← Back to team overview

launchpad-dev team mailing list archive

Re: Immediate plan for Build Farm generic jobs

 

William Grant wrote:
> Rather than something strange like this, why not allow the SPN to be
> created at recipe-registration time? That seems substantially cleaner,
> and it's not as if the SPN namespace is exactly clean even now.

It won't work because it needs to traverse through a
DistributionSourcePackage object.  Just creating the SPN is not nearly
enough.

>> Presumably we'll need a buildd-slave SSH key that can access everything?
> 
> That's impossible, unless you start doing stuff outside the VM. That

That was the idea.

> sounds like a recipe for trouble. In a later email, you suggested
> chroots. chroots do not help. They are simple to break out of.

Yes, but we cannot arrive at a sensible solution without considering all
the alternatives.

> The only solution that I see as feasible is doing something rather like
> P3As: HTTPS with per-branch credentials. I initially considered that
> buildd-manager should grant and revoke these credentials on a per-job
> basis, but I guess a branch's buildd key doesn't ever actually need to
> change.

Yes I was trying to think of something comparable to the way we do P3As.

We could also have a private branch server inside the DC that has no
restrictions.  I don't really know enough about how that stuff works so
I'm really happy to have someone that does just come up with a solution ;)

> Where will they be signed? It cannot be anywhere on the slaves.

Can you expand on this?  I'm sure there's a good reason but it's late
and my brain hurts.

> Remember
> that we already have lots of unsigned sources in LP (mostly syncs), and
> that hasn't been much of a problem.

Indeed, but if we can easily come up with a solution to sign these then
we should do it!



Follow ups

References