...
 
Commits (23)
nss-pem (1.0.3-1) unstable; urgency=medium
nss-pem (1.0.4-1) unstable; urgency=medium
* Initial release (Closes: #888820)
-- Timo Aaltonen <tjaalton@debian.org> Fri, 16 Mar 2018 13:59:48 +0200
-- Timo Aaltonen <tjaalton@debian.org> Thu, 06 Dec 2018 19:32:22 +0200
......@@ -8,18 +8,21 @@ Build-Depends: debhelper (>= 10),
libnss3-dev,
pkg-config,
# src:nss
quilt,
libnspr4-dev (>= 2:4.12),
zlib1g-dev,
libsqlite3-dev (>= 3.3.9),
libnss3-tools:native (>= 2:3.19-1-1~) <cross>
Standards-Version: 4.1.2
Standards-Version: 4.2.1
Homepage: https://github.com/kdudka/nss-pem
Vcs-Git: https://anonscm.debian.org/pkg-freeipa/nss-pem.git
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-freeipa/nss-pem.git
Vcs-Git: https://salsa.debian.org/freeipa-team/nss-pem.git
Vcs-Browser: https://salsa.debian.org/freeipa-team/nss-pem.git
Package: libnsspem
Package: nss-plugin-pem
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Replaces: libnsspem
Provides: libnsspem
Multi-Arch: same
Description: PEM file reader for Network Security Services (NSS)
This package provides a PEM file reader for Network Security Services (NSS),
......
......@@ -4,7 +4,7 @@
git rm -rf nss
rm -rf nss
git clone https://anonscm.debian.org/git/pkg-mozilla/nss.git
git clone https://salsa.debian.org/mozilla-team/nss
rm -rf nss/.git*
VERSION=`dpkg-parsechangelog -l nss/debian/changelog | grep Version | sed 's/.* //'`
......
# this is a module for libcurl-nss, not a library that others link to
package-must-activate-ldconfig-trigger usr/lib/*/libnsspem.so
shlib-without-versioned-soname usr/lib/*/libnsspem.so libnsspem.so
#package-must-activate-ldconfig-trigger usr/lib/*/nss/libnsspem.so
#shlib-without-versioned-soname usr/lib/*/nss/libnsspem.so libnsspem.so
......@@ -11,11 +11,11 @@ override_dh_auto_configure:
cd build && cmake \
-DCMAKE_INSTALL_PREFIX=/usr \
-DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \
-DLIB_INSTALL_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) \
-DLIB_INSTALL_DIR=/usr/lib/$(DEB_HOST_MULTIARCH)/nss \
../src
override_dh_auto_build:
(cd nss; debian/rules build)
(cd nss; QUILT_PATCHES=debian/patches quilt push -a; debian/rules build)
dh_auto_build
override_dh_clean:
......
# it's used for nss/
quilt-build-dep-but-no-series-file
nss (2:3.40-1) unstable; urgency=medium
* New upstream release.
-- Mike Hommey <glandium@debian.org> Fri, 02 Nov 2018 14:44:19 +0900
nss (2:3.39-1) unstable; urgency=medium
* New upstream release.
- Fixes CVE-2018-12384. Closes: #908332.
* debian/libnss3.symbols: Add NSS_3_39 and NSSUTIL_3_39 symbol versions.
-- Mike Hommey <glandium@debian.org> Sun, 09 Sep 2018 08:03:39 +0900
nss (2:3.38-1) unstable; urgency=medium
* New upstream release.
* debian/libnss3.symbols: Add NSSUTIL_3_38 symbol version.
-- Mike Hommey <glandium@debian.org> Mon, 25 Jun 2018 07:26:21 +0900
nss (2:3.37.1-1) unstable; urgency=medium
* New upstream release.
* nss/lib/freebl/Makefile: Build FStar.c when not building with int128
support. bz#1459739. Closes: #900227
-- Mike Hommey <glandium@debian.org> Mon, 28 May 2018 07:58:44 +0900
nss (2:3.37-1) unstable; urgency=medium
* New upstream release. Fixes: #898496.
* debian/control, debian/rules: Generate dbgsym package.AA
* debian/copyright: Switch to machine-readable format.
* debian/control: Bump Standards-Version to 4.1.4.
-- Mike Hommey <glandium@debian.org> Mon, 14 May 2018 07:15:21 +0900
nss (2:3.36.1-1) unstable; urgency=medium
* New upstream release.
* debian/control: Update Maintainer and Vcs fields, moving off alioth.
-- Mike Hommey <glandium@debian.org> Tue, 10 Apr 2018 14:55:14 +0900
nss (2:3.36-1) unstable; urgency=medium
* New upstream release. Closes: #894981.
-- Mike Hommey <glandium@debian.org> Sun, 08 Apr 2018 06:53:15 +0900
nss (2:3.35-2) unstable; urgency=medium
* nss/lib/freebl/Makefile: Build Hacl_Poly1305_64.o on arm64.
......
Source: nss
Section: libs
Priority: optional
Maintainer: Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
Maintainer: Maintainers of Mozilla-related packages <team+pkg-mozilla@tracker.debian.org>
Uploaders: Mike Hommey <glandium@debian.org>
Build-Depends: debhelper (>= 9.20160403),
dpkg-dev (>= 1.17.14),
......@@ -9,10 +9,10 @@ Build-Depends: debhelper (>= 9.20160403),
zlib1g-dev,
libsqlite3-dev (>= 3.3.9),
libnss3-tools:native (>= 2:3.19-1-1~) <cross>
Standards-Version: 3.9.6.0
Standards-Version: 4.1.4
Homepage: http://www.mozilla.org/projects/security/pki/nss/
Vcs-Git: https://anonscm.debian.org/git/pkg-mozilla/nss.git
Vcs-Browser: https://anonscm.debian.org/cgit/pkg-mozilla/nss.git
Vcs-Git: https://salsa.debian.org/mozilla-team/nss.git
Vcs-Browser: https://salsa.debian.org/mozilla-team/nss
Package: libnss3
Architecture: any
......@@ -61,22 +61,3 @@ Description: Development files for the Network Security Service libraries
.
Install this package if you wish to develop your own programs using the
Network Security Service Libraries.
Package: libnss3-dbg
Section: debug
Priority: extra
Architecture: any
Depends: ${misc:Depends},
libnss3 (= ${binary:Version}) | libnss3-tools (= ${binary:Version})
Conflicts: libnss3 (<< ${binary:Version}),
libnss3 (>> ${binary:Version}),
libnss3-tools (<< ${binary:Version}),
libnss3-tools (>> ${binary:Version})
Multi-Arch: ${misc:Multi-Arch}
Description: Debugging symbols for the Network Security Service libraries
This is a set of libraries designed to support cross-platform development
of security-enabled client and server applications. It can support SSLv2
and v4, TLS, PKCS #5, #7, #11, #12, S/MIME, X.509 v3 certificates and
other security standards.
.
This package provides the debugging symbols for the library.
This diff is collapsed.
......@@ -54,6 +54,7 @@ libnss3.so libnss3 #MINVER#
(symver)NSS_3.31 2:3.31
(symver)NSS_3.33 2:3.33
(symver)NSS_3.34 2:3.34
(symver)NSS_3.39 2:3.39
(symver)NSS_3.4 2:3.13.4-2~
(symver)NSS_3.5 2:3.13.4-2~
(symver)NSS_3.6 2:3.13.4-2~
......@@ -91,6 +92,8 @@ libnssutil3.so libnss3 #MINVER#
(symver)NSSUTIL_3.25 2:3.29
(symver)NSSUTIL_3.31 2:3.31
(symver)NSSUTIL_3.33 2:3.33
(symver)NSSUTIL_3.38 2:3.38
(symver)NSSUTIL_3.39 2:3.39
libsmime3.so libnss3 #MINVER#
(symver)NSS_3.10 2:3.13.4-2~
(symver)NSS_3.12.10 2:3.13.4-2~
......
Index: nss/nss/lib/freebl/Makefile
===================================================================
--- nss.orig/nss/lib/freebl/Makefile
+++ nss/nss/lib/freebl/Makefile
@@ -527,7 +527,12 @@ ifndef NSS_DISABLE_CHACHAPOLY
EXTRA_SRCS += chacha20_vec.c
endif
else
- EXTRA_SRCS += poly1305.c
+ ifeq ($(CPU_ARCH),aarch64)
+ EXTRA_SRCS += Hacl_Poly1305_64.c
+ else
+ EXTRA_SRCS += poly1305.c
+ endif
+
EXTRA_SRCS += chacha20.c
VERIFIED_SRCS += Hacl_Chacha20.c
endif # x86_64
......@@ -2,4 +2,3 @@
80_security_tools.patch
85_security_load.patch
38_hppa.patch
bz1432455
......@@ -169,7 +169,7 @@ SHLIBSIGN = shlibsign
endif
override_dh_strip:
dh_strip -a --dbg-package=libnss3-dbg
dh_strip --dbgsym-migration='libnss3-dbg (<< 2:3.37-1~)'
$(foreach lib,libsoftokn3.so libfreebl3.so libfreeblpriv3.so libnssdbm3.so, \
$(call cmd,umask 022; $(SHLIBSIGN) -v -i debian/libnss3/usr/lib/$(DEB_HOST_MULTIARCH)/nss/$(lib)))
......
repo: 9949429068caa6bb8827a8ceeaa7c605d722f47f
node: 256ac50bbb6b863e75fd4a533fc24d23eaae269e
branch: NSS_3_35_BRANCH
tag: NSS_3_35_RTM
node: 704d253fa01626312dbbea665c7dbc2557d98392
branch: NSS_3_40_BRANCH
tag: NSS_3_40_RTM
src:*/gtests/google_test/*
src:*/gtests/ssl_gtest/*
Functions changes summary: 1 Removed, 0 Changed, 0 Added function
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
1 Removed function:
'function void PR_EXPERIMENTAL_ONLY_IN_4_17_GetOverlappedIOHandle(void**)' {PR_EXPERIMENTAL_ONLY_IN_4_17_GetOverlappedIOHandle}
Functions changes summary: 0 Removed, 0 Changed (5 filtered out), 0 Added function
Variables changes summary: 0 Removed, 0 Changed, 0 Added variable
......@@ -212,7 +212,7 @@ test_nss()
RET=$?
print_log "######## details of detected failures (if any) ########"
grep -B50 FAILED ${OUTPUTFILE}
grep -B50 -w FAILED ${OUTPUTFILE}
[ $? -eq 1 ] || RET=1
print_result "NSS - tests - ${BITS} bits - ${OPT}" ${RET} 0
......@@ -268,10 +268,49 @@ check_abi()
fi
abidiff --hd1 $PREVDIST/public/ --hd2 $NEWDIST/public \
$PREVDIST/*/lib/$SO $NEWDIST/*/lib/$SO \
> ${HGDIR}/nss/automation/abi-check/new-report-temp$SO.txt
RET=$?
cat ${HGDIR}/nss/automation/abi-check/new-report-temp$SO.txt \
| grep -v "^Functions changes summary:" \
| grep -v "^Variables changes summary:" \
> ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt
if [ $? -ne 0 ]; then
rm -f ${HGDIR}/nss/automation/abi-check/new-report-temp$SO.txt
ABIDIFF_ERROR=$((($RET & 0x01) != 0))
ABIDIFF_USAGE_ERROR=$((($RET & 0x02) != 0))
ABIDIFF_ABI_CHANGE=$((($RET & 0x04) != 0))
ABIDIFF_ABI_INCOMPATIBLE_CHANGE=$((($RET & 0x08) != 0))
ABIDIFF_UNKNOWN_BIT_SET=$((($RET & 0xf0) != 0))
# If abidiff reports an error, or a usage error, or if it sets a result
# bit value this script doesn't know yet about, we'll report failure.
# For ABI changes, we don't yet report an error. We'll compare the
# result report with our whitelist. This allows us to silence changes
# that we're already aware of and have been declared acceptable.
REPORT_RET_AS_FAILURE=0
if [ $ABIDIFF_ERROR -ne 0 ]; then
print_log "abidiff reported ABIDIFF_ERROR."
REPORT_RET_AS_FAILURE=1
fi
if [ $ABIDIFF_USAGE_ERROR -ne 0 ]; then
print_log "abidiff reported ABIDIFF_USAGE_ERROR."
REPORT_RET_AS_FAILURE=1
fi
if [ $ABIDIFF_UNKNOWN_BIT_SET -ne 0 ]; then
print_log "abidiff reported ABIDIFF_UNKNOWN_BIT_SET."
REPORT_RET_AS_FAILURE=1
fi
if [ $ABIDIFF_ABI_CHANGE -ne 0 ]; then
print_log "Ignoring abidiff result ABI_CHANGE, instead we'll check for non-whitelisted differences."
fi
if [ $ABIDIFF_ABI_INCOMPATIBLE_CHANGE -ne 0 ]; then
print_log "Ignoring abidiff result ABIDIFF_ABI_INCOMPATIBLE_CHANGE, instead we'll check for non-whitelisted differences."
fi
if [ $REPORT_RET_AS_FAILURE -ne 0 ]; then
ABI_PROBLEM_FOUND=1
print_log "FAILED to run abidiff {$PREVDIST , $NEWDIST} for $SO, or failed writing to ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt"
print_log "abidiff {$PREVDIST , $NEWDIST} for $SO FAILED with result $RET, or failed writing to ${HGDIR}/nss/automation/abi-check/new-report-$SO.txt"
fi
if [ ! -f ${HGDIR}/nss/automation/abi-check/expected-report-$SO.txt ]; then
ABI_PROBLEM_FOUND=1
......
FROM ubuntu:16.04
MAINTAINER Franziskus Kiefer <franziskuskiefer@gmail.com>
# Minimal image with clang-format 3.9.
FROM ubuntu:18.04
LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
RUN useradd -d /home/worker -s /bin/bash -m worker
WORKDIR /home/worker
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
clang-format-3.9 \
locales \
mercurial \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
# Install dependencies.
ADD setup.sh /tmp/setup.sh
RUN bash /tmp/setup.sh
RUN update-alternatives --install /usr/bin/clang-format \
clang-format $(which clang-format-3.9) 10
# Change user.
USER worker
# Env variables.
ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV LOGNAME $USER
ENV HOME /home/$USER
ENV HOSTNAME taskcluster-worker
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV LC_ALL $LANG
ENV HOST localhost
ENV DOMSUF localdomain
# Entrypoint.
RUN locale-gen $LANG \
&& DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
RUN useradd -d $HOME -s $SHELL -m $USER
WORKDIR $HOME
USER $USER
# Entrypoint - which only works if /home/worker/nss is mounted.
ENTRYPOINT ["/home/worker/nss/automation/clang-format/run_clang_format.sh"]
#!/usr/bin/env bash
set -v -e -x
# Update packages.
export DEBIAN_FRONTEND=noninteractive
apt-get -y update && apt-get -y upgrade
# Install packages.
apt_packages=()
apt_packages+=('ca-certificates')
apt_packages+=('curl')
apt_packages+=('xz-utils')
apt_packages+=('mercurial')
apt_packages+=('git')
apt_packages+=('locales')
apt-get install -y --no-install-recommends ${apt_packages[@]}
# Download clang.
curl -L https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz -o clang.tar.xz
curl -L https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig -o clang.tar.xz.sig
# Verify the signature.
gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
gpg --verify clang.tar.xz.sig
# Install into /usr/local/.
tar xJvf *.tar.xz -C /usr/local --strip-components=1
# Cleanup.
function cleanup() {
rm -f clang.tar.xz clang.tar.xz.sig
}
trap cleanup ERR EXIT
locale-gen en_US.UTF-8
dpkg-reconfigure locales
# Cleanup.
rm -rf ~/.ccache ~/.cache
apt-get autoremove -y
apt-get clean
apt-get autoclean
# We're done. Remove this script.
rm $0
4.18
4.20
# The first line of this file must contain the human readable NSPR
# version number, which is the minimum required version of NSPR
......
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* Library identity and versioning */
#include "nssmkey.h"
#if defined(DEBUG)
#define _DEBUG_STRING " (debug)"
#else
#define _DEBUG_STRING ""
#endif
/*
* Version information
*/
const char __nss_ckmk_version[] = "Version: NSS Access to the MAC OS X Key Ring " NSS_CKMK_LIBRARY_VERSION _DEBUG_STRING;
bmul : {n,m} (fin n, n >= 1, m == n*2 - 1) => [n] -> [n] -> ([n], [n])
bmul a b = (take`{n} prod, drop`{n} prod)
where prod = pad (pmult a b : [m])
pad x = zero # x
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
import "bmul.cry";
print "Loading LLVM bitcode...";
m <- llvm_load_module "../../../dist/Debug/lib/libfreeblpriv3.so.bc";
let SpecBinaryMul n = do {
x <- llvm_var "x" (llvm_int n);
y <- llvm_var "y" (llvm_int n);
llvm_ptr "r_high" (llvm_int n);
r_high <- llvm_var "*r_high" (llvm_int n);
llvm_ptr "r_low" (llvm_int n);
r_low <- llvm_var "*r_low" (llvm_int n);
let res = {{ bmul x y }};
llvm_ensure_eq "*r_high" {{ res.0 }};
llvm_ensure_eq "*r_low" {{ res.1 }};
llvm_verify_tactic abc;
};
print "Proving equality for 32-bit bmul()...";
time (llvm_verify m "bmul32" [] (SpecBinaryMul 32));
This diff is collapsed.
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
import "chacha20.cry" as chacha20;
print "Proving ChaCha20 spec...";
prove_print abc {{ chacha20::allTestsPass }};
print "Loading LLVM bitcode...";
m <- llvm_load_module "../../../dist/Debug/lib/libfreeblpriv3.so.bc";
let SpecChaCha20 n = do {
llvm_ptr "output" (llvm_array n (llvm_int 8));
output <- llvm_var "*output" (llvm_array n (llvm_int 8));
llvm_ptr "plain" (llvm_array n (llvm_int 8));
plain <- llvm_var "*plain" (llvm_array n (llvm_int 8));
len <- llvm_var "len" (llvm_int 32);
llvm_assert_eq "len" {{ `n : [32] }};
llvm_ptr "k" (llvm_array 32 (llvm_int 8));
k <- llvm_var "*k" (llvm_array 32 (llvm_int 8));
llvm_ptr "n1" (llvm_array 12 (llvm_int 8));
n1 <- llvm_var "*n1" (llvm_array 12 (llvm_int 8));
ctr <- llvm_var "ctr" (llvm_int 32);
llvm_ensure_eq "*output" {{ chacha20::encrypt k ctr n1 plain }};
llvm_verify_tactic abc;
};
print "Proving equality for a single block...";
time (llvm_verify m "Hacl_Chacha20_chacha20" [] (SpecChaCha20 64));
print "Proving equality for multiple blocks...";
time (llvm_verify m "Hacl_Chacha20_chacha20" [] (SpecChaCha20 256));
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
import "poly1305.cry" as poly1305;
print "Proving Poly1305 spec...";
prove_print abc {{ poly1305::allTestsPass }};
print "Loading LLVM bitcode...";
m <- llvm_load_module "../../../dist/Debug/lib/libfreeblpriv3.so.bc";
let SpecPoly1305 n = do {
llvm_ptr "output" (llvm_array 16 (llvm_int 8));
output <- llvm_var "*output" (llvm_array 16 (llvm_int 8));
llvm_ptr "input" (llvm_array n (llvm_int 8));
input <- llvm_var "*input" (llvm_array n (llvm_int 8));
llvm_var "len1" (llvm_int 64);
llvm_ptr "k1" (llvm_array 32 (llvm_int 8));
k1 <- llvm_var "*k1" (llvm_array 32 (llvm_int 8));
llvm_assert_eq "*input" {{ zero : [n][8] }};
llvm_assert_eq "len1" {{ `n : [64] }};
llvm_assert_eq "*k1" {{ zero : [32][8] }};
let res = {{ poly1305::Poly1305 input (take`{16} k1) (drop`{16} k1) }};
llvm_ensure_eq "*output" {{ res }};
llvm_verify_tactic abc;
};
print "Proving equality for a single block...";
// This is currently disabled as it takes way too long. We need to help Z3
// prove this before we can enable it on Taskcluster.
//time (llvm_verify m "Hacl_Poly1305_64_crypto_onetimeauth" [] (SpecPoly1305 16));
This diff is collapsed.
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
import "poly1305.cry" as poly1305;
print "Proving Poly1305 spec...";
prove_print abc {{ poly1305::allTestsPass }};
print "Loading LLVM bitcode...";
m <- llvm_load_module "../../../dist/Debug/lib/libfreeblpriv3.so.bc";
let SpecPoly1305 n = do {
llvm_ptr "out" (llvm_array 16 (llvm_int 8));
out <- llvm_var "*out" (llvm_array 16 (llvm_int 8));
llvm_ptr "ad" (llvm_array 16 (llvm_int 8));
ad <- llvm_var "*ad" (llvm_array 16 (llvm_int 8));
adLen <- llvm_var "adLen" (llvm_int 32);
llvm_ptr "ciphertext" (llvm_array n (llvm_int 8));
ciphertext <- llvm_var "*ciphertext" (llvm_array n (llvm_int 8));
ciphertextLen <- llvm_var "ciphertextLen" (llvm_int 32);
llvm_ptr "key" (llvm_array 32 (llvm_int 8));
key <- llvm_var "*key" (llvm_array 32 (llvm_int 8));
llvm_assert_eq "*ad" {{ zero : [16][8] }};
llvm_assert_eq "adLen" {{ 16 : [32] }};
llvm_assert_eq "*ciphertext" {{ zero : [n][8] }};
llvm_assert_eq "ciphertextLen" {{ `n : [32] }};
llvm_assert_eq "*key" {{ zero : [32][8] }};
let res = {{ poly1305::Poly1305 (ad # ciphertext # [16, 0, 0, 0, 0, 0, 0, 0] # [`n, 0, 0, 0, 0, 0, 0, 0]) (take`{16} key) (drop`{16} key) }};
llvm_ensure_eq "*out" {{ res }};
llvm_verify_tactic abc;
};
print "Proving equality for a single block...";
// This is currently disabled as it takes way too long. We need to help Z3
// prove this before we can enable it on Taskcluster.
//time (llvm_verify m "Poly1305Do" [] (SpecPoly1305 16));
......@@ -20,7 +20,6 @@ ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV HOST localhost
......
......@@ -17,7 +17,6 @@ ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV HOST localhost
......
# Dockerfile for building extra builds. This includes more tools than the
# default image, so it's a fair bit bigger. Only use this for builds where
# the smaller docker image is missing something. These builds will run on
# the leaner configuration.
FROM ubuntu:18.04
LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
RUN dpkg --add-architecture i386
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
build-essential \
ca-certificates \
clang-4.0 \
clang \
cmake \
curl \
g++-4.8-multilib \
g++-5-multilib \
g++-6-multilib \
g++-multilib \
git \
gyp \
libelf-dev \
libdw-dev \
libssl-dev \
libssl-dev:i386 \
libxml2-utils \
lib32z1-dev \
linux-libc-dev:i386 \
llvm-dev \
locales \
mercurial \
ninja-build \
pkg-config \
valgrind \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
# Latest version of abigail-tools
RUN apt-get update \
&& apt-get install -y --no-install-recommends automake libtool libxml2-dev \
&& git clone git://sourceware.org/git/libabigail.git /tmp/libabigail \
&& cd /tmp/libabigail \
&& autoreconf -fi \
&& ./configure --prefix=/usr --disable-static --disable-apidoc --disable-manual \
&& make && make install \
&& rm -rf /tmp/libabigail \
&& apt-get remove -y automake libtool libxml2-dev \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME $USER
ENV HOME /home/$USER
ENV LANG en_US.UTF-8
ENV LC_ALL $LANG
ENV HOST localhost
ENV DOMSUF localdomain
RUN locale-gen $LANG \
&& DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
RUN useradd -d $HOME -s $SHELL -m $USER
WORKDIR $HOME
# Add build and test scripts.
ADD bin $HOME/bin
RUN chmod +x $HOME/bin/*
USER $USER
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]
FROM ubuntu:16.04
MAINTAINER Tim Taubert <ttaubert@mozilla.com>
RUN useradd -d /home/worker -s /bin/bash -m worker
WORKDIR /home/worker
# Add build and test scripts.
ADD bin /home/worker/bin
RUN chmod +x /home/worker/bin/*
# Install dependencies.
ADD setup.sh /tmp/setup.sh
RUN bash /tmp/setup.sh
# Change user.
USER worker
# Env variables.
ENV HOME /home/worker
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME worker
ENV HOSTNAME taskcluster-worker
ENV LANG en_US.UTF-8
ENV LC_ALL en_US.UTF-8
ENV HOST localhost
ENV DOMSUF localdomain
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]
#!/usr/bin/env bash
set -v -e -x
# Update packages.
export DEBIAN_FRONTEND=noninteractive
apt-get -y update && apt-get -y upgrade
# Need this to add keys for PPAs below.
apt-get install -y --no-install-recommends apt-utils
apt_packages=()
apt_packages+=('ca-certificates')
apt_packages+=('curl')
apt_packages+=('locales')
apt_packages+=('xz-utils')
# Latest Mercurial.
apt_packages+=('mercurial')
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 41BD8711B1F0EC2B0D85B91CF59CE3A8323293EE
echo "deb http://ppa.launchpad.net/mercurial-ppa/releases/ubuntu xenial main" > /etc/apt/sources.list.d/mercurial.list
# Install packages.
apt-get -y update
apt-get install -y --no-install-recommends ${apt_packages[@]}
# Download clang.
curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz
curl -LO https://releases.llvm.org/3.9.1/clang+llvm-3.9.1-x86_64-linux-gnu-ubuntu-16.04.tar.xz.sig
# Verify the signature.
gpg --keyserver pool.sks-keyservers.net --recv-keys B6C8F98282B944E3B0D5C2530FC3042E345AD05D
gpg --verify *.tar.xz.sig
# Install into /usr/local/.
tar xJvf *.tar.xz -C /usr/local --strip-components=1
# Cleanup.
rm *.tar.xz*
locale-gen en_US.UTF-8
dpkg-reconfigure locales
# Cleanup.
rm -rf ~/.ccache ~/.cache
apt-get autoremove -y
apt-get clean
apt-get autoclean
rm $0
# Minimal image with clang-format 3.9.
FROM ubuntu:18.04
LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates \
clang-format-3.9 \
locales \
mercurial \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get autoremove -y && apt-get clean -y
RUN update-alternatives --install /usr/bin/clang-format \
clang-format $(which clang-format-3.9) 10
ENV SHELL /bin/bash
ENV USER worker
ENV LOGNAME $USER
ENV HOME /home/$USER
ENV LANG en_US.UTF-8
ENV LC_ALL $LANG
ENV HOST localhost
ENV DOMSUF localdomain
RUN locale-gen $LANG \
&& DEBIAN_FRONTEND=noninteractive dpkg-reconfigure locales
RUN useradd -d $HOME -s $SHELL -m $USER
WORKDIR $HOME
ADD bin $HOME/bin
RUN chmod +x $HOME/bin/*
USER $USER
# Set a default command for debugging.
CMD ["/bin/bash", "--login"]
#!/usr/bin/env bash
set -v -e -x
if [ $(id -u) = 0 ]; then
# Drop privileges by re-running this script.
exec su worker $0
fi
# Default values for testing.
REVISION=${NSS_HEAD_REVISION:-default}
REPOSITORY=${NSS_HEAD_REPOSITORY:-https://hg.mozilla.org/projects/nss}
# Clone NSS.
for i in 0 2 5; do
sleep $i
hg clone -r $REVISION $REPOSITORY nss && exit 0
rm -rf nss
done
exit 1
FROM ubuntu:16.04
MAINTAINER Tim Taubert <ttaubert@mozilla.com>
# Minimal image for running the decision task.
FROM ubuntu:18.04
LABEL maintainer="Martin Thomson <martin.thomson@gmail.com>"
RUN useradd -d /home/worker -s /bin/bash -m worker