[Imported from Trac: page HowtoContributeABuildbot, version 9]
parent
b459583f22
commit
76f007d891
|
@ -3,29 +3,14 @@
|
|||
|
||||
## Configuration
|
||||
|
||||
This is also the part where you choose what sort of controls you want
|
||||
to have over your buildslave. I would strongly advise you not to run
|
||||
your buildslave under your user account, and (duh) not to give it any
|
||||
sort of elevated privileges such as root!
|
||||
Create a user account with low privileges to run buildbot.
|
||||
|
||||
So, running under a separate user account without high privileges is
|
||||
definitely a good idea, but since you're a security-aware user I guess I
|
||||
don't need to tell you this.
|
||||
|
||||
Also you can use other mechanisms to lock it down more like jail,
|
||||
### Optional Configurations
|
||||
You can use other mechanisms to lock buildbot down like jail,
|
||||
chroot, etc. David Abrahams uses Solaris Zones to contain his
|
||||
buildslaves. I don't know what particular features Zones offer. I
|
||||
wonder if this means he can use ZFS snapshots to rewind the state of
|
||||
the filesystem before running each build. That would be cool. Brian
|
||||
Warner and the other buildbot maintainers have been hacking on some
|
||||
buildslaves. Brian Warner and the other buildbot maintainers have been hacking on some
|
||||
tricks to set up your buildslaves inside a full virtual machine so
|
||||
that you can have a pristine machine for every build -- e.g. "This is
|
||||
a fresh install of OpenBSD 4.6 with nothing added except for buildbot
|
||||
and its dependencies.".
|
||||
|
||||
Personally I don't (yet) use any such fancy techniques -- I just run
|
||||
my buildslaves under a separate user account which doesn't have
|
||||
access to my personal stuff or to root privileges.
|
||||
that you can have a pristine machine for every build.
|
||||
|
||||
Step 3: choose a name for your buildslave which will fit into the
|
||||
list of buildslave names: <http://tahoe-lafs.org/buildbot/buildslaves> .
|
||||
|
|
Loading…
Reference in a new issue