Unambiguously differentiating official and local builds [Was [Vm-dev] Moving the Cog subversion repository to githup at 2016-6-16 7am UTC]

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Unambiguously differentiating official and local builds [Was [Vm-dev] Moving the Cog subversion repository to githup at 2016-6-16 7am UTC]

Eliot Miranda-2
Hi All,

     so after fixing "git remote get-url origin" to fail over to "git remote show origin | filter and munge" the culture shock of "git commit -a" (git commit does nothing ?!?!?) I have a VM that outputs a reasonable version info:

/Users/eliot/oscogvm/build.macos32x86/squeak.cog.spur/CocoaFast.app/Contents/MacOS/Squeak
5.0 5.0.201606161953 Mac OS X built on Jun 16 2016 12:56:52 PDT Compiler: 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57) [Production Spur VM]
CoInterpreter VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016
StackToRegisterMappingCogit VMMaker.oscog-eem.1886 uuid: d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016
VM: r201606161953 http://github.com/OpenSmalltalk/vm $ Date: Thu Jun 16 12:53:33 2016 -0700 $
Plugins: r201606161953 http://github.com/OpenSmalltalk/vm $

Which begs the question how do I differentiate this from something built officially via Travis?  Arguably the URL is wrong, and should only say "http://github.com/OpenSmalltalk/vm" for travis builds, and perhaps should just include my local hostname and current directory when I make any kind of local modification.  So the above would read

...
VM: r201606161953 McStalker:?users/eliot/oscogvm $ Date: Thu Jun 16 12:53:33 2016 -0700 $
Plugins: r201606161953 McStalker:?users/eliot/oscogvm $

Alternatively we could add another field, or modify one of the existing fields to say "I'm official" however one would do that.  I don't know how, I just know we need this.  I shouldn't be able to pollute the VM pool by putting some VM on some site somewhere that i just happened to build after several sherries and some cannabis brownies that looks to all intents and purposes just like a VM built by our official Travis slaves.  Hic.  Chillin'

_,,,^..^,,,_
best, Eliot


Reply | Threaded
Open this post in threaded view
|

Re: Unambiguously differentiating official and local builds [Was [Vm-dev] Moving the Cog subversion repository to githup at 2016-6-16 7am UTC]

timfelgentreff
Hi Eliot,

how secure does this need to be? One way to differentiate the official
VMs is to sign them directly on Travis (which we'll want to do anyway,
just didn't get to it, yet).

Another option is to just change the URL replacement code to do
something else when not running on Travis --- like adding your
hostname and path instead --- but this could be fairly easily messed
with.

Not sure how much malicious intent we want to prevent.

cheers,
Tim

On 16 June 2016 at 22:07, Eliot Miranda <[hidden email]> wrote:

> Hi All,
>
>      so after fixing "git remote get-url origin" to fail over to "git remote
> show origin | filter and munge" the culture shock of "git commit -a" (git
> commit does nothing ?!?!?) I have a VM that outputs a reasonable version
> info:
>
> /Users/eliot/oscogvm/build.macos32x86/squeak.cog.spur/CocoaFast.app/Contents/MacOS/Squeak
> 5.0 5.0.201606161953 Mac OS X built on Jun 16 2016 12:56:52 PDT Compiler:
> 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57) [Production Spur VM]
> CoInterpreter VMMaker.oscog-eem.1886 uuid:
> d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016
> StackToRegisterMappingCogit VMMaker.oscog-eem.1886 uuid:
> d413db9f-37cc-4c5d-bfc6-87b11203ee96 Jun 16 2016
> VM: r201606161953 http://github.com/OpenSmalltalk/vm $ Date: Thu Jun 16
> 12:53:33 2016 -0700 $
> Plugins: r201606161953 http://github.com/OpenSmalltalk/vm $
>
> Which begs the question how do I differentiate this from something built
> officially via Travis?  Arguably the URL is wrong, and should only say
> "http://github.com/OpenSmalltalk/vm" for travis builds, and perhaps should
> just include my local hostname and current directory when I make any kind of
> local modification.  So the above would read
>
> ...
> VM: r201606161953 McStalker:?users/eliot/oscogvm $ Date: Thu Jun 16 12:53:33
> 2016 -0700 $
> Plugins: r201606161953 McStalker:?users/eliot/oscogvm $
>
> Alternatively we could add another field, or modify one of the existing
> fields to say "I'm official" however one would do that.  I don't know how, I
> just know we need this.  I shouldn't be able to pollute the VM pool by
> putting some VM on some site somewhere that i just happened to build after
> several sherries and some cannabis brownies that looks to all intents and
> purposes just like a VM built by our official Travis slaves.  Hic.  Chillin'
>
> _,,,^..^,,,_
> best, Eliot
>
>
>