blob: e41e8b3ff41d21efd59523beb281c09373eda60d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
# Contractor -- build software (more) securely
The Contractor lets you build software with less worry that it will
do something bad. This is an ugly proof of concept prototype and
certainly not ready for real use.
This will probably only work on Debian 10 (buster) and later. To use,
you need to have libvirt, virt-install, and vmdb2, and several
gigabytes of disk space, RAM, and CPUs, and fair bit of bandwidth.
Possibly other things.
* Edit Ansible playbook to set `user_pub` to your SSH public key:
`editor vm.yml`
* Create two VM images (this can take a while):
`sudo ./vm.sh`
* Create the outer, manager VM:
`./vm-libvirt.sh`
* Find out what the IP address of the VM is:
`less /var/lib/libvirt/dnsmasq/virbr0.status`
* Check that the manager VM is accessibler (change IP to yours):
`./contractor -m 192.168.100.63 manager-status`
* Clone the test repo:
`git clone git://git.liw.fi/heippa /tmp/heippa`
* Build (change IP to yours; this will take a while to run):
`./contractor -v -m 192.168.100.63 -- build heippa.yaml`
Add a `--log contractor.log` option to have a log file.
* Hopefully all went well.
Read contractor.md for more information; formatted versions:
* [HTML](https://files.liw.fi/temp/contractor.html)
* [PDF](https://files.liw.fi/temp/contractor.pdf)
If you think this is project is worthwhile, and would like to help,
please get in touch!
Lars Wirzenius, liw@liw.fi
|
