On 06/26/2013 04:53 PM, seth vidal wrote:
1. remember that the user can add random repos to their mock configs
in
addition to the urls for their own srpms. Those repos can be from
anywhere - not just from coprs. This is on purpose - so we can support
a wide variety of systems and packages - w/ buildreqs from all over.
Why we have such requirement? None build service (including very open
OBS) allows this.
For example OBS allow to build to very wide scale of repositories: Arch,
Debian, Suse, Fedora, RHEL, Mandriva, Ubuntu and many others. But they
always have to be added by build service administrator first.
2. uploading a 400-1GB pkg to cloud-fe will murder it. Fetching the
file
and putting limits on the fetch are MUCH easier
Why? We will have to have work with big packages anyway. For example
package 0ad-data have more than 1GB. I do not see difference if this
file is downloaded by builder or uploaded to cloud-fe. OK there is
subtle difference, we will not need to store src.rpm. But it will be
max. 1/2 of stored data. If you build for more targets (which most user
will) then it will be e.g 1/8 of data. So I do not see problem here.
BTW: We will need some storage with terabytes of free space for sure. Do
we have some? Or I have to start looking around?
3. the whole point of evil in the builder is that we don't care -
the
builders are destroyed once they are used and they do not contain ANY
sensitive information. Furthermore, they are timed out if they are
hanging out for too long.
But the timeout is few hours. And how many builders we will have? OBS
have 400. We will start will smaller number.
I (as attacker) would care less about sensitive information (there is
only one, hard to get, require a lot of work). I would rather welcome
the possibility to get bunch of machines for few hours for free. And
once they timeout I can get them again in few minutes. Ideal for some
botnet or as source of DOS attack.
Remember coprs is not koji and koji is not coprs. Coprs is not a
koji
replacement. Coprs is for the space that Koji does not want to and
should not occupy - The untrusted build.
Koji is about creating trusted builds from trusted sources and trusted
contributors.
Coprs is about building pkgs from untrusted sources and
potentially untrusted contributors. This is why we don't touch the rpm
on any system AS an rpm. We only deal with it as files.
Therefore our whole environment should be more secure than environment
of Koji. Including builders.
So if we were to implement your suggestions we would eliminate:
1. external repositories of any kind
fine with me.
2. pkgs above a certain size
why? I see no problem with
uploading file with GB size.
3. pkgs requiring interesting network access to build.
Such
packages exist? Can you give me example. This is given as case of
bad packing on every packaging workshop.
Does that help explain?
Little bit. Lets continue with
discussion :)
Mirek