September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
部署代码
|
227
隔绝的构建有以下优势。
•
支持构建输入分析和策略应用。
Google
的实践包括通过使用通用漏洞列表(
CVE
)
数据库检测并修补存在漏洞的软件,确保符合开源许可协议,以及预防使用策
略禁止的软件,如已知的不安全库。
•
保证第三方导入内容的完整性,如验证依赖项的加密散列值,或要求获取请求
均来自可信的存储库,并使用
HTTPS
发送。
•
能择优拣选。在不引入额外行为变更的情况下(如由不同编译器版本引起的行
为更改),可通过修补代码、重新生成二进制文件并将其发布到生产环境中来修
复错误。紧急发布可能不会像常规发布那样做充足的测试和审查,而择优拣选
能有效降低由此带来的风险。
隔绝的构建案例包括运行在沙盒模式下的
Bazel
,以及使用
package-lock.json
的
npm
。
可复现性
针对相同的输入内容运行同样的构建命令,能保证产生的输出完全相同。通常来
说,可复现性与隔绝性紧密相关
18
。
可复现的构建具有以下优点。
•
可验证性
。如
14.5.3
节中所述,验证者可以通过复制构建本身或使用一定数量
的重新构建程序来确定工件的二进制文件来源。
•
隔绝性
。不可复现通常意味着不具备隔绝性。针对可复现性的持续测试有助于
尽早检测隔绝性缺失的情况,进而保证能享受到上述益处。
•
构建缓存
。通过使用可复现构建,能在大型构建图(如
Bazel
)中更好地缓存中
间构建工件。
要使构建具备可复现性,必须移除所有不确定的构建来源,并提供复现该构建所需
的所有信息(叫作
buildinfo
)。例如,如果编译器将时间戳编入输出工件中,则必 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.