blob: 7cce400ff3003b073ddb7be6a773be5aba0e494e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
<br><br><div class="gmail_quote">2010/9/27 Michael Scherer <span dir="ltr"><<a href="mailto:misc@zarb.org">misc@zarb.org</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Le lundi 27 septembre 2010 à 03:19 +0200, vfmBOFH a écrit :<br>
<div class="im">> What about virtualization?<br>
><br>
> Maybe we could set-up some kind of cluster of remote and dedicated<br>
> vm's as a<br>
> unique build system. Could be a good workaround over security and<br>
> integrity issues, 'cause we are using a "single" build system.<br>
<br>
</div>Well, how do you garantee that the person who have physical access do<br>
not mess with the vm image ?<br>
<br>
Look at libvirt developers blog ( <a href="http://rwmj.wordpress.com/" target="_blank">http://rwmj.wordpress.com/</a> ) to see<br>
how easy it can be to externally mess with a virtual instance if you are<br>
root on the host computer.<br>
--<br>
<font color="#888888">Michael Scherer<br>
</font><div><div></div><br></div></blockquote><div><br>The only way of doing this is NOT letting anyone packaging or uploading a tarball. Just have two different building system. One "secure" and the other of contributors (not unsecure, but with less checking). The secure one would download the tarball automatically from the original repositories:<br>
<br>e.g.: suppose there is a package SPEC file containing:<br><br>Source: <a href="http://blabla.com/openssh-5.5-1.tar.xz">http://blabla.com/openssh-5.5-1.tar.xz</a><br>Source1: <a href="http://blabla.com/openssh-5.5.1.tar.sig">http://blabla.com/openssh-5.5.1.tar.sig</a><br>
<br>An automatic system would try to retrieve from the <a href="http://blabla.com/">http://blabla.com/</a> site the packages<br><a href="http://blabla.com/openssh-5.5-1.tar.xz">http://blabla.com/openssh-5.5-1.tar.xz</a>, or if not exists <a href="http://blabla.com/openssh-5.5-1.tar.bz2">http://blabla.com/openssh-5.5-1.tar.bz2</a> or <a href="http://blabla.com/openssh-5.5-1.tar.gz">http://blabla.com/openssh-5.5-1.tar.gz</a> or <a href="http://blabla.com/openssh-5.5-1.tar">http://blabla.com/openssh-5.5-1.tar</a>. Then would retrieve the signature <a href="http://blabla.com/openssh-5.5.1.tar.sig">http://blabla.com/openssh-5.5.1.tar.sig</a> and would check with the one from the Database of signatures which has been already populated on the secure system. If the signatures checking would match, then tarball would be uploaded to the "secure" system svn and used for building instead of the one from the contributor/package maintainer.<br>
<br>[Of course the system would fail if the package maintainer has downloaded the source tarball from the svn and not from a canonical repository, and to be further secure this system would require also signing of Patches].<br>
<br>Bye.<br>Giuseppe.<br><br></div></div>
|
