Bug 21824: use runc instead of docker

-----------------------------

To build Tor Browser, you need a Linux distribution that has support

for Docker (such as Debian jessie, Ubuntu 14.04, Fedora 20, etc ...).

The Docker package is usually named docker.io or docker-io.

On Debian jessie, the docker.io package is available in backports.

for runC (such as Debian jessie, Ubuntu 14.04, Fedora 20, etc ...).

On Debian jessie, the runc package is available in backports.

Your user account should have access to the docker command without using

sudo, so it should be in the docker group. The docker daemon should

also be running.

Your user account should have access sudo access, which is required to

be able to extract container file systems, start containers and copy

files to and from containers.

The sources of most components are downloaded using git, which needs to

be installed. The sources of webrtc are downloaded using gclient, which

                  libio-captureoutput-perl libfile-slurp-perl \

                  libstring-shellquote-perl libsort-versions-perl \

                  libdigest-sha-perl libdata-uuid-perl libdata-dump-perl \

                  libfile-copy-recursive-perl git libgtk2.0-dev curl

                  libfile-copy-recursive-perl git libgtk2.0-dev curl runc

Starting a build

use 'make clean-dry-run'.

Multiple build directories on the same host

-------------------------------------------

You can do multiple builds of Tor Browser in different directories on

the same host. However the docker images namespace is global, so you

may have some conflicts with the same image names used by the

different builds. By default, the docker images are prefixed with

tor-browser_$USER. You can change this prefix by defining the

docker_image_prefix option in rbm.local.conf, using a different prefix

for each of your build directories.

Common Build Errors

-------------------

# vim: filetype=yaml sw=2

version: 2.24

filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'

remote_docker: 1

var:

  configure_opt: '--disable-multilib --enable-gold --enable-deterministic-archives --enable-plugins'

  container:

    use_container: 1

targets:

  windows-i686:

    sig_ext: sig

    file_gpg_id: 1

    gpg_keyring: binutils.gpg

  - project: docker-image

  - project: container-image

  - filename: enable-reloc-section-ld.patch

    enable: '[% c("var/windows") %]'

  - filename: peXXigen.patch

tag_gpg_id: 1

gpg_keyring: cmake.gpg

filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'

remote_docker: 1

var:

  container:

    use_container: 1

input_files:

  - project: docker-image

  - project: container-image

{

	"ociVersion": "1.0.0-rc1",

	"platform": {

		"os": "linux",

		"arch": "amd64"

	},

	"process": {

		"terminal": true,

		"user": {

			"uid": 0,

			"gid": 0

		},

		"args": [

			"/rbm/run"

		],

		"env": [

			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

			"TERM=xterm"

		],

		"cwd": "/",

		"capabilities": [

			"CAP_AUDIT_WRITE",

			"CAP_KILL",

			"CAP_NET_BIND_SERVICE",

			"CAP_SETGID",

			"CAP_SETUID",

			"CAP_MKNOD",

			"CAP_SYS_CHROOT",

[% IF c("var/container/CAP_SYS_ADMIN") -%]

			"CAP_SYS_ADMIN",

[% END -%]

			"CAP_FSETID",

			"CAP_FOWNER",

			"CAP_DAC_OVERRIDE",

			"CAP_CHOWN"

		],

		"rlimits": [

			{

				"type": "RLIMIT_NOFILE",

				"hard": 1024,

				"soft": 1024

			}

		],

		"noNewPrivileges": true

	},

	"root": {

		"path": "rootfs",

		"readonly": false

	},

	"hostname": "runc",

	"mounts": [

		{

			"destination": "/proc",

			"type": "proc",

			"source": "proc"

		},

		{

			"type": "bind",

			"source": "/etc/resolv.conf",

			"destination": "/etc/resolv.conf",

			"options": [

				"rbind",

				"ro"

			]

		},

		{

			"destination": "/dev",

			"type": "tmpfs",

			"source": "tmpfs",

			"options": [

				"nosuid",

				"strictatime",

				"mode=755",

				"size=65536k"

			]

		},

		{

			"destination": "/dev/pts",

			"type": "devpts",

			"source": "devpts",

			"options": [

				"nosuid",

				"noexec",

				"newinstance",

				"ptmxmode=0666",

				"mode=0620",

				"gid=5"

			]

		},

		{

			"destination": "/dev/shm",

			"type": "tmpfs",

			"source": "shm",

			"options": [

				"nosuid",

				"noexec",

				"nodev",

				"mode=1777",

				"size=65536k"

			]

		},

		{

			"destination": "/dev/mqueue",

			"type": "mqueue",

			"source": "mqueue",

			"options": [

				"nosuid",

				"noexec",

				"nodev"

			]

		},

		{

			"destination": "/sys",

			"type": "sysfs",

			"source": "sysfs",

			"options": [

				"nosuid",

				"noexec",

				"nodev",

				"ro"

			]

		},

		{

			"destination": "/sys/fs/cgroup",

			"type": "cgroup",

			"source": "cgroup",

			"options": [

				"nosuid",

				"noexec",

				"nodev",

				"relatime",

				"ro"

			]

		}

	],

	"hooks": {},

	"linux": {

		"resources": {

			"devices": [

				{

					"allow": false,

					"access": "rwm"

				}

			]

		},

		"namespaces": [

			{

				"type": "pid"

			},

			{

				"type": "ipc"

			},

			{

				"type": "uts"

			},

			{

				"type": "mount"

			}

		],

		"maskedPaths": [

			"/proc/kcore",

			"/proc/latency_stats",

			"/proc/timer_stats",

			"/proc/sched_debug"

		],

		"readonlyPaths": [

			"/proc/asound",

			"/proc/bus",

			"/proc/fs",

			"/proc/irq",

			"/proc/sys",

			"/proc/sysrq-trigger"

		]

	},

	"solaris": {

		"cappedCPU": {},

		"cappedMemory": {}

	}

}