[tor-bugs] #34122 [Internal Services/Tor Sysadmin Team]: Create two Tor Browser build machines
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 5 19:35:57 UTC 2020
#34122: Create two Tor Browser build machines
-------------------------------------------------+---------------------
Reporter: sysrqb | Owner: tpa
Type: project | Status: new
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+---------------------
Comment (by anarcat):
> Currently, the default Tor Browser build system (tor-browser-build)
requires the user have (essentially) full sudo permissions (#23631) due to
its underlying use of runc for creating deterministic build environments.
How open are we to changing how that works? How hard is changing that
component, in other words?
I ask because `runc` and friends have moved quite a bit in recent years,
and there is now the possibility of building and running containers (the
latter is what `runc` does, essentially) as regular users (AKA "rootless
containers"). In particular, buildah and podman are drop-in Docker
replacements that can do that.
Therefore, if "creating deterministic build environments" is the goal,
maybe we can look at podman and friends first?
I see some of those ideas were mentioned in #23631 but i figured i would
bring them back in scope here first...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34122#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list