Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove dl.google.com repository from Linux packages #1078

Merged
merged 1 commit into from Feb 1, 2019

Conversation

@fmarier
Copy link
Member

fmarier commented Dec 12, 2018

Submitter Checklist:

  • Submitted a ticket for my issue if one did not already exist.
  • Used Github auto-closing keywords in the commit message.
  • Added/updated tests for this change (for new code or code which already has tests).
  • Verified that these changes build without errors on
    • Windows
    • macOS
    • Linux
  • Verified that these changes pass automated tests (npm test brave_unit_tests && npm test brave_browser_tests) on
    • Windows
    • macOS
    • Linux
  • Ran git rebase master (if needed).
  • Ran git rebase -i to squash commits (if needed).
  • Tagged reviewers and labelled the pull request as needed.
  • Request a security/privacy review as needed.
  • Add appropriate QA labels (QA/Yes or QA/No) to include the closed issue in milestone

Test Plan:

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source
@fmarier
Copy link
Member Author

fmarier commented Dec 12, 2018

I'm not sure how to build the .deb and .rpm. I couldn't find documentation for it on the wiki and npm run create_dist doesn't work on my machine.

So this is currently untested.

@fmarier
Copy link
Member Author

fmarier commented Dec 12, 2018

@w0ts0n Who would be a good reviewer for this?

@w0ts0n w0ts0n requested a review from bbondy Dec 13, 2018
@w0ts0n
Copy link
Member

w0ts0n commented Dec 13, 2018

@bbondy maybe? Or he can triage appropriately.

@bbondy bbondy requested review from mbacchi and mihaiplesa Dec 13, 2018
@bbondy
Copy link
Member

bbondy commented Dec 13, 2018

I think either @mbacchi or @mihaiplesa. Added them.

@fmarier
Copy link
Member Author

fmarier commented Dec 13, 2018

If one of you can tell me how the packages are built, I wouldn't mind testing this locally before you review it.

@mbacchi
Copy link
Member

mbacchi commented Dec 13, 2018

I'm not sure how to build the .deb and .rpm. I couldn't find documentation for it on the wiki and npm run create_dist doesn't work on my machine.

So this is currently untested.

Can you tell us how the create_dist step fails? I've seen quite a few failure modes in my time here, so seeing your output or even more detail on what doesn't work would be helpful.

Unlike Mac and Windows, building the Brave rpm/deb files on Linux does not require any special signing steps, so you should be able to build it without anything special setup.

Otherwise we'll try to test this PR in a build as time allows.

@mbacchi
Copy link
Member

mbacchi commented Dec 13, 2018

Oh, you may want to check the wiki instructions here: https://github.com/brave/brave-browser/wiki

It describes npm run build Release, and in the case of create_dist you still need to pass the Release parameter, i.e. npm run create_dist Release, but in addition I'd also use the --debug-build and --official-build flags to speed up your build. So a full command might be: npm run create_dist Release -- --debug_build=true --official_build=false.

Let me know if that helps.

@fmarier
Copy link
Member Author

fmarier commented Dec 14, 2018

This is the build error I get:

$ npm run create_dist Release -- --debug_build=true --official_build=false

> brave@0.60.1 create_dist /home/francois/backup-ignored/brave-browser
> node ./scripts/commands.js create_dist "Release" "--debug_build=true" "--official_build=false"

update branding...
building create_dist...
gn gen /home/francois/backup-ignored/brave-browser/src/out/Release --args="safe_browsing_mode=1 root_extra_deps=[\"//brave\"] is_component_build=false proprietary_codecs=true ffmpeg_branding=\"Chrome\" enable_nacl=false enable_widevine=false target_cpu=\"x64\" is_official_build=false is_debug=false dcheck_always_on=false brave_channel=\"development\" google_api_key=\"AIzaSyAH90V94EcZBP5oH7oc-mXQrSKgASVxER8\" brave_google_api_key=\"AIzaSyAQfxPJiounkhOjODEO5ZieffeBv6yft2Q\" brave_google_api_endpoint=\"https://www.googleapis.com/geolocation/v1/geolocate?key=\" brave_product_name=\"Brave\" brave_project_name=\"brave\" brave_version_major=\"0\" brave_version_minor=\"60\" brave_version_build=\"1\" chrome_version_string=\"71.0.3578.80\" chrome_version_major=\"71\" safebrowsing_api_endpoint=\"safebrowsing.brave.com\" brave_referrals_api_key=\"\" symbol_level=2 enable_profiling=true is_win_fastlink=true cc_wrapper=\"/home/francois/backup-ignored/brave-browser/src/brave/script/redirect-cc.py\" "
ERROR at //brave/test/BUILD.gn:130:5: Can't load input file.
    "//brave/vendor/bat-native-ledger",
    ^---------------------------------
Unable to load:
  /home/francois/backup-ignored/brave-browser/src/brave/vendor/bat-native-ledger/BUILD.gn
I also checked in the secondary tree for:
  /home/francois/backup-ignored/brave-browser/src/build/secondary/brave/vendor/bat-native-ledger/BUILD.gn
null
null

I do seem to have vendor/bat-native-ledger in my build directory:

$ find -name "*bat-native-ledger*"
./src/out/Debug/obj/brave/vendor/bat-native-ledger
./src/out/Debug/obj/brave/vendor/bat-native-ledger/bat-native-ledger.stamp
./src/out/Debug/obj/brave/vendor/bat-native-ledger/bat-native-ledger-standalone.ninja
./src/out/Debug/libbat-native-ledger-standalone.a
# Setup the installation directory hierachy in the package staging area.
prep_staging_rpm() {
prep_staging_common
- install -m 755 -d "${STAGEDIR}/etc/cron.daily"

This comment has been minimized.

Copy link
@mbacchi

mbacchi Dec 18, 2018

Member

By not running this install command, I get an error that the staging directory doesn't exist:

[74/93] ACTION //chrome/installer/linux:unstable_rpm(//build/toolchain/linux:clang_x64)
FAILED: chromium-browser-dev-72.0.61.0-1.x86_64.rpm 
python ../../build/gn_run_binary.py installer/rpm/build.sh -a x64 -b . -c unstable -d brave -o . -t linux -f
fakeroot rpmbuild -bb --target=x86_64 --rmspec --define _topdir /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev --define _binary_payload w9.xzdio --define __os_install_post  %{nil} /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-tmp-dev/chrome.spec
Building target platforms: x86_64
Building for target x86_64
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.bmNUOq
+ umask 022
+ cd /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILD
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.bMUPCt
+ umask 022
+ cd /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILD
+ rm -rf /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILDROOT/brave-browser-dev-0.61.0-1.x86_64
+ [ -z /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-staging-dev -o ! -d /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-staging-dev ]
+ [ -z /opt/brave.com/brave-dev -o ! -d /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-staging-dev//opt/brave.com/brave-dev ]
+ install -m 755 -d /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILDROOT/brave-browser-dev-0.61.0-1.x86_64/etc /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILDROOT/brave-browser-dev-0.61.0-1.x86_64/opt /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILDROOT/brave-browser-dev-0.61.0-1.x86_64/usr
+ cp -a /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-staging-dev/etc/ /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILDROOT/brave-browser-dev-0.61.0-1.x86_64/
cp: cannot stat '/var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-staging-dev/etc/': No such file or directory
error: Bad exit status from /var/tmp/rpm-tmp.bMUPCt (%install)

Both this and the below template processing may be necessary, but we should not include the cron.daily script via other means. By adding this back in, and removing the cron.daily I can get the create_dist step to complete, but think that is a rather inelegant solution.

log_cmd echo "Staging RPM install files in '${STAGEDIR}'..."
- process_template "${BUILDDIR}/installer/common/rpmrepo.cron" \
- "${STAGEDIR}/etc/cron.daily/${PACKAGE}"
- chmod 755 "${STAGEDIR}/etc/cron.daily/${PACKAGE}"

This comment has been minimized.

Copy link
@mbacchi

mbacchi Dec 18, 2018

Member

This patch builds the rpm, but it might not work as desired, I'll test that shortly:

diff --git a/patches/chrome-installer-linux-rpm-build.sh.patch b/patches/chrome-installer-linux-rpm-build.sh.patch
index 0ed44a13..163d51d1 100644
--- a/patches/chrome-installer-linux-rpm-build.sh.patch
+++ b/patches/chrome-installer-linux-rpm-build.sh.patch
@@ -1,5 +1,5 @@
 diff --git a/chrome/installer/linux/rpm/build.sh b/chrome/installer/linux/rpm/build.sh
-index 0bcd8689d45850ad539f99423fa211785db4f343..9a2d8eeb97e096db8b80aac7e26006888200e9f8 100755
+index 0bcd8689d45850ad539f99423fa211785db4f343..36e080915c22436da9f3ed8137cc6ac8338b5166 100755
 --- a/chrome/installer/linux/rpm/build.sh
 +++ b/chrome/installer/linux/rpm/build.sh
 @@ -15,8 +15,9 @@ gen_spec() {
@@ -13,7 +13,15 @@ index 0bcd8689d45850ad539f99423fa211785db4f343..9a2d8eeb97e096db8b80aac7e2600688
      local INSTALLDIR="${INSTALLDIR}-${CHANNEL}"
      local PACKAGE="${PACKAGE}-${CHANNEL}"
      local MENUNAME="${MENUNAME} (${CHANNEL})"
-@@ -108,7 +109,10 @@ do_package() {
+@@ -52,6 +53,7 @@ stage_install_rpm() {
+   process_template "${BUILDDIR}/installer/common/rpmrepo.cron" \
+     "${STAGEDIR}/etc/cron.daily/${PACKAGE}"
+   chmod 755 "${STAGEDIR}/etc/cron.daily/${PACKAGE}"
++  rm -rf "${STAGEDIR}/etc/cron.daily"
+ }
+ 
+ verify_package() {
+@@ -108,7 +110,10 @@ do_package() {
      --define "${COMPRESSION_OPT}" \
      --define "__os_install_post  %{nil}" \
      "${SPEC}"
@@ -25,7 +33,7 @@ index 0bcd8689d45850ad539f99423fa211785db4f343..9a2d8eeb97e096db8b80aac7e2600688
    mv "$RPMBUILD_DIR/RPMS/$ARCHITECTURE/${PKGNAME}.${ARCHITECTURE}.rpm" \
       "${OUTPUTDIR}"
    # Make sure the package is world-readable, otherwise it causes problems when
-@@ -145,7 +149,10 @@ verify_channel() {
+@@ -145,7 +150,10 @@ verify_channel() {
        CHANNEL=stable
        ;;
      unstable|dev|alpha )

This comment has been minimized.

Copy link
@mbacchi

mbacchi Dec 19, 2018

Member

Testing these packages on Fedora 29 and Ubuntu 16.04 I find that the cron.daily entries are no longer added, and the sources.list file in Ubuntu is not added. This should work as a solution to both issues: brave/brave-browser#1084 and brave/brave-browser#1967

This comment has been minimized.

Copy link
@fmarier

fmarier Jan 16, 2019

Author Member

Looking closer, I can see that the problem is that spec file expects /etc/ to be present and so removing it without removing this copy will break the build, as you discovered.

Since there is nothing other than the undesirable cronjob that needs to be put in `/etc/ at build time, we can get rid of that directory and that copy entirely.

@mbacchi
Copy link
Member

mbacchi commented Dec 20, 2018

I just pushed a slightly modified set of patches to branch https://github.com/brave/brave-core/tree/PR1078 which works successfully for me to build, install and fix issues brave/brave-browser#1084 and brave/brave-browser#1967 as desired. Take a look when you get a moment @fmarier.

@fmarier
Copy link
Member Author

fmarier commented Dec 21, 2018

213848e looks good to me.

@fmarier
Copy link
Member Author

fmarier commented Jan 16, 2019

I will prepare an updated patch which takes #1078 (comment) into account.

@fmarier fmarier force-pushed the fmarier:issue1084 branch from 0fd1998 to 443bad1 Jan 16, 2019
@fmarier fmarier changed the title Remove dl.google.com repository from Linux packages (closes #1084) Remove dl.google.com repository from Linux packages Jan 16, 2019
@fmarier
Copy link
Member Author

fmarier commented Jan 16, 2019

I just pushed an updated patch and while it doesn't build, the error seems unrelated:

$ npm run create_dist Release -- --debug_build=true --official_build=false
...
[79/101] ACTION //chrome/installer/linux:calculate_rpm_dependencies(//build/toolchain/linux:clang_x64)
FAILED: rpm_brave.deps 
python ../../chrome/installer/linux/rpm/calculate_package_deps.py brave rpm_brave.deps --distro-check
Unexpected new dependency libcairo-gobject.so.2()(64bit) on distro openSUSE Leap 42.3 caused by binary brave
Unexpected new dependency libplds4.so()(64bit) on distro openSUSE Leap 42.3 caused by binary brave
Unexpected new dependency libresolv.so.2()(64bit) on distro openSUSE Leap 42.3 caused by binary brave
Unexpected new dependency libplc4.so()(64bit) on distro openSUSE Leap 42.3 caused by binary brave
Unexpected new dependency libz.so.1()(64bit) on distro openSUSE Leap 42.3 caused by binary brave
Unexpected new dependency libcairo-gobject.so.2()(64bit) on distro Fedora 26 caused by binary brave
Unexpected new dependency libplds4.so()(64bit) on distro Fedora 26 caused by binary brave
Unexpected new dependency libresolv.so.2()(64bit) on distro Fedora 26 caused by binary brave
Unexpected new dependency libplc4.so()(64bit) on distro Fedora 26 caused by binary brave
Unexpected new dependency libz.so.1()(64bit) on distro Fedora 26 caused by binary brave
Unexpected new dependency libcairo-gobject.so.2()(64bit) on distro Fedora 27 caused by binary brave
Unexpected new dependency libplds4.so()(64bit) on distro Fedora 27 caused by binary brave
Unexpected new dependency libresolv.so.2()(64bit) on distro Fedora 27 caused by binary brave
Unexpected new dependency libplc4.so()(64bit) on distro Fedora 27 caused by binary brave
Unexpected new dependency libz.so.1()(64bit) on distro Fedora 27 caused by binary brave
Unexpected new dependency libcairo-gobject.so.2()(64bit) on distro openSUSE Leap 42.2 caused by binary brave
Unexpected new dependency libplds4.so()(64bit) on distro openSUSE Leap 42.2 caused by binary brave
Unexpected new dependency libresolv.so.2()(64bit) on distro openSUSE Leap 42.2 caused by binary brave
Unexpected new dependency libplc4.so()(64bit) on distro openSUSE Leap 42.2 caused by binary brave
Unexpected new dependency libz.so.1()(64bit) on distro openSUSE Leap 42.2 caused by binary brave
Unexpected new dependency libcairo-gobject.so.2()(64bit) on distro Fedora 25 caused by binary brave
Unexpected new dependency libplds4.so()(64bit) on distro Fedora 25 caused by binary brave
Unexpected new dependency libresolv.so.2()(64bit) on distro Fedora 25 caused by binary brave
Unexpected new dependency libplc4.so()(64bit) on distro Fedora 25 caused by binary brave
Unexpected new dependency libz.so.1()(64bit) on distro Fedora 25 caused by binary brave
[80/101] ACTION //chrome/installer/linux:calculate_deb_dependencies(//build/toolchain/linux:clang_x64)
FAILED: deb_brave.deps 
python ../../chrome/installer/linux/debian/calculate_package_deps.py brave ../../build/linux/debian_sid_amd64-sysroot x64 deb_brave.deps --distro-check
Dependency libcairo-gobject2 (>= 1.10.0) not satisfiable on distro Ubuntu 14.04 (Trusty) caused by binary brave
Dependency zlib1g (>= 1:1.1.4) not satisfiable on distro Ubuntu 14.04 (Trusty) caused by binary brave
Dependency libcairo-gobject2 (>= 1.10.0) not satisfiable on distro Debian 9 (Stretch) caused by binary brave
Dependency zlib1g (>= 1:1.1.4) not satisfiable on distro Debian 9 (Stretch) caused by binary brave
Dependency libcairo-gobject2 (>= 1.10.0) not satisfiable on distro Ubuntu 16.04 (Xenial) caused by binary brave
Dependency zlib1g (>= 1:1.1.4) not satisfiable on distro Ubuntu 16.04 (Xenial) caused by binary brave
Dependency libcairo-gobject2 (>= 1.10.0) not satisfiable on distro Debian 10 (Buster) caused by binary brave
Dependency zlib1g (>= 1:1.1.4) not satisfiable on distro Debian 10 (Buster) caused by binary brave
Dependency libcairo-gobject2 (>= 1.10.0) not satisfiable on distro Ubuntu 17.10 (Artful) caused by binary brave
Dependency zlib1g (>= 1:1.1.4) not satisfiable on distro Ubuntu 17.10 (Artful) caused by binary brave
Dependency libcairo-gobject2 (>= 1.10.0) not satisfiable on distro Debian 8 (Jessie) caused by binary brave
Dependency zlib1g (>= 1:1.1.4) not satisfiable on distro Debian 8 (Jessie) caused by binary brave

[81/101] ACTION //brave/app/linux:generate_breakpad_symbols(//build/toolchain/linux:clang_x64)
ninja: build stopped: subcommand failed.

Should I build on something else than Ubuntu 18.04?

@mbacchi
Copy link
Member

mbacchi commented Jan 16, 2019

Should I build on something else than Ubuntu 18.04?

We run builds on Ubuntu 14.04 due to packaging issues when run on newer Ubuntu versions. There is a comment explaining partially why here: #28 (comment)

Chromium also builds on Ubuntu 14.04: https://chromium.googlesource.com/chromium/src/+/HEAD/docs/linux_build_instructions.md#System-requirements

For now that's our default process but we will likely want to investigate that and come up with a solution for building on newer versions going forward.

prep_staging_debian() {
prep_staging_common
install -m 755 -d "${STAGEDIR}/DEBIAN" \
- "${STAGEDIR}/etc/cron.daily" \

This comment has been minimized.

Copy link
@bridiver

bridiver Jan 17, 2019

Collaborator

this seems like a lot of patching in different places, can't we just patch the cron script instead to do nothing?

Copy link
Collaborator

bridiver left a comment

I'm really concerned about the amount of patching in a lot of these scripts. It's going to be very difficult to maintain over time. I think we need to find a different way to do this

@fmarier fmarier force-pushed the fmarier:issue1084 branch from 443bad1 to 2081dd0 Jan 17, 2019
@fmarier fmarier removed request for bbondy and mihaiplesa Jan 17, 2019
@fmarier fmarier dismissed bridiver’s stale review Jan 17, 2019

I've changed the patch to disable the cronjobs instead of preventing their installations.

@fmarier
Copy link
Member Author

fmarier commented Jan 21, 2019

The build error I got in #1078 (comment) actually comes from the use of --official_build=false. Without that flag, I can build the packages just fine on Ubuntu 18.04, 16.04 or 14.04.

@fmarier fmarier force-pushed the fmarier:issue1084 branch from 2081dd0 to 5c576e0 Jan 21, 2019
@fmarier fmarier force-pushed the fmarier:issue1084 branch from 5c576e0 to 0fba0a4 Jan 21, 2019
@fmarier
Copy link
Member Author

fmarier commented Jan 22, 2019

I have verified that this latest patch works on Ubuntu 18.04:

  • both the .deb and the .rpm build fine
  • each package contains the modified cronjob (with that extra exit 0 statement)
  • the Debian package installs correctly
  • the Google repo or signing key are not added during package installation
  • the Google repo or signing key are also not added when running /etc/cron.daily/brave-browser

@mbacchi This should not be pretty straightforward to review and merge since it's now a 2-line change (excluding comments).

@fmarier
Copy link
Member Author

fmarier commented Jan 23, 2019

I have also documented what I figured out in terms of building the Linux packages: https://github.com/brave/brave-browser/wiki/Linux-packages

@fmarier
Copy link
Member Author

fmarier commented Jan 24, 2019

I just tested this on Fedora 29 and the Google repo is still installed at installation time, despite the cronjob being neutered. I might need to hack the packaging some more for RPM-based distros.

This disables the cronjob that gets installed by the RPM and DEB packages in
order to forcefully add (or re-add) the Google Chrome package repository and
signing key.

This fixes brave/brave-browser#1084 and fixes brave/brave-browser#1967.
@fmarier fmarier force-pushed the fmarier:issue1084 branch from 0fba0a4 to d232a49 Jan 25, 2019
@fmarier fmarier requested a review from mbacchi Jan 25, 2019
@fmarier
Copy link
Member Author

fmarier commented Jan 25, 2019

Latest patch was tested successfully on Fedora 29 too.

It's now 50% larger though (i.e. 3 lines of code).


-. "$DEFAULTS_FILE"
+# Don't install the Chrome repo (brave/brave-browser#1967)
+#. "$DEFAULTS_FILE"

This comment has been minimized.

Copy link
@bridiver

bridiver Jan 31, 2019

Collaborator

I'm confused by this one, why not exit early like the others?

This comment has been minimized.

Copy link
@fmarier

fmarier Jan 31, 2019

Author Member

That part of the spec file also sets up the brave-browser binary: https://cs.chromium.org/chromium/src/chrome/installer/linux/rpm/chrome.spec.template?l=163-180&rcl=6819376c2fbd91863cb29e02b47f653d6dc8b292

If we return early, we'll be breaking that.

This comment has been minimized.

Copy link
@bridiver

bridiver Jan 31, 2019

Collaborator

and there's nothing else we need from DEFAULTS_FILE that should be set?

This comment has been minimized.

Copy link
@fmarier

fmarier Feb 1, 2019

Author Member

No, it only contains two variables related to adding/re-adding the Chrome repo:

$ cat /etc/default/brave-browser
repo_add_once="false"
repo_reenable_on_distupgrade="true"
@mbacchi
mbacchi approved these changes Feb 1, 2019
Copy link
Member

mbacchi left a comment

These look great. Thanks!

@fmarier fmarier merged commit 40f354e into brave:master Feb 1, 2019
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@fmarier fmarier mentioned this pull request Feb 2, 2019
3 of 18 tasks complete
@fmarier fmarier deleted the fmarier:issue1084 branch Feb 8, 2019
@fmarier fmarier added this to the 0.62.x - Dev milestone Feb 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants
You can’t perform that action at this time.