kojiwrapper: Make result of runroot world readable
The commands in runroot run as root every time. If they create files that are not readable to other users, the reset of compose could have problems with it if it does not run as root too. Particularly updates composes in Bodhi run under apache user. Relates: https://pagure.io/pungi/issue/932 Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
This commit is contained in:
Lubomír Sedlář
parent
e53da69db3
commit
92b5ad2e05
@ -181,7 +181,8 @@ class OstreeInstallerThread(WorkerThread):
|
||||
channel=runroot_channel,
|
||||
use_shell=True, task_id=True,
|
||||
packages=packages, mounts=[compose.topdir],
|
||||
weight=compose.conf['runroot_weights'].get('ostree_installer'))
|
||||
weight=compose.conf['runroot_weights'].get('ostree_installer'),
|
||||
destdir=output_dir)
|
||||
output = koji.run_runroot_cmd(koji_cmd, log_file=log_file)
|
||||
if output["retcode"] != 0:
|
||||
raise RuntimeError("Runroot task failed: %s. See %s for more details."
|
||||
|
||||
@ -66,7 +66,9 @@ class KojiWrapper(object):
|
||||
def _get_cmd(self, *args):
|
||||
return ["koji", "--profile=%s" % self.profile] + list(args)
|
||||
|
||||
def get_runroot_cmd(self, target, arch, command, quiet=False, use_shell=True, channel=None, packages=None, mounts=None, weight=None, task_id=True, new_chroot=False):
|
||||
def get_runroot_cmd(self, target, arch, command, quiet=False, use_shell=True,
|
||||
channel=None, packages=None, mounts=None, weight=None,
|
||||
task_id=True, new_chroot=False, destdir=None):
|
||||
cmd = self._get_cmd("runroot")
|
||||
|
||||
if quiet:
|
||||
@ -109,6 +111,9 @@ class KojiWrapper(object):
|
||||
|
||||
# HACK: remove rpmdb and yum cache
|
||||
command = "rm -f /var/lib/rpm/__db*; rm -rf /var/cache/yum/*; set -x; " + command
|
||||
|
||||
if destdir:
|
||||
command += "; chmod a+r %s" % shlex_quote(destdir)
|
||||
cmd.append(command)
|
||||
|
||||
return cmd
|
||||
|
||||
@ -416,6 +416,24 @@ class RunrootKojiWrapperTest(KojiWrapperBaseTestCase):
|
||||
'--task-id', '--weight=1000', '--package=some_other_package',
|
||||
'--package=lorax', '--mount=/tmp'])
|
||||
|
||||
def test_with_destdir(self):
|
||||
cmd = self.koji.get_runroot_cmd('tgt', 's390x', ['/bin/echo', '&'],
|
||||
quiet=True, channel='chan',
|
||||
packages=['lorax', 'some_other_package'],
|
||||
mounts=['/tmp'], weight=1000, destdir="/output dir")
|
||||
self.assertEqual(len(cmd), 14)
|
||||
self.assertEqual(cmd[:3], ['koji', '--profile=custom-koji', 'runroot'])
|
||||
self.assertEqual(cmd[-3], 'tgt')
|
||||
self.assertEqual(cmd[-2], 's390x')
|
||||
self.assertEqual(
|
||||
cmd[-1],
|
||||
"rm -f /var/lib/rpm/__db*; rm -rf /var/cache/yum/*; set -x; /bin/echo '&'; chmod a+r '/output dir'"
|
||||
)
|
||||
self.assertItemsEqual(cmd[3:-3],
|
||||
['--channel-override=chan', '--quiet', '--use-shell',
|
||||
'--task-id', '--weight=1000', '--package=some_other_package',
|
||||
'--package=lorax', '--mount=/tmp'])
|
||||
|
||||
@mock.patch('pungi.wrappers.kojiwrapper.run')
|
||||
def test_run_runroot_cmd_no_task_id(self, run):
|
||||
cmd = ['koji', 'runroot']
|
||||
|
||||
@ -148,7 +148,8 @@ class OstreeThreadTest(helpers.PungiTestCase):
|
||||
'rm -rf %s && %s' % (outdir, ' '.join(lorax_cmd)),
|
||||
channel=None, mounts=[self.topdir],
|
||||
packages=['pungi', 'lorax', 'ostree'],
|
||||
task_id=True, use_shell=True, weight=weight)])
|
||||
task_id=True, use_shell=True, weight=weight,
|
||||
destdir=outdir)])
|
||||
self.assertEqual(koji.run_runroot_cmd.call_args_list,
|
||||
[mock.call(koji.get_runroot_cmd.return_value,
|
||||
log_file='%s/%s/runroot.log' % (self.topdir, LOG_PATH))])
|
||||
|
||||
Loading…
Reference in New Issue
Block a user