This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository buildscripts. commit 39c251f3a15d9d7f95ca4169f481eab3c3e5213a Author: Mihai Moldovan <ionic@ionic.de> Date: Thu Nov 30 03:37:43 2017 +0100 bin/slave-start-prepare.sh: switch to sudo-based login simulation. Let's us drop multiple invocations (more than two, anyway) of the script and an ugly hardcoded groups-to-apply value. --- bin/slave-start-prepare.sh | 42 ++++++++++++------------------------------ 1 file changed, 12 insertions(+), 30 deletions(-) diff --git a/bin/slave-start-prepare.sh b/bin/slave-start-prepare.sh index cdc2571..edf8d33 100755 --- a/bin/slave-start-prepare.sh +++ b/bin/slave-start-prepare.sh @@ -8,8 +8,9 @@ typeset prefix="$(cut -d"-" -f1 <<< "$(basename "${0}")")" # We cannot use su, because that requires a TTY and spawning such # a TTY (even if it's just a PTY) will make Jenkins output stuff # directly - that data will never make it to the jenkins slave command. -# sudo doesn't do what is said on the box. -# For now, do this stuff manually. +# sudo needs special configuration to make it re-query the groups +# database for same-user contexts. +# Make sure that group_source is set to "dynamic" in sudoers.conf! if [[ "${#}" -eq "0" ]]; then # Sync up buildscripts directory when script is called first. @@ -17,39 +18,20 @@ if [[ "${#}" -eq "0" ]]; then # data (after exec calls.) "${HOME}/bin/slave-sync.sh" - typeset -a set_groups - set_groups=( "mock" "obs" "sbuild" ) - - exec "${0}" --set-groups "${set_groups[@]}" + exec sudo -n -u "${USER}" -- "${0}" --initialized else - if [[ "${1}" == "--set-groups" ]]; then - shift - - if [[ "${#}" -gt "0" ]]; then - # Process next group in list. - typeset cur_group="${1}" - shift - - exec sg "${cur_group}" "${0} --set-groups ${*}" - else - # No more groups in list, make the primary group actually primary. - # Note that while the sg man page says that it supports the "-" - # parameter just as newgrp does, in fact this is not supported. - # Let's hope the primary group is always called like the user. - exec sg "${USER}" "${0} --skip-groups" - fi + if [[ "${1}" == "--initialized" ]]; then + # Script re-executed via sudo. Groups should match the inner + # system. + # Sync up buildscripts again and continue script execution. + "${HOME}/bin/slave-sync.sh" else - if [[ "${1}" == "--skip-groups" ]]; then - # All groups processed, including primary group. - # Sync up buildscripts again and continue script execution. - "${HOME}/bin/slave-sync.sh" - else - echo "Script called with unknown parameters. Aborting." >&2 - exit "1" - fi + echo "Script called with unknown parameters. Aborting." >&2 + exit "1" fi fi + # Generate this stuff via: # - openssl s_client -showcerts -servername hostname -connect host:port # - copy the first PEM-encoded certificate to ${cert} including headers (if printed) -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/buildscripts.git