1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
|
====================
0.8.5.1 / 2025-11-19
====================
* ci: Get RPM source version from CMakeList.txt
* supervisor: Add sphinx's -E option later if -M is set
* supervisor: Extend error with output of qemu-user binary
* interceptor: Mark utimensat() and futimens() as safe to intercept remapped
* readme: Update README.md that qemu-packages are available from firebuild/stable
* supervisor: Properly shortcut chmod command when it did not create file
* interceptor: Allow intercepting close() when already intercepting fclose()
* macos: Don't workaround recursively intercepting close() in fclose() on macOS
* supervisor: Pass static binaries to qemu with full path as argument
==================
0.8.5 / 2025-11-16
==================
* supervisor: Add commas after single letter options in --help
* supervisor: Add bash-completion rules
* ci: Use firebuild/apt-eatmydata-action instead of prefixing apt with eatmydata
* tests: Wrap valgrind command directly with close_fds_exec
* ci: Don't test on Ubuntu 20.04
* Portuguese debconf templates translation
* ci: Update Bitrise's Brew step to version 1
* macos: Pass -DCMAKE_OSX_SYSROOT=macosx to cmake on macOS
* debian: Fix autopkgtest restriction allow-stder -> allow-stderr
* debian: Fix pedantic and informative Lintian errors
* bitrise: Drop cache restoring and saving steps
* tests: Clean up in "file operations" more thoroughly
* macos: Handle "compatibility-version" in TBD parsing
* supervisor: Allow shortcutting touch in LTO when coreutils provides it
* supervisor: Handle missed exec()-ed static binaries in popen() and system()
* build: Add .spec file for RPM based distributions
* ci: Build for AlmaLinux, too
* Handle truncate()
* Added po-debconf Catalan translation
* debian: Fix bash rebuild autopkgtest
* Allow shortcutting mkfifo() in lto-wrapper's make
* ci: Run CI every Monday at 4:10 AM
* test: Wait for each cloned process in test_cmd_clone
* interceptor: Refactor receiving full fbb messages from the supervisor
* macos: Stop intercepting deprecated posix_spawn_file_actions_add(f)chdir_np
* build: Rename Jinja2 templates to *.jinja2 to conform to best practice
* build: Generate common config.h instead of setting defined with -D...
* supervisor: Fix intercepting qemu-user running dynamically linked executables
* interceptor: Refactor receiving full fbb messages from the supervisor a bit more
* Allow rewriting arguments of exec() and posix_spawn()
* interceptor: Rewrite posix_spawn()'s path parameter, too, not just argv
* Intercept getrlimit(), setrlimit() and prlimit() calls
* macos: Decrease parallel sleep's parallelism to fix connect() error
* Intercept bind() and disable shortcutting only on successful ones
* supervisor: Support faliing mkdir() in read-only locations
* supervisor: Rewrite sphinx-build command line to include -E if needed
* gitignore: Ignore src/common/config.h
* supervisor: Print error instead of crashing when writing the report fails
* supervisor: Add space when printing "failed <call>" is not supported
* supervisor: Fix and extend misleading documentation of Process::get_absolute()
* supervisor: Factor out FileName::GetCanonicalized() from resolve_command_from_msg()
* test: Test clock_gettime() in test_static
* Intercept statically linked binaries using qemu-user
* supervisor: Implement inline blob storage for small pipe data
* supervisor: Inline small files instead of storing them as blobs
* ci: Drop expected coverage level to 74% from 75%
* debian: Suggest the out-of-archive qemu-user-interposable package
* supervisor: Rewrite the top level command with CommandRewriter
* supervisor: Pass -fno-pch-timestamp to clang when -emit-pch is passed
* github: Add instructions for Copilot to make working with it more efficient
* ci: Configure Xcode without firebuild temporarily
* ci: Disable rebuilding self on Bitrise, just build with Xcode
* Add magic "FBB\0" string to cache object files with 8-byte alignment
* Make GC remove cache objects without valid magic header
* Bump cache format version to 2 for magic header breaking change
* supervisor: Write the magic header and the cache entry in a single call
* supervisor: Factor out common parts of PipeRecorder::add_data_from_*()
* github: Instruct copilot to not duplicate code
==================
0.8.4 / 2024-12-17
==================
* interceptor: Allow intercepting some orignal 64bit time and offset related remapped functions
* report: Fix indentation of generated script tags
* report: Use Viz.js for generating call graph in the browser
* bitrise: Save built firebuild as a build artifact
* bitrise: Switch to M2 runner, which is the default anyway
* contrib: Import heapsort.c from libbsd 0.12.1
* interceptor: Use custom heapsort() with alloca() instead of qsort() on macOS
* tests: Refactor running firebuild from the test directory
* Load libfirebuild from full path on macOS and when testing on Linux
* Don't pass through and fix up modified LD_LIBRARY_PATH and DYLD_LIBRARY_PATH
* interceptor: Sort environment variables if they were fixed up by the interceptor
* ci: Build the package on Ubuntu 24.04, too
* tests: Work around xcodebuild ... -find gcc preventing caching
* ci: Stop testing on macos-12 runners
* ci: Close fds up to 200 in close_fds_exec
* interceptor: Intercept posix_spawn_file_actions_addtcsetpgrp_np()
* interceptor: Use last --jobserver-fds / --jobserver-auth option
* Support GNU Make 4.4's --jobserver-auth=fifo:... jobserver style
* Consider all programs to be GNU Make jobserver users
* firebuild: Skip MAKEFLAGS, MFLAGS and CARGO_MAKEFLAGS from the fingerprint
* interceptor: Add assert()-s to psfa_update_actions and return the earliest possible
* interceptor: Allow tracking multiple identical posix_spawn_file_actions_t handles
* interceptor: Serialize psfas array accesses with a mutex
* interceptor: Drop obsolete, commented out CMakeList part
==================
0.8.3 / 2024-07-21
==================
* ci: Print error when build version is less than git version
* Drop references to *_generated.h
* ci: Make brew overwrite files by default
* firebuild: Use std::unordered_set for deduplicated strings
* build: Pass -static-libasan to GCC only
* FBB: Fix parameter type of some message-specific functions to match the way of calling them
* test: Test pthreads interception
* interceptor: Temporarily use global variables on non-Linux platforms
* Intercept shm_open()
* Support fcntl(fd, F_GETPATH, ...)
* interceptor: Refactor disabling interception
* interceptor: Intercept only the libc entry entry points on OS X
* supervior: Fix handling OS X SDK provided shared libraries
* tests: Use 'head' instead of 'ls' where shortcutting matters
* supervisor: Fix removing fds from kqueue on OS X
* tests: Fix environment fixup test on OS X
* tests: Fix du use on OS X in GC test
* tests: skip popen()-ing static binary when the static binary is not built
* tests: Fix max entry size test on OS X
* tests: Use /usr/bin/touch test_wait.c to make it work on OS X, too
* supervisor: Handle that system(NULL) does not start subprocess on OS X
* test: Fix testing sendfile() on OS X
* tests: Post-process output of wc -l to make gc test work on OS X, too
* tests: Don't create dangling symlinks in gc tests when invalid entries are not tested
* interceptor: Intercept wait4() instead of wait3() on OS X
* interceptor: Intercept *_nocancel glibc API function variants
* interceptor: Fix skipping some intercepted function variants on OS X
* build: Fix Xcode project generation from CMake files
* FBB: Ignore -Wshorten-64-to-32 warnings on OS X
* tests: Fix test_symbols script on OS X
* ci: Don't update brew packages in brew install automatically on macos
* ci: Retry brew install with workarounds on MacOS
* supervisor: Ignore shm_open("apple.shm.notification_center", ...) on OS X
* interceptor: Intercept many double underscore (__*) symbols on OS X
* interceptor: Intercept close$NOCANCEL on OS X
* interceptor: Fix adding wrong guard to some intercepted functions
* interceptor: Intercept missing __* functions on OS X
* interceptor: Refactor generate_interceptors to make it less repetitive
* interceptor: Don't check if *64 variant of already *64 syscalls are intercepted
* supervisor: Remove fd_ member from FileFD
* supervisor: Fix typo and indentation
* supervisor: Refactor pop_expected_child_fds a bit
* interceptor: Fix send_pre_open() documentation causing Doxygen error
* supervisor: Improve debugging output of vectors
* interceptor: Merge tracking interception depth of signal handlers and libc calls
* interceptor: Allow recursive interception of signal handlers and some libc calls on MacOS, too
* doc: Add build instructions for macOS
* supervisor: Stop at first found configuration file
* supervisor: Look for global config file at CMAKE_INSTALL_FULL_SYSCONFDIR
* Fix intercepting __mac_syscall()
* macos: Install hopscotch-map with Homebrew
* supervisor: Set DYLD_LIBRARY_PATH in firebuild if it is empty
* readme: Add installation from source instructions on Linux and Mac
* interceptor: Intercept __opendir2 on macOS
* supervisor: Always ACK in handle_dlopen()
* Intercept scandir() variants
* interceptor: Allow interception inside dlopen() and dlmopen()
* supervisor: Update cache size and stats on SIG{INT|QUIT|SEGV|TERM}
* supervisor: Use memcmp() instead of strcmp() where the string lengths are known
* supervisor: Fix splitting read-only and not read-only locations
* build: Don't rebuild firebuild.1 man page in every incremental build
* supervisor: Move member initializations to constants to member definitions
* test: Test dlopen()
* Handle when a single dlopen() loads multiple shared libraries
* supervisor: Ignore dlopen()-ed shared libs which are not present as files on macOS
* interceptor: Don't skip shared libraries when collecting the ones loaded by dlopen()
* Fix handling dlopen()
* supervisor: Fix handling seeked inherited fds
* ci: Disable library validation on macOS
* supervisor: Allow shm_open()-ing apple.cfprefs* shared memory
* Ignore operations on /dev/autofs_nowait
* supervisor: Fix skipping missing shared libraries on macOS in debug mode, too
* interceptor: Ignore fcntl()'s F_NOCACHE and F_GETPROTECTIONCLASS commands
* When open("foo/bar", O_DIRECTORY) returns -1 with ENOTDIR. assume foo/bar to be regular file
* ci: Fail the macOS test early if SIP is enabled on the runner
* Intercept kqueue() call on macOS
* Extend posix_spawn() interception
* interceptor: Drop unused code left over from simplifying dlopen() interception
* interceptor: Don't notify the supervisor about dlopen() when RTLD_NOLOAD is set
* interceptor: Intercept open$NOCANCEL and openat$NOCANCEL on macOS
* interceptor: Put success condition in parentheses for clarity
* Intercept mktemp()
* Debug-print socket()'s domain parameter nicely
* Ignore connect() in xcodebuild -find ... inside LTO linking
* supervisor: Factor out file action handling from posix_spawn() handling
* Handle posix_spawn() with POSIX_SPAWN_SETEXEC attribute on macOS
* supervisor: Detect rustc when it is executed with its full path, too
* test: Increase integration test coverage a bit
* supervisor: Fix unused parameter in handle_kqueue
* test: Test posix file actions handling
* supervisor: Add FileName::parent_dir()
* supervisor: Extend ENOTDIR handling to cover more possible cases
* Ignore connecting to "/var/run/syslog" UNIX socket on macOS.
* build: Declare Homebrew dependencies in Brewfile
* interceptor: Intercept GLibc 2.39's pidfd_spawn() and pidfd_spawnp()
* ci: Add missing graphviz formula to Brewfile
* ci: Build .debs faster
* ci: Don't build dbgsym packages along with .debs
* ci: Really don't build dbgsym packages along with .debs
* supervisor: Ignore connect()-ing to the sockets listed in ignore_locations
* interceptor: Reset rusage timers when reporting rusage to the supervisor
* supervisor: Factor out options handling to separate class
* supervisor: Add -q options to suppress info messages
* Swedish debconf template translation
* supervisor: Check on macOS that the system allows interception
* interceptor: Sort loaded shared libraries in scproc_query
* interceptor: Identify posix_spawn_file_actions_t handles by their full content
* ci: Set static macos specific enviroment variables for the whole job
* macos: Use python-jinja2 as brew dependency instead of jinja2-cli
* build: Configure include and library paths in CMake
* ci: Use all avaliable processors on GitHub runners
* ci: Add Bitrise CI configuration
* ci: Rebuild self from cache with Xcode on Bitrise
* ci: Build with xcodebuild, too, on macOS
* ci: Build and test the project on macOS 14, too
* build: Use jinja2-cli Homebrew formula instead of the just removed python-jinja
* ci: Detect HOMEBREW_PREFIX instead of mapping it to runner types
* supervisor: Move pre-opening handling from process_posix_spawn_file_actions() to handle_open()
* test: Test posix_spawn()-ing a dynamically linked binary, too
* report: Deduplicate used shared libs
* supervisor: Don't reopen inherited closed pipe
* debian: Switch order of autopkgtest tests
* supervisor: Ignore rustc's --out-dir directory's content
* interceptor: Fix use-after-free in readlink() interception
* supervisor: Fix unhandled case in ENOTDIR handling
* interceptor: Don't set flags to 0 in pipe_request message
* supervisor: Debug a few more fcntl() commands
* ci: Upgrade to use actions/checkout@v4 and actions/cache@v4
* ci: Switch to use firebuild/firebuild-action@v4
* interceptor: Intercept __send on arm64 Linux
* interceptor: Fix casting to the right passed size_t type in count_shared_libs_cb
* test: Fix running integration tests under different locales
* interceptor: Set exported symbol names with __asm__("<name>")
* supervisor: Fix building the supervisor with 64bit time and file offset on 32bit systems
* interceptor: Use 64bit time and file offset function variants via get_ic_orig_*()
* interceptor: Abort on time64-enabled systems when intercepting 32 bit symbol variants
* supervisor: Work around Clang ASan falsely detecting leaking config strings
* supervisor: Don't override SIGSEGV handler when dumping core is allowed
* supervisor: Don't close blob fd in advance, that would be closed later.
* supervisor: Refactor closing pre-opened blob fds when applying shortcuts
* interceptor: Don't intercept __send on arm64 Linux starting with glibc 2.34
* supervisor: Select passed through environment variables with regular expressions
* supervisor: Don't intercept sandbox-exec
* report: Break long lines in Chrome and other browsers with the same engine
* report: Set size for background darkening with CSS instead of with JavaScript
* report: Show darkened border around command details
==================
0.8.2 / 2023-08-24
==================
* Fix the build 32 bit architectures
* supervisor: Handle inherited fd offset properly
* ci: Upgrade docker job to run multiple releases on Ubuntu and add Debian
* test: Fix building and testing test_cmd_clone only on Linux
* tests: Suppress yes: standard output: Broken pipe error
* tests: Allow running tests on installed firebuild
* debian/tests: Add autopkgtest running build time tests on installed firebuild
* supervisor: Support GLibc 2.38 passing "--" right after "sh -c"
* debian: Depend on at least the glibc version firebuild is built with
==================
0.8.1 / 2023-08-15
==================
* artwork: Fix the circle in the logo to be really round
* interceptor: Factor out some fd read write state handling from templates
* Report error code when a call reported only once fails
* interceptor: Treat successful copy_file_range() and sendfile() calls as reads and writes
* report: Include file name and process potentially writing the file in parallel
* report: List only directly and not transitively used filed in process details
* report: Deduplicate used file strings
* report: Register used files at the shortcut process when generating the report
* report: Deduplicate process environments
* supervisor: Run main loop until all interceptor connections and pipes are closed
* supervisor: Run all cleanup and destructors when FB_EXTRA_DEBUG is defined
* ci: Run coverage test on Debug build and increase required coverage
* interceptor: Intercept __vfork for glibc < 2.34
* supervisor: Show maximum resident set with "-d time"
* supervisor: Defer clearinf obsolete finalized ExecedProcess data
* supervisor: Free whole finalized process subtrees when it is safe
* interceptor: Fix calling handle_exit()
* supervisor: Track the common ancestor of processes keeping files open for writing
* supervisor: Track the process exec_point() for files opened for writing
* interceptor: Perform seccomp() calls in not intercepted processes
* Use global buffer size for paths
* supervisor: Don't use alloca() in garbage collection loops
0.8.0 / 2023-04-19
==================
* portability: Fixes to build on Mac OS X (interception is not functional yet)
* readme: Mention packages in the Arch Linux (AUR), Debian and Ubuntu archives
* interceptor: Intercept seccomp() calls and always return with EINVAL error
Fixes intercepting and caching man commands
* supervisor: Add default quirk to ignore successful statfs() and fstatfs() calls
Fixes shortcutting Doxygen
* tests: Fix building all binaries for valgrind-check target
* ci: Split running tests with valgrind to a separate job
* supervisor: Fall back to pread() when mmap() fails when hashing a file
Fixes shortcutting Java and javadoc again after their behavior changes
* ci: Use firebuild to speed up firebuild builds on Linux
* ci: Use latest Clang and scan-build versions
* supervisor: Cache "sh" again by default and
* supervisor: Skip caching command when parent sh -c "<command>" can be cached
* supervisor: Ignore missing configuration settings instead of crashing
* supervisor: Rename system_locations configuration entry to read_only_locations
* interceptor: Make relative or absolute unsuccessfully dlopen()-ed paths absolute
* supervisor: Treat unsuccessfully dlopen()-ed files using absolute filename as missing
Fixes shortcutting Intel Fortran Compiler (ifort).
* supervisor: Fix saved bytes accounting
* supervisor: Verify stored bytes accounting in Debug builds
* supervisor: Fix invalid stored cache size
* supervisor: Don't report missing possible debug files when debugging cache during GC
* ci: Add CodeQL analysis
* supervisor: Intercept ccache, but set it to run the original compiler
This allows relying on firebuild's caching by default even when ccache
is installed.
* supervisor: Shortcut only ccache and not child gcc/g++/etc. command
* tests: Don't disable ccache in test helper scripts
Ccache is now disabled within firebuild by default.
* Ignore communication with GNU Make's and Cargo's jobserver
This lets shortcutting processes that read tokens from the jobserver.
* interceptor: Ignore getcap syscall
It is used by Python and Node
* supervisor: Don't store hash of dependency directory listing for rustc
This allows shortcutting Rust + Cargo builds
* interceptor: Report getrandom syscalls
* interceptor: utimensat syscall accepts NULL pathname
* supervisor: Allow configuring maximal cache entry size with default of 250MB
* report: Include why shortcutting attempts failed
* debian: Update short and long package description
0.2.12 / 2023-02-23
==================
* Handle system(NULL)
* Detect inherited file backed fds that are not not seeked to the end in the interceptor
* report: Don't break line inside a single environment variable
* interceptor: Wide scanf variants return EOF, too, not WEOF
* interceptor: Fix syscall template to honor rettype and ifdef_guard
* supervisor: Prevent adding an fd with epoll_ctl() twice to avoid errors and crashes
* supervisor: Deduplicate dynamically allocated reasons of not shortcutting
* report: Include more verbose reasons for not not shortcutting
* report: Don't escape "/" in JSON strings
* report: Escape used files to not break the JSON format
* Dutch translation of debconf messages
* Spanish translation of the debconf template
* Brazilian Portuguese debconf templates translation
0.2.11 / 2023-01-21
==================
* debian: Update copyright
* debian: Initial German debconf translation
* supervisor: Pass through HOME environment variable
* tests: Skip testing orphan process handling on WSL
* tests: Don't test with fakeroot if fakeroot does not work
* debian: Build-depend on fakeroot (with <!nocheck>)
* tests: Ignore ENOSYS error from memfd_create, timerfd_create and eventfd
* tests: open(..., O_TMPFILE) returns EISDIR on WSL1, ignore that
* supervisor: Fall back to emulating copy_file_range on ENOSYS error
* supervisor: Fall back to renameat() if renameat2() return ENOSYS or EINVAL
* interceptor: __gettimeofday64 is added only in Glibc 2.34
* debian: Don't require node-d3 for building firebuild
* interceptor: Add #ifdef guards for a few functions not existing in glibc 2.27
* supervisor: Add minimal renameat2() wrapper when it is missing
* interceptor: Define gettimeofday() for Glibc < 2.31, too
* test: Ignore harmless extra symbols appearing with older toolchains
* interceptor: Ignore new public symbols appearing on Bionic
* common: Define CLONE_PIDFD and statx() structs and defines when they are missing
* debian: Armel autopkgtests are slower
* interceptor: Check and intercept missing __* variants
* interceptor: Check if *64 syscall variants are intercepted
* interceptor: Check the *_time64 bit variants of intercepted functions are also intercepted
* interceptor: Check if *64 bit variants of intercepted functions are also intercepted
* debian: Bump standards version No changes were needed
* supervisor: Handle faccessat() with unknown dirfd
* interceptor: MIPS has > 64 signals, don't assert() on that
* common: Don't decode SIGSTKFLT in debugging when it is not defined
* supervisor: Add --option=key=[] option to clear a configuration array
* readme: bc is a required test dependency
* interceptor: Intercept clone() with flags == CLONE_VFORK | SIGCHLD as a fork()
* interceptor: Intercept _Fork calling pthread_atfork handlers directly
* interceptor: Enable/disable interception of functions with #ifdef guards
* supervisor: Add LAUNCH_TYPE_POSIX_SPAWN
* interceptor: Don't check global intercepting_enabled in env_needs_fixup()
* interceptor: Factor out fixing up and restoring environment to a macro
* interceptor: Treat fallocate() and posix_fallocate() as pwrites
* report: Fix typo in the title
* debian: Show firebuild stats in autopkgtest
|
