Rockbox.org home
release
dev builds
extras
themes manual
wiki
device status forums
mailing lists
IRC bugs
patches
dev guide



Rockbox mail archive

Subject: Re: My Android and simulator builds shutdown

Re: My Android and simulator builds shutdown

From: Frank Gevaerts <frank_at_gevaerts.be>
Date: Sun, 20 Jan 2013 18:56:50 +0100

On Sun, Jan 20, 2013 at 02:04:19AM +0100, Jonas Häggqvist wrote:
> Or alternatively, if maybe the main build system should be used to
> provide these downloads?

For the windows sims, we could just set that up. All we need is a set of
build clients that have the mingw toolchain installed, an updated client
script that knows about this toolchain, and moving the resulting files
to an appropriate place. I'd say this can be done in less than a week if
we want it (but see also the general security note at the end of the
android bit).

For the android builds, the old problem of signing still exists. There
are several ways to handle that, each with its own pros and cons:

* build them all on the server, and let that handle the signing
  We need some extra server-side scripts for this, and there will be
  extra server load. I don't know if that's acceptable.

* distributed builds, central signing
  This would need some new server-side scripts to handle the signing,
  and some makefile modifications so we can easily buiuld unsigned apps.

* distributed builds, shared signing key
  This should work, and it requires nearly no new infrastructure, but
  it's a *very* bad idea from a security point of view.

* distributed builds, no shared key
  This doesn't really work. People would have to uninstall the app and
  reinstall it for every update due to differing signing keys.

Note that all but the first option would (at least in theory) allow a
malicious third party to set up a fake build server and upload a
different binary, which would be a nice way to distribute malware. This
is also possible for all other builds of course, but for anything that's
not running on a general purpose device (such as a windows box or an
android phone), there's not much to gain for an attacker. It's probably
a good idea to only allow things like windows sims or android app builds
from known people (which would require some work. The build system
currently doesn't support that)

Frank

-- 
"Debugging is twice as hard as writing the code in the first place.
Therefore, if you write the code as cleverly as possible, you are,
by definition, not smart enough to debug it." - Brian W. Kernighan
Received on 2013-01-20

Page was last modified "Jan 10 2012" The Rockbox Crew
aaa