GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

rbm.conf 20 KB
Newer Older
boklm's avatar
boklm committed
1
# vim: filetype=yaml sw=2
2
debug: '[% GET ! ENV.RBM_NO_DEBUG %]'
boklm's avatar
boklm committed
3 4
compress_tar: gz
output_dir: "out/[% project %]"
5
tmp_dir: '[% c("basedir") %]/tmp'
6
build_log: '[% GET ENV.RBM_LOGS_DIR ? ENV.RBM_LOGS_DIR : "logs" %]/[% project %][% IF c("var/osname") %]-[% c("var/osname") %][% END %].log'
boklm's avatar
boklm committed
7 8 9

pkg_type: build

10 11 12 13 14 15 16 17 18
steps:
  src-tarballs:
    compress_tar: xz
    src-tarballs: |
      #!/bin/bash
      set -e
      mkdir -p '[% dest_dir %]'
      mv -vf '[% project %]-[% c("version") %].tar.xz' '[% dest_dir %]/[% c("filename") %]'

19 20 21 22
# buildconf contains build options that the user can change in rbm.local.conf
# When adding a new option to buildconf, a default value should be defined
# in var/build_id, so that changing this option does not affect the build_id.
buildconf:
23
  num_procs: '[% GET ENV.RBM_NUM_PROCS ? ENV.RBM_NUM_PROCS : "4" %]'
boklm's avatar
boklm committed
24
  git_signtag_opt: '-s'
25

boklm's avatar
boklm committed
26
var:
27
  torbrowser_version: '10.5a1'
Matthew Finkel's avatar
Matthew Finkel committed
28
  torbrowser_build: 'build2'
29
  torbrowser_incremental_from:
30
    - 10.0a7
boklm's avatar
boklm committed
31
  project_name: tor-browser
boklm's avatar
boklm committed
32
  multi_lingual: 0
boklm's avatar
boklm committed
33
  build_mar: 1
34 35 36 37 38
  # By default, we sort the list of installed packages. This allows sharing
  # containers with identical list of packages, even if they are not listed
  # in the same order. In the cases where the installation order is
  # important, sort_deps should be set to 0.
  sort_deps: 1
39
  build_id: '[% sha256(c("var/build_id_txt", { buildconf => { num_procs => 4 } })).substr(0, 6) %]'
boklm's avatar
boklm committed
40 41
  build_id_txt: |
    [% c("version") %]
boklm's avatar
boklm committed
42
    [% IF c("git_hash") || c("hg_hash"); GET c("abbrev"); END; %]
43
    [% IF c("var/container/use_container") && ! c("var/container/global_disable") -%]
boklm's avatar
boklm committed
44 45
    [% c("var/container/suite") %]
    [% c("var/container/arch") %]
boklm's avatar
boklm committed
46 47 48
    [% END -%]
    input_files: [% c("input_files_id") %]
    build:
49 50
    [% SET step = c("step") -%]
    [% c(step, { filename => 'f', output_dir => '/out', norec => {} }) %]
boklm's avatar
boklm committed
51
  container:
52
    dir: '[% c("rbm_tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]'
boklm's avatar
boklm committed
53
    user: rbm
54 55 56
    disable_network:
      # disable network in the build scripts
      build: 1
boklm's avatar
boklm committed
57 58 59 60 61
  input_files_list: |
    [% FOREACH file IN c("input_files_by_name").keys.sort -%]
    [% c("input_files_by_name/" _ file) %]
    [% END -%]

boklm's avatar
boklm committed
62
  faketime: "faketime -f \"[% USE date; GET date.format(c('timestamp'), format = '%Y-%m-%d %H:%M:%S') %]\""
boklm's avatar
boklm committed
63 64
  touch: "[% USE date %]touch -m -t [% date.format(c('timestamp'), format = '%Y%m%d%H%M') %]"

boklm's avatar
boklm committed
65 66 67
  locale_ja: ja
  locales:
    - ar
68
    - ca
69
    - cs
70
    - da
boklm's avatar
boklm committed
71
    - de
72
    - el
73
    - es-AR
boklm's avatar
boklm committed
74 75 76
    - es-ES
    - fa
    - fr
77
    - ga-IE
78
    - he
79
    - hu
80 81
    - id
    - is
boklm's avatar
boklm committed
82 83
    - it
    - '[% c("var/locale_ja") %]'
84
    - ka
boklm's avatar
boklm committed
85
    - ko
Georg Koppen's avatar
Georg Koppen committed
86
    - lt
87
    - mk
Georg Koppen's avatar
Georg Koppen committed
88
    - ms
89
    - nb-NO
boklm's avatar
boklm committed
90 91 92
    - nl
    - pl
    - pt-BR
Georg Koppen's avatar
Georg Koppen committed
93
    - ro
boklm's avatar
boklm committed
94
    - ru
95
    - sv-SE
Georg Koppen's avatar
Georg Koppen committed
96
    - th
boklm's avatar
boklm committed
97 98 99
    - tr
    - vi
    - zh-CN
100
    - zh-TW
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130
  locales_mobile:
    - ar
    - ca
    - cs
    - da
    - de
    - el
    - es-rAR
    - es-rES
    - fa
    - fr
    - ga-rIE
    - hu
    - is
    - it
    - ja
    - ka
    - ko
    - lt
    - nl
    - pl
    - pt-rBR
    - ro
    - ru
    - sv-rSE
    - th
    - tr
    - vi
    - zh-rCN
    - zh-rTW
boklm's avatar
boklm committed
131

132 133 134
  sign_build: '[% ENV.RBM_SIGN_BUILD %]'
  sign_build_gpg_opts: '[% ENV.RBM_GPG_OPTS %]'

boklm's avatar
boklm committed
135 136 137 138 139 140 141 142 143 144 145 146
  rezip: |
    rezip_tmpdir=$(mktemp -d)
    mkdir -p "$rezip_tmpdir/z"
    unzip -d "$rezip_tmpdir/z" -- [% c("rezip_file") %] || [ $? -lt 3 ]
    pushd "$rezip_tmpdir/z"
    [% c("zip", {
      zip_src => [ '.' ],
      zip_args => '$rezip_tmpdir/new.zip',
    }) %]
    popd
    mv -f -- "$rezip_tmpdir/new.zip" [% c("rezip_file") %]
    rm -Rf "$rezip_tmpdir"
boklm's avatar
boklm committed
147

148 149 150 151 152 153 154 155 156
  set_default_env: |
    set -e
    [% FOREACH env = c('ENV') -%]
    export [% env.key %]="[% env.value %]"
    [% END -%]
    rootdir=$(pwd)
    export SHELL=/bin/bash
    export HOME=$rootdir
    umask 0022
157 158 159
    [% IF c("var/container/global_disable") -%]
      rm -Rf /var/tmp/build /var/tmp/dist
    [% END -%]
160

boklm's avatar
boklm committed
161 162 163 164 165
  DOCSDIR_project: '[% project %]'
  set_PTDIR_DOCSDIR: |
    PTDIR="$distdir/TorBrowser/Tor/PluggableTransports"
    DOCSDIR="$distdir/TorBrowser/Docs/[% c("var/DOCSDIR_project") %]"

boklm's avatar
boklm committed
166 167 168 169
targets:
  notarget: linux-x86_64
  noint:
    debug: 0
boklm's avatar
boklm committed
170

171 172 173
  release:
    var:
      release: 1
174
      channel: release
175 176
  alpha:
    var:
177 178
      alpha: 1
      channel: alpha
boklm's avatar
boklm committed
179
  nightly:
180
    fetch: 1
boklm's avatar
boklm committed
181
    var:
182
      nightly: 1
183
      channel: nightly
184 185 186 187 188 189 190 191 192 193
      torbrowser_version: |
        [%
           IF ENV.TORBROWSER_NIGHTLY_VERSION;
                GET ENV.TORBROWSER_NIGHTLY_VERSION;
           ELSIF c("var/testbuild");
                GET "testbuild";
           ELSE;
                GET c("var_p/nightly_torbrowser_version");
           END;
        -%]
194 195 196 197 198 199
      # For nightly builds, we support updates for a limited set of locales
      mar_locales:
        - de
        - es-ES
        - fr
        - ru
200
      max_torbrowser_incremental_from: 2
201
      build_infos_json: 1
boklm's avatar
boklm committed
202

boklm's avatar
boklm committed
203 204 205 206 207
  torbrowser-testbuild:
    - testbuild
    - alpha
  testbuild:
    var:
208
      testbuild: 1
boklm's avatar
boklm committed
209 210 211
      # Don't create mar files to save time
      build_mar: 0

212 213 214
  # The common-buster target is used to build components that are common to all
  # platforms, using Debian Buster.
  common-buster:
215 216 217
    var:
      common: 1
      container:
218
        suite: buster
219
        arch: amd64
220
      pre_pkginst: ''
221 222 223 224 225 226 227 228
      deps:
        - build-essential
        - python
        - automake
        - libtool
        - zip
        - unzip

229 230 231 232 233 234 235 236
  torbrowser-android-all:
    - android-all
    - android
  android-all:
    arch: all
    var:
      android-all: 1
      osname: android-all
237 238
  torbrowser-android-armv7:
    - android-armv7
239
    - android
240 241 242
  android-armv7:
    arch: armv7
    var:
243
      android-armv7: 1
244
      osname: android-armv7
245
      toolchain_arch: arm
246
      abi: armeabi-v7a
Georg Koppen's avatar
Georg Koppen committed
247
      cross_prefix: armv7a-linux-androideabi
248 249 250 251 252 253 254 255
  torbrowser-android-x86:
    - android-x86
    - android
  android-x86:
    arch: x86
    var:
      android-x86: 1
      osname: android-x86
256
      toolchain_arch: x86
257
      abi: x86
Georg Koppen's avatar
Georg Koppen committed
258
      cross_prefix: i686-linux-android
259 260 261 262 263 264 265 266
  torbrowser-android-x86_64:
    - android-x86_64
    - android
  android-x86_64:
    arch: x86_64
    var:
      android-x86_64: 1
      osname: android-x86_64
267
      toolchain_arch: x86_64
268
      abi: x86_64
Georg Koppen's avatar
Georg Koppen committed
269
      cross_prefix: x86_64-linux-android
270 271 272 273 274 275 276 277
  torbrowser-android-aarch64:
    - android-aarch64
    - android
  android-aarch64:
    arch: aarch64
    var:
      android-aarch64: 1
      osname: android-aarch64
278
      toolchain_arch: arm64
279
      abi: arm64-v8a
Georg Koppen's avatar
Georg Koppen committed
280
      cross_prefix: aarch64-linux-android
281 282 283
  android:
    var:
      android: 1
284
      compiler: android-toolchain
285
      android_min_api: '[% GET c("var/android_min_api_" _ c("arch")) %]'
Georg Koppen's avatar
Georg Koppen committed
286 287
      CC: '[% c("var/cross_prefix") %][% c("var/android_min_api") %]-clang'
      CXX: '[% c("var/cross_prefix") %][% c("var/android_min_api") %]-clang'
288
      # API 16 is the minimum we currently support for 32 bit on Android
289 290
      android_min_api_armv7: 16
      android_min_api_x86: 16
291
      # API 21 is the minimum we currently support for 64 bit on Android
292
      android_min_api_x86_64: 21
293
      android_min_api_aarch64: 21
294 295
      # This is needed to get the offline build part for Glean right.
      glean_parser: 1.28.1
296 297 298
      # We only build snowflake on the alpha and nightly
      # channels for now.
      snowflake: '[% c("var/alpha") || c("var/nightly") %]'
299
      container:
300
        suite: buster
301
        arch: amd64
302 303 304
        disable_network:
          # Disable network in the script for merging GeckoView .aar files
          merge_aars: 1
305 306 307 308 309 310 311
      deps:
        - build-essential
        - python
        - automake
        - libtool
        - zip
        - unzip
312
        - libtinfo5
Georg Koppen's avatar
Georg Koppen committed
313
      configure_opt: '--host=[% c("var/cross_prefix") %] CC=[% c("var/CC") %] [% c("var/configure_opt_project") %]'
314

315 316 317 318 319 320 321 322 323 324
      pre_pkginst: |
          SNAPSHOT_VERSION=20191201T212855Z
          OPENJDK_URL=https://snapshot.debian.org/archive/debian/$SNAPSHOT_VERSION/pool/main/o/openjdk-8
          JDK_VERSION=8u232-b09-1~deb9u1_amd64
          apt-get install -y -q wget ca-certificates-java
          wget $OPENJDK_URL/openjdk-8-jdk-headless_$JDK_VERSION.deb
          wget $OPENJDK_URL/openjdk-8-jre-headless_$JDK_VERSION.deb
          echo 92b4f8fb77d793a86e0b03b3b0750592b40a26a5d75956d10dd984a7b3aad4c9 openjdk-8-jdk-headless_$JDK_VERSION.deb | sha256sum -c
          echo 84bf52b6cce20ead08b0d5b9fd9b81b4aa3da385ca951b313fe11d5cb1aa4d17 openjdk-8-jre-headless_$JDK_VERSION.deb | sha256sum -c
          dpkg -i ./openjdk-8-jre-headless_$JDK_VERSION.deb ./openjdk-8-jdk-headless_$JDK_VERSION.deb
boklm's avatar
boklm committed
325 326 327
  torbrowser-linux-x86_64:
    - linux-x86_64
    - linux
328 329
  torbrowser-linux-x86_64-asan:
    - linux-asan
boklm's avatar
boklm committed
330 331
    - linux-x86_64
    - linux
boklm's avatar
boklm committed
332 333 334
  torbrowser-linux-i686:
    - linux-i686
    - linux
boklm's avatar
boklm committed
335 336 337
  linux-x86_64:
    arch: x86_64
    var:
boklm's avatar
boklm committed
338
      linux-x86_64: 1
boklm's avatar
boklm committed
339
      osname: linux-x86_64
340 341
      # We only support RLBox on the nightly channel and x86_64 for now
      rlbox: '[% c("var/nightly") %]'
boklm's avatar
boklm committed
342 343 344
  linux-i686:
    arch: i686
    var:
boklm's avatar
boklm committed
345
      linux-i686: 1
boklm's avatar
boklm committed
346
      osname: linux-i686
347
      configure_opt: '--host=i686-linux-gnu CFLAGS=-m32 CXXFLAGS=-m32 LDFLAGS=-m32 [% c("var/configure_opt_project") %]'
348 349 350 351
  linux:
    var:
      linux: 1
      compiler: gcc
352
      configure_opt: '[% c("var/configure_opt_project") %]'
353
      # We only build snowflake on the alpha and nightly
354
      # channels for now.
355
      snowflake: '[% c("var/alpha") || c("var/nightly") %]'
356
      # Only build Namecoin for linux on nightly
357
      namecoin: '[% c("var/nightly") %]'
358
      container:
359
        suite: jessie
360 361
        arch: amd64
      pre_pkginst: dpkg --add-architecture i386
boklm's avatar
boklm committed
362
      deps:
363 364
        - libc6-dev-i386
        - lib32stdc++6
boklm's avatar
boklm committed
365 366 367 368 369 370 371 372
        - build-essential
        - python
        - bison
        - hardening-wrapper
        - automake
        - libtool
        - zip
        - unzip
373
  linux-asan:
boklm's avatar
boklm committed
374 375
    var:
      asan: 1
376 377 378 379
      # RLBox needs clang to create .wasm files but we use mostly GCC for our
      # ASan builds. Thus, the compilation currently breaks with RLBox enabled.
      # See: tor-browser-build#40063.
      rlbox: 0
boklm's avatar
boklm committed
380 381 382

  torbrowser-windows-i686:
    - windows-i686
383 384 385 386 387 388 389 390
    - windows
  torbrowser-windows-x86_64:
    - windows-x86_64
    - windows
  windows-x86_64:
    arch: x86_64
    var:
      windows-x86_64: 1
Georg Koppen's avatar
Georg Koppen committed
391
      windows-i686: 0
392
      osname: windows-x86_64
393 394
      # HEASLR is 64 bit only (see bug 12968)
      flag_HEASLR: '-Wl,--high-entropy-va'
boklm's avatar
boklm committed
395 396 397
  windows-i686:
    arch: i686
    var:
398
      windows-i686: 1
Georg Koppen's avatar
Georg Koppen committed
399
      windows-x86_64: 0
boklm's avatar
boklm committed
400
      osname: windows-i686
401 402
      # mingw-w64 does not support SEH on 32bit systems. Be explicit about that.
      flag_noSEH: '-Wl,--no-seh'
403 404 405 406
  windows:
    var:
      windows: 1
      container:
407
        suite: buster
408
        arch: amd64
409
      configure_opt: '--host=[% c("arch") %]-w64-mingw32 CFLAGS="[% c("var/CFLAGS") %]" LDFLAGS="[% c("var/LDFLAGS") %]" [% c("var/configure_opt_project") %]'
410
      CFLAGS: '-fstack-protector-strong -fno-strict-overflow -Wno-missing-field-initializers -Wformat -Wformat-security [% c("var/flag_mwindows") %]'
411
      LDFLAGS: '-Wl,--dynamicbase -Wl,--nxcompat -Wl,--enable-reloc-section -Wl,--no-insert-timestamp -lssp -L$gcclibs [% c("var/flag_HEASLR") %] [% c("var/flag_noSEH") %] [% c("var/flag_mwindows") %]'
boklm's avatar
boklm committed
412
      flag_mwindows: '-mwindows'
boklm's avatar
boklm committed
413
      compiler: mingw-w64
414
      faketime_path: /usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
415 416 417
      # We only build snowflake on the alpha and nightly
      # channels for now.
      snowflake: '[% c("var/alpha") || c("var/nightly") %]'
boklm's avatar
boklm committed
418 419 420 421 422 423 424 425
      deps:
        - build-essential
        - python
        - bison
        - automake
        - libtool
        - zip
        - unzip
boklm's avatar
boklm committed
426 427 428

  torbrowser-osx-x86_64:
    - osx-x86_64
boklm's avatar
boklm committed
429 430 431 432 433
  osx-x86_64:
    arch: x86_64
    var:
      osx: 1
      osname: osx-x86_64
boklm's avatar
boklm committed
434
      container:
435
        suite: buster
boklm's avatar
boklm committed
436
        arch: amd64
boklm's avatar
boklm committed
437
      compiler: 'macosx-toolchain'
438 439
      configure_opt: '--host=x86_64-apple-darwin CC="x86_64-apple-darwin-clang [% c("var/FLAGS") %]" CXX="x86_64-apple-darwin-clang++ [% c("var/FLAGS") %]" [% c("var/configure_opt_project") %]'
      FLAGS: "-target x86_64-apple-darwin -B $cctoolsdir -isysroot $sysrootdir"
440
      LDFLAGS: "-Wl,-syslibroot,$sysrootdir -Wl,-dead_strip -Wl,-pie"
441
      macosx_deployment_target: '10.9'
boklm's avatar
boklm committed
442
      locale_ja: ja-JP-mac
443 444
      # We only support RLBox on the nightly channel for now
      rlbox: '[% c("var/nightly") %]'
445
      # We only build snowflake on the alpha and nightly
446
      # channels for now.
447
      snowflake: '[% c("var/alpha") || c("var/nightly") %]'
boklm's avatar
boklm committed
448 449 450 451 452 453 454
      deps:
        - build-essential
        - python
        - automake
        - libtool
        - zip
        - unzip
455
      faketime_path: /usr/lib/x86_64-linux-gnu/faketime/libfaketime.so.1
boklm's avatar
boklm committed
456 457 458
      set_PTDIR_DOCSDIR: |
        PTDIR="$distdir/Contents/MacOS/Tor/PluggableTransports"
        DOCSDIR="$distdir/Contents/Resources/TorBrowser/Docs/[% c("var/DOCSDIR_project") %]"
boklm's avatar
boklm committed
459 460 461 462 463

  # The no_build_id target can be useful if you want to quickly display
  # a build template or other option but don't want to spend time to
  # compute the various build ids
  no_build_id:
464 465 466 467 468 469
    # The defaut timestamp value will use the commit time of the
    # selected commit for the project, which will require cloning the
    # git repository if it is not present. When we use the no_build_id
    # target to display a script, we usually don't care about such
    # details, so we set timestamp to 0 to avoid unnecessary cloning.
    timestamp: 0
boklm's avatar
boklm committed
470 471 472
    var:
      build_id: 1

473 474 475 476
  no_containers:
    var:
      container:
        global_disable: 1
boklm's avatar
boklm committed
477 478 479 480 481 482 483 484 485 486 487 488

# change the default gpg_wrapper to allow git tag signed using an
# expired key.
# https://bugs.torproject.org/19737
gpg_wrapper: |
  #!/bin/bash
  export LC_ALL=C
  [%
      IF c('gpg_keyring');
          SET gpg_kr = '--keyring ' _ path(c('gpg_keyring'), path(c('gpg_keyring_dir'))) _ ' --no-default-keyring';
      END;
  -%]
489 490 491 492 493 494
  gpg_verify=0
  for opt in "$@"
  do
    test "$opt" = '--verify' && gpg_verify=1
  done
  if [ $gpg_verify = 1 ]
boklm's avatar
boklm committed
495 496 497 498 499 500
  then
        [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@" | sed 's/^\[GNUPG:\] EXPKEYSIG /\[GNUPG:\] GOODSIG /'
        exit ${PIPESTATUS[0]}
  else
        exec [% c('gpg_bin') %] [% c('gpg_args') %] --with-fingerprint [% gpg_kr %] "$@"
  fi
boklm's avatar
boklm committed
501

502 503 504 505 506
remote_start: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_start") %][% END %]'
remote_exec: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_exec") %][% END %]'
remote_put: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_put") %][% END %]'
remote_get: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_get") %][% END %]'
remote_finish: '[% IF c("var/container/use_container") && ! c("var/container/global_disable") %][% c("runc/remote_finish") %][% END %]'
boklm's avatar
boklm committed
507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526

runc:
  remote_start: |
    #!/bin/sh
    set -e
    if [ $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'* | wc -l) -ne 1 ]
    then
      echo "Can't find container image in input files" >&2
      ls -l '[% c("remote_srcdir") %]' >&2
      exit 1
    fi
    mkdir -p '[% c("var/container/dir") %]'/rootfs/rbm
    sudo tar -C '[% c("var/container/dir") %]'/rootfs -xf $(ls -1 '[% c("remote_srcdir", { error_if_undef => 1 }) %]/container-image_'*)
    [% SET user = c("var/container/user") -%]
    [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'id ' _ user
        _ ' >/dev/null 2>&1 || adduser -m ' _ user _ ' || useradd -m ' _ user }) %]

  remote_exec: |
    #!/bin/sh
    set -e
527 528 529
    [% IF c("interactive") -%]
      echo Container directory: [% shell_quote(c("var/container/dir")) %]
    [% END -%]
boklm's avatar
boklm committed
530 531 532 533 534 535 536 537
    mkdir -p '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/rbm
    echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/cmd
    echo [% shell_quote(c('exec_cmd')) %] >> '[% c("var/container/dir") %]'/rootfs/rbm/cmd
    echo '#!/bin/sh' > '[% c("var/container/dir") %]'/rootfs/rbm/run
    [% IF c('exec_as_root'); SET user = 'root'; ELSE; SET user = c("var/container/user", { error_if_undef => 1 }); END; %]
    echo 'su - [% user %] -c /rbm/cmd' >> '[% c("var/container/dir") %]'/rootfs/rbm/run
    chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/cmd
    chmod +x '[% c("var/container/dir") %]'/rootfs/rbm/run
538 539 540
    cat > '[% c("var/container/dir") %]'/config.json << EOF
    [% INCLUDE 'runc-config.json' %]
    EOF
541 542
    [% IF c("var/container/disable_network/" _ c("exec_name")) -%]
      sudo ip netns add 'rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]'
543 544
      # make sure the lo interface is up (see bug 31293)
      sudo ip netns exec 'rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]' ip link set lo up
545
    [% END -%]
boklm's avatar
boklm committed
546
    sudo runc [% IF c("var_p/runc100") %]run[% ELSE %]start[% END %] -b '[% c("var/container/dir") %]' rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %] [% IF c("runc_hide_stderr") %]2>/dev/null[% END %]
547 548 549
    [% IF c("var/container/disable_network/" _ c("exec_name")) -%]
      sudo ip netns delete 'rbm-[% sha256(c("build_id", { error_if_undef => 1 })) %]'
    [% END -%]
boklm's avatar
boklm committed
550 551 552 553 554 555 556 557 558 559

  remote_put: |
    #!/bin/sh
    set -e
    [%
      SET src = shell_quote(c('put_src', { error_if_undef => 1 }));
      SET dst = shell_quote(c('put_dst', { error_if_undef => 1 }));
    -%]
    sudo mkdir -p '[% c("var/container/dir") %]'/rootfs/[% dst %]
    sudo cp -aP [% src %] '[% c("var/container/dir") %]'/rootfs/[% dst %]
560 561 562 563
    # On Ubuntu, the /root/.profile file contains a `mesg n` line which is
    # producing some `stdin: is not a tty` messages. To hide them, we hide
    # stderr from this part by setting runc_hide_stderr.
    [% c("remote_exec", { exec_as_root => 1, exec_cmd => 'chown -R ' _ c("var/container/user") _ ' ' _ dst, runc_hide_stderr => 1 }) %]
boklm's avatar
boklm committed
564 565 566 567 568 569 570 571 572 573

  remote_get: |
    #!/bin/sh
    set -e
    [%
      SET src = shell_quote(c('get_src', { error_if_undef => 1 }));
      SET dst = shell_quote(c('get_dst', { error_if_undef => 1 }));
    -%]
    mkdir -p [% dst %]
    srcdir='[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs/[% src %]
574
    sudo chown -R $(whoami) "$srcdir"
boklm's avatar
boklm committed
575 576
    if [ $(ls -1 "$srcdir"/* 2> /dev/null | wc -l) -gt 0 ]
    then
577 578 579 580 581 582
      for file in "$srcdir"/*
      do
        bname="$(basename "$file")"
        test -e [% dst %]/"$bname" && rm -Rf [% dst %]/"$bname"
        mv -f "$file" [% dst %]/
      done
boklm's avatar
boklm committed
583 584 585 586 587 588 589 590
    fi

  remote_finish: |
    #!/bin/sh
    set -e
    sudo rm -Rf '[% c("var/container/dir", { error_if_undef => 1 }) %]'/rootfs '[% c("var/container/dir", { error_if_undef => 1 }) %]'/config.json
    rmdir '[% c("var/container/dir") %]'

boklm's avatar
boklm committed
591 592 593
ENV:
  TZ: UTC
  LC_ALL: C
boklm's avatar
boklm committed
594 595 596 597 598 599
--- |
  # This part of the file contains options written in perl
  use IO::CaptureOutput qw(capture_exec);
  (
    var_p => {
      # runc100 is true if we are using runc >= 1.0.0
600
      # we assume that any version that is not 0.1.1 is >= 1.0.0
boklm's avatar
boklm committed
601
      runc100 => sub {
602 603
        my ($out) = capture_exec('sudo', 'runc', '--version');
        return !($out =~ m/^runc version 0.1.1/);
boklm's avatar
boklm committed
604
      },
605
      # runc_spec100 is true if runc spec is at least 1.0.0
606 607 608
      # We will need to update this when there is a new spec version available
      runc_spec100 => sub {
        my ($out) = capture_exec('sudo', 'runc', '--version');
609
        return $out =~ m/^.*spec: 1\.[0-9]+\.[0-9]+(?:-dev)?$/m;
610
      },
611 612 613 614 615 616 617
      nightly_torbrowser_version => sub {
        state $version = '';
        return $version if $version;
        my (undef, undef, undef, $day, $mon, $year) = gmtime;
        $version = sprintf("tbb-nightly.%u.%02u.%02u", $year + 1900, $mon + 1, $day);
        return $version;
      },
618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635
      nightly_torbrowser_incremental_from => sub {
        my ($project, $options) = @_;
        my $nightly_dir = project_config($project, 'basedir', $options) . '/nightly';
        my $current_version = project_config($project, 'var/torbrowser_version', $options);
        use Path::Tiny;
        return [] unless -d $nightly_dir;
        my @dirs = sort map { $_->basename } path($nightly_dir)->children(qr/^tbb-nightly\./);
        my $nb_incr = project_config($project, ['var', 'max_torbrowser_incremental_from'], $options);
        my @res;
        while ($nb_incr > 0) {
          my $dir = pop @dirs;
          last unless $dir;
          next if $dir eq $current_version;
          $nb_incr--;
          push @res, $dir;
        }
        return [@res];
      },
boklm's avatar
boklm committed
636 637
    },
  )