FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 12-08-2010, 05:03 PM
James Ralston
 
Default hosted reproducible package building with multiple developers?

Riddle me this.

We want to provide a server for developers within our organization to
build RPM packages for use within our organization.

These are our requirements:

1. The developers must not be able to leverage the package build
process to obtain root access on the server.

2. If a package has a build dependency that is not explicitly
specified, the build must fail.

3. If two developers are building packages simultaneously, their
builds must not conflict.

The only way satisfy requirements #2 and #3 is to use a chroot'ed
build environment.

mock(1) uses a chroot'ed build environment, but mock fails requirement
#1, as anyone in the "mock" group can trivially root the box.

I think that koji would satisfy all three requirements, because koji
uses mock to build, but doesn't allow developers to interface with
mock directly. But setting up a koji infrastructure seems like a
highly non-trivial task.

Is there really no way to meet all three of these requirements without
going the full-blown koji route?

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 12-08-2010, 05:07 PM
seth vidal
 
Default hosted reproducible package building with multiple developers?

On Wed, 2010-12-08 at 13:03 -0500, James Ralston wrote:
> Riddle me this.
>
> We want to provide a server for developers within our organization to
> build RPM packages for use within our organization.
>
> These are our requirements:
>
> 1. The developers must not be able to leverage the package build
> process to obtain root access on the server.
>
> 2. If a package has a build dependency that is not explicitly
> specified, the build must fail.
>
> 3. If two developers are building packages simultaneously, their
> builds must not conflict.
>
> The only way satisfy requirements #2 and #3 is to use a chroot'ed
> build environment.
>
> mock(1) uses a chroot'ed build environment, but mock fails requirement
> #1, as anyone in the "mock" group can trivially root the box.
>
> I think that koji would satisfy all three requirements, because koji
> uses mock to build, but doesn't allow developers to interface with
> mock directly. But setting up a koji infrastructure seems like a
> highly non-trivial task.
>
> Is there really no way to meet all three of these requirements without
> going the full-blown koji route?
>

the mock chroots that koji uses could still be rooted by someone who can
submit their own build-requirement-providing packages.

in order to protect the builders they must be:
1. disposable
2. in a vm

or possibly both.

-sv


--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 12-08-2010, 05:07 PM
seth vidal
 
Default hosted reproducible package building with multiple developers?

On Wed, 2010-12-08 at 13:03 -0500, James Ralston wrote:
> Riddle me this.
>
> We want to provide a server for developers within our organization to
> build RPM packages for use within our organization.
>
> These are our requirements:
>
> 1. The developers must not be able to leverage the package build
> process to obtain root access on the server.
>
> 2. If a package has a build dependency that is not explicitly
> specified, the build must fail.
>
> 3. If two developers are building packages simultaneously, their
> builds must not conflict.
>
> The only way satisfy requirements #2 and #3 is to use a chroot'ed
> build environment.
>
> mock(1) uses a chroot'ed build environment, but mock fails requirement
> #1, as anyone in the "mock" group can trivially root the box.
>
> I think that koji would satisfy all three requirements, because koji
> uses mock to build, but doesn't allow developers to interface with
> mock directly. But setting up a koji infrastructure seems like a
> highly non-trivial task.
>
> Is there really no way to meet all three of these requirements without
> going the full-blown koji route?
>

the mock chroots that koji uses could still be rooted by someone who can
submit their own build-requirement-providing packages.

in order to protect the builders they must be:
1. disposable
2. in a vm

or possibly both.

-sv


--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 12:42 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org