Sorry for the delay. On Monday, September 19, 2016 3:59:57 PM CEST Miroslav Suchý wrote: > Dne 16.9.2016 v 17:00 Pavel Raiskup napsal(a): > > Hi all, > > > > this is probably proper place for such discussions -- I am curious what is > > the > > plan with Docker stuff within Copr project. > > > > Do you plan to make Fedora's copr hardly dependant on Docker images? > > You mean the commit 25c7d91bfdc895bb0d63f3b06fa1399b507fff14 ?
It is related, but the question is rather general. I would like to know whether we plan to "dockerize" more stuff, etc. > Previous week we worked on Mock security issue. This is fixed now. However it > raised the question: is it smart to run mock-scm, pyp2rpm, gem2spec... > directly on copr-dist-git machine? Yup, copr-dist-git machine should share code, shouldn't generate anything at all, similarly to Fedora's dist-git (if I understand the koji process correctly). > It is run under non-privileged user, but still... I can think about some > attack vectors. For obvious reasons I will not disclose them publicly. > > So we wanted to build SRPM in environment, which will be discarded after SRPM > build and hard to escape. There are several ways how to implement it. But we > chosen builds in Docker container. It will be used just for SRPM build. > Nothing more. Is it problem for you? This is rather unrelated to my original question, but I dislike that, as IMO srpms should be build elsewhere, not on dist-git machine. The other question is how good isolation the docker actually is, I'll ping you off-list. Pavel _______________________________________________ copr-devel mailing list -- copr-devel@lists.fedorahosted.org To unsubscribe send an email to copr-devel-le...@lists.fedorahosted.org
