extras-buildsys/builder Builder.py,1.6,1.7 main.py,1.1,1.2
Daniel Williams (dcbw)
fedora-extras-commits at redhat.com
Wed May 10 14:28:15 UTC 2006
Author: dcbw
Update of /cvs/fedora/extras-buildsys/builder
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5103/builder
Modified Files:
Builder.py main.py
Log Message:
2006-05-10 Dan Williams <dcbw at redhat.com>
* builder/Builder.py
- (Builder::__init__): print out build arches on start
* builder/main.py
- pylint cleanups
- (drop_privs): use Exceptions rather than return; and ensure that, if
we aren't running as root, that we are running as who the user
configured us to run as in the config file
Index: Builder.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/builder/Builder.py,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- Builder.py 9 May 2006 19:10:51 -0000 1.6
+++ Builder.py 10 May 2006 14:28:12 -0000 1.7
@@ -21,6 +21,7 @@
import time
import threading
import urllib
+import string
import xmlrpclib
import OpenSSL
from plague import Commands
@@ -68,7 +69,6 @@
""" Abstract builder base object """
def __init__(self, cfg):
self._cfg = cfg
- self._certs = None
self._max_slots = determine_max_jobs(cfg)
self._seq_gen = Commands.SequenceGenerator()
@@ -76,6 +76,7 @@
self._building_jobs = []
self._all_jobs = {}
+ self._certs = None
if cfg.get_bool("SSL", "use_ssl"):
hostname = get_hostname(self._cfg, False)
key_file = os.path.join(cfg.get_str("SSL", "builder_key_and_cert_dir"), "%s.pem" % hostname)
@@ -84,6 +85,13 @@
self._certs['ca_cert'] = cfg.get_str("SSL", "ca_cert")
self._certs['peer_ca_cert'] = self._certs['ca_cert']
+ build_arches = []
+ for target in self._cfg.targets():
+ for arch in target.arches():
+ if not arch in build_arches:
+ build_arches.append(arch)
+ self._log("Available architectures: [%s]" % string.join(build_arches, ", "))
+
def _log(self, string):
if self._cfg.get_bool("General", "debug"):
log(string)
@@ -319,7 +327,7 @@
self._http_server = HTTPServer.PlgHTTPServerManager((hostname, port), work_dir, self._certs)
self._http_server.start()
- self._log("Binding to address '%s' with arches: [%s]\n" % (hostname, string.join(build_arches, ",")))
+ self._log("Binding to address '%s'\n" % hostname)
xmlrpc_port = cfg.get_int("Passive", "xmlrpc_port")
try:
if cfg.get_bool("SSL", "use_ssl") == True:
Index: main.py
===================================================================
RCS file: /cvs/fedora/extras-buildsys/builder/main.py,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- main.py 28 Apr 2006 03:17:35 -0000 1.1
+++ main.py 10 May 2006 14:28:12 -0000 1.2
@@ -37,57 +37,61 @@
def drop_privs(user):
- """
- We can't and shouldn't run mock as root, so we drop privs.
- We have to run the HTTP server as root though so it can chroot
- to the fileserver directory.
- """
-
- if os.getuid() != 0:
- return
+ """Drop privileges, since we don't need to run as a privileged
+ user after we've started up."""
import pwd
import grp
- eu = user
+ effective_user = user
try:
- uid = int(eu)
+ uid = int(effective_user)
except ValueError:
try:
- pwrec = pwd.getpwnam(eu)
+ pwrec = pwd.getpwnam(effective_user)
except KeyError:
- print "Username '%s' does not exist." % eu
- return -1
+ raise Exception("Username '%s' does not exist." % effective_user)
uid = pwrec[2]
else:
try:
pwrec = pwd.getpwuid(uid)
except KeyError:
- print "User ID %d doesn't exist." % uid
- return -1
+ raise Exception("User ID %d doesn't exist." % uid)
gid = pwrec[3]
if uid == 0:
- print "You cannot use the superuser as the 'builder_user' option."
- return -1
+ raise Exception("You cannot use the superuser as the 'builder_user' option.")
+
+ # If we're already not running as root, ensure that who we are running as
+ # matches what the admin configured in the config file
+ cur_uid = os.getuid()
+ if cur_uid != 0:
+ if cur_uid != uid:
+ try:
+ cur_nam = pwd.getpwuid(cur_uid)[0]
+ except KeyError:
+ cur_nam = str(cur_uid)
+ uid_nam = pwd.getpwuid(uid)[0]
+ raise Exception("Attempting to run as '%s', but configured for" \
+ " '%s'" % (cur_nam, uid_nam))
+ # Otherwise, we're already running as the requested
+ # user and we don't need to do anything else
+ return
# Make ourself members of the mock group build_user's group
try:
mock_req = grp.getgrnam('mock')
except KeyError:
- print "Mock group doesn't exist."
- return -1
+ raise Exception("The 'mock' group doesn't exist in the groups file.")
groups = [mock_req[2], gid]
os.setgroups(groups)
try:
os.setgid(gid)
except OSError:
- print "Could drop group privileges. Error: '%s'" % sys.exc_info()
- return -1
+ raise Exception("Error dropping group privileges. '%s'" % sys.exc_info())
os.setuid(uid)
- return 0
def determine_build_arches(cfg):
@@ -118,14 +122,12 @@
builder = None
-def exit_handler(signum, frame):
+def exit_handler(signum=0, frame=0):
global builder
log("Received SIGTERM, quitting...\n")
builder.stop()
def main():
- global builder
-
usage = "Usage: %s [-p <pidfile>] [-l <logfile>] [-d] -c <configfile>" % sys.argv[0]
parser = OptionParser(usage=usage)
parser.add_option("-p", "--pidfile", default=None,
@@ -160,21 +162,21 @@
sys.exit(1)
if opts.daemon:
- ret=daemonize.createDaemon()
+ ret = daemonize.createDaemon()
if ret:
log("Daemonizing failed!\n")
sys.exit(2)
if opts.pidfile:
- f = open(opts.pidfile, 'w', 1)
- f.write('%d\n' % os.getpid())
- f.flush()
- f.close()
+ pidf = open(opts.pidfile, 'w', 1)
+ pidf.write('%d\n' % os.getpid())
+ pidf.flush()
+ pidf.close()
if opts.logfile:
- logf=open(opts.logfile, 'a')
- sys.stdout=logf
- sys.stderr=logf
+ logf = open(opts.logfile, 'a')
+ sys.stdout = logf
+ sys.stderr = logf
work_dir = cfg.get_str("Directories", "builder_work_dir")
if not os.path.exists(work_dir) or not os.access(work_dir, os.R_OK):
@@ -182,13 +184,16 @@
os._exit(1)
# Stop running as root
- if drop_privs(cfg.get_str("General", "builder_user")) == -1:
- builder.cleanup()
+ try:
+ drop_privs(cfg.get_str("General", "builder_user"))
+ except Exception, exc:
+ log("Couldn't drop privileges: %s\n" % exc)
os._exit(1)
# Set up our termination handler
signal.signal(signal.SIGTERM, exit_handler)
+ global builder
builder = Builder.Builder.new_builder(cfg, btype)
# Start doing stuff
More information about the fedora-extras-commits
mailing list