launchpad-dev team mailing list archive
-
launchpad-dev team
-
Mailing list archive
-
Message #01689
Re: Immediate plan for Build Farm generic jobs
William Grant wrote:
> Rather than something strange like this, why not allow the SPN to be
> created at recipe-registration time? That seems substantially cleaner,
> and it's not as if the SPN namespace is exactly clean even now.
It won't work because it needs to traverse through a
DistributionSourcePackage object. Just creating the SPN is not nearly
enough.
>> Presumably we'll need a buildd-slave SSH key that can access everything?
>
> That's impossible, unless you start doing stuff outside the VM. That
That was the idea.
> sounds like a recipe for trouble. In a later email, you suggested
> chroots. chroots do not help. They are simple to break out of.
Yes, but we cannot arrive at a sensible solution without considering all
the alternatives.
> The only solution that I see as feasible is doing something rather like
> P3As: HTTPS with per-branch credentials. I initially considered that
> buildd-manager should grant and revoke these credentials on a per-job
> basis, but I guess a branch's buildd key doesn't ever actually need to
> change.
Yes I was trying to think of something comparable to the way we do P3As.
We could also have a private branch server inside the DC that has no
restrictions. I don't really know enough about how that stuff works so
I'm really happy to have someone that does just come up with a solution ;)
> Where will they be signed? It cannot be anywhere on the slaves.
Can you expand on this? I'm sure there's a good reason but it's late
and my brain hurts.
> Remember
> that we already have lots of unsigned sources in LP (mostly syncs), and
> that hasn't been much of a problem.
Indeed, but if we can easily come up with a solution to sign these then
we should do it!
Follow ups
References