Re: [Emc-developers] the buildbot machine is ready

2008-11-15 Thread Alex Joni
This is surely OT for the emc list, so further replies/comments will be off list. Just this last one on the list ;) >> > Let me tell you, from PERSONAL experience, that there are professional > bank criminals that are searching the net continuously for systems with > Jon > > I'm still looking for

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread Sebastian Kuzminsky
Lawrence Glaister wrote: > It seems like a buildbot would be a great application to put on a live > CD image have it boot and run possibly even no hard drive. It > would even be possible to setup a cron job to reboot (view as purging > memory based nasties). It is hard to hack a cdrom files

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread Lawrence Glaister
It seems like a buildbot would be a great application to put on a live CD image have it boot and run possibly even no hard drive. It would even be possible to setup a cron job to reboot (view as purging memory based nasties). It is hard to hack a cdrom filesystem!. cheers On Fri, 2008-11

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread Michael Buesch
On Friday 14 November 2008 23:34:27 Jon Elson wrote: > Michael Buesch wrote: > > I don't think there is a solution for this, however. > > If you want to run a component of the repository (be it the makefile or > > the setuid programs itself) as root, you need to trust your committer. > > > You c

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread Jon Elson
Michael Buesch wrote: > I don't think there is a solution for this, however. > If you want to run a component of the repository (be it the makefile or > the setuid programs itself) as root, you need to trust your committer. > You can set sudo to allow only specific programs from specific direct

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread Jon Elson
John Kasunich wrote: > This part raises a red flag for me, as I mentioned on IRC last night. > > If you set this passwordless sudo, then it is theoretically possible for > somebody to check a trojan makefile into our CVS, and a few minutes > later it would run on your box as root. If your buildb

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread Sebastian Kuzminsky
Kirk Wallace wrote: > On Fri, 2008-11-14 at 14:14 -0700, Sebastian Kuzminsky wrote: >> Stephen Wille Padnos wrote: >>> Yeah, RT testing opens up interesting issues. What if some RT module >>> crashes the machine? Also the testing can't be comprehensive, since the >>> buildbot machines are unlik

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread Michael Buesch
On Friday 14 November 2008 21:58:56 Stephen Wille Padnos wrote: > These scripts don't run on the CVS server, Ok, I thought this would run on the machine running the server. -- Greetings Michael. - This SF.Net email is spons

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread Kirk Wallace
On Fri, 2008-11-14 at 14:14 -0700, Sebastian Kuzminsky wrote: > Stephen Wille Padnos wrote: > > Yeah, RT testing opens up interesting issues. What if some RT module > > crashes the machine? Also the testing can't be comprehensive, since the > > buildbot machines are unlikely to have any hardwar

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread Sebastian Kuzminsky
Stephen Wille Padnos wrote: > Yeah, RT testing opens up interesting issues. What if some RT module > crashes the machine? Also the testing can't be comprehensive, since the > buildbot machines are unlikely to have any hardware other than a > parallel port (if that), so we can't actually test a

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread Stephen Wille Padnos
Michael Buesch wrote: >On Friday 14 November 2008 21:09:43 John Kasunich wrote: > > >>Sebastian Kuzminsky wrote: >> >> >>> # let the farm user run "sudo make setuid" without a password by >>>adding this line to /etc/sudoers: >>> farmer ALL = ALL, NOPASSWD: /usr/bin/make setuid >>> >

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread Michael Buesch
On Friday 14 November 2008 21:09:43 John Kasunich wrote: > Sebastian Kuzminsky wrote: > > > # let the farm user run "sudo make setuid" without a password by > > adding this line to /etc/sudoers: > > farmer ALL = ALL, NOPASSWD: /usr/bin/make setuid > > > > This part raises a red flag f

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread Chris Radek
On Fri, Nov 14, 2008 at 03:09:43PM -0500, John Kasunich wrote: > I'm not sure if sim-only system need to > run the make setuid step or not. Nope. - This SF.Net email is sponsored by the Moblin Your Move Developer's challen

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread John Kasunich
Sebastian Kuzminsky wrote: > # let the farm user run "sudo make setuid" without a password by > adding this line to /etc/sudoers: > farmer ALL = ALL, NOPASSWD: /usr/bin/make setuid > This part raises a red flag for me, as I mentioned on IRC last night. If you set this passwordless su

Re: [Emc-developers] the buildbot machine is ready

2008-11-14 Thread Jeff Epler
To the extent that it makes sense, scripts like these should be in the 'infrastructure' repository of the emc2 cvs server. Jeff - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest

[Emc-developers] the buildbot machine is ready

2008-11-14 Thread Sebastian Kuzminsky
John Kasunich and I talked about playing some more with Buildbot as a way to move the emc2 compile farm forward. We're not going to turn the existing compile farm off (at least not yet); we're going to stand up a parallel system and see if it's good enough to switch over t