[Buildbot-devel] Questions: edit the standard pages and use osx server to serve Buildbot pages trough it

Thu Jan 27 20:28:40 UTC 2011

Fulvio Cervone <fcervone at me.com> writes:
> 
> On Jan 27, 2011, at 11:20 AM, tom fogal wrote:
> 
> > Fulvio Cervone <fcervone at me.com> writes:
> >> On Jan 27, 2011, at 9:36 AM, tom fogal wrote:
> >> 
> >>> Fulvio Cervone <fcervone at me.com> writes:
> >>> One alternative approach is to use apache or whatever you'd like
> >>> (i.e. OS X's builtin stuff) to serve up the directories buildbot
> >>> creates, so users could view all the log files on the standard http
> >>> port.
> >> 
> >> I am curious at this point to know how you all protect your
> >> buildbots....I as sume that you must have at least some sort of
> >> auth system to allow only few u sers to launch a build process or
> >> get info about what was committed and by wh o....
> > 
> > Users don't start builds.  Commits to the repository start builds.
> > 
> > It seems your main confusion is how a CI system works, in the above
> > regard; there really isn't any need for authorization, because
> > generally there are not any harmful bits exposed that someone could
> > fiddle with.
> 
> Well, I am aware of how the system works; probably I didn't explained myself 
> well enough and I apologize for that.
> 
> My point is that if i have my web server with my project running on
> the BB, called "my next secret application for mac"; and people
> can see on my buildbot page the name of the project, or see in the
> comments for the commits where t he other devs says "added feature to
> make coffee" or "improved the scan of th e barcode" and such; in fact
> they are gathering informations about my project , while is not time
> yet to make it public.

I think everyone else is a) installing BBot on a private network
(sounds impossible in your case) or b) using a firewall.  Just block
everything and list your users in an exception list.

> So my point is to protect my pages, so only people in my team can see
> what is going on, and they are not all on my network, so i must have
> the buildbot ru nning on a machine that is visible from outside (and
> osx server fits perfectly, at least from what i heard about it); so
> my next logical step was to just turn on ssl and use the encryption
> so i can allow only few people to see what is going on.

SSL couldn't do this anyway; SSL is about establishing trust with a
remote entity such that you can send it private data.  Of course, the
private data is commonly a password and many sites implement some kind
of `you need to be logged in to view this page', but the systems are
really orthogonal.

If restricting access is all you want I'd say just use something like
.htaccess.  I dunno (doubt) buildbot supports .htaccess, but of course
the external-server-serving-buildbot-logs scenario does.

> Then i was thinking that we could get other collaborators that would
> need lim ited access to what is going on; hence my idea to just
> protect some pages and modify others to give limited info about the
> buildbot activity.
>
> > Instead of trying to figure out how the entire system works: just
> > setup a buildbot.  Don't try to get it to slice your bread in
> > addition to running your builds; just get something that notices
> > you committed something, and builds it.  Then go back and tinker to
> > get things more like you want in the final system.
>
> Now I do not know if my use is compatible with what the Buildbot was
> planned to do, since I just started to use it less than 2 weeks ago;
> otherwise I gues s that I gotta find another bread slicer :)
>
> Sorry again for the confusion.

I'm sure many people have private buildbots and that it works fine for
them.

-tom