[Qa-jenkins-scm] [jenkins.debian.net] 01/01: rebootstrap: add new build node, profitbricks-build4-amd64, still missing the appropriate definitions in bin/reproducible_node_wrapper.sh...

Holger Levsen holger at moszumanska.debian.org
Sun Aug 9 12:47:09 UTC 2015 

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to branch master
in repository jenkins.debian.net.

commit cf22f33fdc00edcafe2fe7c620dcb0bd0bd56be4
Author: Holger Levsen <holger at layer-acht.org>
Date:   Sun Aug 9 14:45:51 2015 +0200

    rebootstrap: add new build node, profitbricks-build4-amd64, still missing the appropriate definitions in bin/reproducible_node_wrapper.sh...
---
 .../etc/apt/apt.conf.d/80proxy                     |  2 +
 .../profitbricks-build4-amd64/etc/apt/sources.list | 11 ++++++
 .../pbuilder/rebuild-hooks/D01_modify_environment  | 12 ++++++
 hosts/profitbricks-build4-amd64/etc/pbuilderrc     | 30 +++++++++++++++
 .../etc/schroot/default/fstab                      | 24 ++++++++++++
 .../etc/schroot/default/nssdatabases               | 11 ++++++
 .../etc/sudoers.d/jenkins                          | 44 ++++++++++++++++++++++
 .../etc/sudoers.d/jenkins-adm                      |  4 ++
 8 files changed, 138 insertions(+)

diff --git a/hosts/profitbricks-build4-amd64/etc/apt/apt.conf.d/80proxy b/hosts/profitbricks-build4-amd64/etc/apt/apt.conf.d/80proxy
new file mode 100644
index 0000000..fe4b3b7
--- /dev/null
+++ b/hosts/profitbricks-build4-amd64/etc/apt/apt.conf.d/80proxy
@@ -0,0 +1,2 @@
+Acquire::http::Proxy "http://127.0.0.1:3128/";
+
diff --git a/hosts/profitbricks-build4-amd64/etc/apt/sources.list b/hosts/profitbricks-build4-amd64/etc/apt/sources.list
new file mode 100644
index 0000000..c9de537
--- /dev/null
+++ b/hosts/profitbricks-build4-amd64/etc/apt/sources.list
@@ -0,0 +1,11 @@
+deb http://ftp.de.debian.org/debian/ jessie main non-free
+#deb-src http://ftp.de.debian.org/debian/ jessie main non-free
+
+deb http://ftp.de.debian.org/debian/ jessie-updates main contrib non-free
+#deb-src http://ftp.de.debian.org/debian/ jessie-updates main contrib non-free
+
+deb http://security.debian.org/ jessie/updates main non-free
+#deb-src http://security.debian.org/ jessie/updates main non-free
+
+deb http://ftp.de.debian.org/debian/ jessie-backports main non-free
+#deb-src http://ftp.de.debian.org/debian/ jessie-backports main non-free
diff --git a/hosts/profitbricks-build4-amd64/etc/pbuilder/rebuild-hooks/D01_modify_environment b/hosts/profitbricks-build4-amd64/etc/pbuilder/rebuild-hooks/D01_modify_environment
new file mode 100755
index 0000000..d955004
--- /dev/null
+++ b/hosts/profitbricks-build4-amd64/etc/pbuilder/rebuild-hooks/D01_modify_environment
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+set -e
+
+# exit if we are in the same UTS namespace than init
+[ "$(readlink /proc/1/ns/uts)" = "$(readlink /proc/self/ns/uts)" ] && exit 0
+
+echo "I: Changing hostname to test build reproducibility" >&2
+sed -e '/^127.0.0.1/s/$/ i-capture-the-hostname i-capture-the-hostname.i-capture-the-domain/' -i /etc/hosts
+hostname i-capture-the-hostname
+domainname i-capture-the-domain
+export CAPTURE_ENVIRONMENT="I capture the environment"
diff --git a/hosts/profitbricks-build4-amd64/etc/pbuilderrc b/hosts/profitbricks-build4-amd64/etc/pbuilderrc
new file mode 100644
index 0000000..6c3e4a2
--- /dev/null
+++ b/hosts/profitbricks-build4-amd64/etc/pbuilderrc
@@ -0,0 +1,30 @@
+# this is your configuration file for pbuilder.
+# the file in /usr/share/pbuilder/pbuilderrc is the default template.
+# /etc/pbuilderrc is the one meant for overwriting defaults in
+# the default template
+#
+# read pbuilderrc.5 document for notes on specific options.
+case $HOSTNAME in 
+	jenkins|profitbricks-build?-amd64)	MIRRORSITE=http://ftp.de.debian.org/debian ;;
+	bpi0|cbxi4pro0|hb0|wbq0)		MIRRORSITE=http://ftp.us.debian.org/debian ;;
+	*)				echo "unsupported host, exiting." ; exit 1 ;;
+esac
+EXTRAPACKAGES="fakeroot"
+APTCACHE=""
+COMPRESSPROG="pigz"
+# unset proxy, see #780587
+unset http_proxy
+export -n http_proxy
+# /sys and /proc were added as workarounds for #773767
+# there are software wanting /dev/shm writable, so give them so. There are tons
+# of bug shm related in pbuilder, that's just a workaround for all of them.
+# /run/shm is already mounted as a tmpfs by default.
+BINDMOUNTS="$BINDMOUNTS /sys /dev/shm"
+# set PATH to predictable values, see #780729 and #780725
+PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"
+
+# used on reproducible builds
+if [ "$(readlink /proc/1/ns/uts)" != "$(readlink /proc/self/ns/uts)" ]; then
+       PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path"
+fi
+
diff --git a/hosts/profitbricks-build4-amd64/etc/schroot/default/fstab b/hosts/profitbricks-build4-amd64/etc/schroot/default/fstab
new file mode 100644
index 0000000..74468dd
--- /dev/null
+++ b/hosts/profitbricks-build4-amd64/etc/schroot/default/fstab
@@ -0,0 +1,24 @@
+# fstab: static file system information for chroots.
+# Note that the mount point will be prefixed by the chroot path
+# (CHROOT_PATH)
+#
+# <file system>	<mount point>	<type>	<options>	<dump>	<pass>
+/proc		/proc		none    rw,bind        0       0
+/sys		/sys		none    rw,bind        0       0
+/dev            /dev            none    rw,bind         0       0
+/dev/pts	/dev/pts	none	rw,bind		0	0
+/home		/home		none	rw,bind		0	0
+/tmp		/tmp		none	rw,bind		0	0
+/srv/reproducible-results	/srv/reproducible-results	none	rw,bind		0	0
+/srv/d-i	/srv/d-i	none	rw,bind		0	0
+/srv/jenkins	/srv/jenkins	none	rw,bind		0	0
+/srv/live-build	/srv/live-build	none	rw,bind		0	0
+
+# It may be desirable to have access to /run, especially if you wish
+# to run additional services in the chroot.  However, note that this
+# may potentially cause undesirable behaviour on upgrades, such as
+# killing services on the host.
+#/run		/run		none	rw,bind		0	0
+#/run/lock	/run/lock	none	rw,bind		0	0
+/dev/shm	/dev/shm	none	rw,bind		0	0
+/run/shm	/run/shm	none	rw,bind		0	0
diff --git a/hosts/profitbricks-build4-amd64/etc/schroot/default/nssdatabases b/hosts/profitbricks-build4-amd64/etc/schroot/default/nssdatabases
new file mode 100644
index 0000000..72615e5
--- /dev/null
+++ b/hosts/profitbricks-build4-amd64/etc/schroot/default/nssdatabases
@@ -0,0 +1,11 @@
+# System databases to copy into the chroot from the host system.
+#
+# <database name>
+passwd
+shadow
+group
+gshadow
+#services
+protocols
+networks
+hosts
diff --git a/hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins b/hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins
new file mode 100644
index 0000000..d75335f
--- /dev/null
+++ b/hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins
@@ -0,0 +1,44 @@
+jenkins ALL=  \
+	NOPASSWD: /usr/sbin/debootstrap *, \
+	/usr/bin/tee /chroots/*, \
+	/usr/bin/tee -a /chroots/*, \
+	/usr/bin/tee /etc/schroot/chroot.d/jenkins*, \
+	/bin/chmod +x /chroots/*, \
+	/usr/sbin/chroot /chroots/*, \
+	/usr/sbin/chroot /media/*, \
+	/bin/ls -la /media/*, \
+	/bin/rm -rf --one-file-system /chroots/*, \
+	/bin/rm -rf --one-file-system /schroots/*, \
+	/bin/rm -rf --one-file-system /srv/live-build/*, \
+	/bin/cp -v *.iso /srv/live-build/results/*, \
+	/bin/mv /chroots/* /schroots/*, \
+	/bin/mv /schroots/* /schroots/*, \
+	/bin/umount -l /chroots/*, \
+	/bin/umount -l /media/*, \
+	/bin/rmdir /media/*, \
+	/bin/mount -o loop*, \
+	/bin/mount --bind *, \
+	/usr/bin/du *, \
+	/bin/kill *, \
+	/usr/bin/file *, \
+	/bin/dd if=/dev/zero of=/dev/jenkins*, \
+	/usr/bin/qemu-system-x86_64 *, \
+	/usr/bin/qemu-img *, \
+	/sbin/lvcreate *, /sbin/lvremove *, \
+	/bin/mkdir -p /media/*, \
+	/usr/bin/guestmount *, \
+	/bin/cp -rv /media/*, \
+	/bin/chown -R jenkins\:jenkins /var/lib/jenkins/jobs/*,\
+	SETENV: NOPASSWD: /usr/sbin/pbuilder *, \
+	SETENV: NOPASSWD: /usr/bin/timeout -k 12.1h 12h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder *, \
+	SETENV: NOPASSWD: /usr/bin/timeout -k 12.1h 12h /usr/bin/ionice -c 3 /usr/bin/nice /usr/bin/linux64 --uname-2.6 /usr/bin/unshare --uts -- /usr/sbin/pbuilder *, \
+	/bin/mv /var/cache/pbuilder/*base*.tgz /var/cache/pbuilder/*base*.tgz, \
+	/bin/rm /var/cache/pbuilder/*base*.tgz, \
+	/bin/rm -v /var/cache/pbuilder/*base*.tgz, \
+	/bin/rm /var/cache/pbuilder/result/*, \
+	/usr/bin/dcmd rm *.changes, \
+	/usr/bin/dcmd rm *.dsc, \
+	/usr/bin/apt-get update
+
+# keep these environment variables
+Defaults        env_keep += "http_proxy", env_reset
diff --git a/hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins-adm b/hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins-adm
new file mode 100644
index 0000000..e585d03
--- /dev/null
+++ b/hosts/profitbricks-build4-amd64/etc/sudoers.d/jenkins-adm
@@ -0,0 +1,4 @@
+# allow member of the jenkins-adm group to sudo-to the jenkins-adm user (owner
+# of jenkins script) and the jenkins user itself
+%jenkins-adm ALL=(jenkins:jenkins) NOPASSWD: ALL
+%jenkins-adm ALL=(jenkins-adm:jenkins-adm) NOPASSWD: ALL

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/qa/jenkins.debian.net.git

More information about the Qa-jenkins-scm mailing list