2022-10-13 12:39:17 +03:00
|
|
|
#!/usr/bin/env bash
|
2023-03-02 23:42:35 +02:00
|
|
|
|
|
|
|
# Copyright 2023 Uber Technologies, Inc.
|
2023-04-20 03:23:25 +03:00
|
|
|
# Licensed under the MIT License
|
2023-03-02 23:42:35 +02:00
|
|
|
|
zig launcher: replace shell wrappers with a binary
Until now we needed to maintain two versions of the zig launcher: one
for Windows and one for everything else. This was problematic for two
reasons:
1. I do not know powershell and thus keep breaking the Windows wrapper
all the time (see git history of Fabian fixing stuff that I broke).
2. This makes bazel-zig-cc dependent on the system shell, making it not
really hermetic. So the recently added
`--experimental_use_hermetic_linux_sandbox` does not work with
bazel-zig-cc, unless we bind-mount a bunch of stuff: `/usr`, `/bin`,
`/lib`, `/usr/lib:/lib`, `/usr/lib64:/lib64` and `/proc`.
Switching to a Zig-based wrapper solves both issues, and we can do this:
bazel build "$@" \
--experimental_use_hermetic_linux_sandbox \
--sandbox_add_mount_pair=/proc \
<...>
Zig itself still depends on `/proc` for `/proc/self/exe`, so we need to
keep that. I will look into reducing even that dependency separately.
Not all is nice and shiny though: this commit replaces ~80 LOC worth of
shell scripts wrappers with a singe ~300 LOC zig program, which is
arguably harder to understand. However, it is easier to change, at least
for me, because it's a single file with unit tests! Most importantly,
the gnarly code (which resolves paths and sets environment variables) is
cross-platform.
Thanks to Fabian Hahn for testing this on Windows and pointing out
errors.
2022-12-20 17:00:50 +02:00
|
|
|
set -xeuo pipefail
|
2022-10-13 12:39:17 +03:00
|
|
|
|
2023-04-21 17:00:03 +03:00
|
|
|
cache_prefix="${HERMETIC_CC_TOOLCHAIN_CACHE_PREFIX:-/tmp/hermetic_cc_toolchain}"
|
2023-03-08 17:33:59 +02:00
|
|
|
|
zig launcher: replace shell wrappers with a binary
Until now we needed to maintain two versions of the zig launcher: one
for Windows and one for everything else. This was problematic for two
reasons:
1. I do not know powershell and thus keep breaking the Windows wrapper
all the time (see git history of Fabian fixing stuff that I broke).
2. This makes bazel-zig-cc dependent on the system shell, making it not
really hermetic. So the recently added
`--experimental_use_hermetic_linux_sandbox` does not work with
bazel-zig-cc, unless we bind-mount a bunch of stuff: `/usr`, `/bin`,
`/lib`, `/usr/lib:/lib`, `/usr/lib64:/lib64` and `/proc`.
Switching to a Zig-based wrapper solves both issues, and we can do this:
bazel build "$@" \
--experimental_use_hermetic_linux_sandbox \
--sandbox_add_mount_pair=/proc \
<...>
Zig itself still depends on `/proc` for `/proc/self/exe`, so we need to
keep that. I will look into reducing even that dependency separately.
Not all is nice and shiny though: this commit replaces ~80 LOC worth of
shell scripts wrappers with a singe ~300 LOC zig program, which is
arguably harder to understand. However, it is easier to change, at least
for me, because it's a single file with unit tests! Most importantly,
the gnarly code (which resolves paths and sets environment variables) is
cross-platform.
Thanks to Fabian Hahn for testing this on Windows and pointing out
errors.
2022-12-20 17:00:50 +02:00
|
|
|
# check a very hermetic setup with a single target. Re-building all of
|
|
|
|
# them takes a long time, so using only one. If we ever decide to build all
|
|
|
|
# targets, we will need to exclude Go, since go dynamically links to glibc on
|
|
|
|
# linux.
|
2023-03-08 17:33:59 +02:00
|
|
|
|
2023-03-06 17:32:48 +02:00
|
|
|
echo "--- build a single target with very hermetic sandbox"
|
|
|
|
tools/bazel build "$@" \
|
zig launcher: replace shell wrappers with a binary
Until now we needed to maintain two versions of the zig launcher: one
for Windows and one for everything else. This was problematic for two
reasons:
1. I do not know powershell and thus keep breaking the Windows wrapper
all the time (see git history of Fabian fixing stuff that I broke).
2. This makes bazel-zig-cc dependent on the system shell, making it not
really hermetic. So the recently added
`--experimental_use_hermetic_linux_sandbox` does not work with
bazel-zig-cc, unless we bind-mount a bunch of stuff: `/usr`, `/bin`,
`/lib`, `/usr/lib:/lib`, `/usr/lib64:/lib64` and `/proc`.
Switching to a Zig-based wrapper solves both issues, and we can do this:
bazel build "$@" \
--experimental_use_hermetic_linux_sandbox \
--sandbox_add_mount_pair=/proc \
<...>
Zig itself still depends on `/proc` for `/proc/self/exe`, so we need to
keep that. I will look into reducing even that dependency separately.
Not all is nice and shiny though: this commit replaces ~80 LOC worth of
shell scripts wrappers with a singe ~300 LOC zig program, which is
arguably harder to understand. However, it is easier to change, at least
for me, because it's a single file with unit tests! Most importantly,
the gnarly code (which resolves paths and sets environment variables) is
cross-platform.
Thanks to Fabian Hahn for testing this on Windows and pointing out
errors.
2022-12-20 17:00:50 +02:00
|
|
|
--experimental_use_hermetic_linux_sandbox \
|
2023-03-08 17:33:59 +02:00
|
|
|
--sandbox_writable_path="$cache_prefix" \
|
zig launcher: replace shell wrappers with a binary
Until now we needed to maintain two versions of the zig launcher: one
for Windows and one for everything else. This was problematic for two
reasons:
1. I do not know powershell and thus keep breaking the Windows wrapper
all the time (see git history of Fabian fixing stuff that I broke).
2. This makes bazel-zig-cc dependent on the system shell, making it not
really hermetic. So the recently added
`--experimental_use_hermetic_linux_sandbox` does not work with
bazel-zig-cc, unless we bind-mount a bunch of stuff: `/usr`, `/bin`,
`/lib`, `/usr/lib:/lib`, `/usr/lib64:/lib64` and `/proc`.
Switching to a Zig-based wrapper solves both issues, and we can do this:
bazel build "$@" \
--experimental_use_hermetic_linux_sandbox \
--sandbox_add_mount_pair=/proc \
<...>
Zig itself still depends on `/proc` for `/proc/self/exe`, so we need to
keep that. I will look into reducing even that dependency separately.
Not all is nice and shiny though: this commit replaces ~80 LOC worth of
shell scripts wrappers with a singe ~300 LOC zig program, which is
arguably harder to understand. However, it is easier to change, at least
for me, because it's a single file with unit tests! Most importantly,
the gnarly code (which resolves paths and sets environment variables) is
cross-platform.
Thanks to Fabian Hahn for testing this on Windows and pointing out
errors.
2022-12-20 17:00:50 +02:00
|
|
|
--sandbox_add_mount_pair=/proc \
|
|
|
|
//test/c:which_libc_linux_amd64_gnu.2.19
|
|
|
|
|
|
|
|
# then test everything else with the standard sandbox
|
2023-03-08 17:33:59 +02:00
|
|
|
echo "--- bazel test $* ..."
|
2023-03-06 17:32:48 +02:00
|
|
|
tools/bazel test "$@" ...
|
2022-10-13 12:39:17 +03:00
|
|
|
|
2023-03-06 17:32:48 +02:00
|
|
|
echo "--- ensure github.com/ziglang/zig/issues/13050 does not regress"
|
2023-03-08 17:33:59 +02:00
|
|
|
find "$cache_prefix" \
|
2023-03-06 17:32:48 +02:00
|
|
|
-name mutex_destructor.o -execdir file '{}' \; \
|
|
|
|
| sort \
|
|
|
|
| uniq -c \
|
|
|
|
| sort -rn > /tmp/got_cache
|
2023-02-24 12:41:32 +02:00
|
|
|
|
|
|
|
diff -u ci/testdata/want_cache /tmp/got_cache || {
|
|
|
|
>&2 echo "ERROR: unexpected artifacts. This is TODO."
|
|
|
|
# TODO: Go 1.20 regressed this. Find a way to re-enable. See README.
|
|
|
|
#exit 1
|
|
|
|
exit 0
|
|
|
|
}
|