[X2Go-Commits] [buildscripts] 01/01: bin/slave-start-prepare.sh: switch to sudo-based login simulation.

Thu Nov 30 03:39:25 CET 2017

This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch master
in repository buildscripts.

commit 39c251f3a15d9d7f95ca4169f481eab3c3e5213a
Author: Mihai Moldovan <ionic at ionic.de>
Date:   Thu Nov 30 03:37:43 2017 +0100

    bin/slave-start-prepare.sh: switch to sudo-based login simulation.
    
    Let's us drop multiple invocations (more than two, anyway) of the script
    and an ugly hardcoded groups-to-apply value.
---
 bin/slave-start-prepare.sh | 42 ++++++++++++------------------------------
 1 file changed, 12 insertions(+), 30 deletions(-)

diff --git a/bin/slave-start-prepare.sh b/bin/slave-start-prepare.sh
index cdc2571..edf8d33 100755
--- a/bin/slave-start-prepare.sh
+++ b/bin/slave-start-prepare.sh
@@ -8,8 +8,9 @@ typeset prefix="$(cut -d"-" -f1 <<< "$(basename "${0}")")"
 # We cannot use su, because that requires a TTY and spawning such
 # a TTY (even if it's just a PTY) will make Jenkins output stuff
 # directly - that data will never make it to the jenkins slave command.
-# sudo doesn't do what is said on the box.
-# For now, do this stuff manually.
+# sudo needs special configuration to make it re-query the groups
+# database for same-user contexts.
+# Make sure that group_source is set to "dynamic" in sudoers.conf!
 
 if [[ "${#}" -eq "0" ]]; then
   # Sync up buildscripts directory when script is called first.
@@ -17,39 +18,20 @@ if [[ "${#}" -eq "0" ]]; then
   # data (after exec calls.)
   "${HOME}/bin/slave-sync.sh"
 
-  typeset -a set_groups
-  set_groups=( "mock" "obs" "sbuild" )
-
-  exec "${0}" --set-groups "${set_groups[@]}"
+  exec sudo -n -u "${USER}" -- "${0}" --initialized
 else
-  if [[ "${1}" == "--set-groups" ]]; then
-    shift
-
-    if [[ "${#}" -gt "0" ]]; then
-      # Process next group in list.
-      typeset cur_group="${1}"
-      shift
-
-      exec sg "${cur_group}" "${0} --set-groups ${*}"
-    else
-      # No more groups in list, make the primary group actually primary.
-      # Note that while the sg man page says that it supports the "-"
-      # parameter just as newgrp does, in fact this is not supported.
-      # Let's hope the primary group is always called like the user.
-      exec sg "${USER}" "${0} --skip-groups"
-    fi
+  if [[ "${1}" == "--initialized" ]]; then
+    # Script re-executed via sudo. Groups should match the inner
+    # system.
+    # Sync up buildscripts again and continue script execution.
+    "${HOME}/bin/slave-sync.sh"
   else
-    if [[ "${1}" == "--skip-groups" ]]; then
-      # All groups processed, including primary group.
-      # Sync up buildscripts again and continue script execution.
-      "${HOME}/bin/slave-sync.sh"
-    else
-      echo "Script called with unknown parameters. Aborting." >&2
-      exit "1"
-    fi
+    echo "Script called with unknown parameters. Aborting." >&2
+    exit "1"
   fi
 fi
 
+
 # Generate this stuff via:
 #   - openssl s_client -showcerts -servername hostname -connect host:port
 #   - copy the first PEM-encoded certificate to ${cert} including headers (if printed)

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/buildscripts.git
