Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Matthew Finkel
tor-browser-build
Commits
2d98c063
Unverified
Commit
2d98c063
authored
Apr 25, 2017
by
boklm
Browse files
Bug 21824: use runc instead of docker
parent
b9fc5fc4
Changes
47
Hide whitespace changes
Inline
Side-by-side
README
View file @
2d98c063
...
...
@@ -5,13 +5,12 @@ Installing build dependencies
-----------------------------
To build Tor Browser, you need a Linux distribution that has support
for Docker (such as Debian jessie, Ubuntu 14.04, Fedora 20, etc ...).
The Docker package is usually named docker.io or docker-io.
On Debian jessie, the docker.io package is available in backports.
for runC (such as Debian jessie, Ubuntu 14.04, Fedora 20, etc ...).
On Debian jessie, the runc package is available in backports.
Your user account should have access
to the docker command without using
sudo, so it should be in the docker group. The docker daemon should
also be running
.
Your user account should have access
sudo access, which is required to
be able to extract container file systems, start containers and copy
files to and from containers
.
The sources of most components are downloaded using git, which needs to
be installed. The sources of webrtc are downloaded using gclient, which
...
...
@@ -41,7 +40,7 @@ If you are running Debian or Ubuntu, you can install them with:
libio-captureoutput-perl libfile-slurp-perl \
libstring-shellquote-perl libsort-versions-perl \
libdigest-sha-perl libdata-uuid-perl libdata-dump-perl \
libfile-copy-recursive-perl git libgtk2.0-dev curl
libfile-copy-recursive-perl git libgtk2.0-dev curl
runc
Starting a build
...
...
@@ -184,18 +183,6 @@ of files and containers that would be removed without doing it, you can
use 'make clean-dry-run'.
Multiple build directories on the same host
-------------------------------------------
You can do multiple builds of Tor Browser in different directories on
the same host. However the docker images namespace is global, so you
may have some conflicts with the same image names used by the
different builds. By default, the docker images are prefixed with
tor-browser_$USER. You can change this prefix by defining the
docker_image_prefix option in rbm.local.conf, using a different prefix
for each of your build directories.
Common Build Errors
-------------------
...
...
keyring/ubuntu.gpg
0 → 100644
View file @
2d98c063
File added
projects/binutils/config
View file @
2d98c063
# vim: filetype=yaml sw=2
version
:
2.24
filename
:
'
[%
project
%]-[%
c("version")
%]-[%
c("var/build_id")
%].tar.gz'
remote_docker
:
1
var
:
configure_opt
:
'
--disable-multilib
--enable-gold
--enable-deterministic-archives
--enable-plugins'
container
:
use_container
:
1
targets
:
windows-i686
:
...
...
@@ -15,7 +16,7 @@ input_files:
sig_ext
:
sig
file_gpg_id
:
1
gpg_keyring
:
binutils.gpg
-
project
:
dock
er-image
-
project
:
contain
er-image
-
filename
:
enable-reloc-section-ld.patch
enable
:
'
[%
c("var/windows")
%]'
-
filename
:
peXXigen.patch
...
...
projects/cmake/config
View file @
2d98c063
...
...
@@ -5,7 +5,9 @@ git_hash: 'v[% c("version") %]'
tag_gpg_id
:
1
gpg_keyring
:
cmake.gpg
filename
:
'
[%
project
%]-[%
c("version")
%]-[%
c("var/build_id")
%].tar.gz'
remote_docker
:
1
var
:
container
:
use_container
:
1
input_files
:
-
project
:
dock
er-image
-
project
:
contain
er-image
projects/common/runc-config.json
0 → 100644
View file @
2d98c063
{
"ociVersion"
:
"1.0.0-rc1"
,
"platform"
:
{
"os"
:
"linux"
,
"arch"
:
"amd64"
},
"process"
:
{
"terminal"
:
true
,
"user"
:
{
"uid"
:
0
,
"gid"
:
0
},
"args"
:
[
"/rbm/run"
],
"env"
:
[
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
,
"TERM=xterm"
],
"cwd"
:
"/"
,
"capabilities"
:
[
"CAP_AUDIT_WRITE"
,
"CAP_KILL"
,
"CAP_NET_BIND_SERVICE"
,
"CAP_SETGID"
,
"CAP_SETUID"
,
"CAP_MKNOD"
,
"CAP_SYS_CHROOT"
,
[
%
IF
c(
"var/container/CAP_SYS_ADMIN"
)
-%
]
"CAP_SYS_ADMIN"
,
[
%
END
-%
]
"CAP_FSETID"
,
"CAP_FOWNER"
,
"CAP_DAC_OVERRIDE"
,
"CAP_CHOWN"
],
"rlimits"
:
[
{
"type"
:
"RLIMIT_NOFILE"
,
"hard"
:
1024
,
"soft"
:
1024
}
],
"noNewPrivileges"
:
true
},
"root"
:
{
"path"
:
"rootfs"
,
"readonly"
:
false
},
"hostname"
:
"runc"
,
"mounts"
:
[
{
"destination"
:
"/proc"
,
"type"
:
"proc"
,
"source"
:
"proc"
},
{
"type"
:
"bind"
,
"source"
:
"/etc/resolv.conf"
,
"destination"
:
"/etc/resolv.conf"
,
"options"
:
[
"rbind"
,
"ro"
]
},
{
"destination"
:
"/dev"
,
"type"
:
"tmpfs"
,
"source"
:
"tmpfs"
,
"options"
:
[
"nosuid"
,
"strictatime"
,
"mode=755"
,
"size=65536k"
]
},
{
"destination"
:
"/dev/pts"
,
"type"
:
"devpts"
,
"source"
:
"devpts"
,
"options"
:
[
"nosuid"
,
"noexec"
,
"newinstance"
,
"ptmxmode=0666"
,
"mode=0620"
,
"gid=5"
]
},
{
"destination"
:
"/dev/shm"
,
"type"
:
"tmpfs"
,
"source"
:
"shm"
,
"options"
:
[
"nosuid"
,
"noexec"
,
"nodev"
,
"mode=1777"
,
"size=65536k"
]
},
{
"destination"
:
"/dev/mqueue"
,
"type"
:
"mqueue"
,
"source"
:
"mqueue"
,
"options"
:
[
"nosuid"
,
"noexec"
,
"nodev"
]
},
{
"destination"
:
"/sys"
,
"type"
:
"sysfs"
,
"source"
:
"sysfs"
,
"options"
:
[
"nosuid"
,
"noexec"
,
"nodev"
,
"ro"
]
},
{
"destination"
:
"/sys/fs/cgroup"
,
"type"
:
"cgroup"
,
"source"
:
"cgroup"
,
"options"
:
[
"nosuid"
,
"noexec"
,
"nodev"
,
"relatime"
,
"ro"
]
}
],
"hooks"
:
{},
"linux"
:
{
"resources"
:
{
"devices"
:
[
{
"allow"
:
false
,
"access"
:
"rwm"
}
]
},
"namespaces"
:
[
{
"type"
:
"pid"
},
{
"type"
:
"ipc"
},
{
"type"
:
"uts"
},
{
"type"
:
"mount"
}
],
"maskedPaths"
:
[
"/proc/kcore"
,
"/proc/latency_stats"
,
"/proc/timer_stats"
,
"/proc/sched_debug"
],
"readonlyPaths"
:
[
"/proc/asound"
,
"/proc/bus"
,
"/proc/fs"
,
"/proc/irq"
,
"/proc/sys"
,
"/proc/sysrq-trigger"
]
},
"solaris"
:
{
"cappedCPU"
:
{},
"cappedMemory"
:
{}
}
}
projects/container-image/build
0 → 100644
View file @
2d98c063
#!/bin/sh
set
-
e
# Doing nothing
projects/
dock
er-image/config
→
projects/
contain
er-image/config
View file @
2d98c063
# vim: filetype=yaml sw=2
filename
:
'
[%
sha256(c("pre")).substr(0,
12)
%]'
remote_docker
:
1
docker_save_image
:
'
[%
c("docker_image_prefix")
%]:[%
c("filename")
%]'
filename
:
'
container-image_[%
c("var/container/suite")
%]-[%
c("var/container/arch")
%]-[%
sha256(c("pre")).substr(0,
12)
%].tar.gz'
pkg_type
:
build
docker_image
:
'
[%
c("lsb_release/id").lower
%]:[%
c("lsb_release/release")
%]'
var
:
container
:
use_container
:
1
suite
:
'
[%
pc(c("origin_project"),
"var/container/suite")
%]'
arch
:
'
[%
pc(c("origin_project"),
"var/container/arch")
%]'
lsb_release
:
id
:
'
[%
pc(c("origin_project",
{
no_distro
=>
1
}),
"lsb_release/id",
{
no_distro
=>
1
})
%]'
release
:
'
[%
pc(c("origin_project",
{
no_distro
=>
1
}),
"lsb_release/release",
{
no_distro
=>
1
})
%]'
codename
:
'
[%
pc(c("origin_project",
{
no_distro
=>
1
}),
"lsb_release/codename",
{
no_distro
=>
1
})
%]'
id
:
Debian
codename
:
wheezy
release
:
7.11
pre
:
|
#!/bin/sh
# [% c('
docker_imag
e') %]
# [% c('
var/container/suit
e') %]
set -e
[% IF c('lsb_release/release') == '14.10' -%]
sed -i 's/archive\.ubuntu\.com/old-releases.ubuntu.com/' /etc/apt/sources.list
[% END -%]
[% IF pc(c('origin_project'), 'var/pre_pkginst') -%]
[% pc(c('origin_project'), 'var/pre_pkginst') %]
[% END -%]
[% IF c('lsb_release/id') == 'Ubuntu' || c('lsb_release/id') == 'Debian' %]
[% IF c("var/container/suite") == "precise" -%]
export INITRD=no
mkdir -p /etc/container_environment
echo -n no > /etc/container_environment/INITRD
dpkg-divert --local --rename --add /sbin/initctl
ln -s /bin/true /sbin/initctl
dpkg-divert --local --rename --add /usr/bin/ischroot
ln -sf /bin/true /usr/bin/ischroot
cat >> /etc/apt/sources.list << EOF
deb http://archive.ubuntu.com/ubuntu/ precise-updates main
deb-src http://archive.ubuntu.com/ubuntu/ precise-updates main
deb http://archive.ubuntu.com/ubuntu/ precise universe
deb-src http://archive.ubuntu.com/ubuntu/ precise universe
deb http://archive.ubuntu.com/ubuntu/ precise-updates universe
deb-src http://archive.ubuntu.com/ubuntu/ precise-updates universe
deb http://archive.ubuntu.com/ubuntu/ precise-security main
deb-src http://archive.ubuntu.com/ubuntu/ precise-security main
deb http://archive.ubuntu.com/ubuntu/ precise-security universe
deb-src http://archive.ubuntu.com/ubuntu/ precise-security universe
EOF
[% END -%]
apt-get update -y
apt-get upgrade -y
[% END %]
[%
deps = [];
IF pc(c('origin_project'), 'var/deps');
...
...
@@ -49,3 +69,18 @@ pre: |
[% IF pc(c('origin_project'), 'var/post_pkginst') -%]
[% pc(c('origin_project'), 'var/post_pkginst') %]
[% END -%]
remote_get
:
|
#!/bin/sh
set -e
[%
SET src = shell_quote(c('get_src', { error_if_undef => 1 }));
SET dst = shell_quote(c('get_dst', { error_if_undef => 1 }));
-%]
mkdir -p "[% dst %]"
sudo tar -C "[% c("var/container/dir") %]/rootfs" -czf "[% dst %]/[% c("filename") %]" .
input_files
:
-
project
:
debootstrap-image
target
:
-
'
[%
c("var/container/suite")
%]-[%
c("var/container/arch")
%]'
projects/debootstrap-image/build
0 → 100644
View file @
2d98c063
#!/bin/sh
set
-
e
# Doing nothing
projects/debootstrap-image/config
0 → 100644
View file @
2d98c063
# vim: filetype=yaml sw=2
filename
:
'
container-image_[%
c("var/container/suite")
%]-[%
c("var/container/arch")
%].tar.gz'
pkg_type
:
build
var
:
ubuntu_version
:
17.04
container_dir
:
'
[%
c("tmp_dir")
%]/rbm-containers/[%
sha256(c("build_id"))
%]'
container_user
:
rbm
container
:
use_container
:
1
# We need CAP_SYS_ADMIN for debootstrap to work
CAP_SYS_ADMIN
:
1
pre
:
|
#!/bin/sh
set -e
apt-get update -y
apt-get install -y debian-archive-keyring ubuntu-keyring debootstrap
debootstrap --arch=[% c("var/container/arch") %] [% c("var/container/debootstrap_opt") %] [% c("var/container/suite") %] base-image [% c("var/container/debootstrap_mirror") %]
tar -C ./base-image -czf [% dest_dir %]/[% c("filename") %] .
targets
:
wheezy-amd64
:
var
:
container
:
suite
:
wheezy
arch
:
amd64
jessie-amd64
:
var
:
container
:
suite
:
jessie
arch
:
amd64
precise-amd64
:
var
:
container
:
suite
:
precise
arch
:
amd64
debootstrap_opt
:
--keyring=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
utopic-amd64
:
var
:
container
:
suite
:
utopic
arch
:
amd64
debootstrap_mirror
:
http://old-releases.ubuntu.com/ubuntu/
input_files
:
-
URL
:
'
http://cdimage.ubuntu.com/ubuntu-base/releases/[%
c("var/ubuntu_version")
%]/release/ubuntu-base-[%
c("var/ubuntu_version")
%]-base-amd64.tar.gz'
filename
:
'
container-image_ubuntu-base-[%
c("var/ubuntu_version")
%]-base-amd64.tar.gz'
sha256sum
:
df2c8fd540e474b8e1e29c0db8ed6b43a932918f1b9a8149bb82104a7c07ba2a
projects/docker-image/build
deleted
100644 → 0
View file @
b9fc5fc4
#!/bin/sh
set
-
e
echo
1
>
[
%
dest_dir
%
]
/
[
%
c
(
'filename'
)
%
]
echo
Creating
[
%
dest_dir
%
]
/
[
%
c
(
'filename'
)
%
]
projects/ed25519/config
View file @
2d98c063
...
...
@@ -3,16 +3,17 @@ version: '[% c("abbrev") %]'
git_url
:
https://github.com/agl/ed25519.git
git_hash
:
c4161f4c7483313562781c61b9a20aba73daf9de
filename
:
'
[%
project
%]-[%
c("version")
%]-[%
c("var/osname")
%]-[%
c("var/build_id")
%].tar.gz'
remote_docker
:
1
build
:
'
[%
c("projects/go/var/build_go_lib")
%]'
var
:
container
:
use_container
:
1
go_lib
:
github.com/agl/ed25519
go_lib_install
:
-
github.com/agl/ed25519/extra25519
input_files
:
-
project
:
dock
er-image
-
project
:
contain
er-image
-
name
:
go
project
:
go
projects/firefox/config
View file @
2d98c063
...
...
@@ -5,7 +5,6 @@ git_hash: 'tor-browser-[% c("var/firefox_version") %]-[% c("var/torbrowser_branc
tag_gpg_id
:
1
git_url
:
https://git.torproject.org/tor-browser.git
gpg_keyring
:
torbutton.gpg
remote_docker
:
1
var
:
firefox_version
:
52.1.0esr
...
...
@@ -19,6 +18,8 @@ var:
-
autoconf2.13
-
yasm
-
python
container
:
use_container
:
1
targets
:
nightly
:
...
...
@@ -74,7 +75,7 @@ targets:
martools_filename
:
mar-tools-win32.zip
input_files
:
-
project
:
dock
er-image
-
project
:
contain
er-image
-
name
:
'
[%
c("var/compiler")
%]'
project
:
'
[%
c("var/compiler")
%]'
-
filename
:
get-moz-build-date
...
...
projects/fonts/config
View file @
2d98c063
...
...
@@ -3,8 +3,9 @@ version: '[% c("abbrev") %]'
git_url
:
https://github.com/googlei18n/noto-fonts.git
git_hash
:
720e34851382ee3c1ef024d8dffb68ffbfb234c2
filename
:
"
[%
project
%]-[%
c('version')
%]-[%
c('var/build_id')
%].tar.gz"
remote_docker
:
1
var
:
container
:
use_container
:
1
noto_fonts_hinted
:
-
Arimo-Regular.ttf
-
Arimo-Bold.ttf
...
...
@@ -85,7 +86,7 @@ targets:
-
NotoSansYi-Regular.ttf
input_files
:
-
project
:
dock
er-image
-
project
:
contain
er-image
-
URL
:
https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd05d6f382138a3d3adcd89c5ce800/fonts/NotoEmoji-Regular.ttf
sha256sum
:
415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5
enable
:
'
[%
c("var/linux")
%]'
...
...
projects/gcc/config
View file @
2d98c063
# vim: filetype=yaml sw=2
filename
:
'
[%
project
%]-[%
c("version")
%]-[%
c("var/build_id")
%].tar.gz'
version
:
5.1.0
remote_docker
:
1
var
:
container
:
use_container
:
1
configure_opt
:
--enable-multilib --enable-languages=c,c++ --with-arch_32=i686
deps
:
-
build-essential
...
...
@@ -42,6 +43,6 @@ targets:
var
:
configure_opt
:
--disable-multilib --enable-languages=c,c++
input_files
:
-
project
:
container-image
-
URL
:
'
https://ftp.gnu.org/gnu/gcc/gcc-[%
c("version")
%]/gcc-[%
c("version")
%].tar.bz2'
sha256sum
:
b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad
-
project
:
docker-image
projects/gmp/config
View file @
2d98c063
# vim: filetype=yaml sw=2
filename
:
'
[%
project
%]-[%
c("version")
%]-[%
c("var/osname")
%]-[%
c("var/build_id")
%].tar.gz'
version
:
5.1.3
remote_docker
:
1
var
:
container
:
use_container
:
1
targets
:
linux
:
...
...
@@ -9,9 +12,9 @@ targets:
configure_opt_gmp
:
--enable-fat
input_files
:
-
project
:
container-image
-
name
:
gmp
URL
:
'
https://ftp.gnu.org/gnu/gmp/gmp-[%
c("version")
%].tar.bz2'
sha256sum
:
752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160
-
name
:
'
[%
c("var/compiler")
%]'
project
:
'
[%
c("var/compiler")
%]'
-
project
:
docker-image
projects/go-webrtc/config
View file @
2d98c063
...
...
@@ -3,11 +3,12 @@ version: '[% c("abbrev") %]'
git_url
:
https://github.com/keroserene/go-webrtc.git
git_hash
:
ab1b64862e0c4b4182010699911c2c5818f0a101
filename
:
'
[%
project
%]-[%
c("version")
%]-[%
c("var/osname")
%]-[%
c("var/build_id")
%].tar.gz'
remote_docker
:
1
build
:
'
[%
c("projects/go/var/build_go_lib")
%]'
var
:
container
:
use_container
:
1
go_lib
:
github.com/keroserene/go-webrtc
build_go_lib_pre
:
|
[% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %]
...
...
@@ -43,7 +44,7 @@ targets:
-
lib32stdc++6
input_files
:
-
project
:
dock
er-image
-
project
:
contain
er-image
-
name
:
go
project
:
go
-
name
:
webrtc
...
...
projects/go/config
View file @
2d98c063
# vim: filetype=yaml sw=2
version
:
1.7.5
filename
:
'
[%
project
%]-[%
c("version")
%]-[%
c("var/build_id")
%].tar.gz'
remote_docker
:
1
var
:
go14_version
:
1.4.3
container
:
use_container
:
1
setup
:
|
mkdir -p /var/tmp/dist
...
...
@@ -69,7 +70,7 @@ targets:
GOARCH
:
386
input_files
:
-
project
:
dock
er-image
-
project
:
contain
er-image
-
name
:
'
[%
c("var/compiler")
%]'
project
:
'
[%
c("var/compiler")
%]'
enable
:
'
[%
c("var/windows")
||
c("var/osx")
%]'
...
...
projects/goerrors/config
View file @
2d98c063
...
...
@@ -3,14 +3,15 @@ version: '[% c("abbrev") %]'
git_url
:
https://github.com/pkg/errors
git_hash
:
248dadf4e9068a0b3e79f02ed0a610d935de5302
filename
:
'
[%
project
%]-[%
c("version")
%]-[%
c("var/osname")
%]-[%
c("var/build_id")
%].tar.gz'
remote_docker
:
1
build
:
'
[%
c("projects/go/var/build_go_lib")
%]'
var
:
container
:
use_container
:
1
go_lib
:
github.com/pkg/errors
input_files
:
-
project
:
dock
er-image
-
project
:
contain
er-image
-
name
:
go
project
:
go
projects/gogb/config
View file @
2d98c063
...
...
@@ -3,18 +3,19 @@ version: '[% c("abbrev") %]'
git_url
:
https://github.com/constabulary/gb
git_hash
:
06cc925cce6592e922dcc4839a8b44feb384e71e
filename
:
'
[%
project
%]-[%
c("version")
%]-[%
c("var/osname")
%]-[%
c("var/build_id")
%].tar.gz'
remote_docker
:
1
build
:
'
[%
c("projects/go/var/build_go_lib")
%]'
var
:
container
:
use_container
:
1
go_lib
:
github.com/constabulary/gb
go_lib_install
:
github.com/constabulary/gb/cmd/gb
go_lib_deps
:
-
goerrors
input_files
:
-
project
:
dock
er-image
-
project
:
contain
er-image
-
name
:
go
project
:
go
-
name
:
goerrors
...
...
projects/goptlib/config
View file @
2d98c063
...
...
@@ -5,14 +5,15 @@ git_hash: '[% c("version") %]'
tag_gpg_id
:
1
gpg_keyring
:
goptlib.gpg
filename
:
'
[%
project
%]-[%
c("version")
%]-[%
c("var/osname")
%]-[%
c("var/build_id")
%].tar.gz'
remote_docker
:
1
build
:
'
[%
c("projects/go/var/build_go_lib")
%]'
var
:
container
:
use_container
:
1
go_lib
:
git.torproject.org/pluggable-transports/goptlib.git
input_files
:
-
project
:
dock
er-image
-
project
:
contain
er-image
-
name