Mailinglist Archive: opensuse-buildservice (64 mails)

< Previous Next >
Re: [opensuse-buildservice] Internet Access Inside Workers
On Samstag, 14. März 2020, 06:38:01 CET wrote Neal Gompa:
On Fri, Mar 13, 2020 at 4:13 PM Kyle Edwards <kyle.edwards@xxxxxxxxxxx> wrote:

Hello all,

I am currently evaluating OBS for an internal Debian/Ubuntu package
building system, and am very pleased with what I see so far.

My use case requires the code running inside the workers to have access
to the internet, but in my testing, the package tests failed due to
lack of internet connectivity. This will be an internal OBS instance
running only trusted code, and we have Buildbot instances which serve a
similar purpose, so I am not very concerned with the security
implications of allowing connectivity inside the worker. Is there a
configuration option to allow this, or is this something I would need
to implement myself? Thanks in advance.

You will need to implement a mechanism yourself. Unlike the COPR
system, OBS provides no configuration mechanism for doing this because
it is intended to be a secure build environment.

well, the build script is supporting network enabled builds.

Kyle may run a worker either in chroot or patch bs_worker to use
--vm-net option of the build script.

We could also make this a bs_worker option to offer this.

But it is true that it breaks the concept of guaranteed reproducability,
so at least it will never be allowed for any official (open)SUSE
distribution package...


Adrian Schroeter
email: adrian@xxxxxxx

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284
(AG Nürnberg)

Maxfeldstraße 5
90409 Nürnberg

To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups