diff options
Diffstat (limited to 'zarb-ml/mageia-dev/20100927/000299.html')
| -rw-r--r-- | zarb-ml/mageia-dev/20100927/000299.html | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/20100927/000299.html b/zarb-ml/mageia-dev/20100927/000299.html new file mode 100644 index 000000000..e219c60d8 --- /dev/null +++ b/zarb-ml/mageia-dev/20100927/000299.html @@ -0,0 +1,132 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Will this work for a build system? + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Will%20this%20work%20for%20a%20build%20system%3F&In-Reply-To=%3C201009271131.19089.bgmilne%40multilinks.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="000296.html"> + <LINK REL="Next" HREF="000310.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Will this work for a build system?</H1> + <B>Buchan Milne</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Will%20this%20work%20for%20a%20build%20system%3F&In-Reply-To=%3C201009271131.19089.bgmilne%40multilinks.com%3E" + TITLE="[Mageia-dev] Will this work for a build system?">bgmilne at multilinks.com + </A><BR> + <I>Mon Sep 27 12:31:18 CEST 2010</I> + <P><UL> + <LI>Previous message: <A HREF="000296.html">[Mageia-dev] Will this work for a build system? +</A></li> + <LI>Next message: <A HREF="000310.html">[Mageia-dev] Will this work for a build system? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#299">[ date ]</a> + <a href="thread.html#299">[ thread ]</a> + <a href="subject.html#299">[ subject ]</a> + <a href="author.html#299">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On Monday, 27 September 2010 10:51:19 Giuseppe Ghibò wrote: +><i> 2010/9/27 Michael Scherer <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">misc at zarb.org</A>> +</I>><i> +</I>><i> > Le lundi 27 septembre 2010 à 03:19 +0200, vfmBOFH a écrit : +</I>><i> > > What about virtualization? +</I>><i> > > +</I>><i> > > Maybe we could set-up some kind of cluster of remote and dedicated +</I>><i> > > vm's as a +</I>><i> > > unique build system. +</I> +Are you familiar with how the Mandriva build cluster worked? If not, you +should try and familiarise yourself with it first. While there are areas for +improvement, most of the time it worked very effectively. + +><i> > > Could be a good workaround over security and +</I>><i> > > integrity issues, 'cause we are using a "single" build system. +</I> +You need to explain further how "remote" VMs can be used to workaround +security issues ... + +><i> > Well, how do you garantee that the person who have physical access do +</I>><i> > not mess with the vm image ? +</I> +Again, as I said earlier, you need to be able to maintain the entire integrity +of the build environment/tool chain, not just the source of software being +compiled (to avoid trojaned compiler, possibly injected by trojan hypervisor +etc.). + +><i> > Look at libvirt developers blog ( <A HREF="http://rwmj.wordpress.com/">http://rwmj.wordpress.com/</A> ) to see +</I>><i> > how easy it can be to externally mess with a virtual instance if you are +</I>><i> > root on the host computer. +</I> +><i> The only way of doing this is NOT letting anyone packaging or uploading a +</I>><i> tarball. +</I> +This is not the only requirement. + +><i> Just have two different building system. One "secure" and the +</I>><i> other of contributors (not unsecure, but with less checking). The secure +</I>><i> one would download the tarball automatically from the original +</I>><i> repositories: +</I>><i> +</I>><i> e.g.: suppose there is a package SPEC file containing: +</I>><i> +</I>><i> Source: <A HREF="http://blabla.com/openssh-5.5-1.tar.xz">http://blabla.com/openssh-5.5-1.tar.xz</A> +</I>><i> Source1: <A HREF="http://blabla.com/openssh-5.5.1.tar.sig">http://blabla.com/openssh-5.5.1.tar.sig</A> +</I>><i> +</I>><i> An automatic system would try to retrieve from the <A HREF="http://blabla.com/">http://blabla.com/</A> site +</I>><i> the packages +</I>><i> <A HREF="http://blabla.com/openssh-5.5-1.tar.xz,">http://blabla.com/openssh-5.5-1.tar.xz,</A> or if not exists +</I>><i> <A HREF="http://blabla.com/openssh-5.5-1.tar.bz2">http://blabla.com/openssh-5.5-1.tar.bz2</A> or +</I>><i> <A HREF="http://blabla.com/openssh-5.5-1.tar.gz">http://blabla.com/openssh-5.5-1.tar.gz</A> or +</I>><i> <A HREF="http://blabla.com/openssh-5.5-1.tar.">http://blabla.com/openssh-5.5-1.tar.</A> Then would retrieve the signature +</I>><i> <A HREF="http://blabla.com/openssh-5.5.1.tar.sig">http://blabla.com/openssh-5.5.1.tar.sig</A> and would check with the one from +</I>><i> the Database of signatures which has been already populated on the secure +</I>><i> system. If the signatures checking would match, then tarball would be +</I>><i> uploaded to the "secure" system svn and used for building instead of the +</I>><i> one from the contributor/package maintainer. +</I>><i> +</I>><i> [Of course the system would fail if the package maintainer has downloaded +</I>><i> the source tarball from the svn and not from a canonical repository, and to +</I>><i> be further secure this system would require also signing of Patches]. +</I> +IMHO, you should also keep the public keys of tarball signers. Please have a +look at the samba SPEC file, which does verification of the tarball signature +during %prep. In conjunction with the existing build tools (repsys/mdvsys +etc.), a single command ('mdvsys update samba xxx') currently (usually) +updates and submits the package, and building it at any time validates the +source tarball. + +Actually, I still need to petition other security-sensitive packages which +have previously said that tarball signing is irrelevant (due to the problem of +first establishing trust of public keys etc.). + +Regards, +Buchan +</PRE> + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="000296.html">[Mageia-dev] Will this work for a build system? +</A></li> + <LI>Next message: <A HREF="000310.html">[Mageia-dev] Will this work for a build system? +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#299">[ date ]</a> + <a href="thread.html#299">[ thread ]</a> + <a href="subject.html#299">[ subject ]</a> + <a href="author.html#299">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |