summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2020-02-08 11:46:35 +0200
committerLars Wirzenius <liw@liw.fi>2020-02-08 11:46:35 +0200
commitd3329245bbdaf39a8228b992ee123475c83c8f92 (patch)
tree06afaee7ca59b233aff24a92cf1c72ef5963c106
parentcc01b1a1dab070fc21e3650673fa2adaee83d142 (diff)
downloadick2-d3329245bbdaf39a8228b992ee123475c83c8f92.tar.gz
Change: arch diagram, and component list
-rw-r--r--worker.md39
1 files changed, 34 insertions, 5 deletions
diff --git a/worker.md b/worker.md
index 7a7e1a4..a63c110 100644
--- a/worker.md
+++ b/worker.md
@@ -61,12 +61,18 @@ The contractor architecture is as follows.
~~~dot
digraph "arch" {
- buildyaml [shape=box, label="Build specification"];
- artifacts [shape=box];
+ buildyaml [shape=tab, label="Build specification", style=filled];
+ artifacts [shape=tab, style=filled];
+ contractor [shape=ellipse, label="Ick contractor", style=filled];
+ bwrap [shape=ellipse, label="Security container"];
workspace [shape=box, label="Temp workspace"];
- systree [shape=box, label="System tree"];
+ systree [shape=box, label="Temp system tree"];
+ network [shape=octagon, label="Network"];
buildyaml -> contractor;
+ contractor -> systree;
+ contractor -> workspace;
+ contractor -> network;
contractor -> bwrap;
bwrap -> workspace;
bwrap -> systree;
@@ -75,6 +81,28 @@ digraph "arch" {
}
~~~
+There are several components:
+
+* A **build specification** provided by the user. Lists all the
+ projects to build, and how to build them.
+
+* An **artifact store**, a local directory, maintained by the
+ contractor. Persistent across invocations of the contractor.
+
+* A **workspace**, a local temporary directory, created by the
+ controller for the duration a project build. Populated by the build
+ steps of a project.
+
+* A **system tree**, a local temporary directory, created by the
+ controller for the duration of a project build. Populated by
+ contractor build actions to install an operating system and build
+ dependencies.
+
+* A **security container** implemented using Bubblewrap, combining the
+ workspace and the system tree into a process using Linux kernel
+ namespaces. All untrusted build steps are executed in the security
+ container, without network access.
+
The contractor reads a build specfication from a file, instead of
retrieving it from the Ick controller (see
[indepenence](#req-independent)), and executes all the build steps
@@ -114,8 +142,9 @@ The contractor executes also the trusted, external programs using
bwrap, but with network access, and read-only access to the host's
operating system.
-The contractor implmements a local artifact store, probably as a plain
-directory, and provides build steps for controlled access to it.
+The contractor implmements a persisten local artifact store, probably
+as a plain directory, and provides build steps for controlled access
+to it.
Simple threat modelling