Closed optimumtact closed 8 years ago
GrayHatter
commented
8 years ago maybe it would be better to build on jenkins, and sign somewhere else? If I'm not mistaken, the repo server is separate from jenkins, and for security we're now pulling from jenkins, instead of pushing to? If that's the case, we should just sign on the repo server. And developers who want to use jenkins packages to build, will have to sign on their own systems?
tux3
commented
8 years ago It should be possible to specify the location of the android key store to the build system, so that you can put the keys and the keystore in the workspace, where only the corresponding job can access them.
It might be a better idea to not sign on Jenkins at all.
Zer0-One
commented
8 years ago The plan is to move builds to the package server and sign them there.
tux3
commented
8 years ago Some permissions required to build Android software have been added to the config files so this shouldn't be an issue anymore.
Granting extra privileges based on pattern matched names doesn't seem very secure, as any existing job could just change their name to match the pattern and get the permissions, we might as well add the permissions globally to keep the security model simple. Granting privileges to a specific job by editing its config file directly on the target machine is still safe, though, because there cannot be name collisions.
The antox build jobs would need access to the android key store for signing. Is it recommended to grant those in their apparmour config files?
is there any way to pattern match on job name in the genprof?