ci: Fix kernel+rootfs.* jobs

The rootfs generation is failing due to issues with the deqp and crosvm
build stages.

== crosvm ==

This week, crates.io released the bindgen cargo package at version
0.61.0, but this version could not be installed via `cargo install
bindgen ...`, setting the version to the previous one to avoid breaking
the Mesa rootfs builds.

See also related failed job:
https://gitlab.freedesktop.org/gallo/mesa/-/jobs/30046963

== deqp ==

The deqp build is failing due to the missing archive of an old zlib
release version, which was deleted due to a CVE, see zlib 1.2.13 release
notes.

As the deqp uprev to 1.3.4.0, which contains the fix, was not
straightforward, let's only apply the necessary patch to fix zlib
source code download link and then remove this indirection in an
eventual deqp uprev.

Example of a failed kernel+rootfs build job:
  https://gitlab.freedesktop.org/gallo/mesa/-/jobs/30045324

Signed-off-by: Guilherme Gallo <guilherme.gallo@collabora.com>
Reviewed-by: Yonggang Luo <luoyonggang@gmail.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/19183>

diff --git a/.gitlab-ci/container/build-crosvm.sh b/.gitlab-ci/container/build-crosvm.sh
index cfee159..7728654 100644 (file)
--- a/.gitlab-ci/container/build-crosvm.sh
+++ b/.gitlab-ci/container/build-crosvm.sh
@@ -25,6 +25,7 @@ RUSTFLAGS='-L native=/usr/local/lib' cargo install \
   bindgen \
   -j ${FDO_CI_CONCURRENT:-4} \
   --root /usr/local \
+  --version 0.60.1 \
   $EXTRA_CARGO_ARGS
 
 RUSTFLAGS='-L native=/usr/local/lib' cargo install \

diff --git a/.gitlab-ci/container/build-deqp.sh b/.gitlab-ci/container/build-deqp.sh
index c9f4df7..71b11ab 100644 (file)
--- a/.gitlab-ci/container/build-deqp.sh
+++ b/.gitlab-ci/container/build-deqp.sh
@@ -12,6 +12,13 @@ git clone \
     /VK-GL-CTS
 pushd /VK-GL-CTS
 
+# Apply a patch to update zlib link to an available version.
+# vulkan-cts-1.3.3.0 uses zlib 1.2.12 which was removed from zlib server due to
+# a CVE. See https://zlib.net/
+# FIXME: Remove this patch when uprev to 1.3.4.0+
+wget -O- https://github.com/KhronosGroup/VK-GL-CTS/commit/6bb2e7d64261bedb503947b1b251b1eeeb49be73.patch |
+    git am -
+
 # --insecure is due to SSL cert failures hitting sourceforge for zlib and
 # libpng (sigh).  The archives get their checksums checked anyway, and git
 # always goes through ssh or https.

diff --git a/.gitlab-ci/image-tags.yml b/.gitlab-ci/image-tags.yml
index 8faf36c..c7406ea 100644 (file)
--- a/.gitlab-ci/image-tags.yml
+++ b/.gitlab-ci/image-tags.yml
@@ -1,6 +1,6 @@
 variables:
    DEBIAN_X86_BUILD_BASE_IMAGE: "debian/x86_build-base"
-   DEBIAN_BASE_TAG: "2022-10-04-vn-render-server"
+   DEBIAN_BASE_TAG: "2022-10-19-remove-xvmc-dev"
 
    DEBIAN_X86_BUILD_IMAGE_PATH: "debian/x86_build"
    DEBIAN_BUILD_TAG: "2022-10-18-dx-headers"
@@ -11,11 +11,11 @@ variables:
    DEBIAN_X86_TEST_BASE_IMAGE: "debian/x86_test-base"
 
    DEBIAN_X86_TEST_IMAGE_PATH: "debian/x86_test-gl"
-   DEBIAN_X86_TEST_GL_TAG: "2022-09-29-uprev-dxvk"
-   DEBIAN_X86_TEST_VK_TAG: "2022-09-29-uprev-dxvk"
+   DEBIAN_X86_TEST_GL_TAG: "2022-10-20-bindgen-zlib-cve"
+   DEBIAN_X86_TEST_VK_TAG: "2022-10-20-bindgen-zlib-cve"
 
    FEDORA_X86_BUILD_TAG: "2022-09-22-python3-ply-2"
-   KERNEL_ROOTFS_TAG: "2022-10-05-uprev-dxvk"
+   KERNEL_ROOTFS_TAG: "2022-10-20-bindgen-zlib-cve"
 
    WINDOWS_X64_VS_PATH: "windows/x64_vs"
    WINDOWS_X64_VS_TAG: "2022-08-17-bump"