From 45608f24008ef257db6414e9131491050a5f0e49 Mon Sep 17 00:00:00 2001 From: Jan Horak Date: Thu, 28 Mar 2024 07:44:58 +0100 Subject: [PATCH] Enable wasi rlbox --- .gitignore | 1 + firefox-mozconfig | 2 -- firefox.spec | 65 ++++++++++++++++++++++++++++++++++++++++++++- sources | 1 + wasi.patch | 12 +++++++++ wasi.patch.template | 12 +++++++++ 6 files changed, 90 insertions(+), 3 deletions(-) create mode 100644 wasi.patch create mode 100644 wasi.patch.template diff --git a/.gitignore b/.gitignore index 9620ab5..f812fa4 100644 --- a/.gitignore +++ b/.gitignore @@ -627,3 +627,4 @@ firefox-3.6.4.source.tar.bz2 /firefox-langpacks-124.0-20240313.tar.xz /firefox-124.0.1.source.tar.xz /firefox-langpacks-124.0.1-20240322.tar.xz +/wasi-sdk-20.tar.gz diff --git a/firefox-mozconfig b/firefox-mozconfig index 676a0e0..272b265 100644 --- a/firefox-mozconfig +++ b/firefox-mozconfig @@ -14,8 +14,6 @@ ac_add_options --allow-addon-sideload ac_add_options --with-system-fdk-aac ac_add_options --enable-js-shell ac_add_options --with-unsigned-addon-scopes=app,system -ac_add_options --without-sysroot -ac_add_options --without-wasm-sandboxed-libraries export BUILD_OFFICIAL=1 export MOZILLA_OFFICIAL=1 diff --git a/firefox.spec b/firefox.spec index 12e050f..d2e8b42 100644 --- a/firefox.spec +++ b/firefox.spec @@ -33,6 +33,12 @@ ExcludeArch: i686 %else %global enable_replace_malloc 0 %endif ++# wasi_sdk is for sandboxing third party c/c++ libs by using rlbox ++%ifarch s390x ++%bcond wasi_sdk 0 ++%else ++%bcond wasi_sdk 1 ++%endif %if "%{toolchain}" == "clang" %global build_with_clang 1 @@ -216,6 +222,8 @@ Source45: run-wayland-compositor Source46: org.mozilla.firefox.SearchProvider.service Source47: org.mozilla.firefox.desktop Source48: org.mozilla.firefox.appdata.xml.in +Source49: wasi.patch.template +Source50: wasi-sdk-20-1.fc39.src.rpm # Build patches #Patch3: mozilla-build-arm.patch @@ -234,6 +242,7 @@ Patch61: firefox-glibc-dynstack.patch Patch71: 0001-GLIBCXX-fix-for-GCC-12.patch Patch78: firefox-i686-build.patch Patch79: firefox-gcc-13-build.patch +Patch80: wasi.patch # Test patches # Generate without context by @@ -320,7 +329,7 @@ BuildRequires: llvm BuildRequires: llvm-devel BuildRequires: clang BuildRequires: clang-libs -%if %{build_with_clang} +%if %{build_with_clang} || %{with wasi_sdk} BuildRequires: lld %endif @@ -443,6 +452,9 @@ BuildRequires: libproxy-devel %if %{enable_replace_malloc} BuildRequires: libstdc++-static %endif +%if %{with wasi_sdk} +BuildRequires: clang cmake ninja-build +%endif Obsoletes: mozilla <= 37:1.7.13 Provides: webclient @@ -540,6 +552,13 @@ This package contains results of tests executed during build. %patch78 -p1 -b .firefox-i686 %patch79 -p1 -b .firefox-gcc-13-build +# We need to create the wasi.patch with the correct path to the wasm libclang_rt. +%if %{with wasi_sdk} +export LIBCLANG_RT=%{_topdir}/BUILDROOT/usr/share/wasi-sysroot/lib/libclang_rt.builtins-wasm32.a; cat %{SOURCE49} | envsubst > %{_sourcedir}/wasi.patch +cat %{_sourcedir}/wasi.patch +%patch80 -p1 -b .wasi +%endif + # Test patches #%patch100 -p1 -b .firefox-tests-xpcshell #%patch101 -p1 -b .firefox-tests-reftest @@ -711,6 +730,43 @@ chmod a-x third_party/rust/ash/src/extensions/nv/*.rs # Is that already fixed? %define _lto_cflags %{nil} +#WASI SDK +%if %{with wasi_sdk} +function install_rpms_to_current_dir() { + PACKAGE_RPM=$(eval echo $1) + #PACKAGE_DIR=%{_rpmdir} + PACKAGE_DIR=%{_topdir}/RPMS + + if [ ! -f $PACKAGE_DIR/$PACKAGE_RPM ]; then + # Hack for tps tests + ARCH_STR=%{_arch} + %ifarch %{ix86} + ARCH_STR="i?86" + %endif + PACKAGE_DIR="$PACKAGE_DIR/$ARCH_STR" + fi + + for package in $(ls $PACKAGE_DIR/$PACKAGE_RPM) + do + echo "$package" + rpm2cpio "$package" | cpio -idu + rm -f "$package" + done +} + +rpm -ivh %{SOURCE50} +#export CC="clang" +#export CXX="clang++" +#eport AR="clang-ar" +#export NM="clang-nm" +#export RANLIB="clang-ranlib" +rpmbuild --nodeps -bb --noclean %{_topdir}/SPECS/wasi-sdk.spec +pushd %{_buildrootdir} +install_rpms_to_current_dir wasi-sdk-20*.rpm +popd +%endif +# ^ with wasi_sdk + %if 0%{?use_bundled_cbindgen} mkdir -p my_rust_vendor cd my_rust_vendor @@ -824,6 +880,13 @@ env | grep GCOV echo "ac_add_options --enable-lto" >> .mozconfig echo "ac_add_options MOZ_PGO=1" >> .mozconfig %endif + +%if %{with wasi_sdk} +echo "ac_add_options --with-wasi-sysroot=%{_topdir}/BUILDROOT/usr/share/wasi-sysroot" >> .mozconfig +%else +echo "ac_add_options --without-sysroot" >> .mozconfig +echo "ac_add_options --without-wasm-sandboxed-libraries" >> .mozconfig +%endif # Require 4 GB of RAM per CPU core %constrain_build -m 4096 diff --git a/sources b/sources index 5511afe..72d52ad 100644 --- a/sources +++ b/sources @@ -3,3 +3,4 @@ SHA512 (cbindgen-vendor.tar.xz) = 3e7eaff088db918e95f5505e5feeb06e8b7b95cc62042a SHA512 (dump_syms-vendor.tar.xz) = 5769c052fa874a965eb8837776b01fb097e8930f45d0d0d2a93997c4fae8726184a192aee52302bde62e62897801b1463cae9283563d9d60e8b8ee80a250f2a3 SHA512 (firefox-124.0.1.source.tar.xz) = 282c45e5c468419536dd8b81c8ea687b10d8002d7521403330e6eeef49207143bee88a44c3785748d461ed9a72687606f5da14f4dfb98eb40a5cd08a4a12722b SHA512 (firefox-langpacks-124.0.1-20240322.tar.xz) = bc7f93493636cc4d9845df2583cdd6cc941e284e35afb2bfe2e0ad32c05dc554c4af22e3d9703ce03a48f30e6858e300dea1c892d2f896be1db58581c81339fd +SHA512 (wasi-sdk-20.tar.gz) = 95be9d9b41ed1f7884e9cd68bad22abbb355b049fd09731c89b9e36666d0205b1a16ec9c21820adf0c5a34e2048015cbfbef0542170d466fa3336c636873c405 diff --git a/wasi.patch b/wasi.patch new file mode 100644 index 0000000..b47b496 --- /dev/null +++ b/wasi.patch @@ -0,0 +1,12 @@ +diff -up firefox-121.0.1/toolkit/moz.configure.wasi firefox-121.0.1/toolkit/moz.configure +--- firefox-121.0.1/toolkit/moz.configure.wasi 2024-02-01 09:14:33.816548952 +0100 ++++ firefox-121.0.1/toolkit/moz.configure 2024-02-01 09:15:53.264684309 +0100 +@@ -2663,7 +2663,7 @@ with only_when(requires_wasm_sandboxing + def wasi_sysroot_flags(wasi_sysroot): + if wasi_sysroot: + log.info("Using wasi sysroot in %s", wasi_sysroot) +- return ["--sysroot=%s" % wasi_sysroot] ++ return ["--sysroot=%s" % wasi_sysroot, "-nodefaultlibs", "-lc", "-lwasi-emulated-process-clocks", "-lc++", "-lc++abi", "/home/jhorak/rpmbuild/BUILDROOT/usr/share/wasi-sysroot/lib/libclang_rt.builtins-wasm32.a"] + return [] + + set_config("WASI_SYSROOT", wasi_sysroot) diff --git a/wasi.patch.template b/wasi.patch.template new file mode 100644 index 0000000..aa2838e --- /dev/null +++ b/wasi.patch.template @@ -0,0 +1,12 @@ +diff -up firefox-121.0.1/toolkit/moz.configure.wasi firefox-121.0.1/toolkit/moz.configure +--- firefox-121.0.1/toolkit/moz.configure.wasi 2024-02-01 09:14:33.816548952 +0100 ++++ firefox-121.0.1/toolkit/moz.configure 2024-02-01 09:15:53.264684309 +0100 +@@ -2663,7 +2663,7 @@ with only_when(requires_wasm_sandboxing + def wasi_sysroot_flags(wasi_sysroot): + if wasi_sysroot: + log.info("Using wasi sysroot in %s", wasi_sysroot) +- return ["--sysroot=%s" % wasi_sysroot] ++ return ["--sysroot=%s" % wasi_sysroot, "-nodefaultlibs", "-lc", "-lwasi-emulated-process-clocks", "-lc++", "-lc++abi", "$LIBCLANG_RT"] + return [] + + set_config("WASI_SYSROOT", wasi_sysroot)