diff --git a/.bazelrc b/.bazelrc index bd7f405e..62e363e5 100644 --- a/.bazelrc +++ b/.bazelrc @@ -212,7 +212,7 @@ build:msan --config=sanitizer build:msan --copt='-fsanitize=memory' build:msan --copt='-fsanitize-memory-track-origins=2' build:msan --linkopt='-fsanitize=memory' -build:msan --test_env=MSAN_OPTIONS=color=always +build:msan --test_env=MSAN_OPTIONS=color=always:external_symbolizer_path=/nix/store/643f0y8q5yfzrqq4kn56dc13xvz90srv-llvm-16.0.1/bin/llvm-symbolizer build:msan --per_file_copt='//toxic[:/]@-UAUDIO,-UVIDEO,-UPYTHON' build:tsan --config=sanitizer @@ -482,6 +482,7 @@ build:gcc --per_file_copt='//c-toxcore@-Wno-error=pedantic' build:gcc --per_file_copt='//toxic@-Wno-format-overflow' build:gcc --per_file_copt='//toxic@-Wno-format-truncation' build:gcc --per_file_copt='//toxic@-Wno-nonnull' +build:gcc --per_file_copt='//toxic@-Wno-overflow' build:gcc --per_file_copt='//toxins@-Wno-format-overflow' build:windows --per_file_copt='//qtox@/wd4068' # unknown pragma @@ -526,6 +527,7 @@ build:gcc --per_file_copt='external/ffmpeg[:/]@-Wno-int-in-bool-context' build:gcc --per_file_copt='external/ffmpeg[:/]@-Wno-maybe-uninitialized' build:gcc --per_file_copt='external/ffmpeg[:/]@-Wno-stringop-overread' build:gcc --per_file_copt='external/ffmpeg[:/]@-Wno-stringop-truncation' +build:gcc --per_file_copt='external/libidn2[:/]@-Wno-unused-const-variable' build:gcc --per_file_copt='external/opus[:/]@-Wno-maybe-uninitialized' build:clang --per_file_copt='external/openal[:/]@-Wno-unused-value' @@ -633,7 +635,7 @@ build:docker --config=ci build:gnulike --config=clang build --config=dynamic -# Used for musl builds. +# Used for static musl builds. #build:gnulike --config=gcc #build --config=static diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5b02e75e..f6a24198 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,12 +44,13 @@ jobs: - name: Build toxchat/toktok-stack:latest run: docker build -t toxchat/toktok-stack:latest -f tools/built/src/Dockerfile . - - name: Build toxchat/toktok-stack:latest-release - run: docker build -t toxchat/toktok-stack:latest-release -f tools/built/src/Dockerfile.release . + - name: Build toxchat/toktok-stack:latest-fastbuild + run: docker build -t toxchat/toktok-stack:latest-fastbuild -f tools/built/src/Dockerfile.fastbuild . - - name: Run tests in toxchat/toktok-stack:latest-release - if: ${{ contains(github.event.pull_request.title, 'chore(deps)') }} - run: tools/built/bazel_test release + - name: Build toxchat/toktok-stack:latest-dev + run: | + sed -i -e 's/ --remote_download_outputs=all//' tools/built/src/setup-dev.sh + docker build -t toxchat/toktok-stack:latest-dev -f tools/built/src/Dockerfile.dev . mypy: runs-on: ubuntu-latest diff --git a/WORKSPACE b/WORKSPACE index 25225ea3..82b7a850 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -91,16 +91,22 @@ nixpkgs_git_repository( sha256 = "f2b96094f6dfbb53b082fe8709da94137475fcfead16c960f2395c98fc014b68", ) -NIXPKGS = "import {}" -#NIXPKGS = "(import {}).pkgsMusl" - -NIXPKGS_CC = "clang_16" -#NIXPKGS_CC = "llvmPackages_16.libcxxClang" -#NIXPKGS_CC = "gcc" +FULLY_STATIC = False + +NIXPKGS = { + "cc": "gcc", + "prefix": "pkgsStatic.", + "suffix": ".pkgsStatic", +} if FULLY_STATIC else { + #"cc": "llvmPackages_16.libcxxClang", + "cc": "llvmPackages_16.clang", + "prefix": "", + "suffix": "", +} nixpkgs_cc_configure( - attribute_path = NIXPKGS_CC, - nix_file_content = NIXPKGS, + attribute_path = NIXPKGS["cc"], + nix_file_content = "(import {})" + NIXPKGS["suffix"], repository = "@nixpkgs", ) @@ -109,6 +115,7 @@ nixpkgs_go_configure( ) nixpkgs_python_configure( + python3_attribute_path = NIXPKGS["prefix"] + "python3", repository = "@nixpkgs", ) @@ -235,18 +242,20 @@ go_repository( nixpkgs_package( name = "alsa-lib", + attribute_path = NIXPKGS["prefix"] + "alsa-lib", repository = "@nixpkgs", ) nixpkgs_package( name = "asound", - attribute_path = "alsa-lib.dev", + attribute_path = NIXPKGS["prefix"] + "alsa-lib.dev", build_file = "//third_party:BUILD.asound", repository = "@nixpkgs", ) nixpkgs_package( name = "openssl.out", + attribute_path = "openssl.out", repository = "@nixpkgs", ) @@ -377,6 +386,7 @@ new_github_archive( new_github_archive( name = "libsodium", + patches = ["@toktok//third_party/patches:libsodium.patch"], repo = "jedisct1/libsodium", sha256 = "310cb8149ba12342d0cd64ae81d0c7ed60d608732685e3c6b8c359bba572cfd3", version = "1.0.19", @@ -464,26 +474,26 @@ new_github_archive( nixpkgs_package( name = "x11.out", - attribute_path = "xorg.libX11.out", + attribute_path = NIXPKGS["prefix"] + "xorg.libX11.out", repository = "@nixpkgs", ) nixpkgs_package( name = "x11", - attribute_path = "xorg.libX11.dev", + attribute_path = NIXPKGS["prefix"] + "xorg.libX11.dev", build_file = "@toktok//third_party:BUILD.x11", repository = "@nixpkgs", ) nixpkgs_package( name = "xcb.out", - attribute_path = "xorg.libxcb.out", + attribute_path = NIXPKGS["prefix"] + "xorg.libxcb.out", repository = "@nixpkgs", ) nixpkgs_package( name = "xcb", - attribute_path = "xorg.libxcb.dev", + attribute_path = NIXPKGS["prefix"] + "xorg.libxcb.dev", build_file = "@toktok//third_party:BUILD.xcb", repository = "@nixpkgs", ) diff --git a/dockerfiles b/dockerfiles index b2854e60..efe4d64c 160000 --- a/dockerfiles +++ b/dockerfiles @@ -1 +1 @@ -Subproject commit b2854e60f8c10ee20872543253a0b1b7a0ebf9a7 +Subproject commit efe4d64c5e2c3a885e5ebfa5623bfce669ace10e diff --git a/third_party/patches/libsodium.patch b/third_party/patches/libsodium.patch new file mode 100644 index 00000000..a9cc0906 --- /dev/null +++ b/third_party/patches/libsodium.patch @@ -0,0 +1,12 @@ +diff -ur a/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c b/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c +--- src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c 2019-05-30 13:13:18.000000000 +0000 ++++ src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c 2022-01-13 13:42:44.891332633 +0000 +@@ -28,7 +28,7 @@ + const unsigned char *n, + const unsigned char *k) + { +- unsigned char subkey[32]; ++ unsigned char subkey[32] = {0}; + int i; + + if (clen < 32) { diff --git a/tools/built/src/setup-dev.sh b/tools/built/src/setup-dev.sh index e24f8c01..647d46ad 100755 --- a/tools/built/src/setup-dev.sh +++ b/tools/built/src/setup-dev.sh @@ -32,7 +32,7 @@ INSTALL_DIR="$HOME/.bin" tools/project/update_versions.sh # Start nix-daemon if it isn't running yet. -if [ ! -e /nix/var/nix/daemon-socket/socket ]; then +if ! (ps aux | grep nix-daemon | grep -v grep); then sudo nix-daemon --daemon & sleep 1 fi