almalinux/pungi
14
1
Fork 0
Code Issues Pull Requests Releases Activity

kojiwrapper: Make result of runroot world readable

Browse Source 
The commands in runroot run as root every time. If they create files
that are not readable to other users, the reset of compose could have
problems with it if it does not run as root too. Particularly updates
composes in Bodhi run under apache user.

Relates: https://pagure.io/pungi/issue/932
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
This commit is contained in:
Lubomír Sedlář 2018-05-29 08:38:09 +02:00
parent e53da69db3
commit 92b5ad2e05
4 changed files with 28 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pungi/phases/ostree_installer.py
View File

@ -181,7 +181,8 @@ class OstreeInstallerThread(WorkerThread):
channel=runroot_channel, channel=runroot_channel,
use_shell=True, task_id=True, use_shell=True, task_id=True,
packages=packages, mounts=[compose.topdir], packages=packages, mounts=[compose.topdir],
weight=compose.conf['runroot_weights'].get('ostree_installer')) weight=compose.conf['runroot_weights'].get('ostree_installer'),
destdir=output_dir)
output = koji.run_runroot_cmd(koji_cmd, log_file=log_file) output = koji.run_runroot_cmd(koji_cmd, log_file=log_file)
if output["retcode"] != 0: if output["retcode"] != 0:
raise RuntimeError("Runroot task failed: %s. See %s for more details." raise RuntimeError("Runroot task failed: %s. See %s for more details."

7
pungi/wrappers/kojiwrapper.py
View File

@ -66,7 +66,9 @@ class KojiWrapper(object):
def _get_cmd(self, *args): def _get_cmd(self, *args):
return ["koji", "--profile=%s" % self.profile] + list(args) return ["koji", "--profile=%s" % self.profile] + list(args)
def get_runroot_cmd(self, target, arch, command, quiet=False, use_shell=True, channel=None, packages=None, mounts=None, weight=None, task_id=True, new_chroot=False): def get_runroot_cmd(self, target, arch, command, quiet=False, use_shell=True,
channel=None, packages=None, mounts=None, weight=None,
task_id=True, new_chroot=False, destdir=None):
cmd = self._get_cmd("runroot") cmd = self._get_cmd("runroot")
if quiet: if quiet:
@ -109,6 +111,9 @@ class KojiWrapper(object):
# HACK: remove rpmdb and yum cache # HACK: remove rpmdb and yum cache
command = "rm -f /var/lib/rpm/__db*; rm -rf /var/cache/yum/*; set -x; " + command command = "rm -f /var/lib/rpm/__db*; rm -rf /var/cache/yum/*; set -x; " + command
if destdir:
command += "; chmod a+r %s" % shlex_quote(destdir)
cmd.append(command) cmd.append(command)
return cmd return cmd

18
tests/test_koji_wrapper.py
View File

@ -416,6 +416,24 @@ class RunrootKojiWrapperTest(KojiWrapperBaseTestCase):
'--task-id', '--weight=1000', '--package=some_other_package', '--task-id', '--weight=1000', '--package=some_other_package',
'--package=lorax', '--mount=/tmp']) '--package=lorax', '--mount=/tmp'])
def test_with_destdir(self):
cmd = self.koji.get_runroot_cmd('tgt', 's390x', ['/bin/echo', '&'],
quiet=True, channel='chan',
packages=['lorax', 'some_other_package'],
mounts=['/tmp'], weight=1000, destdir="/output dir")
self.assertEqual(len(cmd), 14)
self.assertEqual(cmd[:3], ['koji', '--profile=custom-koji', 'runroot'])
self.assertEqual(cmd[-3], 'tgt')
self.assertEqual(cmd[-2], 's390x')
self.assertEqual(
cmd[-1],
"rm -f /var/lib/rpm/__db*; rm -rf /var/cache/yum/*; set -x; /bin/echo '&'; chmod a+r '/output dir'"
)
self.assertItemsEqual(cmd[3:-3],
['--channel-override=chan', '--quiet', '--use-shell',
'--task-id', '--weight=1000', '--package=some_other_package',
'--package=lorax', '--mount=/tmp'])
@mock.patch('pungi.wrappers.kojiwrapper.run') @mock.patch('pungi.wrappers.kojiwrapper.run')
def test_run_runroot_cmd_no_task_id(self, run): def test_run_runroot_cmd_no_task_id(self, run):
cmd = ['koji', 'runroot'] cmd = ['koji', 'runroot']

3
tests/test_ostree_installer_phase.py
View File

@ -148,7 +148,8 @@ class OstreeThreadTest(helpers.PungiTestCase):
'rm -rf %s && %s' % (outdir, ' '.join(lorax_cmd)), 'rm -rf %s && %s' % (outdir, ' '.join(lorax_cmd)),
channel=None, mounts=[self.topdir], channel=None, mounts=[self.topdir],
packages=['pungi', 'lorax', 'ostree'], packages=['pungi', 'lorax', 'ostree'],
task_id=True, use_shell=True, weight=weight)]) task_id=True, use_shell=True, weight=weight,
destdir=outdir)])
self.assertEqual(koji.run_runroot_cmd.call_args_list, self.assertEqual(koji.run_runroot_cmd.call_args_list,
[mock.call(koji.get_runroot_cmd.return_value, [mock.call(koji.get_runroot_cmd.return_value,
log_file='%s/%s/runroot.log' % (self.topdir, LOG_PATH))]) log_file='%s/%s/runroot.log' % (self.topdir, LOG_PATH))])