Re: Remote service accounts protection in autopkgtest?

To: Vasyl Gello <vasek.gello@gmail.com>, debian-devel@lists.debian.org, Debian CI team <debian-ci@lists.debian.org>
Subject: Re: Remote service accounts protection in autopkgtest?
From: Paul Gevers <elbrus@debian.org>
Date: Mon, 23 Jan 2023 21:15:40 +0100
Message-id: <[🔎] 5424d8ee-22eb-8760-6967-73024ae3bfaf@debian.org>
In-reply-to: <[🔎] 526C9137-2A07-41BC-9DDE-192F3B72615C@gmail.com>
References: <[🔎] 526C9137-2A07-41BC-9DDE-192F3B72615C@gmail.com>

Hi Vasyl,

On 22-01-2023 22:33, Vasyl Gello wrote:

Assuming I would like to test the package interacting with some proprietary
third-party service on the web (like Kodi PVR addon), is there any mechanism
protecting of account details so that autopkgtest machines can read them
while outside world can not. Docker / podman / GitHub / GitLab all have
the "secrets" command for exactly that purpose.

I think adding the common GPG key for Debian autopkgtest infrastructure

and exposing only the public key part of it to the public access (soeveryonecan encrypt the account details for autopkgtest but not decrypt them) isworth

the efforts.

What do you think?

If I understand the proposal correctly, it's both src:debci (to managethe key) and src:autopkgtest (to use it) that would need to grow supportfor this. I'm personally not going to work on this any time soon, butI'm pretty sure we'll accept reasonable patches.


Paul

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to:

References:
- Remote service accounts protection in autopkgtest?
  - From: Vasyl Gello <vasek.gello@gmail.com>

Prev by Date: Bug#1029527: ITP: libtest2-plugin-memusage-perl -- Perl module to collect and display memory usage information
Next by Date: security paperwork machine
Previous by thread: Remote service accounts protection in autopkgtest?
Next by thread: Bug#1029495: ITP: libdevel-cover-report-clover-perl -- backend for Clover reporting of coverage statistics
Index(es):
- Date
- Thread