Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove dl.google.com repository from Linux packages #1078

Merged
merged 1 commit into from
Feb 1, 2019

Conversation

fmarier
Copy link
Member

@fmarier fmarier commented Dec 12, 2018

Submitter Checklist:

  • Submitted a ticket for my issue if one did not already exist.
  • Used Github auto-closing keywords in the commit message.
  • Added/updated tests for this change (for new code or code which already has tests).
  • Verified that these changes build without errors on
    • Windows
    • macOS
    • Linux
  • Verified that these changes pass automated tests (npm test brave_unit_tests && npm test brave_browser_tests) on
    • Windows
    • macOS
    • Linux
  • Ran git rebase master (if needed).
  • Ran git rebase -i to squash commits (if needed).
  • Tagged reviewers and labelled the pull request as needed.
  • Request a security/privacy review as needed.
  • Add appropriate QA labels (QA/Yes or QA/No) to include the closed issue in milestone

Test Plan:

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

@fmarier
Copy link
Member Author

fmarier commented Dec 12, 2018

I'm not sure how to build the .deb and .rpm. I couldn't find documentation for it on the wiki and npm run create_dist doesn't work on my machine.

So this is currently untested.

@fmarier
Copy link
Member Author

fmarier commented Dec 12, 2018

@w0ts0n Who would be a good reviewer for this?

@w0ts0n w0ts0n requested a review from bbondy December 13, 2018 13:40
@w0ts0n
Copy link
Member

w0ts0n commented Dec 13, 2018

@bbondy maybe? Or he can triage appropriately.

@bbondy bbondy requested review from mbacchi and mihaiplesa December 13, 2018 15:02
@bbondy
Copy link
Member

bbondy commented Dec 13, 2018

I think either @mbacchi or @mihaiplesa. Added them.

@fmarier
Copy link
Member Author

fmarier commented Dec 13, 2018

If one of you can tell me how the packages are built, I wouldn't mind testing this locally before you review it.

@mbacchi
Copy link
Contributor

mbacchi commented Dec 13, 2018

I'm not sure how to build the .deb and .rpm. I couldn't find documentation for it on the wiki and npm run create_dist doesn't work on my machine.

So this is currently untested.

Can you tell us how the create_dist step fails? I've seen quite a few failure modes in my time here, so seeing your output or even more detail on what doesn't work would be helpful.

Unlike Mac and Windows, building the Brave rpm/deb files on Linux does not require any special signing steps, so you should be able to build it without anything special setup.

Otherwise we'll try to test this PR in a build as time allows.

@mbacchi
Copy link
Contributor

mbacchi commented Dec 13, 2018

Oh, you may want to check the wiki instructions here: https://github.com/brave/brave-browser/wiki

It describes npm run build Release, and in the case of create_dist you still need to pass the Release parameter, i.e. npm run create_dist Release, but in addition I'd also use the --debug-build and --official-build flags to speed up your build. So a full command might be: npm run create_dist Release -- --debug_build=true --official_build=false.

Let me know if that helps.

# Setup the installation directory hierachy in the package staging area.
prep_staging_rpm() {
prep_staging_common
- install -m 755 -d "${STAGEDIR}/etc/cron.daily"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By not running this install command, I get an error that the staging directory doesn't exist:

[74/93] ACTION //chrome/installer/linux:unstable_rpm(//build/toolchain/linux:clang_x64)
FAILED: chromium-browser-dev-72.0.61.0-1.x86_64.rpm 
python ../../build/gn_run_binary.py installer/rpm/build.sh -a x64 -b . -c unstable -d brave -o . -t linux -f
fakeroot rpmbuild -bb --target=x86_64 --rmspec --define _topdir /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev --define _binary_payload w9.xzdio --define __os_install_post  %{nil} /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-tmp-dev/chrome.spec
Building target platforms: x86_64
Building for target x86_64
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.bmNUOq
+ umask 022
+ cd /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILD
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.bMUPCt
+ umask 022
+ cd /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILD
+ rm -rf /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILDROOT/brave-browser-dev-0.61.0-1.x86_64
+ [ -z /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-staging-dev -o ! -d /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-staging-dev ]
+ [ -z /opt/brave.com/brave-dev -o ! -d /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-staging-dev//opt/brave.com/brave-dev ]
+ install -m 755 -d /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILDROOT/brave-browser-dev-0.61.0-1.x86_64/etc /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILDROOT/brave-browser-dev-0.61.0-1.x86_64/opt /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILDROOT/brave-browser-dev-0.61.0-1.x86_64/usr
+ cp -a /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-staging-dev/etc/ /var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-build-dev/BUILDROOT/brave-browser-dev-0.61.0-1.x86_64/
cp: cannot stat '/var/lib/jenkins/workspace/brave-browser/src/out/Release/rpm-staging-dev/etc/': No such file or directory
error: Bad exit status from /var/tmp/rpm-tmp.bMUPCt (%install)

Both this and the below template processing may be necessary, but we should not include the cron.daily script via other means. By adding this back in, and removing the cron.daily I can get the create_dist step to complete, but think that is a rather inelegant solution.

log_cmd echo "Staging RPM install files in '${STAGEDIR}'..."
- process_template "${BUILDDIR}/installer/common/rpmrepo.cron" \
- "${STAGEDIR}/etc/cron.daily/${PACKAGE}"
- chmod 755 "${STAGEDIR}/etc/cron.daily/${PACKAGE}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This patch builds the rpm, but it might not work as desired, I'll test that shortly:

diff --git a/patches/chrome-installer-linux-rpm-build.sh.patch b/patches/chrome-installer-linux-rpm-build.sh.patch
index 0ed44a13..163d51d1 100644
--- a/patches/chrome-installer-linux-rpm-build.sh.patch
+++ b/patches/chrome-installer-linux-rpm-build.sh.patch
@@ -1,5 +1,5 @@
 diff --git a/chrome/installer/linux/rpm/build.sh b/chrome/installer/linux/rpm/build.sh
-index 0bcd8689d45850ad539f99423fa211785db4f343..9a2d8eeb97e096db8b80aac7e26006888200e9f8 100755
+index 0bcd8689d45850ad539f99423fa211785db4f343..36e080915c22436da9f3ed8137cc6ac8338b5166 100755
 --- a/chrome/installer/linux/rpm/build.sh
 +++ b/chrome/installer/linux/rpm/build.sh
 @@ -15,8 +15,9 @@ gen_spec() {
@@ -13,7 +13,15 @@ index 0bcd8689d45850ad539f99423fa211785db4f343..9a2d8eeb97e096db8b80aac7e2600688
      local INSTALLDIR="${INSTALLDIR}-${CHANNEL}"
      local PACKAGE="${PACKAGE}-${CHANNEL}"
      local MENUNAME="${MENUNAME} (${CHANNEL})"
-@@ -108,7 +109,10 @@ do_package() {
+@@ -52,6 +53,7 @@ stage_install_rpm() {
+   process_template "${BUILDDIR}/installer/common/rpmrepo.cron" \
+     "${STAGEDIR}/etc/cron.daily/${PACKAGE}"
+   chmod 755 "${STAGEDIR}/etc/cron.daily/${PACKAGE}"
++  rm -rf "${STAGEDIR}/etc/cron.daily"
+ }
+ 
+ verify_package() {
+@@ -108,7 +110,10 @@ do_package() {
      --define "${COMPRESSION_OPT}" \
      --define "__os_install_post  %{nil}" \
      "${SPEC}"
@@ -25,7 +33,7 @@ index 0bcd8689d45850ad539f99423fa211785db4f343..9a2d8eeb97e096db8b80aac7e2600688
    mv "$RPMBUILD_DIR/RPMS/$ARCHITECTURE/${PKGNAME}.${ARCHITECTURE}.rpm" \
       "${OUTPUTDIR}"
    # Make sure the package is world-readable, otherwise it causes problems when
-@@ -145,7 +149,10 @@ verify_channel() {
+@@ -145,7 +150,10 @@ verify_channel() {
        CHANNEL=stable
        ;;
      unstable|dev|alpha )

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Testing these packages on Fedora 29 and Ubuntu 16.04 I find that the cron.daily entries are no longer added, and the sources.list file in Ubuntu is not added. This should work as a solution to both issues: brave/brave-browser#1084 and brave/brave-browser#1967

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking closer, I can see that the problem is that spec file expects /etc/ to be present and so removing it without removing this copy will break the build, as you discovered.

Since there is nothing other than the undesirable cronjob that needs to be put in `/etc/ at build time, we can get rid of that directory and that copy entirely.

@mbacchi
Copy link
Contributor

mbacchi commented Dec 20, 2018

I just pushed a slightly modified set of patches to branch https://github.com/brave/brave-core/tree/PR1078 which works successfully for me to build, install and fix issues brave/brave-browser#1084 and brave/brave-browser#1967 as desired. Take a look when you get a moment @fmarier.

@fmarier
Copy link
Member Author

fmarier commented Dec 21, 2018

213848e looks good to me.

@fmarier
Copy link
Member Author

fmarier commented Jan 16, 2019

I will prepare an updated patch which takes #1078 (comment) into account.

@fmarier fmarier changed the title Remove dl.google.com repository from Linux packages (closes #1084) Remove dl.google.com repository from Linux packages Jan 16, 2019
@fmarier
Copy link
Member Author

fmarier commented Jan 16, 2019

I just pushed an updated patch and while it doesn't build, the error seems unrelated:

$ npm run create_dist Release -- --debug_build=true --official_build=false
...
[79/101] ACTION //chrome/installer/linux:calculate_rpm_dependencies(//build/toolchain/linux:clang_x64)
FAILED: rpm_brave.deps 
python ../../chrome/installer/linux/rpm/calculate_package_deps.py brave rpm_brave.deps --distro-check
Unexpected new dependency libcairo-gobject.so.2()(64bit) on distro openSUSE Leap 42.3 caused by binary brave
Unexpected new dependency libplds4.so()(64bit) on distro openSUSE Leap 42.3 caused by binary brave
Unexpected new dependency libresolv.so.2()(64bit) on distro openSUSE Leap 42.3 caused by binary brave
Unexpected new dependency libplc4.so()(64bit) on distro openSUSE Leap 42.3 caused by binary brave
Unexpected new dependency libz.so.1()(64bit) on distro openSUSE Leap 42.3 caused by binary brave
Unexpected new dependency libcairo-gobject.so.2()(64bit) on distro Fedora 26 caused by binary brave
Unexpected new dependency libplds4.so()(64bit) on distro Fedora 26 caused by binary brave
Unexpected new dependency libresolv.so.2()(64bit) on distro Fedora 26 caused by binary brave
Unexpected new dependency libplc4.so()(64bit) on distro Fedora 26 caused by binary brave
Unexpected new dependency libz.so.1()(64bit) on distro Fedora 26 caused by binary brave
Unexpected new dependency libcairo-gobject.so.2()(64bit) on distro Fedora 27 caused by binary brave
Unexpected new dependency libplds4.so()(64bit) on distro Fedora 27 caused by binary brave
Unexpected new dependency libresolv.so.2()(64bit) on distro Fedora 27 caused by binary brave
Unexpected new dependency libplc4.so()(64bit) on distro Fedora 27 caused by binary brave
Unexpected new dependency libz.so.1()(64bit) on distro Fedora 27 caused by binary brave
Unexpected new dependency libcairo-gobject.so.2()(64bit) on distro openSUSE Leap 42.2 caused by binary brave
Unexpected new dependency libplds4.so()(64bit) on distro openSUSE Leap 42.2 caused by binary brave
Unexpected new dependency libresolv.so.2()(64bit) on distro openSUSE Leap 42.2 caused by binary brave
Unexpected new dependency libplc4.so()(64bit) on distro openSUSE Leap 42.2 caused by binary brave
Unexpected new dependency libz.so.1()(64bit) on distro openSUSE Leap 42.2 caused by binary brave
Unexpected new dependency libcairo-gobject.so.2()(64bit) on distro Fedora 25 caused by binary brave
Unexpected new dependency libplds4.so()(64bit) on distro Fedora 25 caused by binary brave
Unexpected new dependency libresolv.so.2()(64bit) on distro Fedora 25 caused by binary brave
Unexpected new dependency libplc4.so()(64bit) on distro Fedora 25 caused by binary brave
Unexpected new dependency libz.so.1()(64bit) on distro Fedora 25 caused by binary brave
[80/101] ACTION //chrome/installer/linux:calculate_deb_dependencies(//build/toolchain/linux:clang_x64)
FAILED: deb_brave.deps 
python ../../chrome/installer/linux/debian/calculate_package_deps.py brave ../../build/linux/debian_sid_amd64-sysroot x64 deb_brave.deps --distro-check
Dependency libcairo-gobject2 (>= 1.10.0) not satisfiable on distro Ubuntu 14.04 (Trusty) caused by binary brave
Dependency zlib1g (>= 1:1.1.4) not satisfiable on distro Ubuntu 14.04 (Trusty) caused by binary brave
Dependency libcairo-gobject2 (>= 1.10.0) not satisfiable on distro Debian 9 (Stretch) caused by binary brave
Dependency zlib1g (>= 1:1.1.4) not satisfiable on distro Debian 9 (Stretch) caused by binary brave
Dependency libcairo-gobject2 (>= 1.10.0) not satisfiable on distro Ubuntu 16.04 (Xenial) caused by binary brave
Dependency zlib1g (>= 1:1.1.4) not satisfiable on distro Ubuntu 16.04 (Xenial) caused by binary brave
Dependency libcairo-gobject2 (>= 1.10.0) not satisfiable on distro Debian 10 (Buster) caused by binary brave
Dependency zlib1g (>= 1:1.1.4) not satisfiable on distro Debian 10 (Buster) caused by binary brave
Dependency libcairo-gobject2 (>= 1.10.0) not satisfiable on distro Ubuntu 17.10 (Artful) caused by binary brave
Dependency zlib1g (>= 1:1.1.4) not satisfiable on distro Ubuntu 17.10 (Artful) caused by binary brave
Dependency libcairo-gobject2 (>= 1.10.0) not satisfiable on distro Debian 8 (Jessie) caused by binary brave
Dependency zlib1g (>= 1:1.1.4) not satisfiable on distro Debian 8 (Jessie) caused by binary brave

[81/101] ACTION //brave/app/linux:generate_breakpad_symbols(//build/toolchain/linux:clang_x64)
ninja: build stopped: subcommand failed.

Should I build on something else than Ubuntu 18.04?

@mbacchi
Copy link
Contributor

mbacchi commented Jan 16, 2019

Should I build on something else than Ubuntu 18.04?

We run builds on Ubuntu 14.04 due to packaging issues when run on newer Ubuntu versions. There is a comment explaining partially why here: #28 (comment)

Chromium also builds on Ubuntu 14.04: https://chromium.googlesource.com/chromium/src/+/HEAD/docs/linux_build_instructions.md#System-requirements

For now that's our default process but we will likely want to investigate that and come up with a solution for building on newer versions going forward.

prep_staging_debian() {
prep_staging_common
install -m 755 -d "${STAGEDIR}/DEBIAN" \
- "${STAGEDIR}/etc/cron.daily" \
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this seems like a lot of patching in different places, can't we just patch the cron script instead to do nothing?

Copy link
Collaborator

@bridiver bridiver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm really concerned about the amount of patching in a lot of these scripts. It's going to be very difficult to maintain over time. I think we need to find a different way to do this

@fmarier fmarier dismissed bridiver’s stale review January 17, 2019 21:45

I've changed the patch to disable the cronjobs instead of preventing their installations.

@fmarier
Copy link
Member Author

fmarier commented Jan 21, 2019

The build error I got in #1078 (comment) actually comes from the use of --official_build=false. Without that flag, I can build the packages just fine on Ubuntu 18.04, 16.04 or 14.04.

@fmarier fmarier force-pushed the issue1084 branch 2 times, most recently from 5c576e0 to 0fba0a4 Compare January 21, 2019 18:41
@fmarier
Copy link
Member Author

fmarier commented Jan 22, 2019

I have verified that this latest patch works on Ubuntu 18.04:

  • both the .deb and the .rpm build fine
  • each package contains the modified cronjob (with that extra exit 0 statement)
  • the Debian package installs correctly
  • the Google repo or signing key are not added during package installation
  • the Google repo or signing key are also not added when running /etc/cron.daily/brave-browser

@mbacchi This should not be pretty straightforward to review and merge since it's now a 2-line change (excluding comments).

@fmarier
Copy link
Member Author

fmarier commented Jan 23, 2019

I have also documented what I figured out in terms of building the Linux packages: https://github.com/brave/brave-browser/wiki/Linux-packages

@fmarier
Copy link
Member Author

fmarier commented Jan 24, 2019

I just tested this on Fedora 29 and the Google repo is still installed at installation time, despite the cronjob being neutered. I might need to hack the packaging some more for RPM-based distros.

This disables the cronjob that gets installed by the RPM and DEB packages in
order to forcefully add (or re-add) the Google Chrome package repository and
signing key.

This fixes brave/brave-browser#1084 and fixes brave/brave-browser#1967.
@fmarier
Copy link
Member Author

fmarier commented Jan 25, 2019

Latest patch was tested successfully on Fedora 29 too.

It's now 50% larger though (i.e. 3 lines of code).


-. "$DEFAULTS_FILE"
+# Don't install the Chrome repo (brave/brave-browser#1967)
+#. "$DEFAULTS_FILE"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm confused by this one, why not exit early like the others?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That part of the spec file also sets up the brave-browser binary: https://cs.chromium.org/chromium/src/chrome/installer/linux/rpm/chrome.spec.template?l=163-180&rcl=6819376c2fbd91863cb29e02b47f653d6dc8b292

If we return early, we'll be breaking that.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and there's nothing else we need from DEFAULTS_FILE that should be set?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it only contains two variables related to adding/re-adding the Chrome repo:

$ cat /etc/default/brave-browser
repo_add_once="false"
repo_reenable_on_distupgrade="true"

Copy link
Contributor

@mbacchi mbacchi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These look great. Thanks!

@ghost
Copy link

ghost commented Jun 11, 2023

Is there anything hindering the removal of this line? https://github.com/chromium/chromium/blob/main/chrome/installer/linux/rpm/chrome.spec.template#L88

The file would be prepared, but ultimately not included in the final RPM package.

@fmarier
Copy link
Member Author

fmarier commented Jun 12, 2023

@applepine0 Good question. I don't remember whether or not we tried that at the time. It's been a while since this fix :)

We are however thinking about moving away from the brave-keyring eventually (brave/brave-browser#9050) and in that case we will need the cronjob for the same reason that Chrome needs it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants