Update CI builds to Debian Bullseye, fix associated compatibility bugs (!714) · Merge requests · The Tor Project / Core / Tor

The source project of this merge request has been removed.

Ghost User requested to merge (removed):ci-deb-bullseye-047-mr into maint-0.4.7 May 31, 2023

This is a change intended for 0.4.7 maintenance as well as main.

The CI builds use Debian Buster which is now end of life, and I was experiencing inconsistent CI failures with accessing its security update server. I wanted to update CI to a distro that isn't EOL, and Bullseye is the current stable release of Debian.

This opened up a small can of worms that this commit also deals with. In particular there's a docker engine bug that we work around by removing the docker-specific apt cleanup script if it exists, and there's a new incompatibility between tracing and sandbox support.

The tracing/sandbox incompatibility itself had two parts:

The membarrier() syscall is used to deliver inter-processor synchronization events, and the external "userspace-rcu" data structure library would make assumptions that if membarrier is available at initialization it always will be. This caused segfaults in some cases when running trace + sandbox. Resolved this by allowing membarrier entirely, in the sandbox.
userspace-rcu also assumes it can block signals, and fails hard if this can't be done. We already include a similar carveout to allow this in the sandbox for fragile-hardening, so I extended that to cover tracing as well.

Addresses issue #40799 (closed)

Update CI builds to Debian Bullseye, fix associated compatibility bugs

Merge request reports