[Buildbot-devel] Has anyone looked at changing buildbot to use ssh to connect to the slaves?

Nathaniel Smith njs at pobox.com
Wed Mar 26 11:50:13 UTC 2008

On Wed, Mar 26, 2008 at 07:27:06AM -0400, Douglas Philips wrote:
> Personally I would not contribute an idle machine if I had to give  
> out ssh access. How would I really control what that is being used  
> for? Sure, I could find out -all- the commands that the buildmaster  
> currently needs to execute, set up a chroot "jail" and configure ssh  
> to permit only those commands du jour, but that is far too much  
> hassle. 

Err, your buildmaster is running commands like "check out code from
this remote repository that I don't control and then execute that code
on my machine", right?  Unless you want to set up a full-fledged VM,
running a buildslave and allowing ssh access are pretty much
equivalent as far as security goes.

I've actually requested before that the buildmaster *get* interactive
access to a shell on buildslaves, just because it would save so many
hours (and hours and hours) of trying to debug build configurations.

> How would I take my build-slave off-line during the days  
> while I use it and bring back on-line at night? I'd have to turn off  
> ssh access, or maybe disable the account, or play other games. Urgh.

Fair points.

-- Nathaniel

Electrons find their paths in subtle ways.

More information about the devel mailing list