Opened 3 years ago

Closed 2 years ago

#21824 closed task (fixed)

Investigate using runc instead of docker

Reported by: boklm Owned by: boklm
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: TorBrowserTeam201705
Cc: Actual Points:
Parent ID: #17379 Points:
Reviewer: Sponsor:

Description

In the rbm based build system, we are currently using docker to run the builds in containers. We could use runc instead of docker to run the containers:
https://runc.io/

Packages for runc are available for Debian in the jessie-backports repository.

Ubuntu provides some base images as tar.gz, signed with gpg, that we can use as the containers rootfs:
http://cdimage.ubuntu.com/ubuntu-base/releases/

Debian does not seem to provide the same base images. However, we can generate some using debootstrap from an Ubuntu container.

Using runc instead of docker to start the containers would have some advantages:

  • this avoids having to trust the debian and ubuntu images from the docker repository. Instead we can use an image directly from ubuntu.
  • the container images would be stored in the out/ directory, rather than in /var/lib/docker, which make cleaning easier.
  • running i386 containers with runc seems to be working. Using an i386 container would simplify the build of linux32 versions of Tor Browser.

Child Tickets

Change History (4)

comment:1 Changed 3 years ago by gk

Keywords: TorBrowserTeam201704 added; TorBrowserTeam201703 removed

Remmove remaining tickets over to April

comment:2 Changed 2 years ago by boklm

Branch bug_21824_v2 has a commit doing that:
https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_21824_v2&id=099f6bcff717bb59c6e9f00a00857df2b2d91063

In this branch we are now using runc.io instead of docker. We are starting with an Ubuntu 17.04 image which we download from cdimage.ubuntu.com, and use it in a runc container to generate with debootstrap the Ubuntu and Debian images that we need.

With this change we are now able to run i386 containers.

comment:3 Changed 2 years ago by gk

Keywords: TorBrowserTeam201705 added; TorBrowserTeam201704 removed

Moving our tickets to May 2017.

comment:4 Changed 2 years ago by boklm

Resolution: fixed
Status: newclosed

This is done in commit 2d98c063010fc5b0f8da3e386587a501e27507b9.

Note: See TracTickets for help on using tickets.