Enable wasi rlbox

This commit is contained in:
Jan Horak 2024-03-28 07:44:58 +01:00
parent 364db1a553
commit 45608f2400
6 changed files with 90 additions and 3 deletions

1
.gitignore vendored
View File

@ -627,3 +627,4 @@ firefox-3.6.4.source.tar.bz2
/firefox-langpacks-124.0-20240313.tar.xz /firefox-langpacks-124.0-20240313.tar.xz
/firefox-124.0.1.source.tar.xz /firefox-124.0.1.source.tar.xz
/firefox-langpacks-124.0.1-20240322.tar.xz /firefox-langpacks-124.0.1-20240322.tar.xz
/wasi-sdk-20.tar.gz

View File

@ -14,8 +14,6 @@ ac_add_options --allow-addon-sideload
ac_add_options --with-system-fdk-aac ac_add_options --with-system-fdk-aac
ac_add_options --enable-js-shell ac_add_options --enable-js-shell
ac_add_options --with-unsigned-addon-scopes=app,system ac_add_options --with-unsigned-addon-scopes=app,system
ac_add_options --without-sysroot
ac_add_options --without-wasm-sandboxed-libraries
export BUILD_OFFICIAL=1 export BUILD_OFFICIAL=1
export MOZILLA_OFFICIAL=1 export MOZILLA_OFFICIAL=1

View File

@ -33,6 +33,12 @@ ExcludeArch: i686
%else %else
%global enable_replace_malloc 0 %global enable_replace_malloc 0
%endif %endif
+# wasi_sdk is for sandboxing third party c/c++ libs by using rlbox
+%ifarch s390x
+%bcond wasi_sdk 0
+%else
+%bcond wasi_sdk 1
+%endif
%if "%{toolchain}" == "clang" %if "%{toolchain}" == "clang"
%global build_with_clang 1 %global build_with_clang 1
@ -216,6 +222,8 @@ Source45: run-wayland-compositor
Source46: org.mozilla.firefox.SearchProvider.service Source46: org.mozilla.firefox.SearchProvider.service
Source47: org.mozilla.firefox.desktop Source47: org.mozilla.firefox.desktop
Source48: org.mozilla.firefox.appdata.xml.in Source48: org.mozilla.firefox.appdata.xml.in
Source49: wasi.patch.template
Source50: wasi-sdk-20-1.fc39.src.rpm
# Build patches # Build patches
#Patch3: mozilla-build-arm.patch #Patch3: mozilla-build-arm.patch
@ -234,6 +242,7 @@ Patch61: firefox-glibc-dynstack.patch
Patch71: 0001-GLIBCXX-fix-for-GCC-12.patch Patch71: 0001-GLIBCXX-fix-for-GCC-12.patch
Patch78: firefox-i686-build.patch Patch78: firefox-i686-build.patch
Patch79: firefox-gcc-13-build.patch Patch79: firefox-gcc-13-build.patch
Patch80: wasi.patch
# Test patches # Test patches
# Generate without context by # Generate without context by
@ -320,7 +329,7 @@ BuildRequires: llvm
BuildRequires: llvm-devel BuildRequires: llvm-devel
BuildRequires: clang BuildRequires: clang
BuildRequires: clang-libs BuildRequires: clang-libs
%if %{build_with_clang} %if %{build_with_clang} || %{with wasi_sdk}
BuildRequires: lld BuildRequires: lld
%endif %endif
@ -443,6 +452,9 @@ BuildRequires: libproxy-devel
%if %{enable_replace_malloc} %if %{enable_replace_malloc}
BuildRequires: libstdc++-static BuildRequires: libstdc++-static
%endif %endif
%if %{with wasi_sdk}
BuildRequires: clang cmake ninja-build
%endif
Obsoletes: mozilla <= 37:1.7.13 Obsoletes: mozilla <= 37:1.7.13
Provides: webclient Provides: webclient
@ -540,6 +552,13 @@ This package contains results of tests executed during build.
%patch78 -p1 -b .firefox-i686 %patch78 -p1 -b .firefox-i686
%patch79 -p1 -b .firefox-gcc-13-build %patch79 -p1 -b .firefox-gcc-13-build
# We need to create the wasi.patch with the correct path to the wasm libclang_rt.
%if %{with wasi_sdk}
export LIBCLANG_RT=%{_topdir}/BUILDROOT/usr/share/wasi-sysroot/lib/libclang_rt.builtins-wasm32.a; cat %{SOURCE49} | envsubst > %{_sourcedir}/wasi.patch
cat %{_sourcedir}/wasi.patch
%patch80 -p1 -b .wasi
%endif
# Test patches # Test patches
#%patch100 -p1 -b .firefox-tests-xpcshell #%patch100 -p1 -b .firefox-tests-xpcshell
#%patch101 -p1 -b .firefox-tests-reftest #%patch101 -p1 -b .firefox-tests-reftest
@ -711,6 +730,43 @@ chmod a-x third_party/rust/ash/src/extensions/nv/*.rs
# Is that already fixed? # Is that already fixed?
%define _lto_cflags %{nil} %define _lto_cflags %{nil}
#WASI SDK
%if %{with wasi_sdk}
function install_rpms_to_current_dir() {
PACKAGE_RPM=$(eval echo $1)
#PACKAGE_DIR=%{_rpmdir}
PACKAGE_DIR=%{_topdir}/RPMS
if [ ! -f $PACKAGE_DIR/$PACKAGE_RPM ]; then
# Hack for tps tests
ARCH_STR=%{_arch}
%ifarch %{ix86}
ARCH_STR="i?86"
%endif
PACKAGE_DIR="$PACKAGE_DIR/$ARCH_STR"
fi
for package in $(ls $PACKAGE_DIR/$PACKAGE_RPM)
do
echo "$package"
rpm2cpio "$package" | cpio -idu
rm -f "$package"
done
}
rpm -ivh %{SOURCE50}
#export CC="clang"
#export CXX="clang++"
#eport AR="clang-ar"
#export NM="clang-nm"
#export RANLIB="clang-ranlib"
rpmbuild --nodeps -bb --noclean %{_topdir}/SPECS/wasi-sdk.spec
pushd %{_buildrootdir}
install_rpms_to_current_dir wasi-sdk-20*.rpm
popd
%endif
# ^ with wasi_sdk
%if 0%{?use_bundled_cbindgen} %if 0%{?use_bundled_cbindgen}
mkdir -p my_rust_vendor mkdir -p my_rust_vendor
cd my_rust_vendor cd my_rust_vendor
@ -825,6 +881,13 @@ echo "ac_add_options --enable-lto" >> .mozconfig
echo "ac_add_options MOZ_PGO=1" >> .mozconfig echo "ac_add_options MOZ_PGO=1" >> .mozconfig
%endif %endif
%if %{with wasi_sdk}
echo "ac_add_options --with-wasi-sysroot=%{_topdir}/BUILDROOT/usr/share/wasi-sysroot" >> .mozconfig
%else
echo "ac_add_options --without-sysroot" >> .mozconfig
echo "ac_add_options --without-wasm-sandboxed-libraries" >> .mozconfig
%endif
# Require 4 GB of RAM per CPU core # Require 4 GB of RAM per CPU core
%constrain_build -m 4096 %constrain_build -m 4096
echo "mk_add_options MOZ_MAKE_FLAGS=\"-j%{_smp_build_ncpus}\"" >> .mozconfig echo "mk_add_options MOZ_MAKE_FLAGS=\"-j%{_smp_build_ncpus}\"" >> .mozconfig

View File

@ -3,3 +3,4 @@ SHA512 (cbindgen-vendor.tar.xz) = 3e7eaff088db918e95f5505e5feeb06e8b7b95cc62042a
SHA512 (dump_syms-vendor.tar.xz) = 5769c052fa874a965eb8837776b01fb097e8930f45d0d0d2a93997c4fae8726184a192aee52302bde62e62897801b1463cae9283563d9d60e8b8ee80a250f2a3 SHA512 (dump_syms-vendor.tar.xz) = 5769c052fa874a965eb8837776b01fb097e8930f45d0d0d2a93997c4fae8726184a192aee52302bde62e62897801b1463cae9283563d9d60e8b8ee80a250f2a3
SHA512 (firefox-124.0.1.source.tar.xz) = 282c45e5c468419536dd8b81c8ea687b10d8002d7521403330e6eeef49207143bee88a44c3785748d461ed9a72687606f5da14f4dfb98eb40a5cd08a4a12722b SHA512 (firefox-124.0.1.source.tar.xz) = 282c45e5c468419536dd8b81c8ea687b10d8002d7521403330e6eeef49207143bee88a44c3785748d461ed9a72687606f5da14f4dfb98eb40a5cd08a4a12722b
SHA512 (firefox-langpacks-124.0.1-20240322.tar.xz) = bc7f93493636cc4d9845df2583cdd6cc941e284e35afb2bfe2e0ad32c05dc554c4af22e3d9703ce03a48f30e6858e300dea1c892d2f896be1db58581c81339fd SHA512 (firefox-langpacks-124.0.1-20240322.tar.xz) = bc7f93493636cc4d9845df2583cdd6cc941e284e35afb2bfe2e0ad32c05dc554c4af22e3d9703ce03a48f30e6858e300dea1c892d2f896be1db58581c81339fd
SHA512 (wasi-sdk-20.tar.gz) = 95be9d9b41ed1f7884e9cd68bad22abbb355b049fd09731c89b9e36666d0205b1a16ec9c21820adf0c5a34e2048015cbfbef0542170d466fa3336c636873c405

12
wasi.patch Normal file
View File

@ -0,0 +1,12 @@
diff -up firefox-121.0.1/toolkit/moz.configure.wasi firefox-121.0.1/toolkit/moz.configure
--- firefox-121.0.1/toolkit/moz.configure.wasi 2024-02-01 09:14:33.816548952 +0100
+++ firefox-121.0.1/toolkit/moz.configure 2024-02-01 09:15:53.264684309 +0100
@@ -2663,7 +2663,7 @@ with only_when(requires_wasm_sandboxing
def wasi_sysroot_flags(wasi_sysroot):
if wasi_sysroot:
log.info("Using wasi sysroot in %s", wasi_sysroot)
- return ["--sysroot=%s" % wasi_sysroot]
+ return ["--sysroot=%s" % wasi_sysroot, "-nodefaultlibs", "-lc", "-lwasi-emulated-process-clocks", "-lc++", "-lc++abi", "/home/jhorak/rpmbuild/BUILDROOT/usr/share/wasi-sysroot/lib/libclang_rt.builtins-wasm32.a"]
return []
set_config("WASI_SYSROOT", wasi_sysroot)

12
wasi.patch.template Normal file
View File

@ -0,0 +1,12 @@
diff -up firefox-121.0.1/toolkit/moz.configure.wasi firefox-121.0.1/toolkit/moz.configure
--- firefox-121.0.1/toolkit/moz.configure.wasi 2024-02-01 09:14:33.816548952 +0100
+++ firefox-121.0.1/toolkit/moz.configure 2024-02-01 09:15:53.264684309 +0100
@@ -2663,7 +2663,7 @@ with only_when(requires_wasm_sandboxing
def wasi_sysroot_flags(wasi_sysroot):
if wasi_sysroot:
log.info("Using wasi sysroot in %s", wasi_sysroot)
- return ["--sysroot=%s" % wasi_sysroot]
+ return ["--sysroot=%s" % wasi_sysroot, "-nodefaultlibs", "-lc", "-lwasi-emulated-process-clocks", "-lc++", "-lc++abi", "$LIBCLANG_RT"]
return []
set_config("WASI_SYSROOT", wasi_sysroot)