Commits:
-
f701f1df
by Beatriz Rizental at 2025-02-11T11:55:20+01:00
Bug 42669: [Part 1] Add uniffi-rs project
Apps team forks uniffi and applies a patch to make the Kotlin
bindings no-op.
-
9345a6ea
by Beatriz Rizental at 2025-02-11T14:31:15+01:00
Bug 42669: [Part 2] Use custom uniffi-rs in application-services
The apps team custom uniffi-rs implementation removes
the dependecy on application-services Rust libraries.
Therefore, this commit also include changes to skip
building and including these libs (aka libmegazord)
in the final Android application.
15 changed files:
Changes:
Makefile
| ... |
... |
@@ -669,6 +669,9 @@ cargo_vendor-wasm-bindgen: submodule-update |
|
669
|
669
|
cargo_vendor-lox: submodule-update
|
|
670
|
670
|
$(rbm) build lox-wasm --step cargo_vendor --target alpha --target torbrowser-linux-x86_64
|
|
671
|
671
|
|
|
|
672
|
+cargo_vendor-uniffi-rs: submodule-update
|
|
|
673
|
+ $(rbm) build uniffi-rs --step cargo_vendor --target alpha --target torbrowser-linux-x86_64
|
|
|
674
|
+
|
|
672
|
675
|
go_vendor-snowflake: submodule-update
|
|
673
|
676
|
$(rbm) build snowflake --step go_vendor --target alpha --target torbrowser-linux-x86_64
|
|
674
|
677
|
|
projects/application-services/README.md
|
1
|
1
|
Application Services is a collection of Rust components to enable integration
|
|
2
|
2
|
with Mozilla online services, such as the Mozilla account, sync, etc...
|
|
3
|
3
|
|
|
|
4
|
+Since all of the application-services features are disabled by the Tor Project browsers,
|
|
|
5
|
+we don't build or include these Rust libraries in them. Even though these libraries
|
|
|
6
|
+are written in Rust, they are consumed by Kotlin. Application Services uses uniffi
|
|
|
7
|
+to auto-generate the Kotlin code that communicates with Rust. We have developed a
|
|
|
8
|
+custom generator for uniffi (see `projects/uniffi-rs`) to generate no-op bindings,
|
|
|
9
|
+i.e., bindings that don't call the Rust code and are therefore a dead-end.
|
|
|
10
|
+
|
|
4
|
11
|
We do not fork this project, because we apply a minimal set of patches mainly
|
|
5
|
12
|
needed for offline builds.
|
|
6
|
13
|
|
| ... |
... |
@@ -13,8 +20,12 @@ References: |
|
13
|
20
|
|
|
14
|
21
|
## Vendored Rust dependencies
|
|
15
|
22
|
|
|
16
|
|
-Application Services is written mainly in Rust and it mnanages external
|
|
|
23
|
+Application Services is written mainly in Rust and it manages external
|
|
17
|
24
|
dependencies through cargo.
|
|
|
25
|
+
|
|
|
26
|
+Although most Rust libraries aren't built by this project, the `nimbus-fml`
|
|
|
27
|
+project -- a command line tool used by other projects -- is still built.
|
|
|
28
|
+
|
|
18
|
29
|
Reproduciblity is guaranteed by the provided `Cargo.lock`.
|
|
19
|
30
|
|
|
20
|
31
|
We run offline builds, so we create the dependency archive in a separate step
|
| ... |
... |
@@ -35,16 +46,6 @@ We keep the list of files to download in `gradle-dependencies-list.txt`. |
|
35
|
46
|
A procedure to create this file is documented in
|
|
36
|
47
|
[tor-browser-build#40855](https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40855#note_2906041).
|
|
37
|
48
|
|
|
38
|
|
-## Other dependencies
|
|
39
|
|
-
|
|
40
|
|
-Finally, Application Services depends on two C libraries:
|
|
41
|
|
-[NSS](https://firefox-source-docs.mozilla.org/security/nss/index.html) and
|
|
42
|
|
-[SQLCipher](https://www.zetetic.net/sqlcipher/).
|
|
43
|
|
-We used to have separate tor-browser-build projects for them, but they were
|
|
44
|
|
-almost an exact copy of the scripts included in this repository.
|
|
45
|
|
-Keeping them updated wasn't trivial, so we decided to run Mozilla's scripts
|
|
46
|
|
-instead.
|
|
47
|
|
-
|
|
48
|
49
|
# Caveats
|
|
49
|
50
|
|
|
50
|
51
|
## Git repository information
|
projects/application-services/a-s-noop.diff
|
|
1
|
+diff --git a/components/fxa-client/android/src/main/java/mozilla/appservices/fxaclient/Config.kt b/components/fxa-client/android/src/main/java/mozilla/appservices/fxaclient/Config.kt
|
|
|
2
|
+index 78c16dd0..d2615fa7 100644
|
|
|
3
|
+--- a/components/fxa-client/android/src/main/java/mozilla/appservices/fxaclient/Config.kt
|
|
|
4
|
++++ b/components/fxa-client/android/src/main/java/mozilla/appservices/fxaclient/Config.kt
|
|
|
5
|
+@@ -13,4 +13,5 @@ fun FxaServer.contentUrl() = when (this) {
|
|
|
6
|
+ is FxaServer.China -> "https://accounts.firefox.com.cn"
|
|
|
7
|
+ is FxaServer.LocalDev -> "http://127.0.0.1:3030"
|
|
|
8
|
+ is FxaServer.Custom -> this.url
|
|
|
9
|
++ is FxaServer.__NOOP -> ""
|
|
|
10
|
+ }
|
|
|
11
|
+diff --git a/components/nimbus/android/src/main/java/org/mozilla/experiments/nimbus/Nimbus.kt b/components/nimbus/android/src/main/java/org/mozilla/experiments/nimbus/Nimbus.kt
|
|
|
12
|
+index 8c05be9c..6bf2ec15 100644
|
|
|
13
|
+--- a/components/nimbus/android/src/main/java/org/mozilla/experiments/nimbus/Nimbus.kt
|
|
|
14
|
++++ b/components/nimbus/android/src/main/java/org/mozilla/experiments/nimbus/Nimbus.kt
|
|
|
15
|
+@@ -532,6 +532,8 @@ open class Nimbus(
|
|
|
16
|
+ ),
|
|
|
17
|
+ )
|
|
|
18
|
+ }
|
|
|
19
|
++
|
|
|
20
|
++ EnrollmentChangeEventType.__NOOP -> {}
|
|
|
21
|
+ }
|
|
|
22
|
+ }
|
|
|
23
|
+ }
|
|
|
24
|
+diff --git a/components/places/android/src/main/java/mozilla/appservices/places/PlacesConnection.kt b/components/places/android/src/main/java/mozilla/appservices/places/PlacesConnection.kt
|
|
|
25
|
+index 282f4e90..db8b00a3 100644
|
|
|
26
|
+--- a/components/places/android/src/main/java/mozilla/appservices/places/PlacesConnection.kt
|
|
|
27
|
++++ b/components/places/android/src/main/java/mozilla/appservices/places/PlacesConnection.kt
|
|
|
28
|
+@@ -289,6 +289,7 @@ internal fun VisitType.toInt(): Int {
|
|
|
29
|
+ VisitType.FRAMED_LINK -> 8
|
|
|
30
|
+ VisitType.RELOAD -> 9
|
|
|
31
|
+ VisitType.UPDATE_PLACE -> 10
|
|
|
32
|
++ VisitType.__NOOP -> -1
|
|
|
33
|
+ }
|
|
|
34
|
+ }
|
|
|
35
|
+
|
|
|
36
|
+diff --git a/megazords/full/android/build.gradle b/megazords/full/android/build.gradle
|
|
|
37
|
+index 822ce180..ccdc6c8a 100644
|
|
|
38
|
+--- a/megazords/full/android/build.gradle
|
|
|
39
|
++++ b/megazords/full/android/build.gradle
|
|
|
40
|
+@@ -54,6 +54,8 @@ configurations {
|
|
|
41
|
+ }
|
|
|
42
|
+
|
|
|
43
|
+ cargo {
|
|
|
44
|
++ cargoCommand = "${rootDir}/megazords/full/android/cargo-no-build.sh"
|
|
|
45
|
++
|
|
|
46
|
+ // The directory of the Cargo.toml to build.
|
|
|
47
|
+ module = '..'
|
|
|
48
|
+
|
|
|
49
|
+diff --git a/publish.gradle b/publish.gradle
|
|
|
50
|
+index 71f5d55b..027665ff 100644
|
|
|
51
|
+--- a/publish.gradle
|
|
|
52
|
++++ b/publish.gradle
|
|
|
53
|
+@@ -194,7 +194,7 @@ ext.configureUniFFIBindgen = { udlFilePath ->
|
|
|
54
|
+ def uniffiGeneratedPath = "generated/source/uniffi/${variant.name}/java"
|
|
|
55
|
+ def t = tasks.register("generate${variant.name.capitalize()}UniFFIBindings", Exec) {
|
|
|
56
|
+ workingDir project.rootDir
|
|
|
57
|
+- commandLine '/usr/bin/env', 'cargo', 'uniffi-bindgen', 'generate', "${project.projectDir}/${udlFilePath}", '--language', 'kotlin', '--out-dir', "${buildDir}/${uniffiGeneratedPath}"
|
|
|
58
|
++ commandLine '/usr/bin/env', "${rootProject.projectDir}/uniffi-rs/uniffi-bindgen", 'generate', "${project.projectDir}/${udlFilePath}", '--language', 'kotlin', '--out-dir', "${buildDir}/${uniffiGeneratedPath}"
|
|
|
59
|
+ outputs.dir "${buildDir}/${uniffiGeneratedPath}"
|
|
|
60
|
+ // Re-generate if the interface definition changes.
|
|
|
61
|
+ inputs.file "${project.projectDir}/${udlFilePath}" |
projects/application-services/apply-bug-13028.diff
deleted
|
1
|
|
-diff --git a/libs/build-all.sh b/libs/build-all.sh
|
|
2
|
|
-index 650c1299..6c4e5404 100755
|
|
3
|
|
---- a/libs/build-all.sh
|
|
4
|
|
-+++ b/libs/build-all.sh
|
|
5
|
|
-@@ -128,6 +128,15 @@ echo $'\
|
|
6
|
|
- fi
|
|
7
|
|
- ' | patch "${NSS_SRC_PATH}/nspr/configure"
|
|
8
|
|
-
|
|
9
|
|
-+rm -f python
|
|
10
|
|
-+ln -s /usr/bin/python3 python
|
|
11
|
|
-+export PATH=$(pwd):$PATH
|
|
12
|
|
-+patch_13028=$(realpath bug_13028.patch)
|
|
13
|
|
-+pushd $NSS_SRC_PATH
|
|
14
|
|
-+# Apply our proxy bypass defense-in-depth here as well to be on the safe side.
|
|
15
|
|
-+patch -p2 < $patch_13028
|
|
16
|
|
-+popd
|
|
17
|
|
-+
|
|
18
|
|
- if [[ "${PLATFORM}" == "ios" ]]
|
|
19
|
|
- then
|
|
20
|
|
- ./build-all-ios.sh "${SQLCIPHER_SRC_PATH}" "${NSS_SRC_PATH}" |
projects/application-services/bug40485.diff
→
projects/application-services/bug40485-nimbus-fml-reproducibility.diff
| ... |
... |
@@ -4,16 +4,16 @@ index 97d545672..249406a0c 100644 |
|
4
|
4
|
+++ b/components/support/nimbus-fml/src/intermediate_representation.rs
|
|
5
|
5
|
@@ -237,10 +237,10 @@ pub struct FeatureManifest {
|
|
6
|
6
|
pub(crate) about: AboutBlock,
|
|
7
|
|
-
|
|
|
7
|
+
|
|
8
|
8
|
#[serde(default)]
|
|
9
|
9
|
- pub(crate) imported_features: HashMap<ModuleId, BTreeSet<String>>,
|
|
10
|
10
|
+ pub(crate) imported_features: BTreeMap<ModuleId, BTreeSet<String>>,
|
|
11
|
|
-
|
|
|
11
|
+
|
|
12
|
12
|
#[serde(default)]
|
|
13
|
13
|
- pub(crate) all_imports: HashMap<ModuleId, FeatureManifest>,
|
|
14
|
14
|
+ pub(crate) all_imports: BTreeMap<ModuleId, FeatureManifest>,
|
|
15
|
15
|
}
|
|
16
|
|
-
|
|
|
16
|
+
|
|
17
|
17
|
impl TypeFinder for FeatureManifest {
|
|
18
|
18
|
diff --git a/components/support/nimbus-fml/src/parser.rs b/components/support/nimbus-fml/src/parser.rs
|
|
19
|
19
|
index 49cace525..cdf692b86 100644
|
| ... |
... |
@@ -34,7 +34,7 @@ index 49cace525..cdf692b86 100644 |
|
34
|
34
|
// We associate only the feature ids with the manifest we're loading in this method.
|
|
35
|
35
|
- let mut imported_feature_id_map = HashMap::new();
|
|
36
|
36
|
+ let mut imported_feature_id_map = BTreeMap::new();
|
|
37
|
|
-
|
|
|
37
|
+
|
|
38
|
38
|
for block in &frontend.imports {
|
|
39
|
39
|
// 1. Load the imported manifests in to the hash map.
|
|
40
|
40
|
@@ -328,7 +328,7 @@ impl Parser {
|
projects/application-services/bug_13028.patch
deleted
|
1
|
|
-From 2f0888c348561249d3083555db33c5619840dbfa Mon Sep 17 00:00:00 2001
|
|
2
|
|
-From: Mike Perry <mikeperry-git@xxxxxxxxxxxxxx>
|
|
3
|
|
-Date: Mon, 29 Sep 2014 14:30:19 -0700
|
|
4
|
|
-Subject: [PATCH] Bug 13028: Prevent potential proxy bypass cases.
|
|
5
|
|
-
|
|
6
|
|
-It looks like these cases should only be invoked in the NSS command line
|
|
7
|
|
-tools, and not the browser, but I decided to patch them anyway because there
|
|
8
|
|
-literally is a maze of network function pointers being passed around, and it's
|
|
9
|
|
-very hard to tell if some random code might not pass in the proper proxied
|
|
10
|
|
-versions of the networking code here by accident.
|
|
11
|
|
-
|
|
12
|
|
-diff --git a/security/nss/lib/certhigh/ocsp.c b/security/nss/lib/certhigh/ocsp.c
|
|
13
|
|
-index cea8456606bf..86fa971cfbef 100644
|
|
14
|
|
---- a/security/nss/lib/certhigh/ocsp.c
|
|
15
|
|
-+++ b/security/nss/lib/certhigh/ocsp.c
|
|
16
|
|
-@@ -2932,6 +2932,14 @@ ocsp_ConnectToHost(const char *host, PRUint16 port)
|
|
17
|
|
- PRNetAddr addr;
|
|
18
|
|
- char *netdbbuf = NULL;
|
|
19
|
|
-
|
|
20
|
|
-+ // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but
|
|
21
|
|
-+ // we want to ensure nothing can ever hit this code in production.
|
|
22
|
|
-+#if 1
|
|
23
|
|
-+ printf("Tor Browser BUG: Attempted OSCP direct connect to %s, port %u\n", host,
|
|
24
|
|
-+ port);
|
|
25
|
|
-+ goto loser;
|
|
26
|
|
-+#endif
|
|
27
|
|
-+
|
|
28
|
|
- sock = PR_NewTCPSocket();
|
|
29
|
|
- if (sock == NULL)
|
|
30
|
|
- goto loser;
|
|
31
|
|
-diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
|
|
32
|
|
-index e8698376b5be..85791d84a932 100644
|
|
33
|
|
---- a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
|
|
34
|
|
-+++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_socket.c
|
|
35
|
|
-@@ -1334,6 +1334,13 @@ pkix_pl_Socket_Create(
|
|
36
|
|
- plContext),
|
|
37
|
|
- PKIX_COULDNOTCREATESOCKETOBJECT);
|
|
38
|
|
-
|
|
39
|
|
-+ // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but
|
|
40
|
|
-+ // we want to ensure nothing can ever hit this code in production.
|
|
41
|
|
-+#if 1
|
|
42
|
|
-+ printf("Tor Browser BUG: Attempted pkix direct socket connect\n");
|
|
43
|
|
-+ PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
|
|
44
|
|
-+#endif
|
|
45
|
|
-+
|
|
46
|
|
- socket->isServer = isServer;
|
|
47
|
|
- socket->timeout = timeout;
|
|
48
|
|
- socket->clientSock = NULL;
|
|
49
|
|
-@@ -1433,6 +1440,13 @@ pkix_pl_Socket_CreateByName(
|
|
50
|
|
-
|
|
51
|
|
- localCopyName = PL_strdup(serverName);
|
|
52
|
|
-
|
|
53
|
|
-+ // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but
|
|
54
|
|
-+ // we want to ensure nothing can ever hit this code in production.
|
|
55
|
|
-+#if 1
|
|
56
|
|
-+ printf("Tor Browser BUG: Attempted pkix direct connect to %s\n", serverName);
|
|
57
|
|
-+ PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
|
|
58
|
|
-+#endif
|
|
59
|
|
-+
|
|
60
|
|
- sepPtr = strchr(localCopyName, ':');
|
|
61
|
|
- /* First strip off the portnum, if present, from the end of the name */
|
|
62
|
|
- if (sepPtr) {
|
|
63
|
|
-@@ -1582,6 +1596,13 @@ pkix_pl_Socket_CreateByHostAndPort(
|
|
64
|
|
- PKIX_ENTER(SOCKET, "pkix_pl_Socket_CreateByHostAndPort");
|
|
65
|
|
- PKIX_NULLCHECK_THREE(hostname, pStatus, pSocket);
|
|
66
|
|
-
|
|
67
|
|
-+ // XXX: Do we need a unittest ifdef here? We don't want to break the tests, but
|
|
68
|
|
-+ // we want to ensure nothing can ever hit this code in production.
|
|
69
|
|
-+#if 1
|
|
70
|
|
-+ printf("Tor Browser BUG: Attempted pkix direct connect to %s, port %u\n", hostname,
|
|
71
|
|
-+ portnum);
|
|
72
|
|
-+ PKIX_ERROR(PKIX_PRNEWTCPSOCKETFAILED);
|
|
73
|
|
-+#endif
|
|
74
|
|
-
|
|
75
|
|
- prstatus = PR_GetHostByName(hostname, buf, sizeof(buf), &hostent);
|
|
76
|
|
-
|
|
77
|
|
---
|
|
78
|
|
-2.27.0
|
|
79
|
|
- |
projects/application-services/build
| ... |
... |
@@ -66,13 +66,21 @@ directory = "/var/tmp/build/application-services/vendor" |
|
66
|
66
|
offline=true
|
|
67
|
67
|
EOF
|
|
68
|
68
|
|
|
69
|
|
-pushd libs
|
|
70
|
|
-ln -s $rootdir/[% c("input_files_by_name/nss") %] ./
|
|
71
|
|
-ln -s $rootdir/bug_13028.patch
|
|
72
|
|
-patch -p2 < $rootdir/apply-bug-13028.diff
|
|
73
|
|
-patch -p2 < $rootdir/no-ndk-lookup.diff
|
|
74
|
|
-./build-all.sh desktop
|
|
75
|
|
-./build-all.sh android
|
|
|
69
|
+tar -xf $rootdir/[% c('input_files_by_name/uniffi-rs') %]
|
|
|
70
|
+
|
|
|
71
|
+# We add a suffix to the version to make it super specific.
|
|
|
72
|
+# This is useful for developer builds, which seem to try to fetch
|
|
|
73
|
+# latest versions of dependencies sometimes.
|
|
|
74
|
+sed -i '$ s/$/-TORBROWSER/' version.txt
|
|
|
75
|
+
|
|
|
76
|
+cp $rootdir/cargo-no-build.sh megazords/full/android/
|
|
|
77
|
+chmod +x megazords/full/android/cargo-no-build.sh
|
|
|
78
|
+patch -p1 < $rootdir/a-s-noop.diff
|
|
|
79
|
+
|
|
|
80
|
+pushd components/external/glean
|
|
|
81
|
+cp $rootdir/cargo-no-build.sh glean-core/android-native/
|
|
|
82
|
+cp $builddir/uniffi-rs/uniffi-bindgen glean-core/android-native/
|
|
|
83
|
+patch -p1 < $rootdir/glean-noop.diff
|
|
76
|
84
|
popd
|
|
77
|
85
|
|
|
78
|
86
|
[% IF c('var/fetch_gradle_dependencies') %]
|
| ... |
... |
@@ -88,7 +96,7 @@ popd |
|
88
|
96
|
export LANG=C.UTF-8
|
|
89
|
97
|
patch -p1 < $rootdir/local-repository.diff
|
|
90
|
98
|
patch -p1 < $rootdir/ohttp-no-git.diff
|
|
91
|
|
- patch -p1 < $rootdir/bug40485.diff
|
|
|
99
|
+ patch -p1 < $rootdir/bug40485-nimbus-fml-reproducibility.diff
|
|
92
|
100
|
patch -p1 < $rootdir/offline-nimbus-fml.diff
|
|
93
|
101
|
gradle_flags="--offline --no-daemon"
|
|
94
|
102
|
gradle $gradle_flags assembleRelease
|
projects/application-services/cargo-no-build.sh
|
|
1
|
+#!/bin/bash
|
|
|
2
|
+
|
|
|
3
|
+if [[ "$1" == "build" ]]; then
|
|
|
4
|
+ echo "cargo build is disabled."
|
|
|
5
|
+ exit 0
|
|
|
6
|
+else
|
|
|
7
|
+ command cargo "$@"
|
|
|
8
|
+fi |
projects/application-services/config
| ... |
... |
@@ -11,8 +11,8 @@ var: |
|
11
|
11
|
gradle_dependencies_version: 11
|
|
12
|
12
|
gradle_version: 8.8
|
|
13
|
13
|
glean_parser: 14.0.1
|
|
14
|
|
- nss_version: '3.101'
|
|
15
|
|
- nspr_version: '4.35'
|
|
|
14
|
+ # This is the only project for which the rust lib will actually be built
|
|
|
15
|
+ cargo_vendor_subdir: components/support/nimbus-fml
|
|
16
|
16
|
|
|
17
|
17
|
steps:
|
|
18
|
18
|
build:
|
| ... |
... |
@@ -22,9 +22,6 @@ steps: |
|
22
|
22
|
# builds when build time differ a lot, we need to do periodic rebuilds:
|
|
23
|
23
|
# https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/merge_requests/937#note_3009480
|
|
24
|
24
|
rebuild_date: '2024-09-12'
|
|
25
|
|
- arch_deps:
|
|
26
|
|
- # Needed to build NSS
|
|
27
|
|
- - gyp
|
|
28
|
25
|
input_files:
|
|
29
|
26
|
- project: container-image
|
|
30
|
27
|
pkg_type: build
|
| ... |
... |
@@ -40,16 +37,15 @@ steps: |
|
40
|
37
|
- project: ninja
|
|
41
|
38
|
name: ninja
|
|
42
|
39
|
pkg_type: build
|
|
|
40
|
+ - project: uniffi-rs
|
|
|
41
|
+ name: uniffi-rs
|
|
|
42
|
+ pkg_type: build
|
|
43
|
43
|
# Only Application Services currently requires build tools 30.0.3.
|
|
44
|
44
|
# So, download them only here, rather than adding them to the shared
|
|
45
|
45
|
# toolchain.
|
|
46
|
46
|
- URL: 'https://dl.google.com/android/repository/build-tools_r30.0.3-linux.zip'
|
|
47
|
47
|
name: build_tools_30
|
|
48
|
48
|
sha256sum: 24593500aa95d2f99fb4f10658aae7e65cb519be6cd33fa164f15f27f3c4a2d6
|
|
49
|
|
- # NSS version ans sha256 are in libs/build-all.sh.
|
|
50
|
|
- - URL: 'https://ftp.mozilla.org/pub/security/nss/releases/NSS_[% c("var/nss_version") | replace("\\.", "_") %]_RTM/src/nss-[% c("var/nss_version") %]-with-nspr-[% c("var/nspr_version") %].tar.gz'
|
|
51
|
|
- name: nss
|
|
52
|
|
- sha256sum: 566faa9283ff3d9a7d6c44272df6e4330e3e06ca4e841a68840d31b27c9161c4
|
|
53
|
49
|
- filename: 'gradle-dependencies-[% c("var/gradle_dependencies_version") %]'
|
|
54
|
50
|
name: gradle-dependencies
|
|
55
|
51
|
exec: '[% INCLUDE "fetch-gradle-dependencies" %]'
|
| ... |
... |
@@ -67,15 +63,17 @@ steps: |
|
67
|
63
|
enable: '[% !c("var/fetch_gradle_dependencies") %]'
|
|
68
|
64
|
- filename: gen_gradle_deps_file.sh
|
|
69
|
65
|
enable: '[% c("var/fetch_gradle_dependencies") %]'
|
|
70
|
|
- - filename: bug_13028.patch
|
|
71
|
|
- - filename: apply-bug-13028.diff
|
|
72
|
|
- # Delete when this patch is included upstream
|
|
73
|
|
- - filename: bug40485.diff
|
|
74
|
|
- - filename: no-ndk-lookup.diff
|
|
|
66
|
+ # tor-browser-build#40485: Make sure the Kotlin output of nimbus-fml
|
|
|
67
|
+ # has deterministic order for reproducibility.
|
|
|
68
|
+ # Delete when this patch is included upstream.
|
|
|
69
|
+ - filename: bug40485-nimbus-fml-reproducibility.diff
|
|
75
|
70
|
# as-ohttp-client lists both the version for ohttp and a git repo + rev,
|
|
76
|
71
|
# but this breaks the vendoring for offline builds.
|
|
77
|
72
|
- filename: ohttp-no-git.diff
|
|
78
|
73
|
- filename: offline-nimbus-fml.diff
|
|
|
74
|
+ - filename: glean-noop.diff
|
|
|
75
|
+ - filename: a-s-noop.diff
|
|
|
76
|
+ - filename: cargo-no-build.sh
|
|
79
|
77
|
|
|
80
|
78
|
list_toolchain_updates:
|
|
81
|
79
|
git_hash: 'v[% c("version") %]'
|
projects/application-services/glean-noop.diff
|
|
1
|
+diff --git a/glean-core/android-native/build.gradle b/glean-core/android-native/build.gradle
|
|
|
2
|
+index 48769651..ade00ec3 100644
|
|
|
3
|
+--- a/glean-core/android-native/build.gradle
|
|
|
4
|
++++ b/glean-core/android-native/build.gradle
|
|
|
5
|
+@@ -57,6 +57,8 @@ android {
|
|
|
6
|
+ }
|
|
|
7
|
+
|
|
|
8
|
+ cargo {
|
|
|
9
|
++ cargoCommand = "${rootDir}/glean-core/android-native/cargo-no-build.sh"
|
|
|
10
|
++
|
|
|
11
|
+ // The directory of the Cargo.toml to build.
|
|
|
12
|
+ module = '../bundle-android'
|
|
|
13
|
+
|
|
|
14
|
+diff --git a/glean-core/android/build.gradle b/glean-core/android/build.gradle
|
|
|
15
|
+index 3568e40b..05f28296 100644
|
|
|
16
|
+--- a/glean-core/android/build.gradle
|
|
|
17
|
++++ b/glean-core/android/build.gradle
|
|
|
18
|
+@@ -221,7 +221,7 @@ android.libraryVariants.all { variant ->
|
|
|
19
|
+ def udlFilePath = "../src/glean.udl"
|
|
|
20
|
+ def t = tasks.register("generate${variant.name.capitalize()}UniFFIBindings", Exec) {
|
|
|
21
|
+ workingDir project.rootDir
|
|
|
22
|
+- commandLine 'cargo', 'uniffi-bindgen', 'generate', '--no-format', "${project.projectDir}/${udlFilePath}", '--language', 'kotlin', '--out-dir', "${buildDir}/${uniffiGeneratedPath}"
|
|
|
23
|
++ commandLine '${rootDir}/glean-core/android-native/uniffi-bindgen', 'generate', '--no-format', "${project.projectDir}/${udlFilePath}", '--language', 'kotlin', '--out-dir', "${buildDir}/${uniffiGeneratedPath}"
|
|
|
24
|
+ outputs.dir "${buildDir}/${uniffiGeneratedPath}"
|
|
|
25
|
+ // Re-generate if the interface definition changes.
|
|
|
26
|
+ inputs.file "${project.projectDir}/../src/glean.udl" |
projects/application-services/list_toolchain_updates_checks
| ... |
... |
@@ -36,13 +36,13 @@ current='[% c("var/gradle_version") %]' |
|
36
|
36
|
check_update_needed gradle "$needed" "$current"
|
|
37
|
37
|
|
|
38
|
38
|
|
|
39
|
|
-# nss-nspr
|
|
|
39
|
+# uniffi
|
|
40
|
40
|
read -d '' p << 'EOF' || true
|
|
41
|
|
-if (m/NSS_ARCHIVE="nss-(.*-with-nspr-.*)\\.tar\\.gz"/) {
|
|
|
41
|
+if (m/^\\s*uniffi\\s*=\\s*"([^"]*)"/) {
|
|
42
|
42
|
print $1;
|
|
43
|
43
|
exit;
|
|
44
|
44
|
}
|
|
45
|
45
|
EOF
|
|
46
|
|
-needed=$(cat libs/build-all.sh | perl -ne "$p")
|
|
47
|
|
-current='[% c("var/nss_version") %]-with-nspr-[% c("var/nspr_version") %]'
|
|
48
|
|
-check_update_needed nss-nspr "$needed" "$current" |
|
|
46
|
+needed=$(cat Cargo.toml | perl -ne "$p")
|
|
|
47
|
+current='[% pc("uniffi-rs", "version") %]'
|
|
|
48
|
+check_update_needed uniffi "$needed" "$current" |
projects/application-services/no-ndk-lookup.diff
deleted
|
1
|
|
-diff --git a/libs/android_defaults.sh b/libs/android_defaults.sh
|
|
2
|
|
-index 2cfcc4206..9e3d3de97 100755
|
|
3
|
|
---- a/libs/android_defaults.sh
|
|
4
|
|
-+++ b/libs/android_defaults.sh
|
|
5
|
|
-@@ -1,11 +1,7 @@
|
|
6
|
|
- #!/usr/bin/env bash
|
|
7
|
|
-
|
|
8
|
|
--# Find the NDK.
|
|
9
|
|
--pushd ..
|
|
10
|
|
--NDK_VERSION=$(./gradlew -q printNdkVersion | tail -1)
|
|
11
|
|
--export ANDROID_NDK_HOME="$ANDROID_HOME/ndk/$NDK_VERSION"
|
|
12
|
|
--export ANDROID_NDK_ROOT="$ANDROID_NDK_HOME"
|
|
13
|
|
--popd || exit
|
|
14
|
|
-+# Do not try to find the NDK, as it does not work offline.
|
|
15
|
|
-+# We already define the needed variables in our environment.
|
|
16
|
|
-
|
|
17
|
|
- if [[ -z "${ANDROID_NDK_API_VERSION:-}" ]]; then
|
|
18
|
|
- export ANDROID_NDK_API_VERSION=21 |
projects/uniffi-rs/build
|
|
1
|
+#!/bin/bash
|
|
|
2
|
+[% c("var/set_default_env") -%]
|
|
|
3
|
+distdir=/var/tmp/dist
|
|
|
4
|
+builddir=/var/tmp/build/[% project %]
|
|
|
5
|
+mkdir -p $distdir/[% project %]
|
|
|
6
|
+tar -C /var/tmp/dist -xf $rootdir/[% c('input_files_by_name/rust') %]
|
|
|
7
|
+export PATH="/var/tmp/dist/rust/bin:$PATH"
|
|
|
8
|
+[% IF c("var/linux") -%]
|
|
|
9
|
+ export LD_LIBRARY_PATH="/var/tmp/dist/rust/lib:$LD_LIBRARY_PATH"
|
|
|
10
|
+[% END -%]
|
|
|
11
|
+mkdir -p /var/tmp/build
|
|
|
12
|
+tar -C /var/tmp/build -xf [% project %]-[% c('version') %].tar.[% c('compress_tar') %]
|
|
|
13
|
+
|
|
|
14
|
+# Now prepare the offline build
|
|
|
15
|
+# Move the directory for hardcoding the path in .cargo/config
|
|
|
16
|
+mv /var/tmp/build/[% project %]-[% c('version') %] $builddir
|
|
|
17
|
+tar -C $builddir -xf $rootdir/[% c('input_files_by_name/cargo_vendor') %]
|
|
|
18
|
+cd $builddir
|
|
|
19
|
+cat >> .cargo/config << 'EOF'
|
|
|
20
|
+[source.crates-io]
|
|
|
21
|
+replace-with = "vendored-sources"
|
|
|
22
|
+
|
|
|
23
|
+[source.vendored-sources]
|
|
|
24
|
+directory = "/var/tmp/build/uniffi-rs/vendor"
|
|
|
25
|
+EOF
|
|
|
26
|
+
|
|
|
27
|
+cargo build --release --frozen --target x86_64-unknown-linux-gnu
|
|
|
28
|
+mv target/x86_64-unknown-linux-gnu/release/uniffi-bindgen $distdir/[% project %]
|
|
|
29
|
+
|
|
|
30
|
+cd $distdir
|
|
|
31
|
+[% c('tar', {
|
|
|
32
|
+ tar_src => [ project ],
|
|
|
33
|
+ tar_args => '-caf ' _ dest_dir _ '/' _ c('filename'),
|
|
|
34
|
+ }) %] |
projects/uniffi-rs/config
|
|
1
|
+# vim: filetype=yaml sw=2
|
|
|
2
|
+version: 0.27.1
|
|
|
3
|
+git_hash: bfb52effb0292f16d4c030d622887781639cbd1f
|
|
|
4
|
+git_url: https://gitlab.torproject.org/tpo/applications/uniffi-rs.git
|
|
|
5
|
+container:
|
|
|
6
|
+ use_container: 1
|
|
|
7
|
+
|
|
|
8
|
+steps:
|
|
|
9
|
+ build:
|
|
|
10
|
+ filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.[% c("compress_tar") %]'
|
|
|
11
|
+ input_files:
|
|
|
12
|
+ - project: container-image
|
|
|
13
|
+ pkg_type: build
|
|
|
14
|
+ - project: rust
|
|
|
15
|
+ name: rust
|
|
|
16
|
+ - name: cargo_vendor
|
|
|
17
|
+ project: uniffi-rs
|
|
|
18
|
+ pkg_type: cargo_vendor
|
|
|
19
|
+ norec:
|
|
|
20
|
+ sha256sum: 12a61a3dbe65a3946ed58fff3d849d11c9ade5818e2ef5771d2a2a531e25f553 |
rbm.conf
| ... |
... |
@@ -30,7 +30,7 @@ steps: |
|
30
|
30
|
export PATH="/var/tmp/dist/rust/bin:$PATH"
|
|
31
|
31
|
tar -xf [% project %]-[% c('version') %].tar.[% c('compress_tar') %]
|
|
32
|
32
|
cd [% project %]-[% c('version') %]
|
|
33
|
|
- cargo vendor --locked vendor
|
|
|
33
|
+ cargo vendor --locked vendor --manifest-path [% IF c('var/cargo_vendor_subdir') %][% c('var/cargo_vendor_subdir') %]/[% END %]Cargo.toml
|
|
34
|
34
|
[% c('tar', {
|
|
35
|
35
|
tar_src => [ 'vendor' ],
|
|
36
|
36
|
tar_args => '-caf ' _ dest_dir _ '/' _ c('filename'),
|
|