[X2Go-Dev] Raspberry Pi Builds and How to Handle Authentication/Signing
Michael DePaulo
mikedep333 at gmail.com
Sat Apr 4 22:22:36 CEST 2015
Stefan and Mihai, see responses below:
On Apr 4, 2015 3:39 PM, "Stefan Baur" <X2Go-ML-1 at baur-itcs.de> wrote:
>
> Am 04.04.2015 um 17:45 schrieb Michael DePaulo:
>
> > 1st of all, I recall that someone else offered to setup a Raspberry Pi
> > for X2Go Jenkins builds, but I forget who it was. I also cannot find
> > anything about it in my IRC logs or emails.
>
> That was h1. IIRC, his original plans were to colocate one or two RPis
> along with a larger server in a datacenter, but his plans haven't worked
> out so far.
>
> Mihai could offer temporary hosting for h1' hardware, if he's willing to
> ship it to him. (Mihai has a static IP - and sufficient bandwidth, we
> believe.)
>
> -Stefan
[...]
Hardware isn't the issue. I have 2 Raspberry Pi 2 units. I can have them
use iscsi or nfs so that they do not wear out their SD cards. I have a
50mbit/50mbit low-end fiber connection with a soft limit of something like
1TB/month.
Colocation in a dc would be better though.
On Apr 4, 2015 3:52 PM, "Mihai Moldovan" <ionic at ionic.de> wrote:
>
> On 04.04.2015 05:45 PM, Michael DePaulo wrote:
> > I figured I would setup my Raspberry Pi 2 at my apartment as a Jenkins
> > slave. However, it appears that I would need to upload the packages to
> > code.x2go.org with dupload, which would in turn call scp in batch
> > mode. That means setting up SSH public key authentication.
> >
> > We would also have to figure out package signing.
> >
> > So before I continue, I want to know:
> >
> > 1. Should I continue setting this up, or should we try to use
> > qemubuilder on japsand with a Raspberry Pi version of QEMU?
>
> Really not sure what makes more sense. Qemu is really slow for
> non-native arches (naturally, due to the emulation.) A raspberry pi
> might even be faster than that, but I don't know this for sure.
The Raspberry Pi 2 is a huge improvement if you compile with multiple
jobs/threads. (It has 4 cores and 1GB instead of 512MB RAM.) Even with only
1 thread/job, you get nearly 2x the performance IIRC.
The main reason to use Qemu is to reuse our existing build infrastructure
and its signing/auth.
> > 2. If I continue setting this up, how should we setup the SSH and GPG
> keys?
>
> I believe GPG signing should be done on the server after uploading the
> files. Transferring the general private key to your RasPi machine isn't
> a good idea.
>
> I'm also wary to having your RasPi machine log in to ymir as x2go-admin,
> for that would it basically give it complete access to everything,
> including git repos.
>
> Uploading files into a staging area to which x2go-admin has access with
> a new, unprivileged user and having a cron job for x2go-admin move the
> files in place seems to be a saner solution.
>
> Mihai
This approach sounds good to me.
For now, I will test building without uploading. I will probably test
signing with a key of my own.
-Mike#2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20150404/432d520b/attachment.html>
More information about the x2go-dev
mailing list