[tor-bugs] #34176 [Internal Services/Tor Sysadmin Team]: Tor Browser Nightly external server support

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 12 21:57:46 UTC 2020


#34176: Tor Browser Nightly external server support
-------------------------------------------------+---------------------
 Reporter:  sysrqb                               |          Owner:  tpa
     Type:  task                                 |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+---------------------

Comment (by anarcat):

 >  To be clear, the current plan is we (Tor Browser devs) get an external
 server and we maintain it ourselves, in the short-term. I'll take on this
 responsibility. At some time in the future (but not too far in the
 future), TPA receive additional budget for adding a machine large enough
 for building Tor Browser Nightly. We then migrate the nightly build setup
 onto the new server and cancel the old machine.

 Works for me! :)

 >  Currently, the build system runs the following programs as root (in
 addition to executing dynamically created build (shell) scripts at run-
 time):

 > {{{
 > sudo tar
 > ...
 > }}}

 ... game over! might as well just give you root at that point...

 >  I've never tried runc-in-docker, but maybe? ticket:23631#comment:2
 describes some problems with directly using Docker.

 Thanks for the pointer! I admit I haven't read the entire thread so I
 hadn't caught that. I'm surprised to hear Docker can't run inside a i386
 machine... but as for the container escapes, the point would be that the
 container would run as as a regular user so that you wouldn't need to do
 all that pesky `runc` and `netns` stuff yourself. ;)

 But of course, I have no idea what I'm talking about here... That build
 seems to do some hairy stuff that maybe I will be happier not knowing
 about until I need to. :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34176#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list