Feature changed by: Ravi Kumar (rkumar1) Feature #308074, revision 8 Title: Provide way to do a local build and upload the binaries to the repository Buildservice: Unconfirmed Priority Requester: Important Requested by: Sankar P (psankar) Description: Most of my time in build service is spent in seeing "Scheduled" There are always 1000s of packages waiting in queue for i586 and x86_64. I have a pretty powerful machine and would like to do my own local build and upload the binaries to the project repository. Discussion: #1: Pavol Rusnak (prusnak) (2009-10-12 22:20:30) I think this is not going to happen because of the security implications. #2: Nikanth K (nikanth) (2009-10-13 05:32:20) one could upload malware One could upload software which violates license, copyright etc... Even GPL software without the correct source Defeats build service.. What you are asking is an FTP server, and an easy mechanism to upload local builds from `osc build` which should be advertised with big fat warnings... but I am not sure about usefulness of it... Anyway if some one trusts you, just do an osc build and provide the RPMs using some other means #3: Sankar P (psankar) (2009-10-13 07:42:22) I dont understand how this could lead to security implications. I am not asking everyone to provide a way to upload binaries for every project in OBS. Whatever project I am the Maintainer of , I should be able to upload the binaries. Even now, I can upload whatever I want in my home:<user> project (license violation, non-gpl-non-foss-binaries etc.) and create an RPM packaging the binary-crud I uploaded and make it available via the repositories. So, providing the ability to upload locally built binaries in no way increases any security issues, imho. Or do I miss something more that someone can explain me ? #4: Sankar P (psankar) (2009-10-13 17:23:04) If there are still some concerns, this feature may be restricted to home: projects. I find it increasingly frustrating to jsut see "scheduled" for sometimes 2 days in a row. #5: Ravi Kumar (rkumar1) (2009-10-13 17:29:09) I agree with sankar. It takes days long to get a build . We should be allowed I know we can do a build locally , howver if there is another package like plugins depending on the main package in a project. Until main package gets built on server , plugins cant be built locally. #6: Sankar P (psankar) (2009-10-13 17:34:19) (reply to #5) I think doing a osc local build for the base package and then for the plugin package using the "--prefer-pkg" could solve the issue. but not sure. In autobuild there used to be a (--prefer-rpms) + #8: Ravi Kumar (rkumar1) (2009-10-20 15:20:04) (reply to #6) + Sankar , this is solved iff and only if these two are in 2 different + subprojects . If they are in same sub package , it fails as main + package is not built on the server. I have filed another fate for + this. #7: Boyd Gerber (gerberb) (2009-10-13 18:12:07) This is very similar to the feature to have distributed OBS services. The problem comes down to trust. How do you know that the macine not under the current OBS is doing the right thing. It is possible for someone to insert malware into the remote BS. We talked about this with building a build farm for packages that can not be hostsed on the OBS for various reasons. For example license or patented projects are not allowed. So we wanted to use systems in area's where it is legal to do it. We found that we needed to find a way to securely build the packages. The problem is any one on the machine with root privleages could go in to the chroot jail and make changes. So how do we form this trust and prevent someone inserting malware. We really could not. That is why I think this feature really be longs under the feature request for distributed BS. That is local BS doing what currently the OBS is unable to do at this time. Whetere it is load, or not allowed per the black list of projects. -- openSUSE Feature: https://features.opensuse.org/308074