Skip to content

Commit

Permalink
Merge branch 'erlang:master' into inets_deps
Browse files Browse the repository at this point in the history
  • Loading branch information
dotsimon authored Nov 22, 2024
2 parents 6b08376 + cdd61f5 commit 8dc3d4d
Show file tree
Hide file tree
Showing 895 changed files with 21,145 additions and 13,816 deletions.
90 changes: 90 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
##
## %CopyrightBegin%
##
## Copyright Ericsson AB 2024. All Rights Reserved.
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
## You may obtain a copy of the License at
##
## http://www.apache.org/licenses/LICENSE-2.0
##
## Unless required by applicable law or agreed to in writing, software
## distributed under the License is distributed on an "AS IS" BASIS,
## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
## limitations under the License.
##
## %CopyrightEnd%
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
target-branch: "master"
schedule:
interval: "weekly"
labels:
- "team:VM"
assignees:
- "garazdawi"
- "kikofernandez"
open-pull-requests-limit: 10
groups:
github-actions:
patterns: ['*']
- package-ecosystem: "github-actions"
directory: "/"
target-branch: "maint"
schedule:
interval: "weekly"
labels:
- "team:VM"
assignees:
- "garazdawi"
- "kikofernandez"
open-pull-requests-limit: 10
groups:
github-actions:
patterns: ['*']
- package-ecosystem: "github-actions"
directory: "/"
target-branch: "maint-27"
schedule:
interval: "weekly"
labels:
- "team:VM"
assignees:
- "garazdawi"
- "kikofernandez"
open-pull-requests-limit: 10
groups:
github-actions:
patterns: ['*']
- package-ecosystem: "github-actions"
directory: "/"
target-branch: "maint-26"
schedule:
interval: "weekly"
labels:
- "team:VM"
assignees:
- "garazdawi"
- "kikofernandez"
open-pull-requests-limit: 10
groups:
github-actions:
patterns: ['*']
- package-ecosystem: "github-actions"
directory: "/"
target-branch: "maint-25"
schedule:
interval: "weekly"
labels:
- "team:VM"
assignees:
- "garazdawi"
- "kikofernandez"
open-pull-requests-limit: 10
groups:
github-actions:
patterns: ['*']
22 changes: 21 additions & 1 deletion .github/dockerfiles/Dockerfile.64-bit
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,30 @@ RUN cd /buildroot && tar -xzf ./otp.tar.gz
WORKDIR /buildroot/otp/

ENV CFLAGS="-O2 -g -Werror -DwxSTC_DISABLE_MACRO_DEPRECATIONS=1"
ENV CFLAGS="${CFLAGS} -Wall -Wformat -Wformat=2 -Wno-conversion -Wimplicit-fallthrough \
-Werror=format-security -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -D_GLIBCXX_ASSERTIONS \
-fstack-clash-protection -fstack-protector-strong -Wtrampolines \
-fcf-protection=full -fexceptions -fno-strict-overflow -fno-delete-null-pointer-checks \
-D_GLIBCXX_ASSERTIONS"
## OpenSSF recommended CFLAGS, skipped are:
## -Wconversion -Wextra -Wsign-conversion - As we have way too many of these warnings
## -fstrict-flex-arrays=3 -Wbidi-chars=any - As gcc 11 does not support it
## -mbranch-protection=standard - Only on arm
## -Werror=implicit -Wincompatible-pointer-types -Wint-conversion - As these do not work on c++ code
ENV SKIPPED_OSSF_CFLAGS="-Wconversion -mbranch-protection=standard \
-Wextra -Werror=implicit -Werror=incompatible-pointer-types -Werror=int-conversion \
-Wsign-conversion"
ENV LDFLAGS="-Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -Wl,--no-copy-dt-needed-entries"
## OpenSSF recommended LDFLAGS, skipped are:
## -Wl,-z,nodlopen - as opening drivers/nifs needs this
## -fPIE - not needed with gcc 11
## -fPIC -shared - only needed for .so files
ENV SKIPPED_OSSF_LDFLAGS="-Wl,-z,nodlopen -fPIE -fPIC -shared"

## Configure (if not cached), check that no application are disabled and then make
RUN if [ ! -f Makefile ]; then \
touch README.md && \
./configure --prefix="/Erlang ∅⊤℞" && \
./configure --prefix="/Erlang ∅⊤℞" --enable-pie && \
if cat lib/*/CONF_INFO || cat lib/*/SKIP || cat lib/SKIP-APPLICATIONS; then exit 1; fi && \
find . -type f -newer README.md | xargs tar --transform 's:^./:otp/:' -cf ../otp_cache.tar; \
fi && \
Expand All @@ -26,6 +45,7 @@ RUN if [ ! -f Makefile ]; then \

## Disable -Werror as testcases do not compile with it on
ENV CFLAGS="-O2 -g"
ENV LDFLAGS=""

## Update init.sh with correct env vars
RUN echo "export MAKEFLAGS=$MAKEFLAGS" > /buildroot/env.sh && \
Expand Down
9 changes: 6 additions & 3 deletions .github/dockerfiles/Dockerfile.ubuntu-base
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,13 @@ ENV LANG=C.UTF-8 LC_ALL=C.UTF-8

## Install build tools
RUN apt-get update && apt-get -y upgrade && \
apt-get install -y build-essential m4 autoconf \
default-jdk flex pkg-config locales tzdata sudo ${INSTALL_LIBS} && \
apt-get install -y build-essential m4 autoconf clang-format \
flex pkg-config locales tzdata sudo ${INSTALL_LIBS} && \
sed -i 's@# en_US.UTF-8@en_US.UTF-8@g' /etc/locale.gen && locale-gen && \
update-alternatives --set wx-config /usr/lib/x86_64-linux-gnu/wx/config/gtk3-unicode-3.0
update-alternatives --set wx-config /usr/lib/x86_64-linux-gnu/wx/config/gtk3-unicode-3.0 && \
apt-get install -y openjdk-8-jdk-headless && apt-get install -y openjdk-11-jdk-headless && \
(update-java-alternatives -s java-1.8.0-openjdk-amd64 || true) && \
java -version 2>&1 | grep 'version "1[.]8' > /dev/null || exit 1

ARG MAKEFLAGS=-j4
ENV MAKEFLAGS=$MAKEFLAGS \
Expand Down
4 changes: 3 additions & 1 deletion .github/scripts/create-artifacts.sh
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,7 @@ mkdir ${DIR}
tar -xzf otp_src.tar.gz
mv otp otp_src_${VSN}
tar -czf ${DIR}/otp_src_${VSN}.tar.gz otp_src_${VSN}
mv otp_doc_man.tar.gz ${DIR}/otp_doc_man_${VSN}.tar.gz
if [ -f otp_doc_man.tar.gz ]; then
mv otp_doc_man.tar.gz ${DIR}/otp_doc_man_${VSN}.tar.gz
fi
mv otp_doc_html.tar.gz ${DIR}/otp_doc_html_${VSN}.tar.gz
106 changes: 106 additions & 0 deletions .github/scripts/ossf-sarif-generator.es
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
#!/usr/bin/env escript

%% %CopyrightBegin%
%%
%% Copyright Ericsson AB 2024. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%% http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%
%% %CopyrightEnd%

%% This script takes a json string as argument and checks that all the compiler flags defined by the OSSF
%% are used.

main([CompilerFlagsJson]) ->
io:format(standard_error,"~p",[os:env()]),
CFLAGS = proplists:get_value(cflags, erlang:system_info(compile_info)) ++ " " ++ os:getenv("SKIPPED_OSSF_CFLAGS"),
LDFLAGS = proplists:get_value(ldflags, erlang:system_info(compile_info)) ++ " " ++ os:getenv("SKIPPED_OSSF_LDFLAGS"),
{gnuc, {Vsn, _, _} } = erlang:system_info(c_compiler_used),
#{ ~"options" := #{ ~"recommended" := Opts } } = json:decode(unicode:characters_to_binary(CompilerFlagsJson)),
io:format(standard_error, ~s'CFLAGS="~ts"~nLDFLAGS="~ts"~n',[CFLAGS, LDFLAGS]),
Missing = [Opt || Opt <- Opts, check_option(Opt, string:split(CFLAGS, " ", all), string:split(LDFLAGS, " ", all), Vsn)],
io:format("~ts~n",[sarif(Missing)]),
ok.
check_option(#{ ~"requires" := #{ ~"gcc" := GccVsn }, ~"opt" := Opt }, CFLAGS, _LDFLAGS, CurrentGccVsn) ->
io:format(standard_error, "Looking for ~ts...",[Opt]),
case binary_to_integer(hd(string:split(GccVsn, "."))) > CurrentGccVsn of
true -> io:format(standard_error, "skipped!~n",[]), false;
false ->
check_for_flags(Opt, CFLAGS)
end;
check_option(#{ ~"requires" := #{ ~"binutils" := _ }, ~"opt" := Opt }, _CFLAGS, LDFLAGS, _CurrentGccVsn) ->
io:format(standard_error, "Looking for ~ts...",[Opt]),
check_for_flags(Opt, LDFLAGS);
check_option(#{ ~"requires" := #{ ~"libstdc++" := _ }, ~"opt" := Opt }, _CFLAGS, LDFLAGS, _CurrentGccVsn) ->
io:format(standard_error, "Looking for ~ts...",[Opt]),
check_for_flags(Opt, LDFLAGS);
check_option(#{ ~"requires" := Tool, ~"opt" := Opt }, _CFLAGS, _LDFLAGS, _CurrentGccVsn) ->
io:format(standard_error, "~ts not implemented yet using ~p!~n",[Opt, Tool]),
true.

check_for_flags(Flag, Flags) ->
case lists:any(fun(O) -> lists:search(fun(A) -> string:equal(string:trim(O), string:trim(A)) end, Flags) =:= false end, string:split(Flag, " ", all) ) of
true -> io:format(standard_error, "missing!~n",[]), true;
false -> io:format(standard_error, "found!~n",[]), false
end.

sarif(Missing) ->
Zip = lists:zip(lists:seq(1,length(Missing)), Missing),
json:encode(
#{ ~"version" => ~"2.1.0",
~"$schema" => ~"https://raw.githubusercontent.com/oasis-tcs/sarif-spec/main/sarif-2.1/schema/sarif-schema-2.1.0.json",
~"runs" =>
[ #{
~"tool" =>
#{ ~"driver" =>
#{ ~"informationUri" => ~"https://github.com/erlang/otp/.github/workflow/ossf-scanner",
~"name" => ~"ossf-scanner",
~"rules" =>
[ #{ ~"id" => base64:encode(erlang:md5(Opt)),
~"name" => ~"MissingCompilerFlag",
~"shortDescription" =>
#{ ~"text" => <<"Missing CFLAGS ", Opt/binary>> },
~"helpUri" => ~"https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++",
~"fullDescription" =>
#{
~"text" => <<Desc/binary,"\nA OSSF C/C++ compiler hardening flag is missing from the tests. "
"Please check https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++ for details.">>
}
}
|| {_Id, #{ ~"desc" := Desc, ~"opt" := Opt }} <- Zip],
~"version" => ~"1.0"
}
},
~"artifacts" =>
[ #{
~"location" => #{
~"uri" => ~".github/docker/Dockerfile.64-bit"
},
~"length" => -1
}
],
~"results" =>
[ #{
~"ruleId" => base64:encode(erlang:md5(Opt)),
~"ruleIndex" => Id,
~"level" => ~"warning",
~"message" => #{ ~"text" => <<"Missing CFLAGS ", Opt/binary>> },
~"locations" =>
[ #{ ~"physicalLocation" =>
#{ ~"artifactLocation" =>
#{ ~"uri" => ~".github/docker/Dockerfile.64-bit" }
}
} ]
} || {Id, #{ ~"opt" := Opt }} <- Zip]
} ]
}).
26 changes: 21 additions & 5 deletions .github/scripts/release-docs.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/bin/sh
#!/bin/bash

## %CopyrightBegin%
##
Expand All @@ -18,9 +18,25 @@
##
## %CopyrightEnd%

docker run -v $PWD/:/github otp "make release docs release_docs && make release_docs DOC_TARGETS='man html' RELEASE_ROOT=/github/docs"
sudo chown -R `whoami` docs
release=${1}
vsn=${2}
if [[ ${release} < 27 ]]; then
docker run -v $PWD/:/github otp "make release docs release_docs && make release_docs DOC_TARGETS='man html pdf' RELEASE_ROOT=/github/docs"
else
case "${vsn}" in
"27.0**")
DOC_TARGETS=html
;;
*)
DOC_TARGETS="html man"
;;
esac
docker run -v $PWD/:/github otp "./otp_build download_ex_doc && make release docs release_docs && make release_docs DOC_TARGETS='${DOC_TARGETS}' RELEASE_ROOT=/github/docs"
fi
sudo chown -R "$(whoami)" docs
cd docs
tar czf ../otp_doc_man.tar.gz man
rm -rf man
if test -x man; then
tar czf ../otp_doc_man.tar.gz man
rm -rf man
fi
tar czf ../otp_doc_html.tar.gz *
Loading

0 comments on commit 8dc3d4d

Please sign in to comment.