[Qa-jenkins-scm] [jenkins.debian.net] 01/01: reproducible: build: call timeout with sudo, and not the reverse, as a user-called timeout can't kill a root process + give pbuilder 6 minutes to exit after SIGTERM before SIGKILL

Holger Levsen holger at moszumanska.debian.org
Mon Jun 15 16:42:47 UTC 2015 

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to branch master
in repository jenkins.debian.net.

commit 0c7a58c92456e4d3c69c38424abf86cde5948a86
Author: Mattia Rizzolo <mattia at mapreri.org>
Date:   Mon Jun 15 18:29:31 2015 +0200

    reproducible: build: call timeout with sudo, and not the reverse, as a user-called timeout can't kill a root process + give pbuilder 6 minutes to exit after SIGTERM before SIGKILL
---
 bin/reproducible_build.sh | 6 ++++--
 etc/sudoers.d/jenkins     | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/bin/reproducible_build.sh b/bin/reproducible_build.sh
index 6cbc486..e0270a1 100755
--- a/bin/reproducible_build.sh
+++ b/bin/reproducible_build.sh
@@ -368,7 +368,8 @@ first_build(){
 	local TMPCFG=$(mktemp -t pbuilderrc_XXXX --tmpdir=$TMPDIR)
 	set -x
 	printf "BUILDUSERID=1111\nBUILDUSERNAME=pbuilder1\n" > $TMPCFG
-	( timeout -k 12h 12h ionice -c 3 nice sudo \
+	# remember to change the sudoers setting if you change the following command
+	( sudo timeout -k 12.1h 12h /usr/bin/ionice -c 3 /usr/bin/nice \
 	  DEB_BUILD_OPTIONS="parallel=$NUM_CPU" \
 	  TZ="/usr/share/zoneinfo/Etc/GMT+12" \
 	  pbuilder --build \
@@ -426,7 +427,8 @@ build_rebuild() {
 		set -x
 		local TMPCFG=$(mktemp -t pbuilderrc_XXXX --tmpdir=$TMPDIR)
 		printf "BUILDUSERID=2222\nBUILDUSERNAME=pbuilder2\n" > $TMPCFG
-		( timeout -k 12h 12h ionice -c 3 nice sudo \
+		# remember to change the sudoers setting if you change the following command
+		( sudo timeout -k 12.1h 12h /usr/bin/ionice -c 3 /usr/bin/nice \
 		  DEB_BUILD_OPTIONS="parallel=$(echo $NUM_CPU-1|bc)" \
 		  TZ="/usr/share/zoneinfo/Etc/GMT-14" \
 		  LANG="fr_CH.UTF-8" \
diff --git a/etc/sudoers.d/jenkins b/etc/sudoers.d/jenkins
index 103841a..c880360 100644
--- a/etc/sudoers.d/jenkins
+++ b/etc/sudoers.d/jenkins
@@ -29,8 +29,8 @@ jenkins ALL=  \
 	/usr/bin/guestmount *, \
 	/bin/cp -rv /media/*, \
 	/bin/chown -R jenkins\:jenkins /var/lib/jenkins/jobs/*,\
-	SETENV: NOPASSWD: /usr/sbin/pbuilder *, \
-	SETENV: NOPASSWD: /usr/bin/linux64 --uname-2.6 /usr/bin/unshare --uts -- /usr/sbin/pbuilder *, \
+	SETENV: NOPASSWD: /usr/bin/timeout -k 12.1h 12h /usr/bin/ionice -c 3 nice /usr/sbin/pbuilder *, \
+	SETENV: NOPASSWD: /usr/bin/timeout -k 12.1h 12h /usr/bin/ionice -c 3 nice /usr/bin/linux64 --uname-2.6 /usr/bin/unshare --uts -- /usr/sbin/pbuilder *, \
 	/bin/mv /var/cache/pbuilder/*base*.tgz /var/cache/pbuilder/*base*.tgz, \
 	/bin/rm /var/cache/pbuilder/*base*.tgz, \
 	/bin/rm -v /var/cache/pbuilder/*base*.tgz, \

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/qa/jenkins.debian.net.git

More information about the Qa-jenkins-scm mailing list