[Numpy-discussion] Buildbot for numpy

Albert Strasheim fullung@gmail....
Sun Jul 8 22:27:21 CDT 2007


Hello

On Mon, 02 Jul 2007, Barry Wark wrote:

> I have the potential to add OS X Server Intel (64-bit) and OS X Intel
> (32-bit) to the list, if I can convince my boss that the security risk

Sounds good. We could definitely use these platforms.

> (including DOS from compile times) is minimal. I've compiled both

Currently we don't allow builds to be forced from the web page, but this 
might change in future.

> numpy and scipy many times, so I'm not worried about resources for a
> single compile/test, but can any of the regular developers tell me
> about how many commits there are per day that will trigger a
> compile/test?

We currently only build NumPy. SciPy should probably be added at some 
point, once we figure out how we want to configure the Buildbot to do 
this. NumPy averages close to 0 commits per day at this point. SciPy is 
more active. Between the two, on a busy day, you could expect more than 
10 and less than 100 builds.
 
> About the more general security risk of running a buildbot slave, from
> my reading of the buildbot manual (not the source, yet), it looks like
> the slave is a Twisted server that runs as a normal user process. Is
> there any sort of sandboxing built into the buildbot slave or is that
> the responsibility of the OS (an issue I'll have to discuss with our
> IT)?

Through the buildbot master configuration, we tell your buildslave what 
to check out and which commands to execute. We have set it up to do the 
build in terms of a Makefile, so the master will tell the slave to run 
"make build" followed by "make test". Here you can make your own 
machine do anything that hopefully involves running python setup.py, 
etc. However, the configuration on the master can be changed to make 
your slave execute any command.

In short, any NumPy/SciPy committer or anyone who controls the build 
master configuration (i.e., me, Stefan, our admin person, a few other 
people who have root access on that machine and anybody who 
successfully breaks into it) can make your build machine execute 
arbitrary code as the build slave user.

The chance of this happening is small, but it's not impossible, so if 
this risk is unacceptable to you/your IT people, running a build slave 
might not be for you. ;-)

Cheers,

Albert


More information about the Numpy-discussion mailing list