Switch to using tor-browser-build submodule

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "rbm"]
 	path = rbm
 	url = https://git.torproject.org/builders/rbm.git
+[submodule "tor-browser-build"]
+	path = tor-browser-build
+	url = https://git.torproject.org/builders/tor-browser-build.git

projects/common

@@ -0,0 +1 @@
+../tor-browser-build/projects/common/

projects/common/runc-config.json

@@ -1,268 +0,0 @@
-{
-  "ociVersion": "1.0.0[% IF !c("var_p/runc_spec100") %]-rc1[% END %]",
-  "platform": {
-    "os": "linux",
-    "arch": "amd64"
-  },
-  "process": {
-    "terminal": [% IF c("interactive") %]true[% ELSE %]false[% END %],
-    "user": {
-      "uid": 0,
-      "gid": 0
-    },
-    "args": [
-      "/rbm/run"
-    ],
-    "env": [
-      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
-      "TERM=xterm"
-    ],
-    "cwd": "/",
-[% IF c("var_p/runc_spec100") -%]
-    "capabilities": {
-      "bounding": [
-        "CAP_AUDIT_WRITE",
-        "CAP_KILL",
-        "CAP_NET_BIND_SERVICE",
-        "CAP_SETGID",
-        "CAP_SETUID",
-        "CAP_MKNOD",
-        "CAP_SYS_CHROOT",
-[% IF c("var/container/CAP_SYS_ADMIN") -%]
-        "CAP_SYS_ADMIN",
-[% END -%]
-        "CAP_FSETID",
-        "CAP_FOWNER",
-        "CAP_DAC_OVERRIDE",
-        "CAP_CHOWN"
-      ],
-      "effective": [
-        "CAP_AUDIT_WRITE",
-        "CAP_KILL",
-        "CAP_NET_BIND_SERVICE",
-        "CAP_SETGID",
-        "CAP_SETUID",
-        "CAP_MKNOD",
-        "CAP_SYS_CHROOT",
-[% IF c("var/container/CAP_SYS_ADMIN") -%]
-        "CAP_SYS_ADMIN",
-[% END -%]
-        "CAP_FSETID",
-        "CAP_FOWNER",
-        "CAP_DAC_OVERRIDE",
-        "CAP_CHOWN"
-      ],
-      "inheritable": [
-        "CAP_AUDIT_WRITE",
-        "CAP_KILL",
-        "CAP_NET_BIND_SERVICE",
-        "CAP_SETGID",
-        "CAP_SETUID",
-        "CAP_MKNOD",
-        "CAP_SYS_CHROOT",
-[% IF c("var/container/CAP_SYS_ADMIN") -%]
-        "CAP_SYS_ADMIN",
-[% END -%]
-        "CAP_FSETID",
-        "CAP_FOWNER",
-        "CAP_DAC_OVERRIDE",
-        "CAP_CHOWN"
-      ],
-      "permitted": [
-        "CAP_AUDIT_WRITE",
-        "CAP_KILL",
-        "CAP_NET_BIND_SERVICE",
-        "CAP_SETGID",
-        "CAP_SETUID",
-        "CAP_MKNOD",
-        "CAP_SYS_CHROOT",
-[% IF c("var/container/CAP_SYS_ADMIN") -%]
-        "CAP_SYS_ADMIN",
-[% END -%]
-        "CAP_FSETID",
-        "CAP_FOWNER",
-        "CAP_DAC_OVERRIDE",
-        "CAP_CHOWN"
-      ],
-      "ambient": [
-        "CAP_AUDIT_WRITE",
-        "CAP_KILL",
-        "CAP_NET_BIND_SERVICE",
-        "CAP_SETGID",
-        "CAP_SETUID",
-        "CAP_MKNOD",
-        "CAP_SYS_CHROOT",
-[% IF c("var/container/CAP_SYS_ADMIN") -%]
-        "CAP_SYS_ADMIN",
-[% END -%]
-        "CAP_FSETID",
-        "CAP_FOWNER",
-        "CAP_DAC_OVERRIDE",
-        "CAP_CHOWN"
-      ]
-    },
-[% ELSE -%]
-    "capabilities": [
-      "CAP_AUDIT_WRITE",
-      "CAP_KILL",
-      "CAP_NET_BIND_SERVICE",
-      "CAP_SETGID",
-      "CAP_SETUID",
-      "CAP_MKNOD",
-      "CAP_SYS_CHROOT",
-[% IF c("var/container/CAP_SYS_ADMIN") -%]
-      "CAP_SYS_ADMIN",
-[% END -%]
-      "CAP_FSETID",
-      "CAP_FOWNER",
-      "CAP_DAC_OVERRIDE",
-      "CAP_CHOWN"
-    ],
-[% END -%]
-    "rlimits": [
-      {
-        "type": "RLIMIT_NOFILE",
-        "hard": 1024,
-        "soft": 1024
-      }
-    ],
-    "noNewPrivileges": true
-  },
-  "root": {
-      "path": "rootfs",
-      "readonly": false
-  },
-  "hostname": "runc",
-  "mounts": [
-    {
-      "destination": "/proc",
-      "type": "proc",
-      "source": "proc"
-    },
-    {
-      "type": "bind",
-      "source": "/etc/resolv.conf",
-      "destination": "/etc/resolv.conf",
-      "options": [
-        "rbind",
-        "ro"
-      ]
-    },
-    {
-      "destination": "/dev",
-      "type": "tmpfs",
-      "source": "tmpfs",
-      "options": [
-        "nosuid",
-        "strictatime",
-        "mode=755",
-        "size=65536k"
-      ]
-    },
-    {
-      "destination": "/dev/pts",
-      "type": "devpts",
-      "source": "devpts",
-      "options": [
-        "nosuid",
-        "noexec",
-        "newinstance",
-        "ptmxmode=0666",
-        "mode=0620",
-        "gid=5"
-      ]
-    },
-    {
-      "destination": "/dev/shm",
-      "type": "tmpfs",
-      "source": "shm",
-      "options": [
-        "nosuid",
-        "noexec",
-        "nodev",
-        "mode=1777",
-        "size=65536k"
-      ]
-    },
-    {
-      "destination": "/dev/mqueue",
-      "type": "mqueue",
-      "source": "mqueue",
-      "options": [
-        "nosuid",
-        "noexec",
-        "nodev"
-      ]
-    },
-    {
-      "destination": "/sys",
-      "type": "sysfs",
-      "source": "sysfs",
-      "options": [
-        "nosuid",
-        "noexec",
-        "nodev",
-        "ro"
-      ]
-    },
-    {
-      "destination": "/sys/fs/cgroup",
-      "type": "cgroup",
-      "source": "cgroup",
-      "options": [
-        "nosuid",
-        "noexec",
-        "nodev",
-        "relatime",
-        "ro"
-      ]
-    }
-  ],
-  "hooks": {},
-  "linux": {
-    "resources": {
-      "devices": [
-        {
-          "allow": false,
-          "access": "rwm"
-        }
-      ]
-    },
-    "namespaces": [
-      {
-        "type": "pid"
-      },
-      {
-        "type": "ipc"
-      },
-      {
-        "type": "uts"
-      },
-      {
-        "type": "mount"
-      }
-    ],
-    "maskedPaths": [
-      "/proc/kcore",
-      "/proc/latency_stats",
-      "/proc/timer_stats",
-[% IF c("var_p/runc_spec100") -%]
-      "/proc/timer_list",
-      "/sys/firmware",
-[% END -%]
-      "/proc/sched_debug"
-    ],
-    "readonlyPaths": [
-      "/proc/asound",
-      "/proc/bus",
-      "/proc/fs",
-      "/proc/irq",
-      "/proc/sys",
-      "/proc/sysrq-trigger"
-    ]
-  },
-  "solaris": {
-    "cappedCPU": {},
-    "cappedMemory": {}
-  }
-}

projects/container-image

@@ -0,0 +1 @@
+../tor-browser-build/projects/container-image/

projects/container-image/build

@@ -1,2 +0,0 @@
-#!/bin/sh
-set -e

projects/container-image/config

@@ -1,62 +0,0 @@
-filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %]-[% sha256(c("pre")).substr(0,12) %].tar.gz'
-pkg_type: build
-
-var:
-  container:
-    use_container: 1
-    suite: '[% pc(c("origin_project"), "var/container/suite") %]'
-    arch:  '[% pc(c("origin_project"), "var/container/arch")  %]'
-
-lsb_release:
-  id: Debian
-  codename: wheezy
-  release: 7.11
-
-pre: |
-  #!/bin/sh
-  # [% c('var/container/suite') %]
-  set -e
-  [% IF pc(c('origin_project'), 'var/pre_pkginst') -%]
-  [% pc(c('origin_project'), 'var/pre_pkginst') %]
-  [% END -%]
-  apt-get update -y
-  apt-get upgrade -y
-  [%
-    deps = [];
-    IF pc(c('origin_project'), 'var/deps');
-      CALL deps.import(pc(c('origin_project'), 'var/deps'));
-    END;
-    IF pc(c('origin_project'), 'var/arch_deps');
-      CALL deps.import(pc(c('origin_project'), 'var/arch_deps'));
-    END;
-    IF deps.size;
-      IF pc(c('origin_project'), 'var/sort_deps');
-        deps = deps.sort;
-      END;
-      FOREACH pkg IN deps;
-        SET p = tmpl(pkg);
-        IF p;
-          GET c('install_package', { pkg_name => p });
-          GET "\n";
-        END;
-      END;
-    END;
-  -%]
-  [% IF pc(c('origin_project'), 'var/post_pkginst') -%]
-  [% pc(c('origin_project'), 'var/post_pkginst') %]
-  [% END -%]
-
-remote_get: |
-  #!/bin/sh
-  set -e
-  [%
-    SET src = shell_quote(c('get_src', { error_if_undef => 1 }));
-    SET dst = shell_quote(c('get_dst', { error_if_undef => 1 }));
-  -%]
-  mkdir -p "[% dst %]"
-  sudo tar -C "[% c("var/container/dir") %]/rootfs" -czf "[% dst %]/[% c("filename") %]" .
-
-input_files:
-  - project: debootstrap-image
-    target:
-      - '[% c("var/container/suite") %]-[% c("var/container/arch") %]'

projects/debootstrap-image

@@ -0,0 +1 @@
+../tor-browser-build/projects/debootstrap-image/

projects/debootstrap-image/build

@@ -1,2 +0,0 @@
-#!/bin/sh
-set -e

projects/debootstrap-image/config

@@ -1,55 +0,0 @@
-filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %].tar.gz'
-pkg_type: build
-
-var:
-  ubuntu_version: 18.04.1
-
-  container:
-    use_container: 1
-    # We need CAP_SYS_ADMIN for debootstrap to work
-    CAP_SYS_ADMIN: 1
-
-pre: |
-  #!/bin/sh
-  set -e
-  apt-get update -y
-  apt-get install -y debian-archive-keyring ubuntu-keyring debootstrap
-  container=systemd-nspawn debootstrap --arch=[% c("var/container/arch") %] [% c("var/container/debootstrap_opt") %] [% c("var/container/suite") %] base-image [% c("var/container/debootstrap_mirror") %]
-  tar -C ./base-image -czf [% dest_dir %]/[% c("filename") %] .
-
-targets:
-  wheezy-amd64:
-    var:
-      container:
-        suite: wheezy
-        arch: amd64
-  wheezy-i386:
-    var:
-      container:
-        suite: wheezy
-        arch: i386
-  jessie-amd64:
-    var:
-      container:
-        suite: jessie
-        arch: amd64
-  jessie-i386:
-    var:
-      container:
-        suite: jessie
-        arch: i386
-  buster-amd64:
-    var:
-      container:
-        suite: buster
-        arch: amd64
-  stretch-amd64:
-    var:
-      container:
-        suite: stretch
-        arch: amd64
-
-input_files:
-  - URL: 'http://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
-    filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
-    sha256sum: ed76e649f65548a80b361b68011085ec4dde7bb762d667657acbef87765e1a12

projects/go

@@ -0,0 +1 @@
+../tor-browser-build/projects/go

projects/go/build

@@ -1,51 +0,0 @@
-#!/usr/bin/env bash
-[% c("var/set_default_env") -%]
-[% c("var/setarch") -%]
-distdir=/var/tmp/dist/[% project %]
-mkdir -p /var/tmp/dist
-
-[% IF c("var/linux") %]
-  # Config options for hardening-wrapper
-  export DEB_BUILD_HARDENING=1
-  export DEB_BUILD_HARDENING_STACKPROTECTOR=1
-  export DEB_BUILD_HARDENING_FORTIFY=1
-  export DEB_BUILD_HARDENING_FORMAT=1
-  export DEB_BUILD_HARDENING_PIE=1
-[% END %]
-
-mkdir -p /var/tmp/build
-
-# Building go 1.4.x
-# This is needed to bootstrap the go that we actually use
-# https://golang.org/doc/install/source#go14
-tar -C /var/tmp/build --transform='s,^go\>,go1.4,' -xf $rootdir/[% c('input_files_by_name/go14') %]
-cd /var/tmp/build/go1.4/src
-# Disable cgo to avoid conflicts with newer GCC. cgo is not needed for the bootstrap go.
-# https://github.com/golang/go/issues/13114#issuecomment-186922245
-# Disable CC etc. that are set up for cross builds.
-CGO_ENABLED=0 CC= CFLAGS= LDFLAGS= ./make.bash
-export GOROOT_BOOTSTRAP="/var/tmp/build/go1.4"
-
-cd $rootdir
-[% IF ! c("var/linux") %]
-  [% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %]
-[% END %]
-
-# Building go
-# http://golang.org/doc/install/source#environment
-tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/go') %]
-export GOROOT="$distdir"
-cd /var/tmp/dist/go/src
-[% IF c("var/linux") %]
-  ./make.bash
-[% ELSIF c("var/osx") %]
-  # TODO
-[% ELSIF c("var/windows") %]
-  # TODO
-[% END -%]
-
-cd /var/tmp/dist
-[% c('tar', {
-     tar_src  => [ project ],
-     tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
-   }) %]

projects/go/config

@@ -1,90 +0,0 @@
-version: 1.11.1
-filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
-
-var:
-  go14_version: 1.4.3
-  container:
-    use_container: 1
-
-  setup: |
-    [% c("var/setarch") -%]
-    mkdir -p /var/tmp/dist
-    tar -C /var/tmp/dist -xf $rootdir/[% c("go_tarfile") %]
-    export GOOS=[% c("var/GOOS") %]
-    export GOARCH=[% c("var/GOARCH") %]
-    export GOPATH=/var/tmp/dist/gopath
-    export PATH=/var/tmp/dist/go/bin:/var/tmp/dist/gopath/bin:"$PATH"
-
-  # Template build script for building a go library.
-  # This can be called as projects/go/var/build_go_lib.
-  # You need to define /var/go_lib, and optionally var/go_lib_install as a list
-  # of install targets.
-  build_go_lib: |
-    #!/bin/sh
-    [% c("var/set_default_env") -%]
-    [% pc('go', 'var/setup', { go_tarfile => c('input_files_by_name/go') }) %]
-    distdir=/var/tmp/dist/[% project %]
-    mkdir -p /var/tmp/build
-    tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.gz
-    [% FOREACH dep = c("var/go_lib_deps") -%]
-      tar -C /var/tmp/dist -xf [% c('input_files_by_name/' _ dep) %]
-    [% END -%]
-    mkdir -p $(dirname "$GOPATH/src/[% c("var/go_lib") %]")
-    mv /var/tmp/build/[% project %]-[% c('version') %] "$GOPATH/src/[% c("var/go_lib") %]"
-    cd "$GOPATH/src/[% c("var/go_lib") %]"
-    for p in $(ls -1 $rootdir/*.patch 2> /dev/null | sort)
-    do
-      patch -p1 < $p
-    done
-    [% IF c("var/build_go_lib_pre"); GET c("var/build_go_lib_pre"); END; -%]
-    [% IF c("var/go_lib_install") -%]
-      [% FOREACH inst IN c("var/go_lib_install") %]
-        go install [% inst %]
-      [% END %]
-    [% ELSE %]
-      go install [% c("var/go_lib") %]
-    [% END %]
-    cd /var/tmp/dist
-    [% c('tar', {
-         tar_src  => [ 'gopath' ],
-         tar_args => '-czf ' _ dest_dir _ '/' _ c('filename'),
-       }) %]
-
-targets:
-  windows:
-    var:
-      GOOS: windows
-  windows-i686:
-    var:
-      GOARCH: 386
-  windows-x86_64:
-    var:
-      GOARCH: amd64
-  osx-x86_64:
-    var:
-      GOOS: darwin
-      GOARCH: amd64
-      arch_deps:
-        - faketime
-  linux:
-    var:
-      GOOS: linux
-  linux-x86_64:
-    var:
-      GOARCH: amd64
-  linux-i686:
-    var:
-      GOARCH: 386
-
-input_files:
-  - project: container-image
-  - name: '[% c("var/compiler") %]'
-    project: '[% c("var/compiler") %]'
-    enable: '[% c("var/windows") || c("var/osx") %]'
-  - URL: 'https://golang.org/dl/go[% c("version") %].src.tar.gz'
-    name: go
-    sha256sum: 558f8c169ae215e25b81421596e8de7572bd3ba824b79add22fba6e284db1117
-  - URL: 'https://golang.org/dl/go[% c("var/go14_version") %].src.tar.gz'
-    name: go14
-    sha256sum: 9947fc705b0b841b5938c48b22dc33e9647ec0752bae66e50278df4f23f64959
-

projects/golang.org,x,net

@@ -0,0 +1 @@
+../tor-browser-build/projects/goxnet

projects/golang.org,x,net/config

@@ -1,19 +0,0 @@
-version: '[% c("abbrev") %]'
-git_url:  https://go.googlesource.com/net
-git_hash: '[% config.var_p.id.${"golang.org/x/net"} %]'
-filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
-
-build: '[% c("projects/go/var/build_go_lib") %]'
-
-var:
-  container:
-    use_container: 1
-  go_lib: golang.org/x/net
-  go_lib_install:
-    - golang.org/x/net/context
-  go_lib_deps: []
-
-input_files:
-  - project: container-image
-  - name: go
-    project: go

tor-browser-build

@@ -0,0 +1 @@
+Subproject commit d8f156e110afe00e0b366cff8ff0e0c53b4a58c9