[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #34122 [Internal Services/Tor Sysadmin Team]: Create two Tor Browser build machines



#34122: Create two Tor Browser build machines
-------------------------------------------------+-------------------------
 Reporter:  sysrqb                               |          Owner:  hiro
     Type:  project                              |         Status:
                                                 |  assigned
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tap-roadmap-may                      |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:2 anarcat]:
 > >  Currently, the default Tor Browser build system (tor-browser-build)
 requires the user have (essentially) full sudo permissions (#23631) due to
 its underlying use of runc for creating deterministic build environments.
 >
 > How open are we to changing how that works? How hard is changing that
 component, in other words?
 >
 > I ask because `runc` and friends have moved quite a bit in recent years,
 and there is now the possibility of building and running containers (the
 latter is what `runc` does, essentially) as regular users (AKA "rootless
 containers"). In particular, buildah and podman are drop-in Docker
 replacements that can do that.
 >
 > Therefore, if "creating deterministic build environments" is the goal,
 maybe we can look at podman and friends first?
 >
 > I see some of those ideas were mentioned in #23631 but i figured i would
 bring them back in scope here first...

 Yes, we are totally open for doing that (just to reply here as well as in
 #34176). We won't have time to do so until October this year, though. But
 I think we should get that on our agenda for October, in particular if
 that helps to convince TPA to maintain the machines/OSes.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34122#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs