This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch master in repository buildscripts. from e6d4cd4 bin/sbuild-deb-package: only build arch-dep binary packages for ppc64{le,be}. new 39c251f bin/slave-start-prepare.sh: switch to sudo-based login simulation. The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: bin/slave-start-prepare.sh | 42 ++++++++++++------------------------------ 1 file changed, 12 insertions(+), 30 deletions(-) -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/buildscripts.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository buildscripts. commit 39c251f3a15d9d7f95ca4169f481eab3c3e5213a Author: Mihai Moldovan <ionic@ionic.de> Date: Thu Nov 30 03:37:43 2017 +0100 bin/slave-start-prepare.sh: switch to sudo-based login simulation. Let's us drop multiple invocations (more than two, anyway) of the script and an ugly hardcoded groups-to-apply value. --- bin/slave-start-prepare.sh | 42 ++++++++++++------------------------------ 1 file changed, 12 insertions(+), 30 deletions(-) diff --git a/bin/slave-start-prepare.sh b/bin/slave-start-prepare.sh index cdc2571..edf8d33 100755 --- a/bin/slave-start-prepare.sh +++ b/bin/slave-start-prepare.sh @@ -8,8 +8,9 @@ typeset prefix="$(cut -d"-" -f1 <<< "$(basename "${0}")")" # We cannot use su, because that requires a TTY and spawning such # a TTY (even if it's just a PTY) will make Jenkins output stuff # directly - that data will never make it to the jenkins slave command. -# sudo doesn't do what is said on the box. -# For now, do this stuff manually. +# sudo needs special configuration to make it re-query the groups +# database for same-user contexts. +# Make sure that group_source is set to "dynamic" in sudoers.conf! if [[ "${#}" -eq "0" ]]; then # Sync up buildscripts directory when script is called first. @@ -17,39 +18,20 @@ if [[ "${#}" -eq "0" ]]; then # data (after exec calls.) "${HOME}/bin/slave-sync.sh" - typeset -a set_groups - set_groups=( "mock" "obs" "sbuild" ) - - exec "${0}" --set-groups "${set_groups[@]}" + exec sudo -n -u "${USER}" -- "${0}" --initialized else - if [[ "${1}" == "--set-groups" ]]; then - shift - - if [[ "${#}" -gt "0" ]]; then - # Process next group in list. - typeset cur_group="${1}" - shift - - exec sg "${cur_group}" "${0} --set-groups ${*}" - else - # No more groups in list, make the primary group actually primary. - # Note that while the sg man page says that it supports the "-" - # parameter just as newgrp does, in fact this is not supported. - # Let's hope the primary group is always called like the user. - exec sg "${USER}" "${0} --skip-groups" - fi + if [[ "${1}" == "--initialized" ]]; then + # Script re-executed via sudo. Groups should match the inner + # system. + # Sync up buildscripts again and continue script execution. + "${HOME}/bin/slave-sync.sh" else - if [[ "${1}" == "--skip-groups" ]]; then - # All groups processed, including primary group. - # Sync up buildscripts again and continue script execution. - "${HOME}/bin/slave-sync.sh" - else - echo "Script called with unknown parameters. Aborting." >&2 - exit "1" - fi + echo "Script called with unknown parameters. Aborting." >&2 + exit "1" fi fi + # Generate this stuff via: # - openssl s_client -showcerts -servername hostname -connect host:port # - copy the first PEM-encoded certificate to ${cert} including headers (if printed) -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/buildscripts.git
-
git-admin@x2go.org