On Tue, Jan 31, 2012 at 03:50:37PM +0000, James Tunnicliffe wrote:
Hi,
https://wiki.linaro.org/Platform/Android/LinaroAndroidBuildService has been updated with these instructions about a new build option:
EXTERNAL_TARBALL
Use to request that the build system fetch an archive from the location that you set EXTERNAL_TARBALL to and unpack it into build/external_tarballs (build is the build root directory. This exact path can be written as $BUILD_SCRIPT_ROOT/../../build/external_tarballs). Multiple archives can be requested, separated by ";", e.g. EXTERNAL_TARBALL="http://foo.com/ball1.tar.gz%3Bhttp://foo.com/ball2.tar.bz2"
Nice work. I just wonder if there is a potential attack vector here -- is the build configuration writeable by any users invoked during the build or setup process?