Wireshark · Wireshark-dev: Re: [Wireshark-dev] Gerrit versus Buildbot

[Guy Harris <guy@xxxxxxxxxxxx>]

On Mar 20, 2014, at 2:24 PM, Chris Kilgour <techie@xxxxxxxxxxxxxxx> wrote:

> On 03/20/2014 01:07 PM, Gerald Combs wrote:
>> 
>> If the build system had open access what would keep someone from
>> uploading a shell script containing a box full of weasels wearing clown
>> shoes?
> 
> Isn't the same thing true for Jenkins/buildbot spawned from gerrit?  Surely the build machines must be limited/sandboxed to prevent the circus from taking over the town.

Currently, it's limited to building stuff to which at least one core developer is willing to give +2.  That requires human judgement, so it's not as rigid as a hardware/software-implemented sandbox.

Yes, a very tight sandbox, so that filling up Makefile.am with weasels will only allow them to eliminate in a limited enclosed space, might do the job.  Probably something like a VM, created afresh for every build, would do the trick.  If the creation is done by cloning, that might even be fast enough.

Most buildbots run on OSes capable of running as guests for various virtualization programs (OS X, Windows, Ubuntu Linux), and maybe the Solaris buildbot could run in a zone, so that might be doable.

But I've never managed a build farm, so I might be missing something.