PBChangeSource actually listens on a TCP port for clients to connect and
push change notices into the Buildmaster. This is used by the built-in
buildbot sendchange notification tool, as well as several
version-control hook scripts. This change source is also useful for creating
new kinds of change sources that work on a push model instead of some
kind of subscription scheme, for example a script which is run out of an email
.forward file.
This ChangeSource always runs on the same TCP port as the slaves. It
shares the same protocol, and in fact shares the same space of "usernames", so you cannot configure a PBChangeSource with the same name as a slave.
If you have a publicly accessible slave port, and are using
PBChangeSource, you must establish a secure username and password
for the change source. If your sendchange credentials are known (e.g., the
defaults), then your buildmaster is susceptible to injection of arbitrary
changes, which (depending on the build factories) could lead to arbitrary code
execution on buildslaves.
The PBChangeSource is created with the following arguments.
port’None (which is the default), it
shares the port used for buildslave connections.
user and passwd’change and changepw. Do not use
these defaults on a publicly exposed port!
prefix’This is useful for changes coming from version control systems that represent branches as parent directories within the repository (like SVN and Perforce). Use a prefix of 'trunk/' or 'project/branches/foobranch/' to only follow one branch and to get correct tree-relative filenames. Without a prefix, the PBChangeSource will probably deliver Changes with filenames like trunk/foo.c instead of just foo.c. Of course this also depends upon the tool sending the Changes in (like buildbot sendchange) and what filenames it is delivering: that tool may be filtering and stripping prefixes at the sending end.
The following hooks are useful for sending changes to a PBChangeSource: