New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Generic worker cot #114
Generic worker cot #114
Conversation
Sorry for my delay in replying. Indeed, if We don't currently have interactive support, although @grenade is working on this, so at some point soon we will. Machines that are loaned out will be terminated - but I guess an attack avenue might be to stop a machine from being terminated. However, @grenade can advise - I think secrets get wiped as part of the loan process, so it would be impossible for a worker to claim a new task after it has been loaned, I believe, even if the loaner was able to interfere with it and prevent it from being terminated. @grenade can confirm for sure. The gecko windows machines don't have an ssh daemon (although other windows worker types, such as nss worker types do). A question - if a task doesn't mount anything, and doesn't use Also if there is anything I can do to make it less magic (like adding something in the cot certificate to make it clear it is generic worker) let me know. Thanks! |
We'll have to modify
Terminating loaners and removing their secrets sounds like a good plan. In that case, they won't be able to validly sign the cot artifact, and we won't have to worry about otherwise verifying validly-signed tasks aren't run on loaners.
Which will be turned off unless it's a loaner, yes?
It checks to see if
We use the worker implementation detection to determine which gpg homedir to use to validate the cot certificate, so it's a bit of a circular dependency. We could read the cot certificate twice, once ignoring signature to determine worker implementation, second to validate the signature... that may be another option alongside the |
These are added in mozilla-releng/cot-gpg-keys#26 ; let's ignore them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Supporting a new type of worker this way, looks good to me.
IIUC, generic-workers translates (for now) to windows machines, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Supporting a new type of worker this way, looks good to me.
IIUC, generic-workers translates (for now) to windows machines, right?
Meh, Github was down, I couldn't see my first comment.
I believe so, yes. Thanks for the super fast reviews! |
Update: we now have OS X tests running in generic worker in production. |
Awesome! Tests don't currently factor into cot, and I don't think anything needs to change here even if hey did, so I think we're still good.
… On Jun 19, 2017, at 04:14, Pete Moore ***@***.***> wrote:
IIUC, generic-workers translates (for now) to windows machines, right?
I believe so, yes. Thanks for the super fast reviews!
Update: we now have OS X tests running in generic worker in production.
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub, or mute the thread.
|
@petemoore , I am currently
task.payload.osGroups
ortask.payload.mounts
, andDo those two things sound like valid tests for generic worker?
Once we have
task.payload.features.chainOfTrust
set in the build tasks and the pubkey for the level 3 windows build workerTypes in the cot repo, I think this will work.