blob: 8b70ff6ac71d37294767a4db3ebe8a057438dfd2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
- bbot security considerations [idea]
* Probably the only way to build and more importantly run tests for untrusted
packages is in a throw-away virtual machine. I.e., clone the VM, build a
package (or a group of packages from the same group/vendor), and then throw
it away.
Immediate questions are how to extract the result and allow downloading of
dependent packages (if the network is locked down). We could probably mount
the image and copy the result out manually; a bit hairy but secure.
Will also probably have to limit the VM's execution time.
We could try to run VM on a ramdisk to minimize SSD wear. Or use ZFS (COW).
* We could reboot the VM in "no network" mode; i.e., first fetch all the
packages, reboot, then build.
* We could fetch all the packages (on host) and only then start the VM. The
problem will be conditional dependencies. Ideally we would want to cache
all of them (including conditional) and then make bpkg in the VM use the
cache.
|
