[tor-bugs] #20352 [Applications/Tor Browser]: Integrate sandboxed Tor Browser into our gitian build system

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Dec 5 00:26:15 UTC 2016 

#20352: Integrate sandboxed Tor Browser into our gitian build system
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:
                                                 |  needs_review
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-gitian, tbb-sandboxing,          |  Actual Points:
  GeorgKoppen201611, TorBrowserTeam201612R       |
Parent ID:  #19750                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by yawning):

 Ugh. Old libseccomp doesn't let me distinguish the version of the shared
 library at runtime (the version was a bunch of #defines).  So the build's
 broken right now, because libseccomp packages from backports are needed to
 get something that will function at all, and even then the packages *may*
 misbehave on jessie (amd64) systems.

 This is the upstream issue that's fixed in newer releases:
 https://github.com/seccomp/libseccomp/commit/b43a7dde03f96ce6a291eb58f620c5d2b7700b51

 I'm not sure what the best solution here is out of:

  1. Kludge out the version check and pray that we don't hit the edge case.
  2. Ship pre-generated bpf.
    a. Generated at compile time (adds another step to the build process,
 the gitian descriptor needs to be modified to pull in backports packages,
 but the user does not need ibseccomp at all).
    b. Generated by me, embedded in the tree as static assets.  The build
 system won't need libesccomp at all, and neither will the user.
  3. Drop 32 bit intel support and go back to using gosecco.

 I'm personally leaning toward option 2a, with a plan to fall back to 2b,
 since the work involved is comparable.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20352#comment:26>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list