[Buildbot-devel] slave connection over ssl possible?

Andy Howell AndyHowell at austin.rr.com
Tue Oct 13 06:14:09 UTC 2009

> I've had a couple of more security-minded folks complain about the
> unencrypted slave connection, particularly because there's a password
> involved. (telling them that the buildslave password is really there
> just to discourage block-the-real-slave nuisances doesn't seem to
> mollify them). I know people who've wanted to use the buildbot on
> closed-source projects and send e.g. SVN username/password to the
> buildslaves, but were worried about who might be able to see them. And I
> can imagine closed-but-distributed projects that want to run buildslaves
> outside of their secure LAN and not expose their code to anyone else,
> who would be worried both about traffic on the wire and false slaves
> pretending to be real ones to get access to repository information
> and/or credentials.

Brian & Jean-Paul,

I'm one of those people :) That's what got me started on this topic. I've got a couple 
build machines at a remote site.

I've hacked it to make it work over SSL, but a proper fix requires more thought.
The master side works fine by specifying the port in the format defined in 

c['slavePortnum'] = "ssl:9989:privateKey=mykey.pem:certKey=mycert.pem"

To make the sendchange and the slaves work requires replacing the connectTCP and TCPClient 
calls to their SSL counterparts. The downside of the hack is that the slave and sendchange 
only work with SSL, and it wouldn't support certs on the slave side.

It looks to me like the strport methods only work on the server side. I would need to make 
the equivalent mechanism for the client side.

Ideally the master could listen on a regular TCP connection and an SSL one. Only 
connections over the internet would need SSL. The c['slavePortNum'] could be a list.

Does this seem like a reasonable set of changes to make?

Here are all the places that use connectTCP or TCPClient.

clients.sendchange.Sender.send()  	( changed )


slave.bot.BuildSlave.__init__  ( changed )
status.words.IRC.__init__   ??
test.test_config.ConfigTest.TCPlients - new test for SSL?

Terrible hack:

diff -u buildbot/clients/sendchange.py.org buildbot/clients/sendchange.py
--- buildbot/clients/sendchange.py.org	2009-10-12 23:56:13.000000000 -0500
+++ buildbot/clients/sendchange.py	2009-10-13 00:02:48.000000000 -0500
@@ -2,6 +2,7 @@
  from twisted.spread import pb
  from twisted.cred import credentials
  from twisted.internet import reactor
+from twisted.internet.ssl import ClientContextFactory

  class Sender:
      def __init__(self, master, user=None):
@@ -20,7 +21,8 @@

          f = pb.PBClientFactory()
          d = f.login(credentials.UsernamePassword("change", "changepw"))
-        reactor.connectTCP(self.host, self.port, f)
+        cf=ClientContextFactory()
+        reactor.connectSSL(self.host, self.port, f, cf)
          d.addCallback(self.addChange, change)
          return d

diff -u buildbot/slave/bot.py.org buildbot/slave/bot.py
--- buildbot/slave/bot.py.org	2009-10-12 23:20:28.000000000 -0500
+++ buildbot/slave/bot.py	2009-10-13 00:16:52.000000000 -0500
@@ -8,6 +8,7 @@
  from twisted.internet import reactor, defer
  from twisted.application import service, internet
  from twisted.cred import credentials
+from twisted.internet.ssl import ClientContextFactory

  from buildbot.util import now
  from buildbot.pbutil import ReconnectingPBClientFactory
@@ -483,7 +484,8 @@
          self.umask = umask
          bf = self.bf = BotFactory(keepalive, keepaliveTimeout, maxdelay)
          bf.startLogin(credentials.UsernamePassword(name, passwd), client=bot)
-        self.connection = c = internet.TCPClient(buildmaster_host, port, bf)
+        cf=ClientContextFactory()
+        self.connection = c = internet.SSLClient(buildmaster_host, port, bf, cf)

      def waitUntilDisconnected(self):



More information about the devel mailing list