[X2Go-Commits] [buildscripts] 01/01: bin/slave-start-prepare.sh: switch to sudo-based login simulation.
git-admin at x2go.org
git-admin at x2go.org
Thu Nov 30 03:39:25 CET 2017
This is an automated email from the git hooks/post-receive script.
x2go pushed a commit to branch master
in repository buildscripts.
commit 39c251f3a15d9d7f95ca4169f481eab3c3e5213a
Author: Mihai Moldovan <ionic at ionic.de>
Date: Thu Nov 30 03:37:43 2017 +0100
bin/slave-start-prepare.sh: switch to sudo-based login simulation.
Let's us drop multiple invocations (more than two, anyway) of the script
and an ugly hardcoded groups-to-apply value.
---
bin/slave-start-prepare.sh | 42 ++++++++++++------------------------------
1 file changed, 12 insertions(+), 30 deletions(-)
diff --git a/bin/slave-start-prepare.sh b/bin/slave-start-prepare.sh
index cdc2571..edf8d33 100755
--- a/bin/slave-start-prepare.sh
+++ b/bin/slave-start-prepare.sh
@@ -8,8 +8,9 @@ typeset prefix="$(cut -d"-" -f1 <<< "$(basename "${0}")")"
# We cannot use su, because that requires a TTY and spawning such
# a TTY (even if it's just a PTY) will make Jenkins output stuff
# directly - that data will never make it to the jenkins slave command.
-# sudo doesn't do what is said on the box.
-# For now, do this stuff manually.
+# sudo needs special configuration to make it re-query the groups
+# database for same-user contexts.
+# Make sure that group_source is set to "dynamic" in sudoers.conf!
if [[ "${#}" -eq "0" ]]; then
# Sync up buildscripts directory when script is called first.
@@ -17,39 +18,20 @@ if [[ "${#}" -eq "0" ]]; then
# data (after exec calls.)
"${HOME}/bin/slave-sync.sh"
- typeset -a set_groups
- set_groups=( "mock" "obs" "sbuild" )
-
- exec "${0}" --set-groups "${set_groups[@]}"
+ exec sudo -n -u "${USER}" -- "${0}" --initialized
else
- if [[ "${1}" == "--set-groups" ]]; then
- shift
-
- if [[ "${#}" -gt "0" ]]; then
- # Process next group in list.
- typeset cur_group="${1}"
- shift
-
- exec sg "${cur_group}" "${0} --set-groups ${*}"
- else
- # No more groups in list, make the primary group actually primary.
- # Note that while the sg man page says that it supports the "-"
- # parameter just as newgrp does, in fact this is not supported.
- # Let's hope the primary group is always called like the user.
- exec sg "${USER}" "${0} --skip-groups"
- fi
+ if [[ "${1}" == "--initialized" ]]; then
+ # Script re-executed via sudo. Groups should match the inner
+ # system.
+ # Sync up buildscripts again and continue script execution.
+ "${HOME}/bin/slave-sync.sh"
else
- if [[ "${1}" == "--skip-groups" ]]; then
- # All groups processed, including primary group.
- # Sync up buildscripts again and continue script execution.
- "${HOME}/bin/slave-sync.sh"
- else
- echo "Script called with unknown parameters. Aborting." >&2
- exit "1"
- fi
+ echo "Script called with unknown parameters. Aborting." >&2
+ exit "1"
fi
fi
+
# Generate this stuff via:
# - openssl s_client -showcerts -servername hostname -connect host:port
# - copy the first PEM-encoded certificate to ${cert} including headers (if printed)
--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/buildscripts.git
More information about the x2go-commits
mailing list