Sorry for the delay.
On Monday, September 19, 2016 3:59:57 PM CEST Miroslav Suchý wrote:
Dne 16.9.2016 v 17:00 Pavel Raiskup napsal(a):
> Hi all,
>
> this is probably proper place for such discussions -- I am curious what is the
> plan with Docker stuff within Copr project.
>
> Do you plan to make Fedora's copr hardly dependant on Docker images?
You mean the commit 25c7d91bfdc895bb0d63f3b06fa1399b507fff14 ?
It is related, but the question is rather general. I would like to know
whether we plan to "dockerize" more stuff, etc.
Previous week we worked on Mock security issue. This is fixed now.
However it
raised the question: is it smart to run mock-scm, pyp2rpm, gem2spec...
directly on copr-dist-git machine?
Yup, copr-dist-git machine should share code, shouldn't generate anything
at all, similarly to Fedora's dist-git (if I understand the koji process
correctly).
It is run under non-privileged user, but still... I can think about
some
attack vectors. For obvious reasons I will not disclose them publicly.
So we wanted to build SRPM in environment, which will be discarded after SRPM
build and hard to escape. There are several ways how to implement it. But we
chosen builds in Docker container. It will be used just for SRPM build.
Nothing more. Is it problem for you?
This is rather unrelated to my original question, but I dislike that, as
IMO srpms should be build elsewhere, not on dist-git machine. The other
question is how good isolation the docker actually is, I'll ping you
off-list.
Pavel