1918069 - Add mach vendor moz.yaml file for chromium sandbox code

Status: RESOLVED FIXED

(Core :: Security: Process Sandboxing, task, P1)

Description

[Bob Owen (:bobowen)]

Using mach vendor should make the creation of our patched version of chromium's sandbox code formal, reproducible and more self-documenting.

Comment 1

[Bob Owen (:bobowen)]

Attachment: Bug 1918069 p1: Move chromium sandbox patches into one directory. r=handyman,yjuglaret

The splitting of patches into a set to get a working build (with_update) and
additional changes (after_update) has never proved very useful.

Comment 2

[Bob Owen (:bobowen)]

Attachment: Bug 1918069 p2: Translate patches to be relative to the vendoring directory. r=handyman,yjuglaret

Comment 3

[Bob Owen (:bobowen)]

Attachment: Bug 1918069 p3: Rebase existing chromium sandbox patches. r=handyman,yjuglaret

Changes are because of the removal of some patches that we no longer required.

Comment 4

[Bob Owen (:bobowen)]

Attachment: Bug 1918069 p4: Add upstream chromium sandbox patches. r=handyman,yjuglaret

Often if a patch was a fix taken from upstream we have not added our own patch
if the fix was old enough that we were bound to receive the fix on our next
update anyway.
This approach doesn't work for formal vendoring, so this adds those missing
patches. They are added to a separate "upstream" directory, so future updaters
know that they are likely to be redundant.
One patch has been moved from the existing patches because it is similar to
another and obviously from upstream.

Comment 5

[Bob Owen (:bobowen)]

Attachment: Bug 1918069 p5: Make the patches self ordering within the directories. r=handyman,yjuglaret

This means we can use wildcards to include them in the moz.yaml file.

Comment 6

[Bob Owen (:bobowen)]

Attachment: Bug 1918069 p6: Fix the sorting of patches to match the order specified. r=tjr!

Currently the list of patches are sorted after matching, but the documentation
suggests that they should be in the order specified first and only sorted within
a glob.
The flexibility stated in the documentation seems reasonable.
This affects the sorting of other lists as they are converted to paths, but the
order does not matter in the way that they are used.

Comment 7

[Bob Owen (:bobowen)]

Attachment: Bug 1918069 p7: Add ability to use individual-files flavor for googlesource. r=tjr!

googlesource only has a base64 encoded raw form, so this patch adds the facility
for a host to specify a function for the copy and decode from the temp download
file. It also allows the individual-files-default-upstream to be an empty str,
because it seems reasonable for a file to be relative to the base vendoring url.

Comment 8

[Bob Owen (:bobowen)]

Attachment: Bug 1918069 p7: Add ability to use individual-files flavor for googlesource. r=tjr!

googlesource only has a base64 encoded raw form, so this patch adds the facility
for a host to specify a function for the copy and decode from the temp download
file. It also allows the individual-files-default-upstream to be an empty str,
because it seems reasonable for a file to be relative to the base vendoring url.

Comment 9

[Bob Owen (:bobowen)]

Attachment: Bug 1918069 p8: Add some documentation for the individual-files flavor. r=tjr!

Comment 10

[Bob Owen (:bobowen)]

Attachment: Bug 1918069 p9: Add mach vendor moz.yaml file for chromium sandbox code. r=handyman,yjuglaret

Comment 11

[Pulsebot]

Pushed by bobowencode@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/dc73135802bd
p1: Move chromium sandbox patches into one directory. r=yjuglaret
https://hg.mozilla.org/integration/autoland/rev/2be65c0c3bba
p2: Translate patches to be relative to the vendoring directory. r=yjuglaret
https://hg.mozilla.org/integration/autoland/rev/7abcbaba8060
p3: Rebase existing chromium sandbox patches. r=handyman
https://hg.mozilla.org/integration/autoland/rev/8ae4b8b5e027
p4: Add upstream chromium sandbox patches. r=handyman
https://hg.mozilla.org/integration/autoland/rev/207ba435d2e3
p5: Make the patches self ordering within the directories. r=handyman
https://hg.mozilla.org/integration/autoland/rev/2801fa633c0a
p6: Fix the sorting of patches to match the order specified. r=tjr
https://hg.mozilla.org/integration/autoland/rev/b5f60d43810b
p7: Add ability to use individual-files flavor for googlesource. r=tjr
https://hg.mozilla.org/integration/autoland/rev/084a63fd203b
p8: Add some documentation for the individual-files flavor. r=tjr
https://hg.mozilla.org/integration/autoland/rev/e76f34434abd
p9: Add mach vendor moz.yaml file for chromium sandbox code. r=handyman

Comment 12

[Serban Stanca [:SerbanS]]

https://hg.mozilla.org/mozilla-central/rev/dc73135802bd
https://hg.mozilla.org/mozilla-central/rev/2be65c0c3bba
https://hg.mozilla.org/mozilla-central/rev/7abcbaba8060
https://hg.mozilla.org/mozilla-central/rev/8ae4b8b5e027
https://hg.mozilla.org/mozilla-central/rev/207ba435d2e3
https://hg.mozilla.org/mozilla-central/rev/2801fa633c0a
https://hg.mozilla.org/mozilla-central/rev/b5f60d43810b
https://hg.mozilla.org/mozilla-central/rev/084a63fd203b
https://hg.mozilla.org/mozilla-central/rev/e76f34434abd

Comment 13

[Serban Stanca [:SerbanS]]

https://hg.mozilla.org/mozilla-central/rev/dc73135802bd
https://hg.mozilla.org/mozilla-central/rev/2be65c0c3bba
https://hg.mozilla.org/mozilla-central/rev/7abcbaba8060
https://hg.mozilla.org/mozilla-central/rev/8ae4b8b5e027
https://hg.mozilla.org/mozilla-central/rev/207ba435d2e3
https://hg.mozilla.org/mozilla-central/rev/2801fa633c0a
https://hg.mozilla.org/mozilla-central/rev/b5f60d43810b
https://hg.mozilla.org/mozilla-central/rev/084a63fd203b
https://hg.mozilla.org/mozilla-central/rev/e76f34434abd