[tbb-bugs] #20352 [Applications/Tor Browser]: Integrate sandboxed Tor Browser into our gitian build system

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Nov 21 11:23:19 UTC 2016


#20352: Integrate sandboxed Tor Browser into our gitian build system
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-gitian, tbb-sandboxing,          |  Actual Points:
  GeorgKoppen201611, TorBrowserTeam201611        |
Parent ID:  #19750                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:3 yawning]:
 > These are the relevant versions of the runtime dependencies I need that
 ship with Debian stable, which is probably the oldest set of packages that
 are "reasonable" to assume installed.
 >
 >  * libx11-dev (The calls I use have always been there, and always will).
 >  * Gtk+ 3.14 - Build assumes this, see the Makefile.
 >  * libseccomp2 (2.1.1, 2.2.3 in backports).
 >
 > ~~~The libseccomp bindings I use determine the version of the library at
 compile time, so if we build against 2.1.1, we will be stuck with the
 features supported by it.  This degrades the effectiveness of the seccomp
 filters I use somewhat because conditional rules do not work correctly
 prior to 2.2.1.~~~ (Edit: This is probably fine, upon close examination,
 needs testing.)

 Good!

 > (Someone should double check that `sandboxed-tor-browser` built against
 ancient libs works even if more modern versions are installed, even if it
 isn't as good as it can be.)
 >
 > As far as building goes, since I use cgo, Go prior to 1.6.x would
 probably end badly.

 That's not an issue as we need Go 1.7 anyway for other stuff.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20352#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list