On Mon, 2020-04-06 at 11:25 +0200, Dr. Werner Fink wrote:
Hi,
accordingly to https://en.opensuse.org/openSUSE:Build_Service_Concept_SourceService there is a possibilty to run pre_checkin.sh scripts via a service.
But in the following decription there exists no explanation nor an example how this supposed to work ... also the command
osc api /service
does not show anything about this feature, maybe as it is local only. If so I'd like to see how this can be automatically done at checkin time.
I don't think anybody ever implemented that service - and I'd be really concerned by it, security wise. A simple 'osc branch; fix; osc ci' - and any randomly present pre_checkin.sh file being executed on my machine? no thanks! Also, that would certainly never be executed server side - for the same reason. Running a random, untrusted script would require OBS to spawn a VM for every checkin to somewhat contain what the script can do. That would turn our really expensive action. For many of the pre_checkin.sh - containing packages it is often rather simple to move to _multibuild; most pre_checkin.sh I'd seen only toggle some flag at the beginning of a spec file, but otherwise have exact copies of the spec. The only drawback here: you might make my life (and I return yours) more miserable when we have to deal with separation in rings (e.g: I can't split flavors between ring0 and ring1, so multibuild is no option there; we have some logic to 'disable' a flavor inside the ring if it's something we don't want to care for that much) Hope that helps, Dominique