-
-
Notifications
You must be signed in to change notification settings - Fork 163
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
visual presentation of builds #7
Comments
Also the full log would be interesting in case of a failure. |
I'm a bit anxious about this, given that they're running on random computers. I'm somewhat worried about giving up too much information, as it could be used maliciously. Thoughts? |
People shouldn't run these without nix sandboxing. Otherwise I can't see any risks directly, but I haven't given it too much thought so far. |
Unfortunately Darwin doesn’t have adequate sandboxing at this time, plus
possible issues around the fairly loose sandbox for fixed output drvs.
…On Sat, Dec 9, 2017 at 11:33 AM Vladimír Čunát ***@***.***> wrote:
People shouldn't run these without nix sandboxing. Otherwise I can't see
any risks directly, but I haven't given it too much thought so far.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<https://github.com/grahamc/ofborg/issues/7#issuecomment-350486356>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAErrO66KjXnJLAD2BURGL9s9NA6mGQKks5s-rZqgaJpZM4QqckY>
.
|
From a security perspective, how does a shorter log help from preventing confidential information? |
Actually sandboxing works fine with 1.12 locally now. |
Going back to the original key point of this issue:
I don't want to do this, because the green check should be sacred and a "sure thing" for any valid PR. Any potential for unnecessarily causing it to go to a red X should be avoided. This is to make the green check be a strong promise that the code is good, and a red X a guarantee that something is wrong. Right now, we can't make that promise / guarantee due to periodic issues with aarch64 support or darwin sandboxing. Failed build results still require examination to determine if they're valid issues or not. |
BTW I have Mac sandboxing instructions at https://github.com/grahamc/ofborg/wiki/Operating-a-Builder#macs-and-sandboxing now |
Many of the builders are now streaming full logs back to the server. This is configurable per builder, so some builds will still not provide full logs (https://github.com/NixOS/ofborg/blob/released/ofborg/src/config.rs#L27, https://github.com/NixOS/ofborg/blob/released/ofborg/src/tasks/build.rs#L275)
Once part 3 is done, I'll automatically provide links to the build output on a PR when the bot is called. I have to say, a huge thank you to @samueldr for implementing this log viewer for me -- you have been a tremendous help. |
Full logs are now available. |
It would probably be nicer to have build status of explicit runs in the CI box as well (like the eval checks), especially as more platforms are planned.
The text was updated successfully, but these errors were encountered: