Skip to content
This repository has been archived by the owner on Nov 21, 2018. It is now read-only.

passwords.py file #4

Merged
merged 1 commit into from
Jan 26, 2015
Merged

passwords.py file #4

merged 1 commit into from
Jan 26, 2015

Conversation

bheesham
Copy link
Contributor

Changed to using a passwords.py file for storing credentials. This should take care of the whole "passwords being public" thing.

See this issue.

@rust-highfive
Copy link

r? @nikomatsakis

(rust_highfive has picked a reviewer for you, use r? to override)

@bheesham
Copy link
Contributor Author

Uuuhhh, ignore this for now. There shouldn't be a merge conflict.

@nikomatsakis
Copy link

I know very little about this. Changing reviewer to @brson

@nikomatsakis nikomatsakis assigned brson and unassigned nikomatsakis Jan 15, 2015
@brson
Copy link
Contributor

brson commented Jan 15, 2015

I'm not sure this is sufficient. It will allow us to keep the passwords hidden from the source code, but it leaves a few problems:

  • It doesn't create any distinction between what credentials are required for triggering e.g. try builds vs those for dist builds, and dist builds are the only ones that need to be restricted to just a few people.
  • Passwords are still transmitted over plain text to buildbot.

@brson
Copy link
Contributor

brson commented Jan 15, 2015

A concrete change here might be to distinguish credentials for dist builds from all others. I think we should probably ask the people in #buildbot on freenode about best practices, though perhaps we just need to bite the bullet and put buildbot behind an https proxy.

@bheesham
Copy link
Contributor Author

Putting buildbot behind nginx or something similar was what I was going to
suggest to get around the whole "transferral of passwords over plaintext".

I'll ask on #buildbot later today or tomorrow if I don't get the
information I want from the Buildbot wiki.
On Jan 15, 2015 6:46 PM, "Brian Anderson" notifications@github.com wrote:

A concrete change here might be to distinguish credentials for dist builds
from all others. I think we should probably ask the people in #buildbot on
freenode about best practices, though perhaps we just need to bite the
bullet and put buildbot behind an https proxy.

Reply to this email directly or view it on GitHub
#4 (comment).

@bheesham
Copy link
Contributor Author

It looks like there's some fine-grain control available for this: http://docs.buildbot.net/current/manual/cfg-statustargets.html#authentication

I'll test out the HTPasswdAuth method, because that would probably be easier to manage.

EDIT: Nope. I'll stick to having a passwords.py file because I can't seem to get HTPasswdAuth to work.

@brson
Copy link
Contributor

brson commented Jan 18, 2015

passwords.py seems good

Added passwords.py.sample, and changed master.cfg to use it.
98466a6 
In `passwords.py.sample` there are already two users. One user that is
allowed to build anything (any-build), and another that is **not** allowed
to build dists (no-dist).

The corresponding code to allow/deny these actions are in master.cfg where
authorization is configured.

	modified:   .gitignore
	modified:   master/master.cfg
	new file:   master/passwords.py.sample
@bheesham
Copy link
Contributor Author

So currently the two changes are:

  • Usernames and passwords are in the passwords.py file.
  • The two different usernames correspond to permissions which disallows one from touching anything that has "dist" in it's name, and another one that is not disallowed.

@brson
Copy link
Contributor

brson commented Jan 26, 2015

Looks good, thanks. Testing it now.

brson added a commit that referenced this pull request Jan 26, 2015
@brson
Merge pull request #4 from bheesham/passwords
a683d69 
passwords.py file
@brson brson merged commit a683d69 into rust-lang-deprecated:master Jan 26, 2015
@brson
Copy link
Contributor

brson commented Jan 26, 2015

Thanks @bheesham!

@brson brson mentioned this pull request Jan 28, 2015
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@brson brson

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@bheesham @rust-highfive @nikomatsakis @brson