[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] reproducible live build: provide a facility so they can scp a file and then delete it

Mattia Rizzolo (@mattia) gitlab at salsa.debian.org
Mon May 23 15:06:48 BST 2022 


Mattia Rizzolo pushed to branch master at Debian QA / jenkins.debian.net


Commits:
7e5d425c by Mattia Rizzolo at 2022-05-23T16:06:19+02:00
reproducible live build: provide a facility so they can scp a file and then delete it

Signed-off-by: Mattia Rizzolo <mattia at debian.org>

- - - - -


3 changed files:

- bin/jenkins_node_wrapper.sh
- + bin/reproducible_debian_live_sync_result.sh
- jenkins-home/authorized_keys


Changes:

=====================================
bin/jenkins_node_wrapper.sh
=====================================
@@ -58,10 +58,10 @@ fi
 set "dummy" ${SSH_ORIGINAL_COMMAND}
 shift
 
-allowed_cmds=()
-
 if [[ "$*" = "/bin/true" ]] ; then
 	exec /bin/true ; croak "Exec failed";
+elif [[ "$1" = scp ]] && [[ "$2" = -f ]]; then
+	exec scp -f "$3"; croak "Exec failed";
 elif [[ "$*" = 'rm -v $(mktemp --tmpdir=/tmp read-only-fs-test-XXXXXX)' ]] ; then
 	exec rm -v $(mktemp --tmpdir=/tmp read-only-fs-test-XXXXXX) ; croak "Exec failed";
 elif [[ "$*" = "cleanup_nodes /srv/jenkins/bin/reproducible_slay.sh" ]] ; then


=====================================
bin/reproducible_debian_live_sync_result.sh
=====================================
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+# Copyright 2022 Mattia Rizzolo <mattia at debian.org>
+# released under the GPLv2
+
+DEBUG=false
+. /srv/jenkins/bin/common-functions.sh
+common_init "$@"
+
+# common code for tests.reproducible-builds.org
+. /srv/jenkins/bin/reproducible_common.sh
+
+set -u
+
+PROJECT=debian_live_build
+NODE=osuosl173-amd64.debian.net
+
+rsync_remote_results() {
+    local origfile=$1
+    echo "$(date -u) - Starting to sync the remote file"
+    # copy the new results from build node to webserver node
+    cd "$BASE"/"$PROJECT"
+    filename=$(basename "$origfile")
+    scp -o Batchmode=yes "$NODE":"$origfile" "$filename.tmp"
+    chmod 755 "$filename.tmp"
+    mv "$filename.tmp" "$filename"
+}
+
+delete_live_build_file() {
+    local filetodelete=$1
+    echo "$(date -u) - Starting to delete the requested file $filetodelete"
+    cd "$BASE"/"$PROJECT"
+    filename=$(basename "$filetodelete")
+    if [[ "$filename" != "$origfile" ]]; then
+        echo "You provided a full path, ignoring for safety" >&2
+        exit 1
+    fi
+    if [ -f "$filename" ]; then
+        rm -v "$filename"
+    else
+        echo "File not found" >&2
+        exit 1
+    fi
+}
+
+# main
+if [[ "${SSH_ORIGINAL_COMMAND#* }" =~ "^delete" ]]; then
+    # the # gets the whole command after the first space
+    # the ## gets the last part of the command, space-separated
+    delete_live_build_file "${SSH_ORIGINAL_COMMAND##* }"
+else
+    rsync_remote_results "${SSH_ORIGINAL_COMMAND##* }"
+fi
+
+echo "$(date -u) - the end."


=====================================
jenkins-home/authorized_keys
=====================================
@@ -1,2 +1,5 @@
 # jenkins itself, to start the agents
 restrict,from="127.0.0.1,::1" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSPYH1KKv6PsW0IgNcPbI/l2rjhxPaOGT/lbgaPzVjwPWlqHAEB0PctzNzkduRiaEMhTmcDTCsMOVkBGiPMmuBltqzpGSjcAc3v/sDYaDn+Onj5pTaG8HBMKqxOQP9I24xNjb21tRrmRSDAUrSHHiEm2Lu64efA3vE/L447ZYs53aLd2fBt0zoFKHswasFR57y6y9/3VJTdAnGrAIq9QxnMi2Tbg/KZDiYYmodfCMrAnATTkwGntcINz7FO/HAxHAs1YryzuoDOA02Xqxg4uzlxQgkL91/OhKVKd+2TBg+FAVUkiCKY+uSCdgN1yjoUa0fPFaWEbtEwrWfZgIAIINf jenkins at jenkins.debian.net
+
+# osuosl173 to trigger copying of files syncroniusly and not at the end of a job
+restrict,from="128.193.126.200",command="/srv/jenkins/bin/reproducible_debian_live_sync_result.sh" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIjpDe2iOe6bHoSI3rn0BqRapcZuUjYVOBK8AMkSFq2 jenkins at osuosl173-amd64



View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/7e5d425cb60131472552c1373ada452358ddd6f4

-- 
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/7e5d425cb60131472552c1373ada452358ddd6f4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20220523/75ed747e/attachment-0001.htm>

More information about the Qa-jenkins-scm mailing list