Investigate using runc instead of docker
In the rbm based build system, we are currently using docker to run the builds in containers. We could use runc instead of docker to run the containers: https://runc.io/
Packages for runc are available for Debian in the jessie-backports repository.
Ubuntu provides some base images as tar.gz, signed with gpg, that we can use as the containers rootfs: http://cdimage.ubuntu.com/ubuntu-base/releases/
Debian does not seem to provide the same base images. However, we can generate some using debootstrap from an Ubuntu container.
Using runc instead of docker to start the containers would have some advantages:
- this avoids having to trust the debian and ubuntu images from the docker repository. Instead we can use an image directly from ubuntu.
- the container images would be stored in the
out/
directory, rather than in/var/lib/docker
, which make cleaning easier. - running i386 containers with runc seems to be working. Using an i386 container would simplify the build of linux32 versions of Tor Browser.