[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] 3 commits: reproducible Debian live: Use credentials-binding instead of credentials to pass along the secrets
Holger Levsen (@holger)
gitlab at salsa.debian.org
Thu Sep 22 17:52:12 BST 2022
Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net
Commits:
1e482258 by Roland Clobus at 2022-09-22T18:46:27+02:00
reproducible Debian live: Use credentials-binding instead of credentials to pass along the secrets
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
cd0f3ddd by Roland Clobus at 2022-09-22T18:46:37+02:00
reproducible Debian live: Generate a warning header in the r00t-me folder
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
c76b7880 by Holger Levsen at 2022-09-22T18:46:48+02:00
reproducible Debian live: improve warning text
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
2 changed files:
- bin/reproducible_debian_live_sync_result.sh
- job-cfg/reproducible.yaml
Changes:
=====================================
bin/reproducible_debian_live_sync_result.sh
=====================================
@@ -31,6 +31,19 @@ rsync_remote_results() {
local EXTRADIR=artifacts/r00t-me/
mkdir -p $EXTRADIR
cd $EXTRADIR
+ # Generate a warning
+ local msg="These generated ISO files have been preserved for your convenience.\n"
+ msg="${msg}They will be available for 24h only, so download them now.\n"
+ msg="${msg}WARNING: You shouldn't trust the ISO files downloaded from this host, they could contain malware or anything else, including the worst of your fears, packaged nicely as a bootable ISO image."
+ log_info "$msg"
+ # Place the warning as a heading in the directory view
+ # This is embedded HTML, so no <HTML>-tag etc. are required
+ PAGE=".HEADER.html"
+ rm -f ${PAGE}
+ write_page "<p>"
+ write_page "$(printf ${msg} | sed 's#$#<br/>#g')"
+ write_page "These artifacts were created by one of the <a href=\"https://jenkins.debian.net/view/live/\">live-build jobs</a>"
+ write_page "</p>"
else
local EXTRADIR=""
fi
=====================================
job-cfg/reproducible.yaml
=====================================
@@ -235,19 +235,14 @@
option: category
categories:
- debian_live_build
- parameters:
- - credentials:
- name: OPENQA_APIKEY
- type: secrettext
- required: true
- default: openqa-live-apikey
- description: The key from https://openqa.debian.net/api_keys, generated by rclobus-guest
- - credentials:
- name: OPENQA_APISECRET
- type: secrettext
- required: true
- default: openqa-live-apisecret
- description: The key from https://openqa.debian.net/api_keys, generated by rclobus-guest
+ wrappers:
+ - credentials-binding:
+ - text:
+ credential-id: openqa-live-apikey
+ variable: OPENQA_APIKEY
+ - text:
+ credential-id: openqa-live-apisecret
+ variable: OPENQA_APISECRET
logrotate:
daysToKeep: '{my_keep_build_days}'
numToKeep: 50
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/c7a50b5252643ea88601b576519f42e4ba7a7d4e...c76b78804e0b02778f212955fdc822d97debf539
--
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/compare/c7a50b5252643ea88601b576519f42e4ba7a7d4e...c76b78804e0b02778f212955fdc822d97debf539
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20220922/086f601a/attachment-0001.htm>
More information about the Qa-jenkins-scm
mailing list