Re: [Emc-developers] the buildbot machine is ready

[Alex Joni]

This is surely OT for the emc list, so further replies/comments will be off 
list.
Just this last one on the list ;)
>>
> Let me tell you, from PERSONAL experience, that there are professional
> bank criminals that are searching the net continuously for systems with

> Jon
>
> I'm still looking for
> an even more robust scheme, some kind of challenge/response that doesn't
> require a computer to formulate the response.

Set up iptables to block everything (except public services like 80).
Then use a port knocking program to temporarly open up ssh (or whatever port 
you need) only on request.
Then you have a client for the knocking (on linux, windows, whatever) which 
sends some packets to a certain number of ports on your PC. Everything 
beeing blocked nothing happens, but the requests get logged, and the port 
knocking server looks int eh logs for certain patterns (say port 1000, 1200, 
1300, 1207, 1507, etc.).
Only when it sees a valid pattern it opens up port 22 for a couple of 
seconds. (or until the first connection is done).

It really feels like one of the more robust security systems.

Regards,
Alex


-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[Sebastian Kuzminsky]

Lawrence Glaister wrote:
> It seems like a buildbot would be a great application to put on a live
> CD image have it boot and run possibly even no hard drive. It
> would even be possible to setup a cron job to reboot (view as purging
> memory based nasties). It is hard to hack a cdrom filesystem!. 

It would be, except you need a little bit of local configuration: each 
buildslave needs its own login & password for offering its services to 
the buildmaster.  So that would have to be off the CD somewhere.

Maybe something like puppet could be used to distribute this information 
to the slaves dynamically... 


-- 
Sebastian Kuzminsky
how many no money boys are crazy how many boys are raw
how many no money boys are rowdy how many start a war

-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[Lawrence Glaister]

It seems like a buildbot would be a great application to put on a live
CD image have it boot and run possibly even no hard drive. It
would even be possible to setup a cron job to reboot (view as purging
memory based nasties). It is hard to hack a cdrom filesystem!. 
cheers


On Fri, 2008-11-14 at 23:47 +0100, Michael Buesch wrote:
> On Friday 14 November 2008 23:34:27 Jon Elson wrote:
> > Michael Buesch wrote:
> > > I don't think there is a solution for this, however.
> > > If you want to run a component of the repository (be it the makefile or
> > > the setuid programs itself) as root, you need to trust your committer.
> > >   
> > You can set sudo to allow only specific programs from specific 
> > directories to be executed.
> > That includes even specific system command, like cp, mv, mkdir, etc.
> 
> Yeah, well. But we _want_ the setuid applications from the emc2 repository
> to run as root. And a committer has full control over the sources... ;)
> No matter if you use sudo or some other mechanism.
> We use sudo in the first place to get setuid root bit set on those 
> applications
> the attacker has full sourcecode control over.
> 
> So the question really only is:
> 1) Do we need these root hacks do do proper tests?
> 2) If yes, can we setup a sandbox for the test?
>A an acceptable sandbox would probably only be to reset the complete
>harddisk image to a known state, make an emc2 checkout/compile/testrun
>and discard the harddisk contents.
> 
-- 

=
Lawrence Glaister VE7IT  mailto:[EMAIL PROTECTED]
1462 Madrona Drive   
Nanoose Bay, B.C.http://members.shaw.ca/swstuff 
Canada  V9P 9C9  http://gspy.sourceforge.net
=


-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[Michael Buesch]

On Friday 14 November 2008 23:34:27 Jon Elson wrote:
> Michael Buesch wrote:
> > I don't think there is a solution for this, however.
> > If you want to run a component of the repository (be it the makefile or
> > the setuid programs itself) as root, you need to trust your committer.
> >   
> You can set sudo to allow only specific programs from specific 
> directories to be executed.
> That includes even specific system command, like cp, mv, mkdir, etc.

Yeah, well. But we _want_ the setuid applications from the emc2 repository
to run as root. And a committer has full control over the sources... ;)
No matter if you use sudo or some other mechanism.
We use sudo in the first place to get setuid root bit set on those applications
the attacker has full sourcecode control over.

So the question really only is:
1) Do we need these root hacks do do proper tests?
2) If yes, can we setup a sandbox for the test?
   A an acceptable sandbox would probably only be to reset the complete
   harddisk image to a known state, make an emc2 checkout/compile/testrun
   and discard the harddisk contents.

-- 
Greetings Michael.

-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[Jon Elson]

Michael Buesch wrote:
> I don't think there is a solution for this, however.
> If you want to run a component of the repository (be it the makefile or
> the setuid programs itself) as root, you need to trust your committer.
>   
You can set sudo to allow only specific programs from specific 
directories to be executed.
That includes even specific system command, like cp, mv, mkdir, etc.

Jon

-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[Jon Elson]

John Kasunich wrote:
> This part raises a red flag for me, as I mentioned on IRC last night.
>
> If you set this passwordless sudo, then it is theoretically possible for 
> somebody to check a trojan makefile into our CVS, and a few minutes 
> later it would run on your box as root.  If your buildbot system is a 
> dedicated virtual machine used for nothing else, the risk is probably 
> tolerable.  I would NOT make this change to /etc/sudoers if "farmer" is 
> a user on a non-virtual machine that you use for other things.
>
>   
Let me tell you, from PERSONAL experience, that there are professional 
bank criminals that are searching the net continuously for systems with 
weaknesses they can exploit.  I put in denyhosts, and thought that 
cutting off all access to a particular IP address after 5 failed logins 
was sufficient to protect me.  Well, if a pro has several hundred 
compromised machines available, and the dedication to use them, that is 
not good enough.
They figure out how many login failures it takes to get bumped, and what 
the time is to reset those IPs to OK.  Then, they make a rolling attack, 
using N-1 attempts per IP per reset period.  I was oblivious as they 
were making several hundred attemps a day over 2 months before they 
finally got lucky and guessed my password.  Now, it takes only 3 login 
failures over 90 days to put you on the hosts.deny list.  I even get 
myself locked out every once in a while, and have to reset the counters.
> The odds of such a thing happening are slim - Joe Hacker can't commit a 
> trojan, only someone with commit access to the server could do it.  And, 
> the CVS logs would tell us exactly who it was, so we could give them the 
> beating they so richly deserve.  But the risk needs to be acknowledged.
>
>   
Yeah, it wouldn't be a real user, just somebody who broke a password.  
If they can get several hundred tries a day for months, they WILL get 
in, unless you have some really tough passwords.  I'm still looking for 
an even more robust scheme, some kind of challenge/response that doesn't 
require a computer to formulate the response.

Jon

-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[Sebastian Kuzminsky]

Kirk Wallace wrote:
> On Fri, 2008-11-14 at 14:14 -0700, Sebastian Kuzminsky wrote:
>> Stephen Wille Padnos wrote:
>>> Yeah, RT testing opens up interesting issues.  What if some RT module 
>>> crashes the machine?  Also the testing can't be comprehensive, since the 
>>> buildbot machines are unlikely to have any hardware other than a 
>>> parallel port (if that), so we can't actually test all of the RT drivers 
>>> anyway.
>> If a buildslave crashes, the buildmaster will notice it and send an 
>> email to the admin for that buildslave.
>>
>> And man oh man, I would love to set up a big Rube Goldberg machine to do 
>> actual physical-real-world testing.  Steppers turning shafts with 
>> encoders, motors moving levers into switches, etc etc.  It'd be awesome!
>>
>> You could have two machines next to each other, one running a trusted 
>> version of EMC2, administering the test to the experimental one.  You 
>> could do actual closed-loop validation of the whole system.
>>
>> Just need a patron to fund & house the test system...
> 
> I don't understand this thread that well, but what are the basics of
> what is needed? A pair of Internet accessible PC's running EMC2, stepper
> and servo axes? I have a T1, static IP's, second hand PC's and a few
> other bits.

Ignore my daydreaming above ;-)

What we could use right now is a couple of machines that can check out 
and compile our software, and can run python code (buildbot and 
twisted).  We dont need static IPs or anything fancy, though those 
things wont disqualify you.  It's good but not necessary if the machines 
can stay up and be connected to the net for long periods of time.

These computers would become "buildslaves", which means they'd be pretty 
similar to what "farm slots" are in the current Compile Farm.


-- 
Sebastian Kuzminsky
how many no money boys are crazy how many boys are raw
how many no money boys are rowdy how many start a war

-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[Michael Buesch]

On Friday 14 November 2008 21:58:56 Stephen Wille Padnos wrote:
> These scripts don't run on the CVS server,

Ok, I thought this would run on the machine running the server.

-- 
Greetings Michael.

-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[Kirk Wallace]

On Fri, 2008-11-14 at 14:14 -0700, Sebastian Kuzminsky wrote:
> Stephen Wille Padnos wrote:
> > Yeah, RT testing opens up interesting issues.  What if some RT module 
> > crashes the machine?  Also the testing can't be comprehensive, since the 
> > buildbot machines are unlikely to have any hardware other than a 
> > parallel port (if that), so we can't actually test all of the RT drivers 
> > anyway.
> 
> If a buildslave crashes, the buildmaster will notice it and send an 
> email to the admin for that buildslave.
> 
> And man oh man, I would love to set up a big Rube Goldberg machine to do 
> actual physical-real-world testing.  Steppers turning shafts with 
> encoders, motors moving levers into switches, etc etc.  It'd be awesome!
> 
> You could have two machines next to each other, one running a trusted 
> version of EMC2, administering the test to the experimental one.  You 
> could do actual closed-loop validation of the whole system.
> 
> Just need a patron to fund & house the test system...

I don't understand this thread that well, but what are the basics of
what is needed? A pair of Internet accessible PC's running EMC2, stepper
and servo axes? I have a T1, static IP's, second hand PC's and a few
other bits.

Kirk
http://www.wallacecompany.com/machine_shop/



-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[Sebastian Kuzminsky]

Stephen Wille Padnos wrote:
> Yeah, RT testing opens up interesting issues.  What if some RT module 
> crashes the machine?  Also the testing can't be comprehensive, since the 
> buildbot machines are unlikely to have any hardware other than a 
> parallel port (if that), so we can't actually test all of the RT drivers 
> anyway.

If a buildslave crashes, the buildmaster will notice it and send an 
email to the admin for that buildslave.

And man oh man, I would love to set up a big Rube Goldberg machine to do 
actual physical-real-world testing.  Steppers turning shafts with 
encoders, motors moving levers into switches, etc etc.  It'd be awesome!

You could have two machines next to each other, one running a trusted 
version of EMC2, administering the test to the experimental one.  You 
could do actual closed-loop validation of the whole system.

Just need a patron to fund & house the test system...


-- 
Sebastian Kuzminsky
how many no money boys are crazy how many boys are raw
how many no money boys are rowdy how many start a war

-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[Stephen Wille Padnos]

Michael Buesch wrote:

>On Friday 14 November 2008 21:09:43 John Kasunich wrote:
>  
>
>>Sebastian Kuzminsky wrote:
>>
>>
>>> # let the farm user run "sudo make setuid" without a password by 
>>>adding this line to /etc/sudoers:
>>> farmer ALL = ALL, NOPASSWD: /usr/bin/make setuid
>>>
>>>  
>>>
>>This part raises a red flag for me, as I mentioned on IRC last night.
>>
>>If you set this passwordless sudo, then it is theoretically possible for 
>>somebody to check a trojan makefile into our CVS, and a few minutes 
>>later it would run on your box as root.  If your buildbot system is a 
>>dedicated virtual machine used for nothing else, the risk is probably 
>>tolerable.  I would NOT make this change to /etc/sudoers if "farmer" is 
>>a user on a non-virtual machine that you use for other things.
>>
>>The odds of such a thing happening are slim - Joe Hacker can't commit a 
>>trojan, only someone with commit access to the server could do it.  And, 
>>the CVS logs would tell us exactly who it was, so we could give them the 
>>beating they so richly deserve.  But the risk needs to be acknowledged.
>>
>>
>They guy has root access to the machine, so he can manipulate the CVS database
>and obfuscate the commit.
>  
>
The CVS database isn't on any machine that a malicious committer has 
access to.  The attacker would only have root access on the slave 
machine, which uses an anonymous checkout from the CVS server.

>Heck, he can even start a telnet/ssh session or whatever. He's root!
>  
>
To what?  Again, the hypothetical attacker has no login for the CVS server.

>I don't think there is a solution for this, however.
>If you want to run a component of the repository (be it the makefile or
>the setuid programs itself) as root, you need to trust your committer.
>  
>
These scripts don't run on the CVS server, they run on machines that 
volunteers (like you :) ) would set up.  The potential issue is that 
you, as a volunteer, could allow root access to your machine.  That's 
why John K suggested that a safe thing to do is to use a VM only.

>You could run it in qemu or whatever, but what is it good for then, if you
>don't have the real hardware access to test RT...
>(Two seperate machines could be a solution, well...)
>
Yeah, RT testing opens up interesting issues.  What if some RT module 
crashes the machine?  Also the testing can't be comprehensive, since the 
buildbot machines are unlikely to have any hardware other than a 
parallel port (if that), so we can't actually test all of the RT drivers 
anyway.

- Steve


-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[Michael Buesch]

On Friday 14 November 2008 21:09:43 John Kasunich wrote:
> Sebastian Kuzminsky wrote:
> 
> >  # let the farm user run "sudo make setuid" without a password by 
> > adding this line to /etc/sudoers:
> >  farmer ALL = ALL, NOPASSWD: /usr/bin/make setuid
> > 
> 
> This part raises a red flag for me, as I mentioned on IRC last night.
> 
> If you set this passwordless sudo, then it is theoretically possible for 
> somebody to check a trojan makefile into our CVS, and a few minutes 
> later it would run on your box as root.  If your buildbot system is a 
> dedicated virtual machine used for nothing else, the risk is probably 
> tolerable.  I would NOT make this change to /etc/sudoers if "farmer" is 
> a user on a non-virtual machine that you use for other things.
> 
> The odds of such a thing happening are slim - Joe Hacker can't commit a 
> trojan, only someone with commit access to the server could do it.  And, 
> the CVS logs would tell us exactly who it was, so we could give them the 
> beating they so richly deserve.  But the risk needs to be acknowledged.

They guy has root access to the machine, so he can manipulate the CVS database
and obfuscate the commit.
Heck, he can even start a telnet/ssh session or whatever. He's root!

I don't think there is a solution for this, however.
If you want to run a component of the repository (be it the makefile or
the setuid programs itself) as root, you need to trust your committer.

You could run it in qemu or whatever, but what is it good for then, if you
don't have the real hardware access to test RT...
(Two seperate machines could be a solution, well...)

-- 
Greetings Michael.

-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[Chris Radek]

On Fri, Nov 14, 2008 at 03:09:43PM -0500, John Kasunich wrote:

> I'm not sure if sim-only system need to 
> run the make setuid step or not.

Nope.


-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[John Kasunich]

Sebastian Kuzminsky wrote:

>  # let the farm user run "sudo make setuid" without a password by 
> adding this line to /etc/sudoers:
>  farmer ALL = ALL, NOPASSWD: /usr/bin/make setuid
> 

This part raises a red flag for me, as I mentioned on IRC last night.

If you set this passwordless sudo, then it is theoretically possible for 
somebody to check a trojan makefile into our CVS, and a few minutes 
later it would run on your box as root.  If your buildbot system is a 
dedicated virtual machine used for nothing else, the risk is probably 
tolerable.  I would NOT make this change to /etc/sudoers if "farmer" is 
a user on a non-virtual machine that you use for other things.

The odds of such a thing happening are slim - Joe Hacker can't commit a 
trojan, only someone with commit access to the server could do it.  And, 
the CVS logs would tell us exactly who it was, so we could give them the 
beating they so richly deserve.  But the risk needs to be acknowledged.

Note that the "sudo make setuid" step of the build process is NOT needed 
if all we want to do is test compiles.  It IS needed if we want to run 
the test suite, which would be nice to do.  (The current compile farm is 
not running the test suite.)  I'm not sure if sim-only system need to 
run the make setuid step or not.

We'll be hashing out the details over the next few days.

Regards,

John Kasunich


-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

Re: [Emc-developers] the buildbot machine is ready

[Jeff Epler]

To the extent that it makes sense, scripts like these should be in the
'infrastructure' repository of the emc2 cvs server.

Jeff

-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers

[Emc-developers] the buildbot machine is ready

[Sebastian Kuzminsky]

John Kasunich and I talked about playing some more with Buildbot 
 as a way to move the emc2 compile farm forward. 
We're not going to turn the existing compile farm off (at least not 
yet); we're going to stand up a parallel system and see if it's good 
enough to switch over to.

I have set up a machine at  to that 
end.  It's running Ubuntu Server 8.04.1.  The CU firewall exceptions 
just went through, so both its webserver and the buildmaster are 
accessible directly over the net.  The old nappy URL is no longer needed.

I'm running two buildslaves as KVM VMs on my laptop whenever i'm in 
network range, but it would sure help if other folks ran some slaves too.

Buildslaves are easy and fun!  All you need is a computer that can run 
python, check out and compile our tree, and make outgoing TCP 
connections.  Slaves can be behind a NAT firewall.

Setting up buildslaves is easy.  You're welcome to have copies of my 
VMs, which will run anywhere with only minor tweaks.  Or you can install 
your own by using something like this untested procedure (sorry about 
the linebreaks):

 # disable the screensaver or set it to only blank the screen (not 
soak up CPU cycles with fancy eye candy)

 # make a dedicated user (by convention i've been calling the user 
"farmer", and that's what this document calls it, but you can use any 
name you want)

 # do a cvs checkout as farmer (in a throw-away directory out of the 
way) to make sure sure you can, and to make sure you have the ssh 
hostkey of the CVS machine
 cvs -d :ext:[EMAIL PROTECTED]:/cvs -z3 checkout -d 
/tmp/remove-this-dir emc2

 # install emc2 build deps: libpth-dev, tetex-extra
 cd debian; ./configure sim
 dpkg-checkbuilddeps
 apt-get install build-essential $WHATEVER_ELSE_IS_NEEDED

 # let the farm user run "sudo make setuid" without a password by 
adding this line to /etc/sudoers:
 farmer ALL = ALL, NOPASSWD: /usr/bin/make setuid

 # install buildbot.deb, on dapper you need to uncomment universe in 
sources.list
 apt-get install buildbot

 # you get these three variables from the buildmaster admin
 # on dapper and probably other older versions of buildbot, the 
command is just "slave" instead of "create-slave"
 # a reasonable standard for build-slave names might be: 
"distro(-rtai)?-arch", for example "Ubuntu6.06-rtai-x86" or 
"Ubuntu8.04-x86-64"
 buildbot create-slave ~/BuildBot/slave/$SLAVE_NAME $MASTER 
$SLAVE_NAME $SLAVE_PASSWORD

 # edit buildbot.tac to say "usepty = 0"
 vi ~/BuildBot/slave/$SLAVE_NAME/buildbot.tac

 # do this whenever you want your build-slave to be running, or (on 
Ubuntu Hardy at least) add it to /etc/default/buildbot
 buildbot start ~/BuildBot/slave/$SLAVE_NAME


Let's see how this goes!


-- 
Sebastian Kuzminsky
how many no money boys are crazy how many boys are raw
how many no money boys are rowdy how many start a war

-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
Emc-developers mailing list
Emc-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-developers