Open the git repo after dropping root privileges
Also make sure the recipe directory and its contents have correct ownership, and change the default recipe path when using the systemd service to /var/lib/lorax/composer/recipes/
This commit is contained in:
parent
43fe00c1c2
commit
442dc43206
@ -29,6 +29,7 @@ import grp
|
|||||||
import os
|
import os
|
||||||
import pwd
|
import pwd
|
||||||
import sys
|
import sys
|
||||||
|
import subprocess
|
||||||
from threading import Lock
|
from threading import Lock
|
||||||
from gevent import socket
|
from gevent import socket
|
||||||
from gevent.wsgi import WSGIServer
|
from gevent.wsgi import WSGIServer
|
||||||
@ -177,15 +178,13 @@ if __name__ == '__main__':
|
|||||||
log.error(e)
|
log.error(e)
|
||||||
sys.exit(1)
|
sys.exit(1)
|
||||||
|
|
||||||
if not os.path.isdir(opts.RECIPES):
|
|
||||||
log.warn("Creating empty recipe directory at %s", opts.RECIPES)
|
|
||||||
os.makedirs(opts.RECIPES)
|
|
||||||
|
|
||||||
server.config["REPO_DIR"] = opts.RECIPES
|
|
||||||
repo = open_or_create_repo(server.config["REPO_DIR"])
|
|
||||||
server.config["GITLOCK"] = GitLock(repo=repo, lock=Lock(), dir=opts.RECIPES)
|
|
||||||
server.config["COMPOSER_CFG"] = configure(conf_file=opts.config)
|
server.config["COMPOSER_CFG"] = configure(conf_file=opts.config)
|
||||||
|
|
||||||
|
# Make sure the git repo can be accessed by the API uid/gid
|
||||||
|
repodir_stat = os.stat(opts.RECIPES)
|
||||||
|
if repodir_stat.st_gid != gid or repodir_stat.st_uid != uid:
|
||||||
|
subprocess.call(["chown", "-R", "%s:%s" % (opts.user, opts.group), opts.RECIPES])
|
||||||
|
|
||||||
# If the user passed in a releasever set it in the configuration
|
# If the user passed in a releasever set it in the configuration
|
||||||
if opts.releasever:
|
if opts.releasever:
|
||||||
server.config["COMPOSER_CFG"].set("composer", "releasever", opts.releasever)
|
server.config["COMPOSER_CFG"].set("composer", "releasever", opts.releasever)
|
||||||
@ -224,6 +223,11 @@ if __name__ == '__main__':
|
|||||||
yb = get_base_object(server.config["COMPOSER_CFG"])
|
yb = get_base_object(server.config["COMPOSER_CFG"])
|
||||||
server.config["YUMLOCK"] = YumLock(yb=yb, lock=Lock())
|
server.config["YUMLOCK"] = YumLock(yb=yb, lock=Lock())
|
||||||
|
|
||||||
|
# Setup access to the git repo
|
||||||
|
server.config["REPO_DIR"] = opts.RECIPES
|
||||||
|
repo = open_or_create_repo(server.config["REPO_DIR"])
|
||||||
|
server.config["GITLOCK"] = GitLock(repo=repo, lock=Lock(), dir=opts.RECIPES)
|
||||||
|
|
||||||
# Import example recipes
|
# Import example recipes
|
||||||
commit_recipe_directory(server.config["GITLOCK"].repo, "master", opts.RECIPES)
|
commit_recipe_directory(server.config["GITLOCK"].repo, "master", opts.RECIPES)
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@ Wants=network-online.target
|
|||||||
[Service]
|
[Service]
|
||||||
User=root
|
User=root
|
||||||
Type=simple
|
Type=simple
|
||||||
ExecStart=/usr/sbin/lorax-composer /var/lib/lorax-composer/recipes/
|
ExecStart=/usr/sbin/lorax-composer /var/lib/lorax/composer/recipes/
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
Loading…
Reference in New Issue
Block a user