From 1867648d014039d31979796ee9c6581698fa86a5 Mon Sep 17 00:00:00 2001 From: Guilherme Gallo Date: Wed, 19 Oct 2022 17:00:45 -0300 Subject: [PATCH] ci: Fix kernel+rootfs.* jobs The rootfs generation is failing due to issues with the deqp and crosvm build stages. == crosvm == This week, crates.io released the bindgen cargo package at version 0.61.0, but this version could not be installed via `cargo install bindgen ...`, setting the version to the previous one to avoid breaking the Mesa rootfs builds. See also related failed job: https://gitlab.freedesktop.org/gallo/mesa/-/jobs/30046963 == deqp == The deqp build is failing due to the missing archive of an old zlib release version, which was deleted due to a CVE, see zlib 1.2.13 release notes. As the deqp uprev to 1.3.4.0, which contains the fix, was not straightforward, let's only apply the necessary patch to fix zlib source code download link and then remove this indirection in an eventual deqp uprev. Example of a failed kernel+rootfs build job: https://gitlab.freedesktop.org/gallo/mesa/-/jobs/30045324 Solved Conflicts: .gitlab-ci/image-tags.yml Signed-off-by: Guilherme Gallo Reviewed-by: Yonggang Luo (cherry picked from commit db2c14887bb52ec6fd05c5f8b5363f1689b4b45c) Part-of: --- .gitlab-ci/container/build-crosvm.sh | 1 + .gitlab-ci/container/build-deqp.sh | 7 +++++++ .gitlab-ci/image-tags.yml | 8 ++++---- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci/container/build-crosvm.sh b/.gitlab-ci/container/build-crosvm.sh index 92f181eb688..e421d9c3a42 100644 --- a/.gitlab-ci/container/build-crosvm.sh +++ b/.gitlab-ci/container/build-crosvm.sh @@ -26,6 +26,7 @@ RUSTFLAGS='-L native=/usr/local/lib' cargo install \ bindgen \ -j ${FDO_CI_CONCURRENT:-4} \ --root /usr/local \ + --version 0.60.1 \ $EXTRA_CARGO_ARGS RUSTFLAGS='-L native=/usr/local/lib' cargo install \ diff --git a/.gitlab-ci/container/build-deqp.sh b/.gitlab-ci/container/build-deqp.sh index 2a9bcc41413..2d40ad4d866 100644 --- a/.gitlab-ci/container/build-deqp.sh +++ b/.gitlab-ci/container/build-deqp.sh @@ -11,6 +11,13 @@ git clone \ /VK-GL-CTS pushd /VK-GL-CTS +# Apply a patch to update zlib link to an available version. +# vulkan-cts-1.3.3.0 uses zlib 1.2.12 which was removed from zlib server due to +# a CVE. See https://zlib.net/ +# FIXME: Remove this patch when uprev to 1.3.4.0+ +wget -O- https://github.com/KhronosGroup/VK-GL-CTS/commit/6bb2e7d64261bedb503947b1b251b1eeeb49be73.patch | + git am - + # --insecure is due to SSL cert failures hitting sourceforge for zlib and # libpng (sigh). The archives get their checksums checked anyway, and git # always goes through ssh or https. diff --git a/.gitlab-ci/image-tags.yml b/.gitlab-ci/image-tags.yml index 7ab3b2f5e94..8630020bb5c 100644 --- a/.gitlab-ci/image-tags.yml +++ b/.gitlab-ci/image-tags.yml @@ -1,6 +1,6 @@ variables: DEBIAN_X86_BUILD_BASE_IMAGE: "debian/x86_build-base" - DEBIAN_BASE_TAG: "2022-07-01-bb-llvm13" + DEBIAN_BASE_TAG: "2022-10-19-remove-xvmc-dev" DEBIAN_X86_BUILD_IMAGE_PATH: "debian/x86_build" DEBIAN_BUILD_TAG: "2022-07-14-directx-headers" @@ -11,11 +11,11 @@ variables: DEBIAN_X86_TEST_BASE_IMAGE: "debian/x86_test-base" DEBIAN_X86_TEST_IMAGE_PATH: "debian/x86_test-gl" - DEBIAN_X86_TEST_GL_TAG: "2022-07-06-virgl-update" - DEBIAN_X86_TEST_VK_TAG: "2022-07-18-apitrace-11-1" + DEBIAN_X86_TEST_GL_TAG: "2022-10-20-bindgen-zlib-cve" + DEBIAN_X86_TEST_VK_TAG: "2022-10-20-bindgen-zlib-cve" FEDORA_X86_BUILD_TAG: "2022-04-24-spirv-tools-5" - KERNEL_ROOTFS_TAG: "2022-07-06-virgl-update" + KERNEL_ROOTFS_TAG: "2022-10-20-bindgen-zlib-cve" WINDOWS_X64_VS_PATH: "windows/x64_vs" WINDOWS_X64_VS_TAG: "2022-06-15-vs-winsdk"