Fix incorrect argon2 target in arm builds (#6453)

* Fix building from source on arm

Not building from source causes argon2 to pull the wrong arch, so we
have to build from source.

But building from source is causing the new Kerberos module to fail on
arm64 and keytar to fail on both.

The latter has been very difficult to debug because the GitHub image
provides a different result to containers based on Ubuntu 20.04.
Because of this, use a container instead.

Use debian:buster as the container because it is easier to set up the
architecture sources (no need to modify the sources) and because it
seems to come with glibc 2.28 rather than 2.31.

Also use the exact version of Node (18.15.0) for reproducibility.

* Set owner and group during tar to zero

Otherwise you get IDs that can cause (benign) errors while extracting,
which might be confusing.  At the very least, I did not see these errors
from previous tars (although they seem to use 1001).

There is no guarantee what IDs might exist so 0 seems the most
reasonable.
This commit is contained in:
Asher 2023-09-27 19:17:47 -08:00 committed by GitHub
parent 2bb51a25a9
commit 6275520348
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 37 additions and 32 deletions

View File

@ -38,7 +38,7 @@ jobs:
- name: Install Node.js v18
uses: actions/setup-node@v3
with:
node-version: "18"
node-version: "18.15.0"
- name: Install development tools
run: |
@ -100,27 +100,37 @@ jobs:
discussion_category_name: "📣 Announcements"
files: ./release-packages/*
# TODO: We should use the same CentOS image to cross-compile if possible?
package-linux-cross:
name: Linux cross-compile builds
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
timeout-minutes: 15
needs: npm-version
container: "debian:buster"
strategy:
matrix:
include:
- prefix: aarch64-linux-gnu
arch: arm64
npm_arch: arm64
apt_arch: arm64
- prefix: arm-linux-gnueabihf
arch: armv7l
npm_arch: armv7l
apt_arch: armhf
env:
AR: ${{ format('{0}-ar', matrix.prefix) }}
AS: ${{ format('{0}-as', matrix.prefix) }}
CC: ${{ format('{0}-gcc', matrix.prefix) }}
CPP: ${{ format('{0}-cpp', matrix.prefix) }}
CXX: ${{ format('{0}-g++', matrix.prefix) }}
LINK: ${{ format('{0}-g++', matrix.prefix) }}
npm_config_arch: ${{ matrix.arch }}
FC: ${{ format('{0}-gfortran', matrix.prefix) }}
LD: ${{ format('{0}-ld', matrix.prefix) }}
STRIP: ${{ format('{0}-strip', matrix.prefix) }}
PKG_CONFIG_PATH: ${{ format('/usr/lib/{0}/pkgconfig', matrix.prefix) }}
TARGET_ARCH: ${{ matrix.apt_arch }}
npm_config_arch: ${{ matrix.npm_arch }}
NODE_VERSION: v18.15.0
# Not building from source results in an x86_64 argon2, as if
# npm_config_arch is being ignored.
npm_config_build_from_source: true
steps:
@ -132,30 +142,25 @@ jobs:
with:
node-version: "18.15.0"
- name: Install cross-compiler and system dependencies
run: |
dpkg --add-architecture $TARGET_ARCH
apt-get update && apt-get install -y --no-install-recommends \
crossbuild-essential-$TARGET_ARCH \
libx11-dev:$TARGET_ARCH \
libx11-xcb-dev:$TARGET_ARCH \
libxkbfile-dev:$TARGET_ARCH \
libsecret-1-dev:$TARGET_ARCH \
libkrb5-dev:$TARGET_ARCH \
ca-certificates \
curl wget rsync gettext-base
- name: Install nfpm
run: |
mkdir -p ~/.local/bin
curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Install cross-compiler and system dependencies (arm64)
if: ${{ matrix.arch != 'armv7l' }}
run: sudo apt update && sudo apt install -y $PACKAGE libkrb5-dev
env:
PACKAGE: ${{ format('g++-{0}', matrix.prefix) }}
- name: Install cross-compiler and system dependencies (armv7l)
if: ${{ matrix.arch == 'armv7l' }}
run: |
sudo sed -i "s/^deb/deb [arch=amd64,i386]/g" /etc/apt/sources.list
echo "deb [arch=arm64,armhf] http://ports.ubuntu.com/ $(lsb_release -s -c) main universe multiverse restricted" | sudo tee -a /etc/apt/sources.list
echo "deb [arch=arm64,armhf] http://ports.ubuntu.com/ $(lsb_release -s -c)-updates main universe multiverse restricted" | sudo tee -a /etc/apt/sources.list
sudo dpkg --add-architecture armhf
sudo apt update
sudo apt install -y $PACKAGE libkrb5-dev:armhf
env:
PACKAGE: ${{ format('g++-{0}', matrix.prefix) }}
- name: Download npm package
uses: actions/download-artifact@v3
with:
@ -183,7 +188,7 @@ jobs:
- name: Build packages with nfpm
env:
VERSION: ${{ env.VERSION }}
run: yarn package ${npm_config_arch}
run: npm run package ${npm_config_arch}
- uses: softprops/action-gh-release@v1
with:
@ -203,7 +208,7 @@ jobs:
- name: Install Node.js v18
uses: actions/setup-node@v3
with:
node-version: "18"
node-version: "18.15.0"
- name: Install nfpm
run: |

View File

@ -27,7 +27,7 @@ main() {
release_archive() {
local release_name="code-server-$VERSION-$OS-$ARCH"
if [[ $OS == "linux" ]]; then
tar -czf "release-packages/$release_name.tar.gz" --transform "s/^\.\/release-standalone/$release_name/" ./release-standalone
tar -czf "release-packages/$release_name.tar.gz" --owner=0 --group=0 --transform "s/^\.\/release-standalone/$release_name/" ./release-standalone
else
tar -czf "release-packages/$release_name.tar.gz" -s "/^release-standalone/$release_name/" release-standalone
fi

View File

@ -9,11 +9,11 @@ main() {
rsync "$RELEASE_PATH/" "$RELEASE_PATH-standalone"
RELEASE_PATH+=-standalone
# We cannot find the path to node from $PATH because yarn shims a script to ensure
# we use the same version it's using so we instead run a script with yarn that
# will print the path to node.
# We cannot get the path to Node from $PATH (for example via `which node`)
# because Yarn shims a script called `node` and we would end up just copying
# that script. Instead we run Node and have it print its actual path.
local node_path
node_path="$(yarn -s node <<< 'console.info(process.execPath)')"
node_path="$(node <<< 'console.info(process.execPath)')"
mkdir -p "$RELEASE_PATH/bin"
mkdir -p "$RELEASE_PATH/lib"