On 2010-12-08 at 13:07-05 seth vidal <skvidal@xxxxxxxxxxxxxxxxx> wrote:
> the mock chroots that koji uses could still be rooted by someone who
> can submit their own build-requirement-providing packages.
Well, we vet all packages our developers submit before releasing them
to our repositories, so we would catch a developer submitting (e.g.) a
suid-bash-shell-1.0.0-1.el5.x86_64.rpm package.
Does koji provide a mechanism for the submitter to specify his own yum
repositories for mock to use?
> in order to protect the builders they must be:
>
> 1. disposable
> 2. in a vm
>
> or possibly both.
Well, the ultimate protection would be to use this procedure for each
build:
1. Instantiate VMs for all architectures specified by the build,
via cloning "known good" build VMs.
2. Use koji to build on each VM.
3. Destroy each VM that was instantiated.
But that's some *serious* overhead. Plus, I'm not sure that we could
automate steps #1 and #3, which would be a dealbreaker.
Honestly, given current trends, it might be that before too much
longer, the best solution might be to simply give each developer his
own VM for each OS/architecture he wants to build for, and tell him to
use mock directly. Before each build, he snapshots the VM, and after
each build, he reverts to the snapshot (discarding whatever changes
the build process made to the system)...
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
