Aaron Bentley wrote: > For trusted machines, we can grant them access to the internal http > hosting that provides access to everything. This is used by loggerhead, > for example. The problem is that the build slaves are not trusted > machines-- they run arbitrary code. > > Perhaps we can upload the branches to the slaves instead of allowing the > slaves to download them? That would reduce the scope for mischief to > disclosing the contents of the private branches related to the recipe.
We can't do that, the we can only tell the slaves where to get the files from, which right now is just a URL to the librarian or a repo in the case of private PPAs. In the latter case, the URL has got basic auth info in it. If we do it through a trusted key we might be able to keep that key outside of the chroot to stop Mr Naughty Recipe from going rogue. I'll talk to Lamont (our buildd guy) about this today and see if he has any ideas. > >> Hopefully yes. One thing that we need to make sure of is that *all* >> build jobs must have a determinate build time. > > By this, you mean an ETA, or time-to-build? Time to build. We aggregate these times to give a build start "ETA". J _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
