[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Docker containers to run tor with multiple glibc versions

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-dev] Docker containers to run tor with multiple glibc versions
From: Daniel Pinto <danielpinto52@xxxxxxxxx>
Date: Wed, 1 Jul 2020 01:48:35 +0100
Autocrypt: addr=danielpinto52@xxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBFMPqSIBEADVT9jbHAk2qvAkg5lzPwPbPEowuM93+Yu/RTF9XWX3AztiGQcTvcLBUURF yMQvehGOOYdledO7Ehl2AK2bl5/B+PN0swFUL1b47w/aG5ZZ4hLa76W1uNlaj+9ZmBsPCzy1 1hrJ21Z5gHiXXgnZlH0G8TqWmT7mt3wxRFhIOWjjWIIp0CyR4myybjq7oAXQ90vR8nzz8Rko JVuxpCQzVnpDHWMLq2pyAfA+XgFZGPpaRFe0thIkbMe0nDydTSscZ+h2ss+K4YhB7zhtZ1OL Cyz0Vg0C99XX9vzZzDHIAKfN7WVIvrZmfG5zzTHX80IB3XflkhP03Ovf+8N/PiwUUayS/c7I HnPE9zoPOy9ED+JmvHwwquU0DcWhF945UIXbXnXHwFI4OYdZD3qWlwBoKRZdZybK5qslPO1K VrU4/hM6OOmD4ehy0Fv+WvrsBQKBo2dInxuGkggUwRJlP3cYNammRbPCUT+AyZR5P1aGXErY Cjj7uMM/BSO1F+ZQH3QevFcIjM/PWPf0jGHszdTRYL0+lPDJU0zeZhB0Bfu0dWDg9skVrkHc 171moW1qQRu97T2OU8eIXaFKMkgdKokoyiu1UGhO4H88TBytZO1UVymy6eCh67F15apf+QLb y9eldvT1qDnbBQtBphISjAEyPYyN7v3L1Kg8aa6zRDM5fjwe/QARAQABtCZEYW5pZWwgUGlu dG8gPGRhbmllbHBpbnRvNTJAZ21haWwuY29tPokCPgQTAQIAKAIbIwYLCQgHAwIGFQgCCQoL BBYCAwECHgECF4AFAlpT1kkFCQklYKcACgkQ/fwmcWHsLpOaEg//R2Vzll2xgUtH71k/lZoU zhfQt/qPvHBeK940GbleIoD8dhNKa6xYpd1eTyobveR2Hs27B/OPbW/wgPNwOvkNjHoV4ybb cbO2H8GF56mXlBcOzWbOkMxLN9AF3KCF1esw6+gi/lHoUPsf32wXszyOQanI5g5afbZJMfOa mcRiMr0sn1tlh/lD45aCVok1nWV6DQqfZwhsFTG7MZKAHBWCsEJcMai35EBWu7CApbKoJjBo 7qJdPV1T/RbCGgw+p7POeAgti1GA2uZt/o34ihm4uj8UvNMMcWXxKX6tfOfP0gLaorfF8ke2 TKok1heF/BmAsxWyy2bNBWmrUhovRQzMXPX/jBuGavOLDtDBqTNV5KoVRqiV4Vb9jnwXE0uQ QUpyP+UaWsc9oGMjjQpb6fxCwYOoutxpfzmCpKEDYgfvXSPT6Tx0OLK4KP4tkWjWtP+w7lXb Cis+LJGq1yBKVAQxhv6tsmoJNLakrV7kR2hBIkk+cdms3d+Ax9JWB1IIxWXMJ0xVUNM/ZJPj kywaFSg6gq/ArTWIxdO4v9y/MR/BP77ZGA++LpQ1uKw0r3ky37MNZuSQS8zEi30AAQjtH9E8 aIez5YoBNp7bbUBNDOz5J3GAMKn6UI0rhCOcKK1xurNqI4Vc5BYG1Fk4zf+jHKEyuyNrWToz AKvioAc5C3tKI2o=
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 30 Jun 2020 20:48:52 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:autocrypt:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=eSjFf9L3+0QtqMv2vP5enYOhpY541WivUTa3uvWJTmA=; b=olRVR6siuomfXVj0KHBxu+FY9yADbECwTeyu+sohbFnzNuzhrA8nnf4VIpLctljyqP GbKJOpzwLkywivZlFhYOWHtMKvK9QN6tszFaGLb2YF8uW7WgjnJgp+MoBFCPWpmW/g/d r2ZBHw3ujQfGh+Rc18PqW47fVYRQ2vqJeed5Y3AFgbjjwAj3PpUN18EqXx7d2brH5j2U NTBRSdXJJUTF4FI5UHKdyotDnySBfbNoj86dvo6V+QR73QT555o9pGJaUYmcOHbCYTKw P5t8fIxADXE/MDDeaWP5a4YDR2DSEsWoj9VDdSfpdC7kdz0Rbtp2bXSEN8F5dncTyqkt ZncA==
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0

Hello,

I've been investigating some bugs related to the seccomp sandbox. While
doing this, I've developed some docker containers that can run tor with
different versions of glibc. As this might be useful for future
problems, I wanted to share them.

You can find the containers in my github repository:
https://github.com/Jigsaw52/docker-containers-glibc-tor

I've created containers for the currently supported versions of Ubuntu
and Debian. Each container builds the glibc versions with which I was
able to start the tor built on that container. They also download and
build tor from the current master branch and create a test torrc which
enables Sandbox and %includes folders and files in the home folder of
user user. There is also a container for alpine to test tor with musl libc.

To run a program with a specific version of glibc, use the command:
run_with_glibc <GLIBC_VERSION> <PROGRAM_PATH> [<ARGS>]

You can see which glibc versions are installed in /opt/ or in the
dockerfile. On the root user home folder, you will find a script
install_glibc.sh that will download and build the glibc versions passed
as arguments. The script supports glibc 2.13 and above. If you need to
build versions of glibc before 2.13, the following page will be helpful:
https://www.lordaro.co.uk/posts/2018-08-26-compiling-glibc.htm

Even though we can build glibc 2.13, even the oldest containers (Debian
8 and Ubuntu 14.04) are only able to run tor with starting with glibc
2.17. This is because the tor binary built in the container (using the
container system glibc) requires symbols for glibc 2.17. According to
this page
(https://gist.github.com/wagenet/35adca1a032cec2999d47b6c40aa45b1) this
provides coverage for the glibc versions present in the supported
versions of the top 10 Linux distros, except for CentOS 6.10 which EOLs
in November. Two containers (Ubuntu 14.04 and 18.04 or Debian 8 and
Debian 10) are enough to cover the glibc versions from 2.17 to 2.31.

Best regards,
-- 
Daniel Pinto
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Prev by Author: Re: [tor-dev] Support for full DNS resolution and DNSSEC validation
Next by Author: Re: [tor-dev] Onion Service v2 Deprecation Timeline
Previous by thread: Re: [tor-dev] Implementing an embeddable C++ Tor client, advice requested
Index(es):
- Author
- Thread