[tor-bugs] #33948 [Applications/Tor Browser]: Setup a new nightly build machine
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Apr 21 15:07:23 UTC 2020
#33948: Setup a new nightly build machine
------------------------------------------+--------------------------------
Reporter: boklm | Owner: tbb-team
Type: task | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
| TorBrowserTeam202004
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+--------------------------------
I am currently running nightly builds at http://f4amtbsowhix7rrf.onion/. I
think someone else from Tor Browser team should setup a new nightly build
machine.
To do that the ansible scripts in directory `tools/ansible` can be used:
https://gitweb.torproject.org/builders/tor-browser-
build.git/tree/tools/ansible
You will need to:
- if the host does not have a public IP address, you can install tor and
setup an onion service on the http port (this part is not done in ansible)
- add a new host in the `inventory` file
- configure this host in your `~/.ssh/config` file if necessary (if the
hostname added to the `inventory` file is not a real hostname), and make
sure that you can connect to the host with `ssh root@$hostname`
- copy the file `boklm-tbb-nightly-build.yml` to an other name
- copy the directory `group_vars/boklm-tbb-nightly` to another group
name, and update the configuration in `tbb-nightly-build.yml`
- configure email on the host. This can be done in ansible with the file
`dma.yml`. The email password (if needed) is stored encrypted in `dma-
auth.yml` in the directory `vaulted_vars` (see
https://docs.ansible.com/ansible/latest/cli/ansible-vault.html), and the
password to decrypt the vault is passed with the `--vault-password-file`
argument in the Makefile (maybe it's also possible to store `dma-auth.yml`
outside tor-browser-build.git without using vault). Alternatively you can
configure email on the host without using ansible, by removing the `mta`
role from the `*-tbb-nightly-build.yml` file.
- in the `Makefile` add a new *-tbb-nightly-build rule
- run "make *-tbb-nightly-build"
- if you enabled `nightly_build_sign_build` in `tbb-nightly-build.yml`,
connect to the host and become the `tbb-nightly` user and generate a new
gpg key (the key is not created automatically by ansible)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33948>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list