extras-buildsys/builder Builder.py,1.6,1.7 main.py,1.1,1.2

Daniel Williams (dcbw) fedora-extras-commits at redhat.com
Wed May 10 14:28:15 UTC 2006 

Author: dcbw

Update of /cvs/fedora/extras-buildsys/builder
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5103/builder

Modified Files:
	Builder.py main.py 
Log Message:
2006-05-10  Dan Williams  <dcbw at redhat.com>

    * builder/Builder.py
        - (Builder::__init__): print out build arches on start

    * builder/main.py
        - pylint cleanups
        - (drop_privs): use Exceptions rather than return; and ensure that, if
            we aren't running as root, that we are running as who the user
            configured us to run as in the config file




Index: Builder.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/builder/Builder.py,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- Builder.py	9 May 2006 19:10:51 -0000	1.6
+++ Builder.py	10 May 2006 14:28:12 -0000	1.7
@@ -21,6 +21,7 @@
 import time
 import threading
 import urllib
+import string
 import xmlrpclib
 import OpenSSL
 from plague import Commands
@@ -68,7 +69,6 @@
     """ Abstract builder base object """
     def __init__(self, cfg):
         self._cfg = cfg
-        self._certs = None
         self._max_slots = determine_max_jobs(cfg)
         self._seq_gen = Commands.SequenceGenerator()
 
@@ -76,6 +76,7 @@
         self._building_jobs = []
         self._all_jobs = {}
 
+        self._certs = None
         if cfg.get_bool("SSL", "use_ssl"):
             hostname = get_hostname(self._cfg, False)
             key_file = os.path.join(cfg.get_str("SSL", "builder_key_and_cert_dir"), "%s.pem" % hostname)
@@ -84,6 +85,13 @@
             self._certs['ca_cert'] = cfg.get_str("SSL", "ca_cert")
             self._certs['peer_ca_cert'] = self._certs['ca_cert']
 
+        build_arches = []
+        for target in self._cfg.targets():
+            for arch in target.arches():
+                if not arch in build_arches:
+                    build_arches.append(arch)
+        self._log("Available architectures:  [%s]" % string.join(build_arches, ", "))
+
     def _log(self, string):
         if self._cfg.get_bool("General", "debug"):
             log(string)
@@ -319,7 +327,7 @@
         self._http_server = HTTPServer.PlgHTTPServerManager((hostname, port), work_dir, self._certs)
         self._http_server.start()
 
-        self._log("Binding to address '%s' with arches: [%s]\n" % (hostname, string.join(build_arches, ",")))
+        self._log("Binding to address '%s'\n" % hostname)
         xmlrpc_port = cfg.get_int("Passive", "xmlrpc_port")
         try:
             if cfg.get_bool("SSL", "use_ssl") == True:


Index: main.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/builder/main.py,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- main.py	28 Apr 2006 03:17:35 -0000	1.1
+++ main.py	10 May 2006 14:28:12 -0000	1.2
@@ -37,57 +37,61 @@
 
 
 def drop_privs(user):
-    """
-    We can't and shouldn't run mock as root, so we drop privs.
-    We have to run the HTTP server as root though so it can chroot
-    to the fileserver directory.
-    """
-
-    if os.getuid() != 0:
-        return
+    """Drop privileges, since we don't need to run as a privileged
+    user after we've started up."""
 
     import pwd
     import grp
 
-    eu = user
+    effective_user = user
     try:
-        uid = int(eu)
+        uid = int(effective_user)
     except ValueError:
         try:
-            pwrec = pwd.getpwnam(eu)
+            pwrec = pwd.getpwnam(effective_user)
         except KeyError:
-            print "Username '%s' does not exist." % eu
-            return -1
+            raise Exception("Username '%s' does not exist." % effective_user)
         uid = pwrec[2]
     else:
         try:
             pwrec = pwd.getpwuid(uid)
         except KeyError:
-            print "User ID %d doesn't exist." % uid
-            return -1
+            raise Exception("User ID %d doesn't exist." % uid)
     gid = pwrec[3]
 
     if uid == 0:
-        print "You cannot use the superuser as the 'builder_user' option."
-        return -1
+        raise Exception("You cannot use the superuser as the 'builder_user' option.")
+
+    # If we're already not running as root, ensure that who we are running as
+    # matches what the admin configured in the config file
+    cur_uid = os.getuid()
+    if cur_uid != 0:
+        if cur_uid != uid:
+            try:
+                cur_nam = pwd.getpwuid(cur_uid)[0]
+            except KeyError:
+                cur_nam = str(cur_uid)
+            uid_nam = pwd.getpwuid(uid)[0]
+            raise Exception("Attempting to run as '%s', but configured for" \
+                    " '%s'" % (cur_nam, uid_nam))
+        # Otherwise, we're already running as the requested
+        # user and we don't need to do anything else
+        return
 
     # Make ourself members of the mock group build_user's group
     try:
         mock_req = grp.getgrnam('mock')
     except KeyError:
-        print "Mock group doesn't exist."
-        return -1
+        raise Exception("The 'mock' group doesn't exist in the groups file.")
     groups = [mock_req[2], gid]
     os.setgroups(groups)
 
     try:
         os.setgid(gid)
     except OSError:
-        print "Could drop group privileges. Error: '%s'" % sys.exc_info()
-        return -1
+        raise Exception("Error dropping group privileges. '%s'" % sys.exc_info())
 
     os.setuid(uid)
-    return 0
 
 
 def determine_build_arches(cfg):
@@ -118,14 +122,12 @@
 
 builder = None
 
-def exit_handler(signum, frame):
+def exit_handler(signum=0, frame=0):
     global builder
     log("Received SIGTERM, quitting...\n")
     builder.stop()
 
 def main():
-    global builder
-
     usage = "Usage: %s  [-p <pidfile>] [-l <logfile>] [-d] -c <configfile>" % sys.argv[0]
     parser = OptionParser(usage=usage)
     parser.add_option("-p", "--pidfile", default=None,
@@ -160,21 +162,21 @@
         sys.exit(1)
 
     if opts.daemon:
-        ret=daemonize.createDaemon()
+        ret = daemonize.createDaemon()
         if ret:
             log("Daemonizing failed!\n")
             sys.exit(2)
 
     if opts.pidfile:
-        f = open(opts.pidfile, 'w', 1)
-        f.write('%d\n' % os.getpid())
-        f.flush()
-        f.close()
+        pidf = open(opts.pidfile, 'w', 1)
+        pidf.write('%d\n' % os.getpid())
+        pidf.flush()
+        pidf.close()
 
     if opts.logfile:
-        logf=open(opts.logfile, 'a')
-        sys.stdout=logf
-        sys.stderr=logf
+        logf = open(opts.logfile, 'a')
+        sys.stdout = logf
+        sys.stderr = logf
 
     work_dir = cfg.get_str("Directories", "builder_work_dir")
     if not os.path.exists(work_dir) or not os.access(work_dir, os.R_OK):
@@ -182,13 +184,16 @@
         os._exit(1)
 
     # Stop running as root
-    if drop_privs(cfg.get_str("General", "builder_user")) == -1:
-        builder.cleanup()
+    try:
+        drop_privs(cfg.get_str("General", "builder_user"))
+    except Exception, exc:
+        log("Couldn't drop privileges: %s\n" % exc)
         os._exit(1)
 
     # Set up our termination handler
     signal.signal(signal.SIGTERM, exit_handler)
 
+    global builder
     builder = Builder.Builder.new_builder(cfg, btype)
 
     # Start doing stuff

More information about the fedora-extras-commits mailing list