Need a temporary way of depending on external archives for some special PPAs

Bug #391088 reported by Julian Edwards
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
Celso Providelo

Bug Description

The OEM team needs to have their PPAs temporarily depend on their private archives until PPA functionality is good enough to support hosting them in a PPA (where dependencies are already managed properly).

We don't want any PPA being able to do this as it rather breaks our security model and guarantee that you can get to all the source that was used to build a PPA binary.

Therefore, we are going to do this via dymanically loaded lazr.config sections inside production-configs, which are suitably private to the Launchpad service and not part of the open source tree.

From an email sent by Curtis to the dev list:
You can create other confs and load them using lazr.conf directly. This
gives Though I'm still think this whole issue is about arbitrary data,
so you want to use the '.master' definition in the schema to allow the
config to have arbitrary section names.

# A .master section permits the conf file to define arbitrary
# subsections.
# A space separated list of source-packages or None
dependencies: None
# Should these deps be used?
active: True

dependencies: sources.list1 \n sources.list2

dependencies: sources.list3 \n sources.list4

dependencies: sources.list5
active: False

>>> ppa_schema = ImplicitTypeSchema(ppa-buildmaster.conf)
>>> ppa_config = ppa_schema.load(ppa-buildmaster.conf)
# You can iterate all the section that belong to the
# master ppa category.
>>> for section in ppa_config.ppa
... print

security vulnerability: yes → no
Changed in soyuz:
assignee: nobody → Celso Providelo (cprov)
Celso Providelo (cprov)
Changed in soyuz:
status: Triaged → In Progress
Revision history for this message
Celso Providelo (cprov) wrote :

r8829 (devel)

Changed in soyuz:
status: In Progress → Fix Committed
Celso Providelo (cprov)
Changed in soyuz:
status: Fix Committed → Fix Released
William Grant (wgrant)
visibility: private → public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers