launchpad-dev team mailing list archive

[Julian Edwards <julian.edwards@xxxxxxxxxxxxx>]

Aaron Bentley wrote:
> For trusted machines, we can grant them access to the internal http
> hosting that provides access to everything.  This is used by loggerhead,
> for example.  The problem is that the build slaves are not trusted
> machines-- they run arbitrary code.
> 
> Perhaps we can upload the branches to the slaves instead of allowing the
> slaves to download them?  That would reduce the scope for mischief to
> disclosing the contents of the private branches related to the recipe.

We can't do that, the we can only tell the slaves where to get the files
from, which right now is just a URL to the librarian or a repo in the
case of private PPAs.  In the latter case, the URL has got basic auth
info in it.

If we do it through a trusted key we might be able to keep that key
outside of the chroot to stop Mr Naughty Recipe from going rogue.  I'll
talk to Lamont (our buildd guy) about this today and see if he has any
ideas.

> 
>> Hopefully yes.  One thing that we need to make sure of is that *all*
>> build jobs must have a determinate build time.
> 
> By this, you mean an ETA, or time-to-build?

Time to build.  We aggregate these times to give a build start "ETA".

J