Sorry for the delay.
On Monday, September 19, 2016 3:59:57 PM CEST Miroslav Suchý wrote:
> Dne 16.9.2016 v 17:00 Pavel Raiskup napsal(a):
> > Hi all,
> >
> > this is probably proper place for such discussions -- I am curious what is
> > the
> > plan with Docker stuff within Copr project.
> >
> > Do you plan to make Fedora's copr hardly dependant on Docker images?
>
> You mean the commit 25c7d91bfdc895bb0d63f3b06fa1399b507fff14 ?
It is related, but the question is rather general. I would like to know
whether we plan to "dockerize" more stuff, etc.
> Previous week we worked on Mock security issue. This is fixed now. However it
> raised the question: is it smart to run mock-scm, pyp2rpm, gem2spec...
> directly on copr-dist-git machine?
Yup, copr-dist-git machine should share code, shouldn't generate anything
at all, similarly to Fedora's dist-git (if I understand the koji process
correctly).
> It is run under non-privileged user, but still... I can think about some
> attack vectors. For obvious reasons I will not disclose them publicly.
>
> So we wanted to build SRPM in environment, which will be discarded after SRPM
> build and hard to escape. There are several ways how to implement it. But we
> chosen builds in Docker container. It will be used just for SRPM build.
> Nothing more. Is it problem for you?
This is rather unrelated to my original question, but I dislike that, as
IMO srpms should be build elsewhere, not on dist-git machine. The other
question is how good isolation the docker actually is, I'll ping you
off-list.
Pavel
___
copr-devel mailing list -- copr-devel@lists.fedorahosted.org
To unsubscribe send an email to copr-devel-le...@lists.fedorahosted.org
