[Mageia-sysadm] [516] use a mdv-youri-submit wrapper through sudo, for repsys
root at mageia.org
root at mageia.org
Tue Dec 7 00:38:39 CET 2010
Revision: 516
Author: blino
Date: 2010-12-07 00:38:39 +0100 (Tue, 07 Dec 2010)
Log Message:
-----------
use a mdv-youri-submit wrapper through sudo, for repsys
Modified Paths:
--------------
puppet/modules/buildsystem/manifests/init.pp
puppet/modules/buildsystem/templates/repsys.conf
Added Paths:
-----------
puppet/modules/buildsystem/templates/mdv-youri-submit
puppet/modules/buildsystem/templates/mdv-youri-submit.wrapper
puppet/modules/buildsystem/templates/sudoers.youri
Modified: puppet/modules/buildsystem/manifests/init.pp
===================================================================
--- puppet/modules/buildsystem/manifests/init.pp 2010-12-06 17:25:58 UTC (rev 515)
+++ puppet/modules/buildsystem/manifests/init.pp 2010-12-06 23:38:39 UTC (rev 516)
@@ -104,6 +104,29 @@
}
}
+ class youri_submit {
+ file { "/usr/local/bin/mdv-youri-submit":
+ owner => root,
+ group => root,
+ mode => 755,
+ content => template("buildsystem/mdv-youri-submit")
+ }
+
+ file { "/usr/local/bin/mdv-youri-submit.wrapper":
+ owner => root,
+ group => root,
+ mode => 755,
+ content => template("buildsystem/mdv-youri-submit.wrapper")
+ }
+
+ file { "/etc/sudoers.d/mdv-youri-submit":
+ owner => root,
+ group => root,
+ mode => 440,
+ content => template("buildsystem/sudoers.youri")
+ }
+ }
+
define sshuser($homedir, $comment) {
group {"$title":
ensure => present,
Added: puppet/modules/buildsystem/templates/mdv-youri-submit
===================================================================
--- puppet/modules/buildsystem/templates/mdv-youri-submit (rev 0)
+++ puppet/modules/buildsystem/templates/mdv-youri-submit 2010-12-06 23:38:39 UTC (rev 516)
@@ -0,0 +1,2 @@
+#!/bin/sh
+sudo mdv-youri-submit.wrapper "$@"
Property changes on: puppet/modules/buildsystem/templates/mdv-youri-submit
___________________________________________________________________
Added: svn:executable
+ *
Added: puppet/modules/buildsystem/templates/mdv-youri-submit.wrapper
===================================================================
--- puppet/modules/buildsystem/templates/mdv-youri-submit.wrapper (rev 0)
+++ puppet/modules/buildsystem/templates/mdv-youri-submit.wrapper 2010-12-06 23:38:39 UTC (rev 516)
@@ -0,0 +1,36 @@
+#!/usr/bin/perl
+# youri-submit wrapper
+
+use strict;
+use warnings;
+use Fcntl ':mode';
+use File::Basename;
+use MDK::Common;
+
+my $log_dir = "$ENV{HOME}/submit-logs";
+
+my $sudo_user = $ENV{SUDO_USER} or die "should be run through sudo";
+my @prog = ('perl', '-I/usr/share/mdv-youri-core/lib', '-I/usr/share/mdv-youri-submit/lib', '/usr/share/mdv-youri-submit/bin/youri-submit');
+
+my @options;
+foreach my $arg (@ARGV) {
+ if ($arg =~ /^-?-(\S+)/) {
+ # drop prohibited options
+ if ($arg =~ /-c/ || $arg =~ /-s/) {
+ print STDERR "prohibited option $arg, skipping\n";
+ next;
+ }
+ }
+ push(@options, $arg);
+}
+
+# logging for bug #30315 -spuk, 2007-05-29
+mkdir_p($log_dir);
+open(STDERR, "| tee -a $log_dir/$sudo_user.err >&2");
+open(STDOUT, "| tee -a $log_dir/$sudo_user.out");
+
+# call wrapped program
+print "Executing @prog --config /etc/youri/submit-todo.conf --define user=$sudo_user @options (sudo_user $sudo_user)\n";
+my $err = system(@prog, "-v", "--verbose", "--config", "/etc/youri/submit-todo.conf", "--define", "user=$sudo_user", @options) && ($? >> 8 || 1);
+
+exit $err
Property changes on: puppet/modules/buildsystem/templates/mdv-youri-submit.wrapper
___________________________________________________________________
Added: svn:executable
+ *
Modified: puppet/modules/buildsystem/templates/repsys.conf
===================================================================
--- puppet/modules/buildsystem/templates/repsys.conf 2010-12-06 17:25:58 UTC (rev 515)
+++ puppet/modules/buildsystem/templates/repsys.conf 2010-12-06 23:38:39 UTC (rev 516)
@@ -56,7 +56,7 @@
[helper]
create-srpm = /usr/share/repsys/create-srpm
-upload-srpm = perl -I/usr/share/mdv-youri-core/lib -I/usr/share/mdv-youri-submit/lib /usr/share/mdv-youri-submit/bin/youri-submit
+upload-srpm = /usr/local/bin/mdv-youri-submit
# needed by mdvsys 2.0
install-buildrequires = sudo rurpmi --auto --no-suggests
Added: puppet/modules/buildsystem/templates/sudoers.youri
===================================================================
--- puppet/modules/buildsystem/templates/sudoers.youri (rev 0)
+++ puppet/modules/buildsystem/templates/sudoers.youri 2010-12-06 23:38:39 UTC (rev 516)
@@ -0,0 +1,3 @@
+Cmnd_Alias YOURI = /usr/local/bin/mdv-youri-submit.wrapper
+Defaults!YOURI always_set_home
+%mga-packagers ALL = (<%= sched_login %>) NOPASSWD: YOURI
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101207/034fe5ea/attachment-0001.html>
More information about the Mageia-sysadm
mailing list