Babushka: test-driven sysadmin.

Finding deps

You can search on github for deps you might like to use, using the term ‘babushka-deps’.


Deps can run any ruby code. Since ruby can shell out, a dep can run any code at all. A maliciously written dep could add your machine to a botnet, or email your ssh key to a mobster, or anything crafty or untoward you can think of.

(This is true of any code you run on your machine. If you run it, you’re trusting it.)

Babushka has no security features at all. This is by design, because the only real type of security is a network of trust. Anything else is, as Linus Torvalds said, masturbation.

The upshot: Only run deps written by people you trust to get them right, or deps whose code you’ve inspected beforehand.

In particular, --dry-run is not a contract; it’s an honour system. A badly written dep could still change your system even when you use --dry-run.

Dep sources are shared using git, so you can rely on their immutability once you’ve checked the refs, like any git repo.

Dep Locations

There are three standard locations that babushka will search within to find deps.

Babushka will find deps in those locations by default. Other deps – ones published by other people, for example – are found in dep sources.