Setup a new nightly build machine
I am currently running nightly builds at http://f4amtbsowhix7rrf.onion/. I think someone else from Tor Browser team should setup a new nightly build machine.
To do that the ansible scripts in directory tools/ansible
can be used:
https://gitweb.torproject.org/builders/tor-browser-build.git/tree/tools/ansible
You will need to:
- if the host does not have a public IP address, you can install tor and setup an onion service on the http port (this part is not done in ansible)
- add a new host in the
inventory
file - configure this host in your
~/.ssh/config
file if necessary (if the hostname added to theinventory
file is not a real hostname), and make sure that you can connect to the host withssh root@$hostname
- copy the file
boklm-tbb-nightly-build.yml
to an other name - copy the directory
group_vars/boklm-tbb-nightly
to another group name, and update the configuration intbb-nightly-build.yml
- configure email on the host. This can be done in ansible with the file
dma.yml
. The email password (if needed) is stored encrypted indma-auth.yml
in the directoryvaulted_vars
(see https://docs.ansible.com/ansible/latest/cli/ansible-vault.html), and the password to decrypt the vault is passed with the--vault-password-file
argument in the Makefile (maybe it's also possible to storedma-auth.yml
outside tor-browser-build.git without using vault). Alternatively you can configure email on the host without using ansible, by removing themta
role from the*-tbb-nightly-build.yml
file. - in the
Makefile
add a new *-tbb-nightly-build rule - run "make *-tbb-nightly-build"
- if you enabled
nightly_build_sign_build
intbb-nightly-build.yml
, connect to the host and become thetbb-nightly
user and generate a new gpg key (the key is not created automatically by ansible)