Patchwatcher security improvements

Dan Kegel dank at
Wed Sep 10 07:09:08 CDT 2008

On Wed, Sep 10, 2008 at 5:06 AM, Vit Hrachovy <vit.hrachovy at> wrote:
> I can see the way how to use pbuilder/pdebuild toolchain on dedicated user
> account in Debian to automate this in pretty safe and easy way.
> pbuilder uses fakeroot/chroot for this and its use is a nobrainer, hellish
> easy and effective.
> But this is limited to Debian systems only.
> Positive is that we still have access to 3DHW (although not
> concurrent/parallel).

Yes.  We used pbuilder in the automated test for zumastor, and
were tied to Debian as a result.  We obviously need to
avoid requiring that for patchwatcher, which has to
run on non-Debian systems.
(BTW, we had some difficulty with unreliable distribution mirrors;
the only way to get pbuilder to be reliable was to point to a local
archive of all the packages.)

> Anybody has experience with User-mode Linux kernels for that?

That's getting even further away from the hardware...

> IMO there is no silver bullet to bite all problems on all OS.
> We can build OS-specific toolchains around patchwatcher and I think that's
> more viable alternative.

Indeed.    After I finish refactoring patchwatcher, the build slaves
will be pretty simple, and it'll be easy to put together custom
build slaves for various environments.  In particular, a pbuilder-based
build slave for Debian / Ubuntu seems like a good idea (as long
as you use a local package archive to avoid the flakiness I mentioned
- Dan

More information about the wine-devel mailing list