From 5eb68cc3cd6dd8695d0eb1d37b168c5466f82b81 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 7 Dec 2024 14:52:04 +0100
Subject: [PATCH] Build a GCC 15 snapshot

Temporarily make a recent GCC snapshot available for testing. We make it
available separately, not as gcc-latest, because it is known to break
current branches (https://github.com/Mbed-TLS/mbedtls/issues/9814).

Once #9814 is fixed in all tested branches (including non-ancient pull
requests), which will surely be after the GCC 15 release, we should
switch gcc-latest to GCC 15 (or above).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 .../docker_files/ubuntu-22.04/Dockerfile      | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/resources/docker_files/ubuntu-22.04/Dockerfile b/resources/docker_files/ubuntu-22.04/Dockerfile
index 4b474aae0..a8a05b3eb 100644
--- a/resources/docker_files/ubuntu-22.04/Dockerfile
+++ b/resources/docker_files/ubuntu-22.04/Dockerfile
@@ -65,6 +65,8 @@ RUN apt-get update -q && apt-get install -yq \
         doxygen \
         # to run tests in specific time.
         faketime \
+        # build dependency of GCC
+        flex \
         # to cross-build Mbed TLS
         gcc-mingw-w64-i686 \
         # to build Mbed TLS using latest gcc version available from Ubuntu
@@ -77,10 +79,14 @@ RUN apt-get update -q && apt-get install -yq \
         lcov \
         # to build GnuTLS (nettle with public key support aka hogweed)
         libgmp-dev \
+        # build dependency of GCC
+        libisl-dev libmpfr-dev libmpc-dev \
         # to build GnuTLS >= 3.6 (could also use --with-included-unistring)
         libunistring-dev \
         # to build GnuTLS
         libtasn1-6-dev \
+        # build dependency of GCC
+        libzstd-dev \
         # to have a UTF-8 locale (see locale-gen below)
         locales \
         # used by compat.sh and ssl-opt.sh
@@ -172,6 +178,23 @@ RUN if [ "$(uname -m)" = aarch64 ]; then \
         libc6-dev-armhf-cross \
     && rm -rf /var/lib/apt/lists/
 
+# Install a snapshot of GCC that we want to test with.
+# GCC 15 will break our code: https://github.com/Mbed-TLS/mbedtls/issues/9814
+# During a transition period, we will use a snapshot of GCC 15 to test the
+# fix for that issue.
+# Eventually, gcc-latest should become GCC 15. This will cause test failures
+# on branches that don't have the fix yet, which is why we don't make
+# GCC 15 be gcc-latest immediately.
+RUN wget -q https://mirror.koddos.net/gcc/snapshots/15-20241201/gcc-15-20241201.tar.xz && \
+    tar -xf gcc-15-20241201.tar.xz && \
+    rm gcc-15-20241201.tar.xz && \
+    cd gcc-15-20241201 && \
+    ./configure --prefix=/usr/local/gcc-15 --program-suffix=-15 --disable-bootstrap --enable-languages=c,c++,lto && \
+    make && \
+    make install && \
+    cd .. && \
+    rm -rf gcc-15-20241201
+
 # Install exact upstream versions of OpenSSL and GnuTLS
 #
 # Distro packages tend to include patches that disrupt our testing scripts,