[Buildbot-devel] Build step confirmation on slaves, was Re: Some questions

Dennis Schridde devurandom at gmx.net
Fri Jun 20 13:40:39 UTC 2008


Am Freitag, 20. Juni 2008 15:29:21 schrieb Dustin J. Mitchell:
> On Fri, Jun 20, 2008 at 5:58 AM, Dennis Schridde <devurandom at gmx.net> wrote:
> > I assume this is probably a feature request:
> > Is it possible for buildslave admins to verify the commands their slaves
> > will be running?
>
> The problem is, even if the command is just "make", someone who owns
> the buildmaster can still take over the buildslaves by just providing
> a different Makefile.  And obviously the source is going to change
> from build to build, so there's no way to checksum and verify that.
The slave-admin might be informed about Makefile changes via a commit 
mailinglist. But sure, this does not make your next paragraph less valid.

> I think that buildbot itself is insecure just by the nature of what it
> does.  You should protect the buildmaster, and ensure that the user
> running buildslave on the slaves is well-locked-down.
Sometimes it is also simply that the buildsteps as provided by the master will 
not work on the slave. (I.e. whoever wrote the commands, did not know exactly 
how the slave was setup.)
In that case it might be helpful to inform the slave-admin immediately, 
instead of after the weekly job has failed.

Just an idea. And I also figured that buildbot cannot be fully safe, this 
method is just the safest way I could think of, which does not disturb the 
normal flow and the idea behind it.

--Dennis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://buildbot.net/pipermail/devel/attachments/20080620/ff6308d5/attachment.bin>


More information about the devel mailing list