[tor-bugs] #34176 [Internal Services/Tor Sysadmin Team]: Tor Browser Nightly external server support

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue May 12 21:53:22 UTC 2020 

#34176: Tor Browser Nightly external server support
-------------------------------------------------+---------------------
 Reporter:  sysrqb                               |          Owner:  tpa
     Type:  task                                 |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+---------------------

Comment (by sysrqb):

 Replying to [comment:4 anarcat]:
 > > What do you think?
 >
 > I need to talk with the team about this, we have the change of guard
 tomorrow, let me see if I can poke at this problem again then.

 To be clear, the current plan is we (Tor Browser devs) get an external
 server and we maintain it ourselves, in the short-term. I'll take on this
 responsibility. At some time in the future (but not too far in the
 future), TPA receive additional budget for adding a machine large enough
 for building Tor Browser Nightly. We then migrate the nightly build setup
 onto the new server and cancel the old machine.

 >
 > What, exactly, do you need to run as root? Could we encapsulate only a
 subset of the build to run as root?

 Not easily in the current architecture of the build system. The system
 alternates between configuring a clean build environment (and installing
 dependencies) and then building the component.

 Currently, the build system runs the following programs as root (in
 addition to executing dynamically created build (shell) scripts at run-
 time):
 {{{
 sudo tar
 sudo ip netns add
 sudo ip netns exec
 sudo runc run
 sudo ip netns delete
 sudo mkdir
 sudo cp
 sudo chown
 sudo rm
 sudo runc --version
 sudo id
 sudo useradd
 ...
 }}}

 >
 > How about if we give you the ability to run Docker containers?

 I've never tried runc-in-docker, but maybe? ticket:23631#comment:2
 describes some problems with directly using Docker.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34176#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list