From 75748a4116c1d3bbdedd9d2f9c1cf95d9f4d9df7 Mon Sep 17 00:00:00 2001 From: Josh Stone Date: Wed, 8 Jul 2020 10:00:40 -0700 Subject: [PATCH] ci: Update dist-{i686,x86_64}-linux to Debian 6 This increases the minimum `{i686,x86_64}-unknown-linux-gnu` platform from RHEL/CentOS 5 (glibc 2.5 and kernel 2.6.18) to a slightly newer Debian 6 `squeeze` (glibc 2.11 and kernel 2.6.32). While that release is already EOL, it happens to match the minimum common versions of two enterprise distros that do still need Rust support -- RHEL 6 (glibc 2.12 and kernel 2.6.32) and SLES 11 SP4 (glibc 2.11 and kernel 3.0). --- .../host-x86_64/dist-i686-linux/Dockerfile | 91 ++++++++++--------- .../host-x86_64/dist-x86_64-linux/Dockerfile | 84 ++++++++--------- .../dist-x86_64-linux/build-clang.sh | 3 - .../dist-x86_64-linux/build-cmake.sh | 7 +- .../dist-x86_64-linux/build-curl.sh | 1 - .../dist-x86_64-linux/build-gcc.sh | 1 - src/ci/run.sh | 12 +++ 7 files changed, 101 insertions(+), 98 deletions(-) diff --git a/src/ci/docker/host-x86_64/dist-i686-linux/Dockerfile b/src/ci/docker/host-x86_64/dist-i686-linux/Dockerfile index eac0ed24d509e..9a051caa06678 100644 --- a/src/ci/docker/host-x86_64/dist-i686-linux/Dockerfile +++ b/src/ci/docker/host-x86_64/dist-i686-linux/Dockerfile @@ -1,34 +1,44 @@ -FROM centos:5 +# We use Debian 6 (glibc 2.11, kernel 2.6.32) as a common base for other +# distros that still need Rust support: RHEL 6 (glibc 2.12, kernel 2.6.32) and +# SLES 11 SP4 (glibc 2.11, kernel 3.0). +FROM debian:6 WORKDIR /build -# Centos 5 is EOL and is no longer available from the usual mirrors, so switch -# to http://vault.centos.org/ -RUN sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf -RUN sed -i 's/mirrorlist/#mirrorlist/' /etc/yum.repos.d/*.repo -RUN sed -i 's|#\(baseurl.*\)mirror.centos.org/centos/$releasever|\1vault.centos.org/5.11|' /etc/yum.repos.d/*.repo +# Debian 6 is EOL and no longer available from the usual mirrors, +# so we'll need to switch to http://archive.debian.org/ +RUN sed -i '/updates/d' /etc/apt/sources.list && \ + sed -i 's/httpredir/archive/' /etc/apt/sources.list -RUN yum upgrade -y && yum install -y \ - curl \ +RUN apt-get update && \ + apt-get install --allow-unauthenticated -y --no-install-recommends \ + automake \ bzip2 \ + ca-certificates \ + curl \ + file \ + g++ \ + g++-multilib \ gcc \ - gcc-c++ \ + gcc-multilib \ + git \ + lib32z1-dev \ + libedit-dev \ + libncurses-dev \ make \ - glibc-devel \ + patch \ perl \ - zlib-devel \ - file \ - xz \ - which \ - pkgconfig \ + pkg-config \ + unzip \ wget \ - autoconf \ - gettext + xz-utils \ + zlib1g-dev ENV PATH=/rustroot/bin:$PATH -ENV LD_LIBRARY_PATH=/rustroot/lib64:/rustroot/lib +ENV LD_LIBRARY_PATH=/rustroot/lib64:/rustroot/lib32:/rustroot/lib ENV PKG_CONFIG_PATH=/rustroot/lib/pkgconfig WORKDIR /tmp +RUN mkdir /home/user COPY host-x86_64/dist-x86_64-linux/shared.sh /tmp/ # We need a build of openssl which supports SNI to download artifacts from @@ -38,14 +48,14 @@ COPY host-x86_64/dist-x86_64-linux/shared.sh /tmp/ COPY host-x86_64/dist-x86_64-linux/build-openssl.sh /tmp/ RUN ./build-openssl.sh -# The `curl` binary on CentOS doesn't support SNI which is needed for fetching +# The `curl` binary on Debian 6 doesn't support SNI which is needed for fetching # some https urls we have, so install a new version of libcurl + curl which is # using the openssl we just built previously. # # Note that we also disable a bunch of optional features of curl that we don't # really need. COPY host-x86_64/dist-x86_64-linux/build-curl.sh /tmp/ -RUN ./build-curl.sh +RUN ./build-curl.sh && apt-get remove -y curl # binutils < 2.22 has a bug where the 32-bit executables it generates # immediately segfault in Rust, so we need to install our own binutils. @@ -54,40 +64,24 @@ RUN ./build-curl.sh COPY host-x86_64/dist-x86_64-linux/build-binutils.sh /tmp/ RUN ./build-binutils.sh -# libssh2 (a dependency of Cargo) requires cmake 2.8.11 or higher but CentOS -# only has 2.6.4, so build our own -COPY host-x86_64/dist-x86_64-linux/build-cmake.sh /tmp/ -RUN ./build-cmake.sh - -# Need a newer version of gcc than centos has to compile LLVM nowadays +# Need at least GCC 5.1 to compile LLVM nowadays COPY host-x86_64/dist-x86_64-linux/build-gcc.sh /tmp/ -RUN ./build-gcc.sh +RUN ./build-gcc.sh && apt-get remove -y gcc g++ -# CentOS 5.5 has Python 2.4 by default, but LLVM needs 2.7+ +# Debian 6 has Python 2.6 by default, but LLVM needs 2.7+ COPY host-x86_64/dist-x86_64-linux/build-python.sh /tmp/ RUN ./build-python.sh -# Now build LLVM+Clang 7, afterwards configuring further compilations to use the +# LLVM needs cmake 3.4.3 or higher, and is planning to raise to 3.13.4. +COPY host-x86_64/dist-x86_64-linux/build-cmake.sh /tmp/ +RUN ./build-cmake.sh + +# Now build LLVM+Clang, afterwards configuring further compilations to use the # clang/clang++ compilers. -COPY host-x86_64/dist-x86_64-linux/build-clang.sh host-x86_64/dist-x86_64-linux/llvm-project-centos.patch /tmp/ +COPY host-x86_64/dist-x86_64-linux/build-clang.sh /tmp/ RUN ./build-clang.sh ENV CC=clang CXX=clang++ -# Apparently CentOS 5.5 desn't have `git` in yum, but we're gonna need it for -# cloning, so download and build it here. -COPY host-x86_64/dist-x86_64-linux/build-git.sh /tmp/ -RUN ./build-git.sh - -# for sanitizers, we need kernel headers files newer than the ones CentOS ships -# with so we install newer ones here -COPY host-x86_64/dist-x86_64-linux/build-headers.sh /tmp/ -RUN ./build-headers.sh - -# OpenSSL requires a more recent version of perl -# with so we install newer ones here -COPY host-x86_64/dist-x86_64-linux/build-perl.sh /tmp/ -RUN ./build-perl.sh - COPY scripts/sccache.sh /scripts/ RUN sh /scripts/sccache.sh @@ -117,4 +111,11 @@ ENV CFLAGS -mstackrealign # libcurl, instead it should compile its own. ENV LIBCURL_NO_PKG_CONFIG 1 +# There was a bad interaction between "old" 32-bit binaries on current 64-bit +# kernels with selinux enabled, where ASLR mmap would sometimes choose a low +# address and then block it for being below `vm.mmap_min_addr` -> `EACCES`. +# This is probably a kernel bug, but setting `ulimit -Hs` works around it. +# See also `src/ci/run.sh` where this takes effect. +ENV SET_HARD_RLIMIT_STACK 1 + ENV DIST_REQUIRE_ALL_TOOLS 1 diff --git a/src/ci/docker/host-x86_64/dist-x86_64-linux/Dockerfile b/src/ci/docker/host-x86_64/dist-x86_64-linux/Dockerfile index 8b78214fbdd14..1f0978c0082c5 100644 --- a/src/ci/docker/host-x86_64/dist-x86_64-linux/Dockerfile +++ b/src/ci/docker/host-x86_64/dist-x86_64-linux/Dockerfile @@ -1,34 +1,44 @@ -FROM centos:5 +# We use Debian 6 (glibc 2.11, kernel 2.6.32) as a common base for other +# distros that still need Rust support: RHEL 6 (glibc 2.12, kernel 2.6.32) and +# SLES 11 SP4 (glibc 2.11, kernel 3.0). +FROM debian:6 WORKDIR /build -# Centos 5 is EOL and is no longer available from the usual mirrors, so switch -# to http://vault.centos.org/ -RUN sed -i 's/enabled=1/enabled=0/' /etc/yum/pluginconf.d/fastestmirror.conf -RUN sed -i 's/mirrorlist/#mirrorlist/' /etc/yum.repos.d/*.repo -RUN sed -i 's|#\(baseurl.*\)mirror.centos.org/centos/$releasever|\1vault.centos.org/5.11|' /etc/yum.repos.d/*.repo +# Debian 6 is EOL and no longer available from the usual mirrors, +# so we'll need to switch to http://archive.debian.org/ +RUN sed -i '/updates/d' /etc/apt/sources.list && \ + sed -i 's/httpredir/archive/' /etc/apt/sources.list -RUN yum upgrade -y && yum install -y \ - curl \ +RUN apt-get update && \ + apt-get install --allow-unauthenticated -y --no-install-recommends \ + automake \ bzip2 \ + ca-certificates \ + curl \ + file \ + g++ \ + g++-multilib \ gcc \ - gcc-c++ \ + gcc-multilib \ + git \ + lib32z1-dev \ + libedit-dev \ + libncurses-dev \ make \ - glibc-devel \ + patch \ perl \ - zlib-devel \ - file \ - xz \ - which \ - pkgconfig \ + pkg-config \ + unzip \ wget \ - autoconf \ - gettext + xz-utils \ + zlib1g-dev ENV PATH=/rustroot/bin:$PATH -ENV LD_LIBRARY_PATH=/rustroot/lib64:/rustroot/lib +ENV LD_LIBRARY_PATH=/rustroot/lib64:/rustroot/lib32:/rustroot/lib ENV PKG_CONFIG_PATH=/rustroot/lib/pkgconfig WORKDIR /tmp +RUN mkdir /home/user COPY host-x86_64/dist-x86_64-linux/shared.sh /tmp/ # We need a build of openssl which supports SNI to download artifacts from @@ -38,14 +48,14 @@ COPY host-x86_64/dist-x86_64-linux/shared.sh /tmp/ COPY host-x86_64/dist-x86_64-linux/build-openssl.sh /tmp/ RUN ./build-openssl.sh -# The `curl` binary on CentOS doesn't support SNI which is needed for fetching +# The `curl` binary on Debian 6 doesn't support SNI which is needed for fetching # some https urls we have, so install a new version of libcurl + curl which is # using the openssl we just built previously. # # Note that we also disable a bunch of optional features of curl that we don't # really need. COPY host-x86_64/dist-x86_64-linux/build-curl.sh /tmp/ -RUN ./build-curl.sh +RUN ./build-curl.sh && apt-get remove -y curl # binutils < 2.22 has a bug where the 32-bit executables it generates # immediately segfault in Rust, so we need to install our own binutils. @@ -54,40 +64,24 @@ RUN ./build-curl.sh COPY host-x86_64/dist-x86_64-linux/build-binutils.sh /tmp/ RUN ./build-binutils.sh -# libssh2 (a dependency of Cargo) requires cmake 2.8.11 or higher but CentOS -# only has 2.6.4, so build our own -COPY host-x86_64/dist-x86_64-linux/build-cmake.sh /tmp/ -RUN ./build-cmake.sh - -# Build a version of gcc capable of building LLVM 6 +# Need at least GCC 5.1 to compile LLVM nowadays COPY host-x86_64/dist-x86_64-linux/build-gcc.sh /tmp/ -RUN ./build-gcc.sh +RUN ./build-gcc.sh && apt-get remove -y gcc g++ -# CentOS 5.5 has Python 2.4 by default, but LLVM needs 2.7+ +# Debian 6 has Python 2.6 by default, but LLVM needs 2.7+ COPY host-x86_64/dist-x86_64-linux/build-python.sh /tmp/ RUN ./build-python.sh -# Now build LLVM+Clang 7, afterwards configuring further compilations to use the +# LLVM needs cmake 3.4.3 or higher, and is planning to raise to 3.13.4. +COPY host-x86_64/dist-x86_64-linux/build-cmake.sh /tmp/ +RUN ./build-cmake.sh + +# Now build LLVM+Clang, afterwards configuring further compilations to use the # clang/clang++ compilers. -COPY host-x86_64/dist-x86_64-linux/build-clang.sh host-x86_64/dist-x86_64-linux/llvm-project-centos.patch /tmp/ +COPY host-x86_64/dist-x86_64-linux/build-clang.sh /tmp/ RUN ./build-clang.sh ENV CC=clang CXX=clang++ -# Apparently CentOS 5.5 desn't have `git` in yum, but we're gonna need it for -# cloning, so download and build it here. -COPY host-x86_64/dist-x86_64-linux/build-git.sh /tmp/ -RUN ./build-git.sh - -# for sanitizers, we need kernel headers files newer than the ones CentOS ships -# with so we install newer ones here -COPY host-x86_64/dist-x86_64-linux/build-headers.sh /tmp/ -RUN ./build-headers.sh - -# OpenSSL requires a more recent version of perl -# with so we install newer ones here -COPY host-x86_64/dist-x86_64-linux/build-perl.sh /tmp/ -RUN ./build-perl.sh - COPY scripts/sccache.sh /scripts/ RUN sh /scripts/sccache.sh diff --git a/src/ci/docker/host-x86_64/dist-x86_64-linux/build-clang.sh b/src/ci/docker/host-x86_64/dist-x86_64-linux/build-clang.sh index 518f6ef9b701d..2c00a628a1d35 100755 --- a/src/ci/docker/host-x86_64/dist-x86_64-linux/build-clang.sh +++ b/src/ci/docker/host-x86_64/dist-x86_64-linux/build-clang.sh @@ -12,9 +12,6 @@ cd llvm-project curl -L https://github.com/llvm/llvm-project/archive/$LLVM.tar.gz | \ tar xzf - --strip-components=1 -yum install -y patch -patch -Np1 < ../llvm-project-centos.patch - mkdir clang-build cd clang-build diff --git a/src/ci/docker/host-x86_64/dist-x86_64-linux/build-cmake.sh b/src/ci/docker/host-x86_64/dist-x86_64-linux/build-cmake.sh index 84522a7b87a4b..e17831a1afee5 100755 --- a/src/ci/docker/host-x86_64/dist-x86_64-linux/build-cmake.sh +++ b/src/ci/docker/host-x86_64/dist-x86_64-linux/build-cmake.sh @@ -3,14 +3,15 @@ set -ex source shared.sh -curl https://cmake.org/files/v3.6/cmake-3.6.3.tar.gz | tar xzf - +CMAKE=3.13.4 +curl -L https://github.com/Kitware/CMake/releases/download/v$CMAKE/cmake-$CMAKE.tar.gz | tar xzf - mkdir cmake-build cd cmake-build -hide_output ../cmake-3.6.3/configure --prefix=/rustroot +hide_output ../cmake-$CMAKE/configure --prefix=/rustroot hide_output make -j10 hide_output make install cd .. rm -rf cmake-build -rm -rf cmake-3.6.3 +rm -rf cmake-$CMAKE diff --git a/src/ci/docker/host-x86_64/dist-x86_64-linux/build-curl.sh b/src/ci/docker/host-x86_64/dist-x86_64-linux/build-curl.sh index 0c7eb5fdac9be..a60c6be9f3222 100755 --- a/src/ci/docker/host-x86_64/dist-x86_64-linux/build-curl.sh +++ b/src/ci/docker/host-x86_64/dist-x86_64-linux/build-curl.sh @@ -36,4 +36,3 @@ hide_output make install cd .. rm -rf curl-build rm -rf curl-$VERSION -yum erase -y curl diff --git a/src/ci/docker/host-x86_64/dist-x86_64-linux/build-gcc.sh b/src/ci/docker/host-x86_64/dist-x86_64-linux/build-gcc.sh index ddc2066537cef..9d7461ebee32b 100755 --- a/src/ci/docker/host-x86_64/dist-x86_64-linux/build-gcc.sh +++ b/src/ci/docker/host-x86_64/dist-x86_64-linux/build-gcc.sh @@ -37,4 +37,3 @@ ln -s gcc /rustroot/bin/cc cd .. rm -rf gcc-build rm -rf gcc-$GCC -yum erase -y gcc gcc-c++ binutils diff --git a/src/ci/run.sh b/src/ci/run.sh index 59f2736cbd406..5231aa2e76619 100755 --- a/src/ci/run.sh +++ b/src/ci/run.sh @@ -20,6 +20,18 @@ if [ -f /proc/sys/kernel/core_pattern ]; then ulimit -c unlimited fi +# There was a bad interaction between "old" 32-bit binaries on current 64-bit +# kernels with selinux enabled, where ASLR mmap would sometimes choose a low +# address and then block it for being below `vm.mmap_min_addr` -> `EACCES`. +# This is probably a kernel bug, but setting `ulimit -Hs` works around it. +# See also `dist-i686-linux` where this setting is enabled. +if [ "$SET_HARD_RLIMIT_STACK" = "1" ]; then + rlimit_stack=$(ulimit -Ss) + if [ "$rlimit_stack" != "" ]; then + ulimit -Hs "$rlimit_stack" + fi +fi + ci_dir=`cd $(dirname $0) && pwd` source "$ci_dir/shared.sh"