
|
|
|
return [@res];
|
|
|
|
},
|
|
|
|
},
|
|
|
|
)
|