launchpad-buildd

Merge lp:~cjwatson/launchpad-buildd/delete-virt-check into lp:launchpad-buildd

  1. delete-virt-check
  2. Merge into trunk
Proposed by Colin Watson
Status: Merged
Approved by: Colin Watson
Approved revision: 99
Merged at revision: 99
Proposed branch: lp:~cjwatson/launchpad-buildd/delete-virt-check
Merge into: lp:launchpad-buildd
Diff against target: 60 lines (+3/-22)
2 files modified
buildrecipe (+0/-22)
debian/changelog (+3/-0)
To merge this branch: bzr merge lp:~cjwatson/launchpad-buildd/delete-virt-check
Reviewer Review Type Date Requested Status
William Grant code Approve
Review via email: mp+198242@code.launchpad.net

Commit message

Remove virtualization check from buildrecipe. It was a rather futile
security check as escaping chroots is trivial, and it will fail when the
PPA builder pool is converted to scalingstack.

Description of the change

The virtualization check in buildrecipe is (a) not forward-compatible with PPAs in scalingstack and (b) a pointless piece of security theatre as escaping chroots is well-known to be a trivial exercise. I discussed this with William on IRC and he suggested just deleting it.

To post a comment you must log in.
Revision history for this message
William Grant (wgrant) :
review: Approve (code)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'buildrecipe'
2--- buildrecipe 2013-10-21 20:33:48 +0000
3+++ buildrecipe 2013-12-09 12:27:27 +0000
4@@ -27,13 +27,6 @@
5 RETCODE_FAILURE_BUILD_SOURCE_PACKAGE = 203
6
7
8-class NotVirtualized(Exception):
9- """Exception raised when not running in a virtualized environment."""
10-
11- def __init__(self):
12- Exception.__init__(self, 'Not running under Xen.')
13-
14-
15 def call_report_rusage(args, env):
16 """Run a subprocess.
17
18@@ -92,12 +85,6 @@
19 As a side-effect, sets self.source_dir_relative.
20 :return: a retcode from `bzr dailydeb`.
21 """
22- try:
23- ensure_virtualized()
24- except NotVirtualized, e:
25- sys.stderr.write('Aborting on failed virtualization check:\n')
26- sys.stderr.write(str(e))
27- return 1
28 assert not os.path.exists(self.tree_path)
29 recipe_path = os.path.join(self.work_dir, 'recipe')
30 manifest_path = os.path.join(self.tree_path, 'manifest')
31@@ -208,15 +195,6 @@
32 os.environ["HOME"], "build-" + build_id, *extra)
33
34
35-def ensure_virtualized():
36- """Raise an exception if not running in a virtualized environment.
37-
38- Raises if not running under Xen.
39- """
40- if not os.path.isdir('/proc/xen') or os.path.exists('/proc/xen/xsd_kva'):
41- raise NotVirtualized()
42-
43-
44 if __name__ == '__main__':
45 setrlimit(RLIMIT_AS, (1000000000, -1))
46 builder = RecipeBuilder(*sys.argv[1:])
47
48=== modified file 'debian/changelog'
49--- debian/changelog 2013-12-09 11:52:37 +0000
50+++ debian/changelog 2013-12-09 12:27:27 +0000
51@@ -7,6 +7,9 @@
52 * Make the status XML-RPC method a synonym for status_dict.
53 * Add a new "livefs" build manager, based on livecd-rootfs/BuildLiveCD
54 (LP: #1247461).
55+ * Remove virtualization check from buildrecipe. It was a rather futile
56+ security check as escaping chroots is trivial, and it will fail when the
57+ PPA builder pool is converted to scalingstack.
58
59 [ Adam Conrad ]
60 * update-debian-chroot: Allow arm64-on-x86 builds with qemu-arm64-static.

Subscribers

People subscribed via source and target branches

to all changes: