[tor-bugs] #29981 [Applications/Tor Browser]: Add option to build without using containers

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Apr 2 11:08:56 UTC 2019 

#29981: Add option to build without using containers
-------------------------------------------+--------------------------
 Reporter:  boklm                          |          Owner:  tbb-team
     Type:  task                           |         Status:  new
 Priority:  Medium                         |      Milestone:
Component:  Applications/Tor Browser       |        Version:
 Severity:  Normal                         |     Resolution:
 Keywords:  tbb-rbm, TorBrowserTeam201904  |  Actual Points:
Parent ID:                                 |         Points:
 Reviewer:                                 |        Sponsor:
-------------------------------------------+--------------------------

Comment (by boklm):

 Replying to [comment:1 gk]:
 > Replying to [ticket:29981 boklm]:
 > > By default the Tor Browser build is done inside containers, which we
 run using runc, which require root access.
 > >
 > > In some cases, such as F-Droid builds (#27539), this can be a problem.
 I think we should be able to add an option to do the builds without using
 containers.
 >
 > How would that help the F-Droid case given that F-Droid is taking just
 the signature for an app and applying that one to the built they made
 themselves? I mean the non-container build would then need to match our
 build done in a containerized setup so that F-Droid would get a bit-for-
 bit identical output. Maybe I am too pessimistic here but I'd be surprised
 if that worked out-of-the-box...

 If the F-Droid build VM is using Debian Strech too, then I think the main
 differences between our build environment and the F-Droid build
 environment would be:
 - the username of the build user. In the rbm build we use an `rbm` user,
 but I think we can add an option to change it if that is an issue.
 - the list of packages installed. In our case we build each component with
 only the minimum set of dependencies required to build this component,
 while in the F-Droid case they would always have the dependencies required
 to build all of the components. I think in most cases the additional
 packages should not change the output of the build. Maybe in some cases it
 will requires some changes to avoid the effect of some additional package.

 Unless I'm forgetting an other important difference, I think it should not
 be very difficult to get matching builds. Although I did not try it, so
 maybe I'm too optimistic.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29981#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list