|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Although we scan the keys of the Trove, we can only do this for the exact
hostname specified in TROVE_HOST. If the definitions being built point
to repos in the Trove using an SSH URL but with a different hostname
(e.g. as an IP address, or a differently qualified hostname) then the
distbuild will fail with a fairly opaque error:
ERROR: Build of xx failed: ERROR: Failed to update cached version of
repo ssh://git@.../xxx
Currently we expect distbuild to be deployed on a trusted private
network, so this change doesn't make it less secure. However, it would
be a problem in future if we want distbuild networks connecting to their
Trove across a public, untrusted network.
Change-Id: I6cf8b318cab8985e811b5ee5ac29df225b62270d
|