Open the git repo after dropping root privileges

Also make sure the recipe directory and its contents have correct
ownership, and change the default recipe path when using the systemd
service to /var/lib/lorax/composer/recipes/
This commit is contained in:
Brian C. Lane 2018-02-12 14:09:53 -08:00
parent 43fe00c1c2
commit 442dc43206
2 changed files with 12 additions and 8 deletions

View File

@ -29,6 +29,7 @@ import grp
import os import os
import pwd import pwd
import sys import sys
import subprocess
from threading import Lock from threading import Lock
from gevent import socket from gevent import socket
from gevent.wsgi import WSGIServer from gevent.wsgi import WSGIServer
@ -177,15 +178,13 @@ if __name__ == '__main__':
log.error(e) log.error(e)
sys.exit(1) sys.exit(1)
if not os.path.isdir(opts.RECIPES):
log.warn("Creating empty recipe directory at %s", opts.RECIPES)
os.makedirs(opts.RECIPES)
server.config["REPO_DIR"] = opts.RECIPES
repo = open_or_create_repo(server.config["REPO_DIR"])
server.config["GITLOCK"] = GitLock(repo=repo, lock=Lock(), dir=opts.RECIPES)
server.config["COMPOSER_CFG"] = configure(conf_file=opts.config) server.config["COMPOSER_CFG"] = configure(conf_file=opts.config)
# Make sure the git repo can be accessed by the API uid/gid
repodir_stat = os.stat(opts.RECIPES)
if repodir_stat.st_gid != gid or repodir_stat.st_uid != uid:
subprocess.call(["chown", "-R", "%s:%s" % (opts.user, opts.group), opts.RECIPES])
# If the user passed in a releasever set it in the configuration # If the user passed in a releasever set it in the configuration
if opts.releasever: if opts.releasever:
server.config["COMPOSER_CFG"].set("composer", "releasever", opts.releasever) server.config["COMPOSER_CFG"].set("composer", "releasever", opts.releasever)
@ -224,6 +223,11 @@ if __name__ == '__main__':
yb = get_base_object(server.config["COMPOSER_CFG"]) yb = get_base_object(server.config["COMPOSER_CFG"])
server.config["YUMLOCK"] = YumLock(yb=yb, lock=Lock()) server.config["YUMLOCK"] = YumLock(yb=yb, lock=Lock())
# Setup access to the git repo
server.config["REPO_DIR"] = opts.RECIPES
repo = open_or_create_repo(server.config["REPO_DIR"])
server.config["GITLOCK"] = GitLock(repo=repo, lock=Lock(), dir=opts.RECIPES)
# Import example recipes # Import example recipes
commit_recipe_directory(server.config["GITLOCK"].repo, "master", opts.RECIPES) commit_recipe_directory(server.config["GITLOCK"].repo, "master", opts.RECIPES)

View File

@ -6,7 +6,7 @@ Wants=network-online.target
[Service] [Service]
User=root User=root
Type=simple Type=simple
ExecStart=/usr/sbin/lorax-composer /var/lib/lorax-composer/recipes/ ExecStart=/usr/sbin/lorax-composer /var/lib/lorax/composer/recipes/
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target