External tarballs can now be unpacked into a build
James Tunnicliffe
james.tunnicliffe at linaro.org
Tue Jan 31 18:49:18 UTC 2012
On 31 January 2012 18:14, Christian Robottom Reis <kiko at linaro.org> wrote:
> On Tue, Jan 31, 2012 at 03:50:37PM +0000, James Tunnicliffe wrote:
>> Hi,
>>
>> https://wiki.linaro.org/Platform/Android/LinaroAndroidBuildService has
>> been updated with these instructions about a new build option:
>>
>> EXTERNAL_TARBALL
>>
>> Use to request that the build system fetch an archive from the
>> location that you set EXTERNAL_TARBALL to and unpack it into
>> build/external_tarballs (build is the build root directory. This exact
>> path can be written as
>> $BUILD_SCRIPT_ROOT/../../build/external_tarballs). Multiple archives
>> can be requested, separated by ";", e.g.
>> EXTERNAL_TARBALL="http://foo.com/ball1.tar.gz;http://foo.com/ball2.tar.bz2"
>
> Nice work. I just wonder if there is a potential attack vector here --
> is the build configuration writeable by any users invoked during the
> build or setup process?
Each build is run on a clean EC2 instance, so shouldn't worry about
logins left behind from other activities. This certainly doesn't open
us up to any more problems than a user who has write access to the box
could cause any other way.
--
James Tunnicliffe
More information about the linaro-dev
mailing list