[Mageia-sysadm] [516] use a mdv-youri-submit wrapper through sudo, for repsys

root at mageia.org root at mageia.org
Tue Dec 7 00:38:39 CET 2010 

Revision: 516
Author:   blino
Date:     2010-12-07 00:38:39 +0100 (Tue, 07 Dec 2010)
Log Message:
-----------
use a mdv-youri-submit wrapper through sudo, for repsys

Modified Paths:
--------------
    puppet/modules/buildsystem/manifests/init.pp
    puppet/modules/buildsystem/templates/repsys.conf

Added Paths:
-----------
    puppet/modules/buildsystem/templates/mdv-youri-submit
    puppet/modules/buildsystem/templates/mdv-youri-submit.wrapper
    puppet/modules/buildsystem/templates/sudoers.youri

Modified: puppet/modules/buildsystem/manifests/init.pp
===================================================================
--- puppet/modules/buildsystem/manifests/init.pp	2010-12-06 17:25:58 UTC (rev 515)
+++ puppet/modules/buildsystem/manifests/init.pp	2010-12-06 23:38:39 UTC (rev 516)
@@ -104,6 +104,29 @@
         }
     }
 
+    class youri_submit {
+        file { "/usr/local/bin/mdv-youri-submit":
+          owner  => root,
+          group => root,
+          mode => 755,
+          content => template("buildsystem/mdv-youri-submit")
+        }
+
+        file { "/usr/local/bin/mdv-youri-submit.wrapper":
+          owner  => root,
+          group => root,
+          mode => 755,
+          content => template("buildsystem/mdv-youri-submit.wrapper")
+        }
+
+        file { "/etc/sudoers.d/mdv-youri-submit":
+            owner => root,
+            group => root,
+            mode => 440,
+            content => template("buildsystem/sudoers.youri")
+        }
+    }
+
     define sshuser($homedir, $comment) {
         group {"$title": 
             ensure => present,

Added: puppet/modules/buildsystem/templates/mdv-youri-submit
===================================================================
--- puppet/modules/buildsystem/templates/mdv-youri-submit	                        (rev 0)
+++ puppet/modules/buildsystem/templates/mdv-youri-submit	2010-12-06 23:38:39 UTC (rev 516)
@@ -0,0 +1,2 @@
+#!/bin/sh
+sudo mdv-youri-submit.wrapper "$@"


Property changes on: puppet/modules/buildsystem/templates/mdv-youri-submit
___________________________________________________________________
Added: svn:executable
   + *

Added: puppet/modules/buildsystem/templates/mdv-youri-submit.wrapper
===================================================================
--- puppet/modules/buildsystem/templates/mdv-youri-submit.wrapper	                        (rev 0)
+++ puppet/modules/buildsystem/templates/mdv-youri-submit.wrapper	2010-12-06 23:38:39 UTC (rev 516)
@@ -0,0 +1,36 @@
+#!/usr/bin/perl
+# youri-submit wrapper
+
+use strict;
+use warnings;
+use Fcntl ':mode';
+use File::Basename;
+use MDK::Common;
+
+my $log_dir = "$ENV{HOME}/submit-logs";
+
+my $sudo_user = $ENV{SUDO_USER} or die "should be run through sudo";
+my @prog = ('perl', '-I/usr/share/mdv-youri-core/lib', '-I/usr/share/mdv-youri-submit/lib', '/usr/share/mdv-youri-submit/bin/youri-submit');
+
+my @options;
+foreach my $arg (@ARGV) {
+    if ($arg =~ /^-?-(\S+)/) {
+	# drop prohibited options
+	if ($arg =~ /-c/ || $arg =~ /-s/) {
+	    print STDERR "prohibited option $arg, skipping\n";
+	    next;
+	}
+    }
+    push(@options, $arg);
+}
+
+# logging for bug #30315 -spuk, 2007-05-29
+mkdir_p($log_dir);
+open(STDERR, "| tee -a $log_dir/$sudo_user.err >&2");
+open(STDOUT, "| tee -a $log_dir/$sudo_user.out");
+
+# call wrapped program
+print "Executing @prog --config /etc/youri/submit-todo.conf --define user=$sudo_user @options (sudo_user $sudo_user)\n";
+my $err = system(@prog, "-v", "--verbose", "--config", "/etc/youri/submit-todo.conf", "--define", "user=$sudo_user", @options) && ($? >> 8 || 1);
+
+exit $err


Property changes on: puppet/modules/buildsystem/templates/mdv-youri-submit.wrapper
___________________________________________________________________
Added: svn:executable
   + *

Modified: puppet/modules/buildsystem/templates/repsys.conf
===================================================================
--- puppet/modules/buildsystem/templates/repsys.conf	2010-12-06 17:25:58 UTC (rev 515)
+++ puppet/modules/buildsystem/templates/repsys.conf	2010-12-06 23:38:39 UTC (rev 516)
@@ -56,7 +56,7 @@
 
 [helper]
 create-srpm = /usr/share/repsys/create-srpm
-upload-srpm = perl -I/usr/share/mdv-youri-core/lib -I/usr/share/mdv-youri-submit/lib /usr/share/mdv-youri-submit/bin/youri-submit
+upload-srpm = /usr/local/bin/mdv-youri-submit
 # needed by mdvsys 2.0
 install-buildrequires = sudo rurpmi --auto --no-suggests 
 

Added: puppet/modules/buildsystem/templates/sudoers.youri
===================================================================
--- puppet/modules/buildsystem/templates/sudoers.youri	                        (rev 0)
+++ puppet/modules/buildsystem/templates/sudoers.youri	2010-12-06 23:38:39 UTC (rev 516)
@@ -0,0 +1,3 @@
+Cmnd_Alias	YOURI = /usr/local/bin/mdv-youri-submit.wrapper
+Defaults!YOURI	always_set_home
+%mga-packagers	ALL = (<%= sched_login %>) NOPASSWD: YOURI
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/mageia-sysadm/attachments/20101207/034fe5ea/attachment-0001.html>

More information about the Mageia-sysadm mailing list