commit a252601ff0b83c28684c3a536efa877463ba8e2a
parent 6c0d17a3444322300ec4fbf5f342db0f1d78fa55
Author: David Goulet <dgoulet@torproject.org>
Date: Wed, 19 Mar 2025 14:42:11 -0400
Merge branch 'maint-0.4.8'
Diffstat:
4 files changed, 27 insertions(+), 15 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -102,6 +102,8 @@ variables:
- if [ "$NSS" = yes ]; then apt-get install libnss3 libnss3-dev; fi
# llvm-symbolizer for sanitizer backtrace
- if [ "$HARDENING" = yes ]; then apt-get install llvm; fi
+ # libubsan1 for building with -fsanitize=address
+ - if [ "$HARDENING" = yes ]; then apt-get install libubsan1 libclang-rt-dev; fi
# TODO: This next line should not be debian-only.
- if [ "$STEM" = yes ]; then git clone --depth 1 https://gitlab.torproject.org/tpo/network-health/stem.git ; export STEM_PATH="$(pwd)/stem"; fi
# TODO: This next line should not be debian-only.
@@ -113,18 +115,19 @@ variables:
git clone --shallow-since "$CHUTNEY_SHALLOW_SINCE" https://gitlab.torproject.org/tpo/core/chutney.git
git -C ./chutney checkout "$CHUTNEY_COMMIT"
+
+ apt install python3-venv
+
export CHUTNEY_PATH="$(pwd)/chutney"
- # Have pip install chutney's python dependencies by installing chutney
- # itself.
- apt-get install python3-pip
- pip3 install --user ./chutney
+ python3 -m venv venv
+ venv/bin/pip install ./chutney
fi
- if [ "$TRACING" = yes ]; then apt install liblttng-ust-dev; fi
# Minimal check on debian: just make, make check.
#
debian-minimal:
- image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye
+ image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm
<<: *debian-template
script:
- ./scripts/ci/ci-driver.sh
@@ -135,7 +138,7 @@ debian-i386-minimal:
# TODO: Use a TPA-maintained image when there is one.
# See https://gitlab.torproject.org/tpo/tpa/base-images/-/issues/3
image:
- name: i386/debian:bullseye
+ name: i386/debian:bookworm
docker:
platform: linux/386
<<: *debian-template
@@ -148,7 +151,7 @@ debian-i386-minimal:
#
# TODO: This will be faster once we merge #40098 and #40099.
debian-hardened:
- image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye
+ image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm
<<: *debian-template
variables:
ALL_BUGS_ARE_FATAL: "yes"
@@ -160,7 +163,7 @@ debian-hardened:
#####
# Distcheck on debian stable
debian-distcheck:
- image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye
+ image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm
<<: *debian-template
variables:
DISTCHECK: "yes"
@@ -171,7 +174,7 @@ debian-distcheck:
#####
# Documentation tests on debian stable: doxygen and asciidoc.
debian-docs:
- image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye
+ image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm
<<: *debian-template
variables:
DOXYGEN: "yes"
@@ -189,7 +192,7 @@ debian-docs:
# with the 'artifacts' mechanism, in theory, but it would be good to
# avoid having to have a system with hundreds of artifacts.
debian-integration:
- image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye
+ image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm
<<: *debian-template
variables:
CHECK: "no"
@@ -198,12 +201,13 @@ debian-integration:
STEM: "yes"
ALL_BUGS_ARE_FATAL: "yes"
script:
+ - source venv/bin/activate
- ./scripts/ci/ci-driver.sh
#####
# Tracing build on Debian stable.
debian-tracing:
- image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye
+ image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm
<<: *debian-template
variables:
TRACING: "yes"
@@ -215,7 +219,7 @@ debian-tracing:
#####
# No-authority mode
debian-disable-dirauth:
- image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye
+ image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm
<<: *debian-template
variables:
DISABLE_DIRAUTH: "yes"
@@ -225,7 +229,7 @@ debian-disable-dirauth:
#####
# No-relay mode
debian-disable-relay:
- image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye
+ image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm
<<: *debian-template
variables:
DISABLE_RELAY: "yes"
@@ -235,7 +239,7 @@ debian-disable-relay:
#####
# GPL licensed mode, enables pow module
debian-gpl:
- image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye
+ image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm
<<: *debian-template
variables:
GPL: "yes"
@@ -245,7 +249,7 @@ debian-gpl:
#####
# NSS check on debian
debian-nss:
- image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye
+ image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm
<<: *debian-template
variables:
NSS: "yes"
diff --git a/changes/ci-pin-chutney b/changes/ci-pin-chutney
@@ -0,0 +1,3 @@
+ o Minor feature (testing, CI):
+ - Use a fixed version of chutney (be881a1e) instead of its current HEAD.
+ This version should also be preferred when testing locally.
diff --git a/changes/ticket41029 b/changes/ticket41029
@@ -0,0 +1,3 @@
+ o Minor features (continuous integration):
+ - Upgrade CI runners to use Debian Bookworm instead of Bullseye. Closes
+ ticket 41029.
diff --git a/src/lib/crypt_ops/crypto_nss_mgt.c b/src/lib/crypt_ops/crypto_nss_mgt.c
@@ -16,6 +16,7 @@
#include "lib/log/util_bug.h"
#include "lib/string/printf.h"
+DISABLE_GCC_WARNING("-Wredundant-decls")
DISABLE_GCC_WARNING("-Wstrict-prototypes")
#include <nss.h>
#include <pk11func.h>
@@ -25,6 +26,7 @@ DISABLE_GCC_WARNING("-Wstrict-prototypes")
#include <prtypes.h>
#include <prinit.h>
ENABLE_GCC_WARNING("-Wstrict-prototypes")
+ENABLE_GCC_WARNING("-Wredundant-decls")
const char *
crypto_nss_get_version_str(void)
