hosted reproducible package building with multiple developers?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Riddle me this.

We want to provide a server for developers within our organization to
build RPM packages for use within our organization.

These are our requirements:

    1.  The developers must not be able to leverage the package build
        process to obtain root access on the server.

    2.  If a package has a build dependency that is not explicitly
        specified, the build must fail.

    3.  If two developers are building packages simultaneously, their
        builds must not conflict.

The only way satisfy requirements #2 and #3 is to use a chroot'ed
build environment.

mock(1) uses a chroot'ed build environment, but mock fails requirement
#1, as anyone in the "mock" group can trivially root the box.

I think that koji would satisfy all three requirements, because koji
uses mock to build, but doesn't allow developers to interface with
mock directly.  But setting up a koji infrastructure seems like a
highly non-trivial task.

Is there really no way to meet all three of these requirements without
going the full-blown koji route?

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux