diff options
| author | Micah Elizabeth Scott <beth@torproject.org> | 2023-05-30 09:53:09 -0700 |
|---|---|---|
| committer | Micah Elizabeth Scott <beth@torproject.org> | 2023-05-31 11:08:27 -0700 |
| commit | 3036bedf30d413e8236ec962b9c91b66988c2204 (patch) | |
| tree | 8974d9c21c660729ec0e43ee056ad48852893323 /.gitlab-ci.yml | |
| parent | e390a7cdee2dab0abcbaf06fad9d03b028377a70 (diff) | |
| download | tor-3036bedf30d413e8236ec962b9c91b66988c2204.tar.gz tor-3036bedf30d413e8236ec962b9c91b66988c2204.zip | |
Update CI builds to Debian Bullseye, fix associated compatibility bugs
This is a change intended for 0.4.7 maintenance as well as main.
The CI builds use Debian Buster which is now end of life, and I was
experiencing inconsistent CI failures with accessing its security update
server. I wanted to update CI to a distro that isn't EOL, and Bullseye
is the current stable release of Debian.
This opened up a small can of worms that this commit also deals with.
In particular there's a docker engine bug that we work around by
removing the docker-specific apt cleanup script if it exists, and
there's a new incompatibility between tracing and sandbox support.
The tracing/sandbox incompatibility itself had two parts:
- The membarrier() syscall is used to deliver inter-processor
synchronization events, and the external "userspace-rcu"
data structure library would make assumptions that if membarrier
is available at initialization it always will be. This caused
segfaults in some cases when running trace + sandbox. Resolved this
by allowing membarrier entirely, in the sandbox.
- userspace-rcu also assumes it can block signals, and fails
hard if this can't be done. We already include a similar carveout
to allow this in the sandbox for fragile-hardening, so I extended
that to cover tracing as well.
Addresses issue #40799
Signed-off-by: Micah Elizabeth Scott <beth@torproject.org>
Diffstat (limited to '.gitlab-ci.yml')
| -rw-r--r-- | .gitlab-ci.yml | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d033b7ca30..3bb2a9a40f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -49,6 +49,7 @@ variables: echo Etc/UTC > /etc/timezone mkdir -p apt-cache export APT_CACHE_DIR="$(pwd)/apt-cache" + rm -f /etc/apt/apt.conf.d/docker-clean echo 'quiet "1";' \ 'APT::Install-Recommends "0";' \ 'APT::Install-Suggests "0";' \ @@ -79,9 +80,11 @@ variables: - *apt-template # Install patches unconditionally. - apt-get install + apt-utils automake build-essential ca-certificates + file git libevent-dev liblzma-dev @@ -106,7 +109,7 @@ variables: # Minimal check on debian: just make, make check. # debian-minimal: - image: debian:buster + image: debian:bullseye <<: *debian-template script: - ./scripts/ci/ci-driver.sh @@ -114,7 +117,7 @@ debian-minimal: # Minmal check on debian/i386: just make, make check. # debian-i386-minimal: - image: i386/debian:buster + image: i386/debian:bullseye <<: *debian-template script: - ./scripts/ci/ci-driver.sh @@ -137,7 +140,7 @@ debian-hardened: ##### # Distcheck on debian stable debian-distcheck: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: DISTCHECK: "yes" @@ -148,7 +151,7 @@ debian-distcheck: ##### # Documentation tests on debian stable: doxygen and asciidoc. debian-docs: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: DOXYGEN: "yes" @@ -166,7 +169,7 @@ debian-docs: # with the 'artifacts' mechanism, in theory, but it would be good to # avoid having to have a system with hundreds of artifacts. debian-integration: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: CHECK: "no" @@ -180,7 +183,7 @@ debian-integration: ##### # Tracing build on Debian stable. debian-tracing: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: TRACING: "yes" @@ -192,7 +195,7 @@ debian-tracing: ##### # No-authority mode debian-disable-dirauth: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: DISABLE_DIRAUTH: "yes" @@ -202,7 +205,7 @@ debian-disable-dirauth: ##### # No-relay mode debian-disable-relay: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: DISABLE_RELAY: "yes" @@ -212,7 +215,7 @@ debian-disable-relay: ##### # NSS check on debian debian-nss: - image: debian:buster + image: debian:bullseye <<: *debian-template variables: NSS: "yes" |