Patchwatcher security improvements
dank at kegel.com
Wed Sep 10 07:09:08 CDT 2008
On Wed, Sep 10, 2008 at 5:06 AM, Vit Hrachovy <vit.hrachovy at sandbox.cz> wrote:
> I can see the way how to use pbuilder/pdebuild toolchain on dedicated user
> account in Debian to automate this in pretty safe and easy way.
> pbuilder uses fakeroot/chroot for this and its use is a nobrainer, hellish
> easy and effective.
> But this is limited to Debian systems only.
> Positive is that we still have access to 3DHW (although not
Yes. We used pbuilder in the automated test for zumastor, and
were tied to Debian as a result. We obviously need to
avoid requiring that for patchwatcher, which has to
run on non-Debian systems.
(BTW, we had some difficulty with unreliable distribution mirrors;
the only way to get pbuilder to be reliable was to point to a local
archive of all the packages.)
> Anybody has experience with User-mode Linux kernels for that?
That's getting even further away from the hardware...
> IMO there is no silver bullet to bite all problems on all OS.
> We can build OS-specific toolchains around patchwatcher and I think that's
> more viable alternative.
Indeed. After I finish refactoring patchwatcher, the build slaves
will be pretty simple, and it'll be easy to put together custom
build slaves for various environments. In particular, a pbuilder-based
build slave for Debian / Ubuntu seems like a good idea (as long
as you use a local package archive to avoid the flakiness I mentioned
More information about the wine-devel