summaryrefslogtreecommitdiff
path: root/bbot/security
blob: 8b70ff6ac71d37294767a4db3ebe8a057438dfd2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
- bbot security considerations [idea]

* Probably the only way to build and more importantly run tests for untrusted
  packages is in a throw-away virtual machine. I.e., clone the VM, build a
  package (or a group of packages from the same group/vendor), and then throw
  it away.

  Immediate questions are how to extract the result and allow downloading of
  dependent packages (if the network is locked down). We could probably mount
  the image and copy the result out manually; a bit hairy but secure.

  Will also probably have to limit the VM's execution time.

  We could try to run VM on a ramdisk to minimize SSD wear. Or use ZFS (COW).

* We could reboot the VM in "no network" mode; i.e., first fetch all the
  packages, reboot, then build.

* We could fetch all the packages (on host) and only then start the VM. The
  problem will be conditional dependencies. Ideally we would want to cache
  all of them (including conditional) and then make bpkg in the VM use the
  cache.