Optimize build time for macOS binaries
With our current approach of building the tor binaries for macOS using the tor-browser-build setup, the build takes rather long (~ 3.5 hours).
The cause of this is that the build does build lots of tools from source itself such as cmake
and clang
to name the building blocks that take up roughly 73% of the build time. Here's a full list of things it builds with the timestamps giving indication of how long it takes. The difference from the item to its predecessor is the time it takes to build, e.g. cmake
takes 7 minutes in this instance (which is quicker than the actual CI hardware because the machine that was used here has better hardware):
drwxr-xr-x 2 z z 4,0K May 2 09:00 mmdebstrap
drwx------ 2 z z 4,0K May 2 09:01 mmdebstrap-image
drwxr-xr-x 2 z z 4,0K May 2 09:01 container-image
drwx------ 2 z z 4,0K May 2 09:08 cmake
drwxr-xr-x 2 z z 4,0K May 2 09:10 llvm-project
drwx------ 2 z z 4,0K May 2 09:12 ninja
drwx------ 2 z z 4,0K May 2 10:17 clang
drwx------ 2 z z 4,0K May 2 10:23 libtapi
drwx------ 2 z z 4,0K May 2 10:25 cctools
drwx------ 2 z z 4,0K May 2 10:31 macosx-toolchain
drwx------ 2 z z 4,0K May 2 10:34 openssl
drwx------ 2 z z 4,0K May 2 10:35 libevent
drwx------ 2 z z 4,0K May 2 10:38 tor
A solution could be to let the build just not build some of those and instead use Debian snapshot repos to get deterministic versions of cmake, clang etc. during build.
On an upstream ticket, it was suggested, that it's possible to disable the use of containers when building tor, which would result in the requirement of installing in the docker container all the dependencies needed for the build. (see https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40819#note_2899611)
Although this comment was given to solve a problem with docker in docker, I had the impression it also might help to reduce the build time. However it looks like clang
, the most important building block (>66% of build time), is not among the tools that are then expected to be installed on the CI machine, it's still built from source.
I expect meddling with the tor build system to be a bit tricky even though it looks quite well structured. But I bet there is a way to make the build just use clang
and cmake
from the system instead of building it from source itself.
The same upstream ticket had a suggestion about reducing build times, too (see https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40819#note_2899637):
If you are able to keep the
out
directory accross builds, then it should not rebuild the dependencies.
I don't think though, that this is helpful for us. Well we could build those bits as part of the docker image, but as this runs as part of our pipeline as well, we won't gain much in total, only for reproducing locally maybe.