summaryrefslogtreecommitdiff
path: root/debconf2015.pin
diff options
context:
space:
mode:
authorDaniel Silverstone <dsilvers@digital-scurf.org>2015-11-06 10:09:00 +0000
committerDaniel Silverstone <dsilvers@digital-scurf.org>2015-11-06 10:09:00 +0000
commit285f9bdd2d754f82419bd251e6c4fc4fcca8fec5 (patch)
tree57c41855411c67dfd9d670f6b1428a6c269d0ffa /debconf2015.pin
parent842623b3744066e33db35b9f5c7d595dfbb8af24 (diff)
downloadgitano-talk-285f9bdd2d754f82419bd251e6c4fc4fcca8fec5.tar.bz2
Moony backgrounds
Diffstat (limited to 'debconf2015.pin')
-rw-r--r--debconf2015.pin314
1 files changed, 314 insertions, 0 deletions
diff --git a/debconf2015.pin b/debconf2015.pin
new file mode 100644
index 0000000..f31ded8
--- /dev/null
+++ b/debconf2015.pin
@@ -0,0 +1,314 @@
+# Debian conference Pinpoint talk about Gitano
+
+[backing.png]
+[center]
+[font=Sans 50px]
+[stretch]
+
+-- [backing-cat-flop.png]
+
+-- [backing-cat-flop.png] [no-markup]
+
+Gitano - A Git service configured in Git
+
+Daniel Silverstone <dsilvers@debian.org>
+
+# Burble like a tard about who you are
+
+-- [backing-cat-flop.png]
+
+What is it?
+
+# Git Server
+# Written in Lua
+# Configured in Git where plausible
+
+-- [backing-cat-flop.png]
+
+Why do it?
+
+# Looked at gitolite and decided I could do
+# better or nicer or whatever
+
+-- [backing-cat-flop.png]
+
+Who is it for?
+
+# People who would like to run their own git server
+# Github is a more effective centralised version control
+# system than Subversion could ever hope to be.
+# P.S. Alioth.
+# Gitorious is a large unwieldy pile of crap
+# Both of them rely on data stores which are not Git
+
+-- [backing-cat-sunbathing.png]
+
+-- [backing-cat-sunbathing.png]
+
+Technology choices
+
+# Git - odd to list, but I mean configuration is in git
+# rulesets are in git, etc.etc.etc.
+# Lua - I like Lua, it's easy to prototype and write stuff
+# libgit2/luagit2 - Way faster than invoking git commands
+# although Gitano *can* operate without them
+# cgit rather than gitweb - much faster, caches, prettier
+
+-- [backing-cat-sunbathing.png]
+
+Lace - Lua Access Control Engine
+
+# ACL engine for rulesets. Most people who are at least
+# technically minded understand ACLs. Non-turing-complete
+# means output more easily cached Not using Lua means I
+# *could* switch implementation language if I wanted.
+
+-- [font=Monospace 50px]
+
+define ref_has_user_prefix ref prefix refs/heads/${user}/
+allow "User branches are okay" op_is_reffy ref_has_user_prefix
+
+# Simple example showing definitions, prefix-matches,
+# expansions (gitano specific) and permission statements.
+# list of defined predicates on the allow line must all pass
+
+-- [backing-cat-sunbathing.png]
+
+Clod - Configuration Language Organised (by) Dots
+
+# Designed to keep track of ordering of entries (and spaces)
+# Currently doesn't track comments (because that's super
+# hard) Humans and the library tend to edit files in similar
+# ways meaning diffs are sane
+
+-- [font=Monospace 50px]
+
+project.head "refs/heads/master"
+project.description "Black box testing of Unix programs"
+project.owner "liw"
+
+# Three simple string entries as might be found in a
+# repository configuration in Gitano.
+
+-- [font=Monospace 50px]
+
+description "Gitano Instance Administrators"
+
+members["*"] "dsilvers"
+
+# Clod also supports lists which remain ordered. This is an
+# example group file in a Gitano repository
+
+-- [backing-cat-sunbathing.png]
+
+Supple - Sandbox [(for) Untrusted Procedure Partitioning (in) Lua] Engine
+
+# Supple allows me to run hooks provided by project owners
+# safely without risking them gaining access to the server
+# in any unusual way.
+
+# Hooks are run as Lua code with a limited set of functions
+# and only the data relevant to the event they're hooking
+# (along with a read-only repository object they can use to
+# interrogate other things a bit)
+
+-- [backing-cat-sunbathing.png]
+
+To limit the attack surface...
+
+The "untrusted" code runs in a (limited) Lua sandbox.
+
+That sandbox is soft-limited in terms of VM opcodes and memory.
+
+The sandbox is monitored and IO marshalled externally.
+
+# Your "untrusted" code is run inside a Lua sandbox which
+# has only a limited set of Lua's functionality exposed to
+# it.
+
+# That sandbox is soft-limited (optionally) in terms of VM
+# opcodes and memory allocated by Lua
+
+# The sandbox is run inside a monitoring Lua VM instance
+# which is responsible for carefully marshalling calls etc
+# into and out of the sandbox. All your comms go via this
+# monitor.
+
+-- [backing-cat-sunbathing.png]
+
+Just in case...
+
+The monitor is a Lua VM anyway, and it's all inside a separate process.
+
+The sandbox process is in an ephemeral chroot.
+
+# The monitor is, itself, a Lua VM anyway, inside a process
+# which is separate from the process you're doing untrusted
+# work on behalf of.
+
+# The sandbox process is created using a rootly helper so
+# that it's put into an isolation state consisting of a
+# directory which is owned by root which is set as your root
+# via the chroot call, but which is also rmdir'd so it's
+# ephemeral. Your process drops privileges back to the
+# calling UID so it cannot do anything inside its CWD
+# anyway.
+
+-- [backing-cat-sunbathing.png]
+
+And if that's not enough...
+
+Solid rlimits in terms of memory and open FDs
+
+And on Linux, memory is pre-allocated and we enter seccomp mode 1.
+
+# On top of that, the sandbox has some pretty solid rlimits
+# set in terms of max CPU usage, max VM size, max FDs open,
+# and max size of any file it writes. As such, it can't
+# create > 0 byte files in the directory it doesn't have
+# access to, and could only do that if it closed the FD to
+# the host process which is its only communications avenue.
+
+# Then, if you're on Linux, we go one step further and
+# pre-allocate enough memory for the interpreter to not hit
+# the rlimit and then enter seccomp mode 1 which limits the
+# syscalls permissible to read, write, _exit and sigreturn
+# so even if you could have circumvented any/all of the
+# limits above, you now can't make syscalls to take
+# advantage of them.
+
+# If that's not sandbox enough, please tell me how to
+ improve matters further.
+
+-- [backing-cat-sunbathing.png]
+
+Gall - Git Abstraction Layer (in) Lua
+
+# Abstraction layer for accessing Git repositories from Lua.
+# Focusses on bare repositories and can operate using the
+# git commandline or the libgit2 library (via the luagit2
+# binding).
+
+# Next comes inelegance, so "phew" goes here.
+
+-- [backing-cat-inelegant.png]
+
+-- [backing-cat-inelegant.png]
+
+Putting it all together.
+
+Gitano uses all of these libraries and adds utility commands
+for managing repositories, users, rules, etc.
+
+# Using these libraries and with a small amount of code of
+# its own Gitano then provides a git service with important
+# additional commands such as creating and destroying
+# repositories
+
+-- [font=Monospace 50px] [no-markup]
+
+ssh git@server create fooproject/barrepo
+[example] Creating repository: fooproject/barrepo
+[example] Setting repository owner to dsilvers
+[example] <fooproject/barrepo> Set owner to <dsilvers>
+[example] Running checks to ensure hooks etc are configured
+[example] Repository fooproject/barrepo created ok. Remember to configure rules etc.
+
+ssh git@server help config
+[example] config ---- View and change configuration for a repository (Takes a repo)
+[example]
+[example] => usage: config <reponame> <cmd> [args...]
+[example] =>
+[example] => View and manipulate the configuration of a repository.
+...
+
+
+# Create a repository, ask for help about configuration
+# Gitano has help built in for all its commands too
+
+# And now for something shocking
+
+-- [backing-cat-shocked.png]
+
+-- [backing-cat-shocked.png]
+
+Integrating with external apps and services
+
+OpenSSH server, Cgit (gitweb at a pinch), git-daemon
+
+Outgoing HTTP calls from hooks
+
+# Horrifyingly shocking idea, but integrating with external
+# services is a good idea. As such, Gitano uses OpenSSH
+# (nominally any other SSH too) for authentication and
+# secure connections.
+# Primarily focussed on cgit, we do generate the bits needed
+# for gitweb to operate too. And we produce the
+# git-daemon-export-ok file for the git daemon to be able to
+# work.
+
+-- [backing-cat-shocked.png]
+
+Real users of Gitano
+
+ - git.gitano.org.uk, git.liw.fi
+ - git.netsurf-browser.org, richard.maw.name/git
+ - Codethink and Baserock
+
+# Equally horrifyingly, people use this crap what I wrote.
+
+# But, it's not enough (sound stern)
+
+-- [backing-cat-stern.png]
+
+-- [command=google-chrome --app=https://trello.com/b/l4Id6iiC/gitano] [backing-cat-stern.png]
+
+Future plans
+
+Lots of ideas for future content, see the Trello
+
+ - https://trello.com/b/l4Id6iiC/gitanow
+ - (Link is on www.gitano.org.uk)
+
+# I would welcome contributions to Gitano or the libraries
+# behind it. I would especially welcome contributions which
+# increase the scenario test suite coverage.
+
+-- [backing-cat-eat-you.png]
+
+-- [command=gnome-terminal] [backing-cat-eat-you.png]
+
+Live demo and walkthrough
+
+"Stand by for action!
+ We are about to launch Stingray!
+ Marineville - I am calling 'Battle Stations'!
+ Anything can happen in the next half-hour!"
+
+ - Commander Shore
+
+# I make no promises, but here goes a demo which might eat
+# my face.
+
+-- [backing-cat-flop.png]
+
+Mailing list: <span font="Monospace 50px">gitano-dev@gitano.org.uk</span>
+IRC Channel: <span font="Monospace 50px">#gitano</span> on Freenode
+Website: <span font="Monospace 50px">http://www.gitano.org.uk/</span>
+
+Any questions?
+
+-- [backing-cat-sat.png]
+
+# Intrusive cat says "Enough with the talkings"
+
+-- [backing-cat-sat.png]
+
+Thank you for listening
+
+This talk is available from:
+<span font="Monospace 50px">git://git.gitano.org.uk/personal/dsilvers/gitano-talk.git</span>
+
+Current (at time of talk) gitano-all deb (4-1) at:
+<span font="Monospace 50px">http://users.pepperfish.net/dsilvers/gitano-deb/</span>
+