rbm.conf 20.7 KB
Newer Older
boklm's avatar
boklm committed
1
# vim: filetype=yaml sw=2
2
debug: '[% GET ! ENV.RBM_NO_DEBUG %]'
boklm's avatar
boklm committed
3
4
compress_tar: gz
output_dir: "out/[% project %]"
5
tmp_dir: '[% c("basedir") %]/tmp'
6
build_log: '[% GET ENV.RBM_LOGS_DIR ? ENV.RBM_LOGS_DIR : "logs" %]/[% project %][% IF c("var/osname") %]-[% c("var/osname") %][% END %].log'
boklm's avatar
boklm committed
7
8
9

pkg_type: build

10
11
12
13
14
15
16
17
18
steps:
  src-tarballs:
    compress_tar: xz
    src-tarballs: |
      #!/bin/bash
      set -e
      mkdir -p '[% dest_dir %]'
      mv -vf '[% project %]-[% c("version") %].tar.xz' '[% dest_dir %]/[% c("filename") %]'

19
20
21
22
# buildconf contains build options that the user can change in rbm.local.conf
# When adding a new option to buildconf, a default value should be defined
# in var/build_id, so that changing this option does not affect the build_id.
buildconf:
23
  num_procs: '[% GET ENV.RBM_NUM_PROCS ? ENV.RBM_NUM_PROCS : "4" %]'
boklm's avatar
boklm committed
24
  git_signtag_opt: '-s'
25

boklm's avatar
boklm committed
26
var:
27
  torbrowser_version: '10.0a6'
Georg Koppen's avatar
Georg Koppen committed
28
  torbrowser_build: 'build2'
29
  torbrowser_incremental_from:
30
    - 10.0a5
boklm's avatar
boklm committed
31
  project_name: tor-browser
boklm's avatar
boklm committed
32
  multi_lingual: 0
boklm's avatar
boklm committed
33
  build_mar: 1
34
35
36
37
38
  # By default, we sort the list of installed packages. This allows sharing
  # containers with identical list of packages, even if they are not listed
  # in the same order. In the cases where the installation order is
  # important, sort_deps should be set to 0.
  sort_deps: 1
39
  build_id: '[% sha256(c("var/build_id_txt", { buildconf => { num_procs => 4 } })).substr(0, 6) %]'
boklm's avatar
boklm committed
40
41
  build_id_txt: |
    [% c("version") %]
boklm's avatar
boklm committed
42
    [% IF c("git_hash") || c("hg_hash"); GET c("abbrev"); END; %]
43
    [% IF c("var/container/use_container") && ! c("var/container/global_disable") -%]
boklm's avatar
boklm committed
44
45
    [% c("var/container/suite") %]
    [% c("var/container/arch") %]
boklm's avatar
boklm committed
46
47
48
    [% END -%]
    input_files: [% c("input_files_id") %]
    build:
49
50
    [% SET step = c("step") -%]
    [% c(step, { filename => 'f', output_dir => '/out', norec => {} }) %]
boklm's avatar
boklm committed
51
  container:
52
    dir: '[% c("rbm_tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]'
boklm's avatar
boklm committed
53
    user: rbm
54
55
56
    disable_network:
      # disable network in the build scripts
      build: 1
boklm's avatar
boklm committed
57
58
59
60
61
  input_files_list: |
    [% FOREACH file IN c("input_files_by_name").keys.sort -%]
    [% c("input_files_by_name/" _ file) %]
    [% END -%]

boklm's avatar
boklm committed
62
  faketime: "faketime -f \"[% USE date; GET date.format(c('timestamp'), format = '%Y-%m-%d %H:%M:%S') %]\""
boklm's avatar
boklm committed
63
64
  touch: "[% USE date %]touch -m -t [% date.format(c('timestamp'), format = '%Y%m%d%H%M') %]"

boklm's avatar
boklm committed
65
66
67
  locale_ja: ja
  locales:
    - ar
68
    - ca
69
    - cs
70
    - da
boklm's avatar
boklm committed
71
    - de
72
    - el
73
    - es-AR
boklm's avatar
boklm committed
74
75
76
    - es-ES
    - fa
    - fr
77
    - ga-IE
78
    - he
79
    - hu
80
81
    - id
    - is
boklm's avatar
boklm committed
82
83
    - it
    - '[% c("var/locale_ja") %]'
84
    - ka
boklm's avatar
boklm committed
85
    - ko
Georg Koppen's avatar
Georg Koppen committed
86
    - lt
87
    - mk
Georg Koppen's avatar
Georg Koppen committed
88
    - ms
89
    - nb-NO
boklm's avatar
boklm committed
90
91
92
    - nl
    - pl
    - pt-BR
Georg Koppen's avatar
Georg Koppen committed
93
    - ro
boklm's avatar
boklm committed
94
    - ru
95
    - sv-SE
Georg Koppen's avatar
Georg Koppen committed
96
    - th
boklm's avatar
boklm committed
97
98
99
    - tr
    - vi
    - zh-CN
100
    - zh-TW
boklm's avatar
boklm committed
101

102
103
104
  sign_build: '[% ENV.RBM_SIGN_BUILD %]'
  sign_build_gpg_opts: '[% ENV.RBM_GPG_OPTS %]'

boklm's avatar
boklm committed
105
106
107
108
109
110
111
112
113
114
115
116
  rezip: |
    rezip_tmpdir=$(mktemp -d)
    mkdir -p "$rezip_tmpdir/z"
    unzip -d "$rezip_tmpdir/z" -- [% c("rezip_file") %] || [ $? -lt 3 ]
    pushd "$rezip_tmpdir/z"
    [% c("zip", {
      zip_src => [ '.' ],
      zip_args => '$rezip_tmpdir/new.zip',
    }) %]
    popd
    mv -f -- "$rezip_tmpdir/new.zip" [% c("rezip_file") %]
    rm -Rf "$rezip_tmpdir"
boklm's avatar
boklm committed
117

118
119
120
121
122
123
124
125
126
  set_default_env: |
    set -e
    [% FOREACH env = c('ENV') -%]
    export [% env.key %]="[% env.value %]"
    [% END -%]
    rootdir=$(pwd)
    export SHELL=/bin/bash
    export HOME=$rootdir
    umask 0022
127
128
129
    [% IF c("var/container/global_disable") -%]
      rm -Rf /var/tmp/build /var/tmp/dist
    [% END -%]
130

boklm's avatar
boklm committed
131
132
133
134
135
  DOCSDIR_project: '[% project %]'
  set_PTDIR_DOCSDIR: |
    PTDIR="$distdir/TorBrowser/Tor/PluggableTransports"
    DOCSDIR="$distdir/TorBrowser/Docs/[% c("var/DOCSDIR_project") %]"

boklm's avatar
boklm committed
136
137
138
139
targets:
  notarget: linux-x86_64
  noint:
    debug: 0
boklm's avatar
boklm committed
140

141
142
143
  release:
    var:
      release: 1
144
      channel: release
145
146
  alpha:
    var:
147
148
      alpha: 1
      channel: alpha
boklm's avatar
boklm committed
149
  nightly:
150
    fetch: 1
boklm's avatar
boklm committed
151
    var:
152
      nightly: 1
153
      channel: nightly
154
155
156
157
158
159
160
161
162
163
      torbrowser_version: |
        [%
           IF ENV.TORBROWSER_NIGHTLY_VERSION;
                GET ENV.TORBROWSER_NIGHTLY_VERSION;
           ELSIF c("var/testbuild");
                GET "testbuild";
           ELSE;
                GET c("var_p/nightly_torbrowser_version");
           END;
        -%]
164
165
166
167
168
169
      # For nightly builds, we support updates for a limited set of locales
      mar_locales:
        - de
        - es-ES
        - fr
        - ru
170
      max_torbrowser_incremental_from: 2
171
      build_infos_json: 1
boklm's avatar
boklm committed
172

boklm's avatar
boklm committed
173
174
175
176
177
  torbrowser-testbuild:
    - testbuild
    - alpha
  testbuild:
    var:
178
      testbuild: 1
boklm's avatar
boklm committed
179
180
181
      # Don't create mar files to save time
      build_mar: 0

182
183
184
  # The common-buster target is used to build components that are common to all
  # platforms, using Debian Buster.
  common-buster:
185
186
187
    var:
      common: 1
      container:
188
        suite: buster
189
        arch: amd64
190
      pre_pkginst: ''
191
192
193
194
195
196
197
198
      deps:
        - build-essential
        - python
        - automake
        - libtool
        - zip
        - unzip

199
200
201
202
203
204
205
206
207
208
209
  torbrowser-android-all:
    - android-all
    # For now we still need both android-fenix and android. We don't need the
    # prefix for the other -all pieces as they are only used for Fenix anyway.
    - android-fenix
    - android
  android-all:
    arch: all
    var:
      android-all: 1
      osname: android-all
210
211
212
213
214
  torbrowser-android-fenix-armv7:
    - android-fenix-armv7
    - android-armv7
    - android-fenix
    - android
215
216
  torbrowser-android-armv7:
    - android-armv7
217
    - android
218
219
220
  android-fenix-armv7:
    var:
      cross_prefix: armv7a-linux-androideabi
221
222
223
  android-armv7:
    arch: armv7
    var:
224
      android-armv7: 1
225
      osname: android-armv7
226
      toolchain_arch: arm
227
228
      configure_host: arm-linux-androideabi
      abi: armeabi-v7a
229
230
231
232
233
  torbrowser-android-fenix-x86:
    - android-fenix-x86
    - android-x86
    - android-fenix
    - android
234
235
236
  torbrowser-android-x86:
    - android-x86
    - android
237
238
239
  android-fenix-x86:
    var:
      cross_prefix: i686-linux-android
240
241
242
243
244
  android-x86:
    arch: x86
    var:
      android-x86: 1
      osname: android-x86
245
      toolchain_arch: x86
246
247
      configure_host: i686-linux-android
      abi: x86
248
249
250
251
252
  torbrowser-android-fenix-x86_64:
    - android-fenix-x86_64
    - android-x86_64
    - android-fenix
    - android
253
254
255
  torbrowser-android-x86_64:
    - android-x86_64
    - android
256
257
258
  android-fenix-x86_64:
    var:
      cross_prefix: x86_64-linux-android
259
260
261
262
263
  android-x86_64:
    arch: x86_64
    var:
      android-x86_64: 1
      osname: android-x86_64
264
      toolchain_arch: x86_64
265
266
      configure_host: x86_64-linux-android
      abi: x86_64
267
268
269
270
271
  torbrowser-android-fenix-aarch64:
    - android-fenix-aarch64
    - android-aarch64
    - android-fenix
    - android
272
273
274
  torbrowser-android-aarch64:
    - android-aarch64
    - android
275
276
277
  android-fenix-aarch64:
    var:
      cross_prefix: aarch64-linux-android
278
279
280
281
282
  android-aarch64:
    arch: aarch64
    var:
      android-aarch64: 1
      osname: android-aarch64
283
      toolchain_arch: arm64
284
285
      configure_host: aarch64-linux-android
      abi: arm64-v8a
286
287
288
289
290
291
292
  android-fenix:
    var:
      android-fenix: 1
      compiler: fenix-android-toolchain
      CC: '[% c("var/cross_prefix") %][% c("var/android_min_api") %]-clang'
      CXX: '[% c("var/cross_prefix") %][% c("var/android_min_api") %]-clang'
      configure_opt: '--host=[% c("var/cross_prefix") %] CC=[% c("var/CC") %] [% c("var/configure_opt_project") %]'
293
294
295
  android:
    var:
      android: 1
296
      compiler: android-toolchain
297
      android_min_api: '[% GET c("var/android_min_api_" _ c("arch")) %]'
298
      # API 16 is the minimum we currently support for 32 bit on Android
299
300
      android_min_api_armv7: 16
      android_min_api_x86: 16
301
      # API 21 is the minimum we currently support for 64 bit on Android
302
      android_min_api_x86_64: 21
303
      android_min_api_aarch64: 21
304
305
      CC: '$ANDROID_NDK_HOME/[% c("var/toolchain_arch") %]/bin/clang'
      CXX: '$ANDROID_NDK_HOME/[% c("var/toolchain_arch") %]/bin/clang++'
306
307
308
      # We only build snowflake on the alpha and nightly
      # channels for now.
      snowflake: '[% c("var/alpha") || c("var/nightly") %]'
309
      container:
310
        suite: buster
311
        arch: amd64
312
313
314
        disable_network:
          # Disable network in the script for merging GeckoView .aar files
          merge_aars: 1
315
316
317
318
319
320
321
      deps:
        - build-essential
        - python
        - automake
        - libtool
        - zip
        - unzip
322
        - libtinfo5
323
      configure_opt: CC=clang --host=[% c("var/configure_host") %] [% c("var/configure_opt_project") %]
324

325
326
327
328
329
330
331
332
333
334
      pre_pkginst: |
          SNAPSHOT_VERSION=20191201T212855Z
          OPENJDK_URL=https://snapshot.debian.org/archive/debian/$SNAPSHOT_VERSION/pool/main/o/openjdk-8
          JDK_VERSION=8u232-b09-1~deb9u1_amd64
          apt-get install -y -q wget ca-certificates-java
          wget $OPENJDK_URL/openjdk-8-jdk-headless_$JDK_VERSION.deb
          wget $OPENJDK_URL/openjdk-8-jre-headless_$JDK_VERSION.deb
          echo 92b4f8fb77d793a86e0b03b3b0750592b40a26a5d75956d10dd984a7b3aad4c9 openjdk-8-jdk-headless_$JDK_VERSION.deb | sha256sum -c
          echo 84bf52b6cce20ead08b0d5b9fd9b81b4aa3da385ca951b313fe11d5cb1aa4d17 openjdk-8-jre-headless_$JDK_VERSION.deb | sha256sum -c
          dpkg -i ./openjdk-8-jre-headless_$JDK_VERSION.deb ./openjdk-8-jdk-headless_$JDK_VERSION.deb
boklm's avatar
boklm committed
335
336
337
  torbrowser-linux-x86_64:
    - linux-x86_64
    - linux
boklm's avatar
boklm committed
338
339
340
341
  torbrowser-linux-x86_64-debug:
    - linux-debug
    - linux-x86_64
    - linux
boklm's avatar
boklm committed
342
343
344
  torbrowser-linux-i686:
    - linux-i686
    - linux
boklm's avatar
boklm committed
345
346
347
  linux-x86_64:
    arch: x86_64
    var:
boklm's avatar
boklm committed
348
      linux-x86_64: 1
boklm's avatar
boklm committed
349
      osname: linux-x86_64
350
351
      # We only support RLBox on the nightly channel and x86_64 for now
      rlbox: '[% c("var/nightly") %]'
boklm's avatar
boklm committed
352
353
354
  linux-i686:
    arch: i686
    var:
boklm's avatar
boklm committed
355
      linux-i686: 1
boklm's avatar
boklm committed
356
      osname: linux-i686
357
      configure_opt: '--host=i686-linux-gnu CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32 [% c("var/configure_opt_project") %]'
358
359
360
361
  linux:
    var:
      linux: 1
      compiler: gcc
362
      configure_opt: '[% c("var/configure_opt_project") %]'
363
      # We only build snowflake on the alpha and nightly
364
      # channels for now.
365
      snowflake: '[% c("var/alpha") || c("var/nightly") %]'
366
      # Only build Namecoin for linux on nightly
367
      namecoin: '[% c("var/nightly") %]'
368
369
      container:
        suite: wheezy
370
371
        arch: amd64
      pre_pkginst: dpkg --add-architecture i386
boklm's avatar
boklm committed
372
      deps:
373
374
        - libc6-dev-i386
        - lib32stdc++6
boklm's avatar
boklm committed
375
376
377
378
379
380
381
382
        - build-essential
        - python
        - bison
        - hardening-wrapper
        - automake
        - libtool
        - zip
        - unzip
boklm's avatar
boklm committed
383
384
385
  linux-debug:
    var:
      asan: 1
386
387
388
389
      # RLBox needs clang to create .wasm files but we use mostly GCC for our
      # ASan builds. Thus, the compilation currently breaks with RLBox enabled.
      # See: tor-browser-build#40063.
      rlbox: 0
boklm's avatar
boklm committed
390
391
392

  torbrowser-windows-i686:
    - windows-i686
393
394
395
396
397
398
399
400
    - windows
  torbrowser-windows-x86_64:
    - windows-x86_64
    - windows
  windows-x86_64:
    arch: x86_64
    var:
      windows-x86_64: 1
Georg Koppen's avatar
Georg Koppen committed
401
      windows-i686: 0
402
      osname: windows-x86_64
403
404
      # HEASLR is 64 bit only (see bug 12968)
      flag_HEASLR: '-Wl,--high-entropy-va'
boklm's avatar
boklm committed
405
406
407
  windows-i686:
    arch: i686
    var:
408
      windows-i686: 1
Georg Koppen's avatar
Georg Koppen committed
409
      windows-x86_64: 0
boklm's avatar
boklm committed
410
      osname: windows-i686
411
412
413
414
  windows:
    var:
      windows: 1
      container:
415
        suite: buster
416
        arch: amd64
417
      configure_opt: '--host=[% c("arch") %]-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]" [% c("var/configure_opt_project") %]'
418
      CFLAGS: '-fstack-protector-strong -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security [% c("var/flag_mwindows") %]'
419
      LDFLAGS: '-Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -Wl,--no-insert-timestamp -lssp -L$gcclibs [% c("var/flag_HEASLR") %] [% c("var/flag_mwindows") %]'
boklm's avatar
boklm committed
420
      flag_mwindows: '-mwindows'
boklm's avatar
boklm committed
421
      compiler: mingw-w64
422
      faketime_path: /usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
423
424
425
      # We only build snowflake on the alpha and nightly
      # channels for now.
      snowflake: '[% c("var/alpha") || c("var/nightly") %]'
boklm's avatar
boklm committed
426
427
428
429
430
431
432
433
      deps:
        - build-essential
        - python
        - bison
        - automake
        - libtool
        - zip
        - unzip
boklm's avatar
boklm committed
434
435
436

  torbrowser-osx-x86_64:
    - osx-x86_64
boklm's avatar
boklm committed
437
438
439
440
441
  osx-x86_64:
    arch: x86_64
    var:
      osx: 1
      osname: osx-x86_64
boklm's avatar
boklm committed
442
      container:
443
        suite: buster
boklm's avatar
boklm committed
444
        arch: amd64
boklm's avatar
boklm committed
445
      compiler: 'macosx-toolchain'
446
447
      configure_opt: '--host=x86_64-apple-darwin CC="x86_64-apple-darwin-clang [% c("var/FLAGS") %]" CXX="x86_64-apple-darwin-clang++ [% c("var/FLAGS") %]" [% c("var/configure_opt_project") %]'
      FLAGS: "-target x86_64-apple-darwin -B $cctoolsdir -isysroot $sysrootdir"
448
      LDFLAGS: "-Wl,-syslibroot,$sysrootdir -Wl,-dead_strip -Wl,-pie"
449
      macosx_deployment_target: '10.9'
boklm's avatar
boklm committed
450
      locale_ja: ja-JP-mac
451
452
      # We only support RLBox on the nightly channel for now
      rlbox: '[% c("var/nightly") %]'
453
      # We only build snowflake on the alpha and nightly
454
      # channels for now.
455
      snowflake: '[% c("var/alpha") || c("var/nightly") %]'
boklm's avatar
boklm committed
456
457
458
459
460
461
462
      deps:
        - build-essential
        - python
        - automake
        - libtool
        - zip
        - unzip
463
      faketime_path: /usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
boklm's avatar
boklm committed
464
465
466
      set_PTDIR_DOCSDIR: |
        PTDIR="$distdir/Contents/MacOS/Tor/PluggableTransports"
        DOCSDIR="$distdir/Contents/Resources/TorBrowser/Docs/[% c("var/DOCSDIR_project") %]"
boklm's avatar
boklm committed
467
468
469
470
471

  # The no_build_id target can be useful if you want to quickly display
  # a build template or other option but don't want to spend time to
  # compute the various build ids
  no_build_id:
472
473
474
475
476
477
    # The defaut timestamp value will use the commit time of the
    # selected commit for the project, which will require cloning the
    # git repository if it is not present. When we use the no_build_id
    # target to display a script, we usually don't care about such
    # details, so we set timestamp to 0 to avoid unnecessary cloning.
    timestamp: 0
boklm's avatar
boklm committed
478
479
480
    var:
      build_id: 1

481
482
483
484
  no_containers:
    var:
      container:
        global_disable: 1
boklm's avatar
boklm committed
485
486
487
488
489
490
491
492
493
494
495
496

# change the default gpg_wrapper to allow git tag signed using an
# expired key.
# https://bugs.torproject.org/19737
gpg_wrapper: |
  #!/bin/bash
  export LC_ALL=C
  [%
      IF c('gpg_keyring');
          SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), path(c('gpg_keyring_dir'))) _ ' --no-default-keyring';
      END;
  -%]
497
498
499
500
501
502
  gpg_verify=0
  for opt in "$@"
  do
    test "$opt" = '--verify' && gpg_verify=1
  done
  if [ $gpg_verify = 1 ]
boklm's avatar
boklm committed
503
504
505
506
507
508
  then
        [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@" | sed 's/^\[GNUPG:\] EXPKEYSIG /\[GNUPG:\] GOODSIG /'
        exit ${PIPESTATUS[0]}
  else
        exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@"
  fi
boklm's avatar
boklm committed
509

510
511
512
513
514
remote_start: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_start") %][% END %]'
remote_exec: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_exec") %][% END %]'
remote_put: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_put") %][% END %]'
remote_get: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_get") %][% END %]'
remote_finish: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_finish") %][% END %]'
boklm's avatar
boklm committed
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534

runc:
  remote_start: |
    #!/bin/sh
    set -e
    if [ $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'* | wc -l) -ne 1 ]
    then
      echo "Can't find container image in input files" >&2
      ls -l '[% c("remote_srcdir") %]' >&2
      exit 1
    fi
    mkdir -p '[% c("var/container/dir") %]'/rootfs/rbm
    sudo tar -C '[% c("var/container/dir") %]'/rootfs -xf $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'*)
    [% SET user = c("var/container/user") -%]
    [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'id ' _ user
        _ ' >/dev/null 2>&1 || adduser -m ' _ user _ ' || useradd -m ' _ user }) %]

  remote_exec: |
    #!/bin/sh
    set -e
535
536
537
    [% IF c("interactive") -%]
      echo Container directory: [% shell_quote(c("var/container/dir")) %]
    [% END -%]
boklm's avatar
boklm committed
538
539
540
541
542
543
544
545
    mkdir -p '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/rbm
    echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/cmd
    echo [% shell_quote(c('exec_cmd')) %] >> '[% c("var/container/dir") %]'/rootfs/rbm/cmd
    echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/run
    [% IF c('exec_as_root'); SET user = 'root'; ELSE; SET user = c("var/container/user", { error_if_undef => 1 }); END; %]
    echo 'su - [% user %] -c /rbm/cmd' >> '[% c("var/container/dir") %]'/rootfs/rbm/run
    chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/cmd
    chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/run
546
547
548
    cat > '[% c("var/container/dir") %]'/config.json << EOF
    [% INCLUDE 'runc-config.json' %]
    EOF
549
550
    [% IF c("var/container/disable_network/" _ c("exec_name")) -%]
      sudo ip netns add 'rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]'
551
552
      # make sure the lo interface is up (see bug 31293)
      sudo ip netns exec 'rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]' ip link set lo up
553
    [% END -%]
boklm's avatar
boklm committed
554
    sudo runc [% IF c("var_p/runc100") %]run[% ELSE %]start[% END %] -b '[% c("var/container/dir") %]' rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %] [% IF c("runc_hide_stderr") %]2>/dev/null[% END %]
555
556
557
    [% IF c("var/container/disable_network/" _ c("exec_name")) -%]
      sudo ip netns delete 'rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]'
    [% END -%]
boklm's avatar
boklm committed
558
559
560
561
562
563
564
565
566
567

  remote_put: |
    #!/bin/sh
    set -e
    [%
      SET src = shell_quote(c('put_src', { error_if_undef => 1 }));
      SET dst = shell_quote(c('put_dst', { error_if_undef => 1 }));
    -%]
    sudo mkdir -p '[% c("var/container/dir") %]'/rootfs/[% dst %]
    sudo cp -aP [% src %] '[% c("var/container/dir") %]'/rootfs/[% dst %]
568
569
570
571
    # On Ubuntu, the /root/.profile file contains a `mesg n` line which is
    # producing some `stdin: is not a tty` messages. To hide them, we hide
    # stderr from this part by setting runc_hide_stderr.
    [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'chown -R ' _ c("var/container/user") _ ' ' _ dst, runc_hide_stderr => 1 }) %]
boklm's avatar
boklm committed
572
573
574
575
576
577
578
579
580
581

  remote_get: |
    #!/bin/sh
    set -e
    [%
      SET src = shell_quote(c('get_src', { error_if_undef => 1 }));
      SET dst = shell_quote(c('get_dst', { error_if_undef => 1 }));
    -%]
    mkdir -p [% dst %]
    srcdir='[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/[% src %]
582
    sudo chown -R $(whoami) "$srcdir"
boklm's avatar
boklm committed
583
584
    if [ $(ls -1 "$srcdir"/* 2> /dev/null | wc -l) -gt 0 ]
    then
585
586
587
588
589
590
      for file in "$srcdir"/*
      do
        bname="$(basename "$file")"
        test -e [% dst %]/"$bname" && rm -Rf [% dst %]/"$bname"
        mv -f "$file" [% dst %]/
      done
boklm's avatar
boklm committed
591
592
593
594
595
596
597
598
    fi

  remote_finish: |
    #!/bin/sh
    set -e
    sudo rm -Rf '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs '[% c("var/container/dir", { error_if_undef => 1 }) %]'/config.json
    rmdir '[% c("var/container/dir") %]'

boklm's avatar
boklm committed
599
600
601
ENV:
  TZ: UTC
  LC_ALL: C
boklm's avatar
boklm committed
602
603
604
605
606
607
--- |
  # This part of the file contains options written in perl
  use IO::CaptureOutput qw(capture_exec);
  (
    var_p => {
      # runc100 is true if we are using runc >= 1.0.0
608
      # we assume that any version that is not 0.1.1 is >= 1.0.0
boklm's avatar
boklm committed
609
      runc100 => sub {
610
611
        my ($out) = capture_exec('sudo', 'runc', '--version');
        return !($out =~ m/^runc version 0.1.1/);
boklm's avatar
boklm committed
612
      },
613
      # runc_spec100 is true if runc spec is at least 1.0.0
614
615
616
      # We will need to update this when there is a new spec version available
      runc_spec100 => sub {
        my ($out) = capture_exec('sudo', 'runc', '--version');
617
        return $out =~ m/^.*spec: 1\.[0-9]+\.[0-9]+(?:-dev)?$/m;
618
      },
619
620
621
622
623
624
625
      nightly_torbrowser_version => sub {
        state $version = '';
        return $version if $version;
        my (undef, undef, undef, $day, $mon, $year) = gmtime;
        $version = sprintf("tbb-nightly.%u.%02u.%02u", $year + 1900, $mon + 1, $day);
        return $version;
      },
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
      nightly_torbrowser_incremental_from => sub {
        my ($project, $options) = @_;
        my $nightly_dir = project_config($project, 'basedir', $options) . '/nightly';
        my $current_version = project_config($project, 'var/torbrowser_version', $options);
        use Path::Tiny;
        return [] unless -d $nightly_dir;
        my @dirs = sort map { $_->basename } path($nightly_dir)->children(qr/^tbb-nightly\./);
        my $nb_incr = project_config($project, ['var', 'max_torbrowser_incremental_from'], $options);
        my @res;
        while ($nb_incr > 0) {
          my $dir = pop @dirs;
          last unless $dir;
          next if $dir eq $current_version;
          $nb_incr--;
          push @res, $dir;
        }
        return [@res];
      },
boklm's avatar
boklm committed
644
645
    },
  )