[Numpy-discussion] Buildbot for numpy
Sun Jul 8 22:27:21 CDT 2007
On Mon, 02 Jul 2007, Barry Wark wrote:
> I have the potential to add OS X Server Intel (64-bit) and OS X Intel
> (32-bit) to the list, if I can convince my boss that the security risk
Sounds good. We could definitely use these platforms.
> (including DOS from compile times) is minimal. I've compiled both
Currently we don't allow builds to be forced from the web page, but this
might change in future.
> numpy and scipy many times, so I'm not worried about resources for a
> single compile/test, but can any of the regular developers tell me
> about how many commits there are per day that will trigger a
We currently only build NumPy. SciPy should probably be added at some
point, once we figure out how we want to configure the Buildbot to do
this. NumPy averages close to 0 commits per day at this point. SciPy is
more active. Between the two, on a busy day, you could expect more than
10 and less than 100 builds.
> About the more general security risk of running a buildbot slave, from
> my reading of the buildbot manual (not the source, yet), it looks like
> the slave is a Twisted server that runs as a normal user process. Is
> there any sort of sandboxing built into the buildbot slave or is that
> the responsibility of the OS (an issue I'll have to discuss with our
Through the buildbot master configuration, we tell your buildslave what
to check out and which commands to execute. We have set it up to do the
build in terms of a Makefile, so the master will tell the slave to run
"make build" followed by "make test". Here you can make your own
machine do anything that hopefully involves running python setup.py,
etc. However, the configuration on the master can be changed to make
your slave execute any command.
In short, any NumPy/SciPy committer or anyone who controls the build
master configuration (i.e., me, Stefan, our admin person, a few other
people who have root access on that machine and anybody who
successfully breaks into it) can make your build machine execute
arbitrary code as the build slave user.
The chance of this happening is small, but it's not impossible, so if
this risk is unacceptable to you/your IT people, running a build slave
might not be for you. ;-)
More information about the Numpy-discussion