Trusting builds with Bazel remote execution
5 days ago
- #Build Security
- #Remote Execution
- #Bazel
- Bazel remote caching alone is suboptimal due to security limitations in cache sharing across users.
- Remote execution enables safe cache sharing by providing a trusted execution environment for actions.
- Bazel's remote execution involves multiple components: frontends, scheduler, workers, CAS, and AC.
- Workers are divided into privileged services and containerized runners for untrusted action code.
- Remote execution decouples action execution from Bazel, ensuring tamper-proof results.
- Securing workers involves disabling network access and ensuring deterministic actions.
- End-to-end build security requires restricting AC writes to remote workers only.
- Bazel's invocation policy feature enforces command-line flag settings for security and consistency.
- A case study highlights risks of remote local fallback poisoning in CI environments.
- Future solutions aim to eliminate the need for local fallback in remote execution.