1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
[[!meta title="Road map"]]
This is the road map for ick development. It does not stretch very far,
because predicting the future is difficult. This road map also doesn't
give any dates, this is a hobby project. It's also open for discussion.
ALPHA-3
=============================================================================
Add [Qvisqve][] as an IDP. Drop all client-side token generation. Have
workers be identified by the JWT token created by the IDP, instead of
trusting the workers identify themsselves correctly.
[Qvisqve]: http://qvarn.org/qvisqve/
ALPHA-4
=============================================================================
Add the following changes:
> Ick builds and publishes its own .deb packages. It can build both CI
> builds, and release builds. It maintains its own APT repository with
> both CI and release builds. Release builds are built from a PGP
> signed git tag of a specific form. CI builds are built from the tip
> of the master branch, and the upstream and Debian version numbers
> are changed to include the build number so that different CI builds
> can be told apart.
> The builds happen in containers. The container contains the output
> for `debootstrap` with the `build-essential` package installed. Any
> other build dependencies are installed automatically into the
> container, based on information in the `debian/control` file.
> A new component is added to do trusted operatations as part of the
> build: ssh access for fetching from git, ssh access for package
> uploads, and PGP signing of package uploads. A project can specify
> which APT repository the .deb uploads should go to.
The high-level architecture will look like this:
@startuml
component Git
component APT
package "Trusted ick" {
component Controller
component Trusted
component Blobs
}
package "Semi-trusted ick" {
component Worker
}
Git -> Controller : 1. trigger build
Controller -down-> Trusted : 2. give work
Git -> Trusted : 3. git clone
Trusted -> Blobs : 4. upload workspace
Controller -> Worker : 5. give work
Blobs -> Worker : 6. get workspace
Worker --> Blobs : 7. upload .deb
Blobs --> Trusted : 8. download .deb
Trusted -> APT : 9. upload signed .deb
@enduml
Major changes:
* A **trusted worker** component is added. It never runs untrusted
code, which means code that gets downloaded from the git server.
This means it can hold and use secrets such as SSH and PGP keys.
* The controller will direct the trusted worker to download source
code from the git server, and upload it to the blob service.
Further, the controller will direct the normal worker to download
the source code blob from the blob service, and to upload the build
artifacts to the blob service. Finally, the controller will direct
the trusted worker to download artifacts from the blob service, PGP
sign the .deb files, and upload them to an APT repository.
* The **APT repository server** component is added. It will only
accept uploads from the trusted worker. It will have both CI and
release builds, but keeps them separate so that users may choose
which to install.
|
