[tor-bugs] #32389 [Applications/Tor Browser]: Sandbox Graphite using RLBox for Linux

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Feb 28 15:29:09 UTC 2020 

#32389: Sandbox Graphite using RLBox for Linux
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  gk
     Type:  task                                 |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-security, GeorgKoppen202002,     |  Actual Points:
  TorBrowserTeam202002R                          |
Parent ID:  #32379                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):

 * status:  assigned => needs_review
 * keywords:  tbb-security, GeorgKoppen202002 => tbb-security,
     GeorgKoppen202002, TorBrowserTeam202002R


Comment:

 `bug_32389_v8` (https://gitweb.torproject.org/user/gk/tor-browser-
 build.git/commit/?h=bug_32389_v8&id=6402b4ce975647e263611c49183456930dae461b)
 has the patch for review which is enabling RLBox for Graphite on Linux
 x86_64.

 As we talked on IRC I've included all the patches I backported in #32380
 into a separate directory, `rlbox-patches`, in the `firefox` project. The
 commit message explains a bit why.

 An additional thing to note: I had to install `git` to apply the one huge
 patch for a couple of reasons. For one, `patch` on Wheezy does not cope
 with `git` renaming patches. That feature is only starting with version
 2.7 but the one on Wheezy 2.6.1 (backports did not seem to change that
 story). Then I thought, okay, let's do `git format-patch --no-renames`
 instead and use the larger patch with `patch`. The problem now is that
 `patch` does not deal with empty files (it does not create them) which
 breaks the build. I then decided to resort to `git apply` and just added
 `git` as a dependency to all the other ones for Linux x86_64 to not just
 create a container for RLBox and have further container inflation.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32389#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list