[Git][qa/jenkins.debian.net][master] i386.reproduce.debian.net: use signup_secret from /opt/etc/rebuilderd.secret

Holger Levsen (@holger) gitlab at salsa.debian.org
Thu Jan 2 17:46:23 GMT 2025



Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net


Commits:
c03f53db by Holger Levsen at 2025-01-02T18:45:56+01:00
i386.reproduce.debian.net: use signup_secret from /opt/etc/rebuilderd.secret

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


4 changed files:

- hosts/infom07-i386/opt/etc/rebuilderd-worker.conf
- hosts/infom07-i386/opt/etc/rebuilderd.conf
- hosts/infom08-i386/opt/etc/rebuilderd-worker.conf
- update_jdn.sh


Changes:

=====================================
hosts/infom07-i386/opt/etc/rebuilderd-worker.conf
=====================================
@@ -1,7 +1,7 @@
 ## The rebuilderd to connect to
 endpoint = "https://i386.reproduce.debian.net"
 ## The server would either allowlist our key or require a signup secret
-#signup_secret = "your_signup_key"
+signup_secret = "INSECURE"
 
 [build]
 #timeout = 86400 # 24 hours


=====================================
hosts/infom07-i386/opt/etc/rebuilderd.conf
=====================================
@@ -22,12 +22,12 @@ bind_addr = "127.0.0.1:8484"
 #cookie = "INSECURE"
 
 ## IMPORTANT: in production, make sure either `authorized_workers` or `signup_secret` is configured.
-#[worker]
+[worker]
 ## If we have a fixed set of workers we can allow-list the keys here.
 #authorized_workers = ["key1", "key2"]
 ## If we want to spawn new workers dynamically we can configure a sign up secret below.
 ## Use `pwgen -1s 32` to generate one.
-#signup_secret = "INSECURE"
+signup_secret = "INSECURE"
 
 #[schedule]
 ## Configure the delay to automatically retry failed rebuilds in hours. The


=====================================
hosts/infom08-i386/opt/etc/rebuilderd-worker.conf
=====================================
@@ -1,7 +1,7 @@
 ## The rebuilderd to connect to
-endpoint = "http://127.0.0.1:8484"
+endpoint = "https://i386.reproduce.debian.net"
 ## The server would either allowlist our key or require a signup secret
-#signup_secret = "your_signup_key"
+signup_secret = "INSECURE"
 
 [build]
 #timeout = 86400 # 24 hours


=====================================
update_jdn.sh
=====================================
@@ -734,6 +734,19 @@ if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "ionos7-amd64" ] || [ "$HOSTNA
 		fi
 	done
 fi
+# set secret for remote rebuilderd-workers
+case $HOSTNAME in
+	infom07|infom08*)	SIGNUPSECRET="$(cat /opt/etc/rebuilderd.secret)"
+				for i in rebuilderd.conf rebuilderd-worker.conf ; do
+					if [ -f /opt/etc/$i ] ; then
+						if grep -q '^signup_secret = "INSECURE"' ; then
+							sudo sed -i "s^signup_secret = \"INSECURE\"#signup_secret = \"$SIGNUPSECRET\"#g" opt/etc/$i
+						fi
+					fi
+				done
+					;;
+			*) ;;
+esac
 
 if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "ionos7-amd64" ] ; then
 	if ! $UP2DATE || [ $BASEDIR/hosts/$HOSTNAME/etc/apache2 -nt $STAMP ]  ; then



View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/c03f53db890ce48c7501b0820937c16afae17699

-- 
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/c03f53db890ce48c7501b0820937c16afae17699
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20250102/ca017775/attachment-0001.htm>


More information about the Qa-jenkins-scm mailing list