GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Unverified Commit 2d98c063 authored by boklm's avatar boklm
Browse files

Bug 21824: use runc instead of docker

parent b9fc5fc4
......@@ -5,13 +5,12 @@ Installing build dependencies
-----------------------------
To build Tor Browser, you need a Linux distribution that has support
for Docker (such as Debian jessie, Ubuntu 14.04, Fedora 20, etc ...).
The Docker package is usually named docker.io or docker-io.
On Debian jessie, the docker.io package is available in backports.
for runC (such as Debian jessie, Ubuntu 14.04, Fedora 20, etc ...).
On Debian jessie, the runc package is available in backports.
Your user account should have access to the docker command without using
sudo, so it should be in the docker group. The docker daemon should
also be running.
Your user account should have access sudo access, which is required to
be able to extract container file systems, start containers and copy
files to and from containers.
The sources of most components are downloaded using git, which needs to
be installed. The sources of webrtc are downloaded using gclient, which
......@@ -41,7 +40,7 @@ If you are running Debian or Ubuntu, you can install them with:
libio-captureoutput-perl libfile-slurp-perl \
libstring-shellquote-perl libsort-versions-perl \
libdigest-sha-perl libdata-uuid-perl libdata-dump-perl \
libfile-copy-recursive-perl git libgtk2.0-dev curl
libfile-copy-recursive-perl git libgtk2.0-dev curl runc
Starting a build
......@@ -184,18 +183,6 @@ of files and containers that would be removed without doing it, you can
use 'make clean-dry-run'.
Multiple build directories on the same host
-------------------------------------------
You can do multiple builds of Tor Browser in different directories on
the same host. However the docker images namespace is global, so you
may have some conflicts with the same image names used by the
different builds. By default, the docker images are prefixed with
tor-browser_$USER. You can change this prefix by defining the
docker_image_prefix option in rbm.local.conf, using a different prefix
for each of your build directories.
Common Build Errors
-------------------
......
# vim: filetype=yaml sw=2
version: 2.24
filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
remote_docker: 1
var:
configure_opt: '--disable-multilib --enable-gold --enable-deterministic-archives --enable-plugins'
container:
use_container: 1
targets:
windows-i686:
......@@ -15,7 +16,7 @@ input_files:
sig_ext: sig
file_gpg_id: 1
gpg_keyring: binutils.gpg
- project: docker-image
- project: container-image
- filename: enable-reloc-section-ld.patch
enable: '[% c("var/windows") %]'
- filename: peXXigen.patch
......
......@@ -5,7 +5,9 @@ git_hash: 'v[% c("version") %]'
tag_gpg_id: 1
gpg_keyring: cmake.gpg
filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
remote_docker: 1
var:
container:
use_container: 1
input_files:
- project: docker-image
- project: container-image
{
"ociVersion": "1.0.0-rc1",
"platform": {
"os": "linux",
"arch": "amd64"
},
"process": {
"terminal": true,
"user": {
"uid": 0,
"gid": 0
},
"args": [
"/rbm/run"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"cwd": "/",
"capabilities": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE",
"CAP_SETGID",
"CAP_SETUID",
"CAP_MKNOD",
"CAP_SYS_CHROOT",
[% IF c("var/container/CAP_SYS_ADMIN") -%]
"CAP_SYS_ADMIN",
[% END -%]
"CAP_FSETID",
"CAP_FOWNER",
"CAP_DAC_OVERRIDE",
"CAP_CHOWN"
],
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 1024,
"soft": 1024
}
],
"noNewPrivileges": true
},
"root": {
"path": "rootfs",
"readonly": false
},
"hostname": "runc",
"mounts": [
{
"destination": "/proc",
"type": "proc",
"source": "proc"
},
{
"type": "bind",
"source": "/etc/resolv.conf",
"destination": "/etc/resolv.conf",
"options": [
"rbind",
"ro"
]
},
{
"destination": "/dev",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"nosuid",
"strictatime",
"mode=755",
"size=65536k"
]
},
{
"destination": "/dev/pts",
"type": "devpts",
"source": "devpts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620",
"gid=5"
]
},
{
"destination": "/dev/shm",
"type": "tmpfs",
"source": "shm",
"options": [
"nosuid",
"noexec",
"nodev",
"mode=1777",
"size=65536k"
]
},
{
"destination": "/dev/mqueue",
"type": "mqueue",
"source": "mqueue",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys",
"type": "sysfs",
"source": "sysfs",
"options": [
"nosuid",
"noexec",
"nodev",
"ro"
]
},
{
"destination": "/sys/fs/cgroup",
"type": "cgroup",
"source": "cgroup",
"options": [
"nosuid",
"noexec",
"nodev",
"relatime",
"ro"
]
}
],
"hooks": {},
"linux": {
"resources": {
"devices": [
{
"allow": false,
"access": "rwm"
}
]
},
"namespaces": [
{
"type": "pid"
},
{
"type": "ipc"
},
{
"type": "uts"
},
{
"type": "mount"
}
],
"maskedPaths": [
"/proc/kcore",
"/proc/latency_stats",
"/proc/timer_stats",
"/proc/sched_debug"
],
"readonlyPaths": [
"/proc/asound",
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
},
"solaris": {
"cappedCPU": {},
"cappedMemory": {}
}
}
#!/bin/sh
set -e
# Doing nothing
# vim: filetype=yaml sw=2
filename: '[% sha256(c("pre")).substr(0, 12) %]'
remote_docker: 1
docker_save_image: '[% c("docker_image_prefix") %]:[% c("filename") %]'
filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %]-[% sha256(c("pre")).substr(0, 12) %].tar.gz'
pkg_type: build
docker_image: '[% c("lsb_release/id").lower %]:[% c("lsb_release/release") %]'
var:
container:
use_container: 1
suite: '[% pc(c("origin_project"), "var/container/suite") %]'
arch: '[% pc(c("origin_project"), "var/container/arch") %]'
lsb_release:
id: '[% pc(c("origin_project", { no_distro => 1 }), "lsb_release/id", { no_distro => 1 }) %]'
release: '[% pc(c("origin_project", { no_distro => 1 }), "lsb_release/release", { no_distro => 1 }) %]'
codename: '[% pc(c("origin_project", { no_distro => 1 }), "lsb_release/codename", { no_distro => 1 }) %]'
id: Debian
codename: wheezy
release: 7.11
pre: |
#!/bin/sh
# [% c('docker_image') %]
# [% c('var/container/suite') %]
set -e
[% IF c('lsb_release/release') == '14.10' -%]
sed -i 's/archive\.ubuntu\.com/old-releases.ubuntu.com/' /etc/apt/sources.list
[% END -%]
[% IF pc(c('origin_project'), 'var/pre_pkginst') -%]
[% pc(c('origin_project'), 'var/pre_pkginst') %]
[% END -%]
[% IF c('lsb_release/id') == 'Ubuntu' || c('lsb_release/id') == 'Debian' %]
[% IF c("var/container/suite") == "precise" -%]
export INITRD=no
mkdir -p /etc/container_environment
echo -n no > /etc/container_environment/INITRD
dpkg-divert --local --rename --add /sbin/initctl
ln -s /bin/true /sbin/initctl
dpkg-divert --local --rename --add /usr/bin/ischroot
ln -sf /bin/true /usr/bin/ischroot
cat >> /etc/apt/sources.list << EOF
deb http://archive.ubuntu.com/ubuntu/ precise-updates main
deb-src http://archive.ubuntu.com/ubuntu/ precise-updates main
deb http://archive.ubuntu.com/ubuntu/ precise universe
deb-src http://archive.ubuntu.com/ubuntu/ precise universe
deb http://archive.ubuntu.com/ubuntu/ precise-updates universe
deb-src http://archive.ubuntu.com/ubuntu/ precise-updates universe
deb http://archive.ubuntu.com/ubuntu/ precise-security main
deb-src http://archive.ubuntu.com/ubuntu/ precise-security main
deb http://archive.ubuntu.com/ubuntu/ precise-security universe
deb-src http://archive.ubuntu.com/ubuntu/ precise-security universe
EOF
[% END -%]
apt-get update -y
apt-get upgrade -y
[% END %]
[%
deps = [];
IF pc(c('origin_project'), 'var/deps');
......@@ -49,3 +69,18 @@ pre: |
[% IF pc(c('origin_project'), 'var/post_pkginst') -%]
[% pc(c('origin_project'), 'var/post_pkginst') %]
[% END -%]
remote_get: |
#!/bin/sh
set -e
[%
SET src = shell_quote(c('get_src', { error_if_undef => 1 }));
SET dst = shell_quote(c('get_dst', { error_if_undef => 1 }));
-%]
mkdir -p "[% dst %]"
sudo tar -C "[% c("var/container/dir") %]/rootfs" -czf "[% dst %]/[% c("filename") %]" .
input_files:
- project: debootstrap-image
target:
- '[% c("var/container/suite") %]-[% c("var/container/arch") %]'
#!/bin/sh
set -e
# Doing nothing
# vim: filetype=yaml sw=2
filename: 'container-image_[% c("var/container/suite") %]-[% c("var/container/arch") %].tar.gz'
pkg_type: build
var:
ubuntu_version: 17.04
container_dir: '[% c("tmp_dir") %]/rbm-containers/[% sha256(c("build_id")) %]'
container_user: rbm
container:
use_container: 1
# We need CAP_SYS_ADMIN for debootstrap to work
CAP_SYS_ADMIN: 1
pre: |
#!/bin/sh
set -e
apt-get update -y
apt-get install -y debian-archive-keyring ubuntu-keyring debootstrap
debootstrap --arch=[% c("var/container/arch") %] [% c("var/container/debootstrap_opt") %] [% c("var/container/suite") %] base-image [% c("var/container/debootstrap_mirror") %]
tar -C ./base-image -czf [% dest_dir %]/[% c("filename") %] .
targets:
wheezy-amd64:
var:
container:
suite: wheezy
arch: amd64
jessie-amd64:
var:
container:
suite: jessie
arch: amd64
precise-amd64:
var:
container:
suite: precise
arch: amd64
debootstrap_opt: --keyring=/usr/share/keyrings/ubuntu-archive-removed-keys.gpg
utopic-amd64:
var:
container:
suite: utopic
arch: amd64
debootstrap_mirror: http://old-releases.ubuntu.com/ubuntu/
input_files:
- URL: 'http://cdimage.ubuntu.com/ubuntu-base/releases/[% c("var/ubuntu_version") %]/release/ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
filename: 'container-image_ubuntu-base-[% c("var/ubuntu_version") %]-base-amd64.tar.gz'
sha256sum: df2c8fd540e474b8e1e29c0db8ed6b43a932918f1b9a8149bb82104a7c07ba2a
#!/bin/sh
set -e
echo 1 > [% dest_dir %]/[% c('filename') %]
echo Creating [% dest_dir %]/[% c('filename') %]
......@@ -3,16 +3,17 @@ version: '[% c("abbrev") %]'
git_url: https://github.com/agl/ed25519.git
git_hash: c4161f4c7483313562781c61b9a20aba73daf9de
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
remote_docker: 1
build: '[% c("projects/go/var/build_go_lib") %]'
var:
container:
use_container: 1
go_lib: github.com/agl/ed25519
go_lib_install:
- github.com/agl/ed25519/extra25519
input_files:
- project: docker-image
- project: container-image
- name: go
project: go
......@@ -5,7 +5,6 @@ git_hash: 'tor-browser-[% c("var/firefox_version") %]-[% c("var/torbrowser_branc
tag_gpg_id: 1
git_url: https://git.torproject.org/tor-browser.git
gpg_keyring: torbutton.gpg
remote_docker: 1
var:
firefox_version: 52.1.0esr
......@@ -19,6 +18,8 @@ var:
- autoconf2.13
- yasm
- python
container:
use_container: 1
targets:
nightly:
......@@ -74,7 +75,7 @@ targets:
martools_filename: mar-tools-win32.zip
input_files:
- project: docker-image
- project: container-image
- name: '[% c("var/compiler") %]'
project: '[% c("var/compiler") %]'
- filename: get-moz-build-date
......
......@@ -3,8 +3,9 @@ version: '[% c("abbrev") %]'
git_url: https://github.com/googlei18n/noto-fonts.git
git_hash: 720e34851382ee3c1ef024d8dffb68ffbfb234c2
filename: "[% project %]-[% c('version') %]-[% c('var/build_id') %].tar.gz"
remote_docker: 1
var:
container:
use_container: 1
noto_fonts_hinted:
- Arimo-Regular.ttf
- Arimo-Bold.ttf
......@@ -85,7 +86,7 @@ targets:
- NotoSansYi-Regular.ttf
input_files:
- project: docker-image
- project: container-image
- URL: https://github.com/googlei18n/noto-emoji/raw/2f1ffdd6fbbd05d6f382138a3d3adcd89c5ce800/fonts/NotoEmoji-Regular.ttf
sha256sum: 415dc6290378574135b64c808dc640c1df7531973290c4970c51fdeb849cb0c5
enable: '[% c("var/linux") %]'
......
# vim: filetype=yaml sw=2
filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
version: 5.1.0
remote_docker: 1
var:
container:
use_container: 1
configure_opt: --enable-multilib --enable-languages=c,c++ --with-arch_32=i686
deps:
- build-essential
......@@ -42,6 +43,6 @@ targets:
var:
configure_opt: --disable-multilib --enable-languages=c,c++
input_files:
- project: container-image
- URL: 'https://ftp.gnu.org/gnu/gcc/gcc-[% c("version") %]/gcc-[% c("version") %].tar.bz2'
sha256sum: b7dafdf89cbb0e20333dbf5b5349319ae06e3d1a30bf3515b5488f7e89dca5ad
- project: docker-image
# vim: filetype=yaml sw=2
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
version: 5.1.3
remote_docker: 1
var:
container:
use_container: 1
targets:
linux:
......@@ -9,9 +12,9 @@ targets:
configure_opt_gmp: --enable-fat
input_files:
- project: container-image
- name: gmp
URL: 'https://ftp.gnu.org/gnu/gmp/gmp-[% c("version") %].tar.bz2'
sha256sum: 752079520b4690531171d0f4532e40f08600215feefede70b24fabdc6f1ab160
- name: '[% c("var/compiler") %]'
project: '[% c("var/compiler") %]'
- project: docker-image
......@@ -3,11 +3,12 @@ version: '[% c("abbrev") %]'
git_url: https://github.com/keroserene/go-webrtc.git
git_hash: ab1b64862e0c4b4182010699911c2c5818f0a101
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
remote_docker: 1
build: '[% c("projects/go/var/build_go_lib") %]'
var:
container:
use_container: 1
go_lib: github.com/keroserene/go-webrtc
build_go_lib_pre: |
[% pc(c('var/compiler'), 'var/setup', { compiler_tarfile => c('input_files_by_name/' _ c('var/compiler')) }) %]
......@@ -43,7 +44,7 @@ targets:
- lib32stdc++6
input_files:
- project: docker-image
- project: container-image
- name: go
project: go
- name: webrtc
......
# vim: filetype=yaml sw=2
version: 1.7.5
filename: '[% project %]-[% c("version") %]-[% c("var/build_id") %].tar.gz'
remote_docker: 1
var:
go14_version: 1.4.3
container:
use_container: 1
setup: |
mkdir -p /var/tmp/dist
......@@ -69,7 +70,7 @@ targets:
GOARCH: 386
input_files:
- project: docker-image
- project: container-image
- name: '[% c("var/compiler") %]'
project: '[% c("var/compiler") %]'
enable: '[% c("var/windows") || c("var/osx") %]'
......
......@@ -3,14 +3,15 @@ version: '[% c("abbrev") %]'
git_url: https://github.com/pkg/errors
git_hash: 248dadf4e9068a0b3e79f02ed0a610d935de5302
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
remote_docker: 1
build: '[% c("projects/go/var/build_go_lib") %]'
var:
container:
use_container: 1
go_lib: github.com/pkg/errors
input_files:
- project: docker-image
- project: container-image
- name: go
project: go
......@@ -3,18 +3,19 @@ version: '[% c("abbrev") %]'
git_url: https://github.com/constabulary/gb
git_hash: 06cc925cce6592e922dcc4839a8b44feb384e71e
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'
remote_docker: 1
build: '[% c("projects/go/var/build_go_lib") %]'
var:
container:
use_container: 1
go_lib: github.com/constabulary/gb
go_lib_install: github.com/constabulary/gb/cmd/gb
go_lib_deps:
- goerrors
input_files:
- project: docker-image
- project: container-image
- name: go
project: go
- name: goerrors
......
......@@ -5,14 +5,15 @@ git_hash: '[% c("version") %]'
tag_gpg_id: 1
gpg_keyring: goptlib.gpg
filename: '[% project %]-[% c("version") %]-[% c("var/osname") %]-[% c("var/build_id") %].tar.gz'