[Mageia-sysadm] About build system setup
nicolas vigier
boklm at mars-attacks.org
Sun Oct 31 21:28:41 CET 2010
Hello,
After some discussions tonight with blino on IRC about build system,
some infos :
* contrary to Mandriva build system, for better security, only admins
will have shell access to the build nodes and valstar. We should provide
Cauldron nodes for packagers to test builds, but it will be on separate
servers.
* to submit builds, packagers will use "mdvsys/repsys submit" from their
computer, or from Cauldron test nodes. mdvsys/repsys require ssh to
connect to valstar and run youri wrapper. We will setup a restricted
shell to only allow commands needed by mdvsys/repsys, and ssh/git
(valstar is also the svn/git server). On Mandriva svn server we used
this script as the default shell to restrict to only ssh/git commands :
http://svn.gna.org/svn/savane/trunk/backend/accounts/sv_membersh.pl
We can update this script to also allow commands used by mdvsys/repsys.
* On Mandriva build system we had one ~mandrake user doing everything
(build bots, scheduler, mirrors, sign packages ...). Now we can split
this to have one user for each task. We can have the following users :
- buildbot (to run iurt on build nodes)
- schedbot (youri/ulri/emi)
- signbot (sign packages)
However we already have a mirror user on valstar. Is it ok, or should
we rename it to "mirrorbot" ? Or remove the "bot" suffix from other
users ?
Nicolas
More information about the Mageia-sysadm
mailing list