From: Cleber Rosa <crosa@redhat.com>
To: "Philippe Mathieu-Daudé" <philmd@redhat.com>
Cc: "Fam Zheng" <fam@euphon.net>,
"Aleksandar Rikalo" <aleksandar.rikalo@syrmia.com>,
"Beraldo Leal" <bleal@redhat.com>,
"Wainer dos Santos Moschetta" <wainersm@redhat.com>,
"John Snow" <jsnow@redhat.com>,
qemu-devel@nongnu.org, "Max Reitz" <mreitz@redhat.com>,
"Eric Auger" <eauger@redhat.com>,
"Willian Rampazzo" <wrampazz@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Marc-André Lureau" <marcandre.lureau@redhat.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Aurelien Jarno" <aurelien@aurel32.net>,
"Eduardo Habkost" <ehabkost@redhat.com>
Subject: Re: [PATCH 07/22] tests/acceptance/virtiofs_submounts.py: evaluate string not length
Date: Mon, 15 Feb 2021 12:56:57 -0500 [thread overview]
Message-ID: <20210215175657.GB72984@localhost.localdomain> (raw)
In-Reply-To: <a64bac47-ac2a-f708-239a-5b17fa365eb7@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 2195 bytes --]
On Tue, Feb 09, 2021 at 06:15:26PM +0100, Philippe Mathieu-Daudé wrote:
> >
> > I've actually done this with some Xen patches I'm working on at the
> > moment. I'll probably decorate the test with:
> >
> > @skipUnless(os.getenv('AVOCADO_ALLOW_UNTRUSTED_CODE'), 'untrusted code')
> >
> > with a comment explaining what's waiting to be upstreamed. Once there
> > are upstream binaries I plan on transitioning the test to those.
>
> Instead of a binary AVOCADO_ALLOW_UNTRUSTED_CODE variable, we could
> have a list allowed domains/namespaces, that can be increased on the
> tester discretion.
>
> For example these are assumed trusted:
>
> . archives.fedoraproject.org
> . archive.debian.org
> . cdn.netbsd.org
> . github.com/torvalds
> . people.debian.org/~aurel32
> . snapshot.debian.org
> . storage.kernelci.org
> . www.qemu-advent-calendar.org
>
> Then personally interested in testing ARM boards I'd amend:
>
> . apt.armbian.com
> . github.com/philmd
> . github.com/groeck
> . github.com/hskinnemoen
> . github.com/pbatard
>
> and Max's repo since I'm interested in testing virtiofs_submounts.
>
Hi Phil,
I think I follow your idea, but I see two issues here:
1) Functional area (subsystem / architecture / machine type, etc)
2) Trustfulness of the code
WRT 1, the domains do not contain meaning onto themselves, so a
secondary mapping of subsystem/architecture/machine to the domain
would be needed. Also, wouldn't it be common to end up needing a N:N
mapping between domains and subsystem/architecture/machine?
WRT 2, while limiting download from a number of domains can add some
protection, the ultimate trust is achieved by setting a hash to the
exact code we will download/run.
If those points seem valid, then I believe it's better to continue
thinking of subsystem/architecture/machine because of the usability
aspects, and possibly improve the perceived level of trust/stability
of the assets by adding a "tier" classification. That one, one could
pick, say:
* board|machine_type == "foo" AND
* tier == 1
And exclude what is considered inferior tiers. How does that sound?
Regards,
- Cleber.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2021-02-15 17:58 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-03 17:23 [PATCH 00/22] Acceptance Test: introduce base class for Linux based tests Cleber Rosa
2021-02-03 17:23 ` [PATCH 01/22] tests/acceptance/boot_linux.py: fix typo on cloudinit error message Cleber Rosa
2021-02-03 17:41 ` Philippe Mathieu-Daudé
2021-02-04 10:34 ` Alex Bennée
2021-02-04 10:44 ` Beraldo Leal
2021-02-03 17:23 ` [PATCH 02/22] tests/acceptance/boot_linux.py: rename misleading cloudinit method Cleber Rosa
2021-02-04 6:50 ` Thomas Huth
2021-02-04 10:47 ` Alex Bennée
2021-02-04 10:48 ` Beraldo Leal
2021-02-03 17:23 ` [PATCH 03/22] Acceptance Tests: remove unnecessary tag from documentation example Cleber Rosa
2021-02-03 17:41 ` Philippe Mathieu-Daudé
2021-02-04 10:47 ` Alex Bennée
2021-02-03 17:23 ` [PATCH 04/22] tests/acceptance/virtiofs_submounts.py: use workdir property Cleber Rosa
2021-02-04 10:48 ` Alex Bennée
2021-02-04 10:50 ` Beraldo Leal
2021-02-03 17:23 ` [PATCH 05/22] tests/acceptance/virtiofs_submounts.py: do not ask for ssh key password Cleber Rosa
2021-02-04 10:49 ` Alex Bennée
2021-02-04 11:05 ` Beraldo Leal
2021-02-03 17:23 ` [PATCH 06/22] tests/acceptance/virtiofs_submounts.py: use a virtio-net device instead Cleber Rosa
2021-02-04 13:22 ` Alex Bennée
2021-02-03 17:23 ` [PATCH 07/22] tests/acceptance/virtiofs_submounts.py: evaluate string not length Cleber Rosa
2021-02-04 11:07 ` Beraldo Leal
2021-02-04 13:23 ` Alex Bennée
2021-02-09 10:25 ` Max Reitz
2021-02-09 11:24 ` Alex Bennée
2021-02-09 12:03 ` Max Reitz
2021-02-09 12:52 ` Alex Bennée
2021-02-09 13:35 ` Max Reitz
2021-02-09 16:15 ` Alex Bennée
2021-02-09 17:15 ` Philippe Mathieu-Daudé
2021-02-15 17:56 ` Cleber Rosa [this message]
2021-02-03 17:23 ` [PATCH 08/22] tests/acceptance/virtiofs_submounts.py: standardize port as integer Cleber Rosa
2021-02-04 11:14 ` Beraldo Leal
2021-02-03 17:23 ` [PATCH 09/22] tests/acceptance/virtiofs_submounts.py: required space between IP and port Cleber Rosa
2021-02-08 11:21 ` Philippe Mathieu-Daudé
2021-02-03 17:23 ` [PATCH 10/22] Python: add utility function for retrieving port redirection Cleber Rosa
2021-02-05 0:25 ` John Snow
2021-03-23 21:53 ` Cleber Rosa
2021-02-09 14:50 ` Wainer dos Santos Moschetta
2021-02-15 18:27 ` Cleber Rosa
2021-02-15 19:43 ` John Snow
2021-02-15 20:31 ` Wainer dos Santos Moschetta
2021-02-03 17:23 ` [PATCH 11/22] tests/acceptance/linux_ssh_mips_malta.py: standardize port as integer Cleber Rosa
2021-02-08 11:24 ` Philippe Mathieu-Daudé
2021-02-15 18:58 ` Willian Rampazzo
2021-02-03 17:23 ` [PATCH 12/22] Acceptance tests: clarify ssh connection failure reason Cleber Rosa
2021-02-03 17:42 ` Philippe Mathieu-Daudé
2021-02-03 17:23 ` [PATCH 13/22] tests/acceptance/virtiofs_submounts.py: add missing accel tag Cleber Rosa
2021-02-08 11:28 ` Philippe Mathieu-Daudé
2021-02-15 17:37 ` Cleber Rosa
2021-02-09 14:54 ` Wainer dos Santos Moschetta
2021-02-15 20:05 ` Willian Rampazzo
2021-02-03 17:23 ` [PATCH 14/22] Acceptance Tests: introduce LinuxTest base class Cleber Rosa
2021-02-09 19:27 ` Wainer dos Santos Moschetta
2021-02-15 19:06 ` Willian Rampazzo
2021-02-16 3:21 ` Cleber Rosa
2021-02-03 17:23 ` [PATCH 15/22] Acceptance Tests: move useful ssh methods to " Cleber Rosa
2021-02-09 19:56 ` Wainer dos Santos Moschetta
2021-02-15 19:15 ` Willian Rampazzo
2021-02-03 17:23 ` [PATCH 16/22] Acceptance Tests: introduce method for requiring an accelerator Cleber Rosa
2021-02-04 11:25 ` Beraldo Leal
2021-02-15 19:20 ` Willian Rampazzo
2021-02-03 17:23 ` [PATCH 17/22] Acceptance Tests: fix population of public key in cloudinit image Cleber Rosa
2021-02-11 10:08 ` Marc-André Lureau
2021-02-15 14:48 ` Wainer dos Santos Moschetta
2021-02-15 19:23 ` Willian Rampazzo
2021-02-03 17:23 ` [PATCH 18/22] Acceptance Tests: set up existing ssh keys by default Cleber Rosa
2021-02-11 10:15 ` Marc-André Lureau
2021-02-16 3:28 ` Cleber Rosa
2021-02-15 19:25 ` Willian Rampazzo
2021-02-03 17:23 ` [PATCH 19/22] Acceptance Tests: add port redirection for ssh " Cleber Rosa
2021-02-03 17:46 ` Philippe Mathieu-Daudé
2021-02-03 17:51 ` Philippe Mathieu-Daudé
2021-03-23 17:56 ` Cleber Rosa
2021-02-03 17:23 ` [PATCH 20/22] Acceptance Tests: add basic documentation on LinuxTest base class Cleber Rosa
2021-02-11 10:24 ` Marc-André Lureau
2021-02-12 20:30 ` Willian Rampazzo
2021-02-03 17:23 ` [PATCH 21/22] Acceptance Tests: introduce CPU hotplug test Cleber Rosa
2021-02-11 10:25 ` Marc-André Lureau
2021-02-15 19:57 ` Willian Rampazzo
2021-02-03 17:23 ` [PATCH 22/22] [NOTFORMERGE] Bump Avocado version to latest master Cleber Rosa
2021-02-11 10:45 ` Marc-André Lureau
2021-02-08 11:35 ` [PATCH 00/22] Acceptance Test: introduce base class for Linux based tests Philippe Mathieu-Daudé
2021-02-15 15:49 ` Wainer dos Santos Moschetta
2021-02-15 17:03 ` Philippe Mathieu-Daudé
2021-02-16 3:35 ` Cleber Rosa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210215175657.GB72984@localhost.localdomain \
--to=crosa@redhat.com \
--cc=aleksandar.rikalo@syrmia.com \
--cc=alex.bennee@linaro.org \
--cc=aurelien@aurel32.net \
--cc=bleal@redhat.com \
--cc=eauger@redhat.com \
--cc=ehabkost@redhat.com \
--cc=fam@euphon.net \
--cc=jsnow@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=mreitz@redhat.com \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
--cc=wainersm@redhat.com \
--cc=wrampazz@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.