[tbb-bugs] #18127 [Tor Browser]: Add LXC support for building with Debian guest VMs

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Feb 19 14:12:37 UTC 2016


#18127: Add LXC support for building with Debian guest VMs
-----------------------------------------------+---------------------------
 Reporter:  gk                                 |          Owner:  tbb-team
     Type:  enhancement                        |         Status:
 Priority:  High                               |  needs_information
Component:  Tor Browser                        |      Milestone:
 Severity:  Normal                             |        Version:
 Keywords:  tbb-gitian, TorBrowserTeam201602R  |     Resolution:
Parent ID:                                     |  Actual Points:
  Sponsor:                                     |         Points:
-----------------------------------------------+---------------------------

Comment (by boklm):

 Replying to [comment:12 gk]:
 > Some things I noted while testing the setup:
 >
 > I hit:
 > {{{
 > W: Cannot check Release signature; keyring file not available
 /usr/share/keyrings/debian-archive-keyring.gpg
 > }}}
 > while creating the Linux images which scares me. Can we do something
 about it? Is that an issue?

 Ah, I see that Ubuntu has a debian-archive-keyring package which might fix
 this. So we probably want to add it to check-prerequisites.sh.


 >
 > Further, upon starting the build I always get a bunch of
 > {{{
 > base-wheezy-i386 already exists, please remove it first
 > base-wheezy-amd64 already exists, please remove it first
 > }}}
 > messages. Do we need to do something to get rid of them?

 It seems the image files don't have a .qcow2 extension anymore. So we need
 to update gitian/make-vms.sh to remove the .qcow2.


 >
 > Finally, I've looked at the LXC tips section in the README.md but could
 not find a hint why we need sudo privs now to create the images. This is
 not an issue with the tor-browser-builder-3 branch. Any ideas?

 In tor-browser-builder-3, sudo was used to call vmbuilder. In the new
 version the same thing is done without vmbuilder, but with different sudo
 calls to debootstrap, mount, cp, rm. So it is less easy now to allow only
 specific sudo calls.

 If we want to fix that, we can move all the commands from bin/make-base-vm
 to create an image in the LXC case to a separate file.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18127#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tbb-bugs mailing list