From 76f007d8915df9ba5872c246a82436ebebbb8224 Mon Sep 17 00:00:00 2001 From: arch_o_median <> Date: Tue, 4 Jan 2011 18:46:07 +0000 Subject: [PATCH] [Imported from Trac: page HowtoContributeABuildbot, version 9] --- HowtoContributeABuildbot.md | 25 +++++-------------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/HowtoContributeABuildbot.md b/HowtoContributeABuildbot.md index a7227d0..631d624 100644 --- a/HowtoContributeABuildbot.md +++ b/HowtoContributeABuildbot.md @@ -3,29 +3,14 @@ ## Configuration -This is also the part where you choose what sort of controls you want -to have over your buildslave. I would strongly advise you not to run -your buildslave under your user account, and (duh) not to give it any -sort of elevated privileges such as root! +Create a user account with low privileges to run buildbot. -So, running under a separate user account without high privileges is -definitely a good idea, but since you're a security-aware user I guess I -don't need to tell you this. - -Also you can use other mechanisms to lock it down more like jail, +### Optional Configurations +You can use other mechanisms to lock buildbot down like jail, chroot, etc. David Abrahams uses Solaris Zones to contain his -buildslaves. I don't know what particular features Zones offer. I -wonder if this means he can use ZFS snapshots to rewind the state of -the filesystem before running each build. That would be cool. Brian -Warner and the other buildbot maintainers have been hacking on some +buildslaves. Brian Warner and the other buildbot maintainers have been hacking on some tricks to set up your buildslaves inside a full virtual machine so -that you can have a pristine machine for every build -- e.g. "This is -a fresh install of OpenBSD 4.6 with nothing added except for buildbot -and its dependencies.". - -Personally I don't (yet) use any such fancy techniques -- I just run -my buildslaves under a separate user account which doesn't have -access to my personal stuff or to root privileges. +that you can have a pristine machine for every build. Step 3: choose a name for your buildslave which will fit into the list of buildslave names: .