[Mageia-dev] Will this work for a build system?
ghibomgx at gmail.com
Mon Sep 27 11:51:19 CEST 2010
2010/9/27 Michael Scherer <misc at zarb.org>
> Le lundi 27 septembre 2010 à 03:19 +0200, vfmBOFH a écrit :
> > What about virtualization?
> > Maybe we could set-up some kind of cluster of remote and dedicated
> > vm's as a
> > unique build system. Could be a good workaround over security and
> > integrity issues, 'cause we are using a "single" build system.
> Well, how do you garantee that the person who have physical access do
> not mess with the vm image ?
> Look at libvirt developers blog ( http://rwmj.wordpress.com/ ) to see
> how easy it can be to externally mess with a virtual instance if you are
> root on the host computer.
> Michael Scherer
The only way of doing this is NOT letting anyone packaging or uploading a
tarball. Just have two different building system. One "secure" and the other
of contributors (not unsecure, but with less checking). The secure one would
download the tarball automatically from the original repositories:
e.g.: suppose there is a package SPEC file containing:
An automatic system would try to retrieve from the http://blabla.com/ site
http://blabla.com/openssh-5.5-1.tar.xz, or if not exists
http://blabla.com/openssh-5.5-1.tar. Then would retrieve the signature
http://blabla.com/openssh-5.5.1.tar.sig and would check with the one from
the Database of signatures which has been already populated on the secure
system. If the signatures checking would match, then tarball would be
uploaded to the "secure" system svn and used for building instead of the one
from the contributor/package maintainer.
[Of course the system would fail if the package maintainer has downloaded
the source tarball from the svn and not from a canonical repository, and to
be further secure this system would require also signing of Patches].
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Mageia-dev