From 013ae80d071e1b066d909952c93f0b2bc672c125 Mon Sep 17 00:00:00 2001
From: Olivier Blin <blino@mageia.org>
Date: Mon, 6 Dec 2010 23:38:39 +0000
Subject: use a mdv-youri-submit wrapper through sudo, for repsys

---
 modules/buildsystem/manifests/init.pp              | 23 ++++++++++++++
 modules/buildsystem/templates/mdv-youri-submit     |  2 ++
 .../buildsystem/templates/mdv-youri-submit.wrapper | 36 ++++++++++++++++++++++
 modules/buildsystem/templates/repsys.conf          |  2 +-
 modules/buildsystem/templates/sudoers.youri        |  3 ++
 5 files changed, 65 insertions(+), 1 deletion(-)
 create mode 100755 modules/buildsystem/templates/mdv-youri-submit
 create mode 100755 modules/buildsystem/templates/mdv-youri-submit.wrapper
 create mode 100644 modules/buildsystem/templates/sudoers.youri

(limited to 'modules/buildsystem')

diff --git a/modules/buildsystem/manifests/init.pp b/modules/buildsystem/manifests/init.pp
index 7b00d07f..4a64ece3 100644
--- a/modules/buildsystem/manifests/init.pp
+++ b/modules/buildsystem/manifests/init.pp
@@ -104,6 +104,29 @@ class buildsystem {
         }
     }
 
+    class youri_submit {
+        file { "/usr/local/bin/mdv-youri-submit":
+          owner  => root,
+          group => root,
+          mode => 755,
+          content => template("buildsystem/mdv-youri-submit")
+        }
+
+        file { "/usr/local/bin/mdv-youri-submit.wrapper":
+          owner  => root,
+          group => root,
+          mode => 755,
+          content => template("buildsystem/mdv-youri-submit.wrapper")
+        }
+
+        file { "/etc/sudoers.d/mdv-youri-submit":
+            owner => root,
+            group => root,
+            mode => 440,
+            content => template("buildsystem/sudoers.youri")
+        }
+    }
+
     define sshuser($homedir, $comment) {
         group {"$title": 
             ensure => present,
diff --git a/modules/buildsystem/templates/mdv-youri-submit b/modules/buildsystem/templates/mdv-youri-submit
new file mode 100755
index 00000000..6271ea91
--- /dev/null
+++ b/modules/buildsystem/templates/mdv-youri-submit
@@ -0,0 +1,2 @@
+#!/bin/sh
+sudo mdv-youri-submit.wrapper "$@"
diff --git a/modules/buildsystem/templates/mdv-youri-submit.wrapper b/modules/buildsystem/templates/mdv-youri-submit.wrapper
new file mode 100755
index 00000000..3df1d8b4
--- /dev/null
+++ b/modules/buildsystem/templates/mdv-youri-submit.wrapper
@@ -0,0 +1,36 @@
+#!/usr/bin/perl
+# youri-submit wrapper
+
+use strict;
+use warnings;
+use Fcntl ':mode';
+use File::Basename;
+use MDK::Common;
+
+my $log_dir = "$ENV{HOME}/submit-logs";
+
+my $sudo_user = $ENV{SUDO_USER} or die "should be run through sudo";
+my @prog = ('perl', '-I/usr/share/mdv-youri-core/lib', '-I/usr/share/mdv-youri-submit/lib', '/usr/share/mdv-youri-submit/bin/youri-submit');
+
+my @options;
+foreach my $arg (@ARGV) {
+    if ($arg =~ /^-?-(\S+)/) {
+	# drop prohibited options
+	if ($arg =~ /-c/ || $arg =~ /-s/) {
+	    print STDERR "prohibited option $arg, skipping\n";
+	    next;
+	}
+    }
+    push(@options, $arg);
+}
+
+# logging for bug #30315 -spuk, 2007-05-29
+mkdir_p($log_dir);
+open(STDERR, "| tee -a $log_dir/$sudo_user.err >&2");
+open(STDOUT, "| tee -a $log_dir/$sudo_user.out");
+
+# call wrapped program
+print "Executing @prog --config /etc/youri/submit-todo.conf --define user=$sudo_user @options (sudo_user $sudo_user)\n";
+my $err = system(@prog, "-v", "--verbose", "--config", "/etc/youri/submit-todo.conf", "--define", "user=$sudo_user", @options) && ($? >> 8 || 1);
+
+exit $err
diff --git a/modules/buildsystem/templates/repsys.conf b/modules/buildsystem/templates/repsys.conf
index 9a01adbe..d10d27df 100644
--- a/modules/buildsystem/templates/repsys.conf
+++ b/modules/buildsystem/templates/repsys.conf
@@ -56,7 +56,7 @@ mageia_branch = cauldron
 
 [helper]
 create-srpm = /usr/share/repsys/create-srpm
-upload-srpm = perl -I/usr/share/mdv-youri-core/lib -I/usr/share/mdv-youri-submit/lib /usr/share/mdv-youri-submit/bin/youri-submit
+upload-srpm = /usr/local/bin/mdv-youri-submit
 # needed by mdvsys 2.0
 install-buildrequires = sudo rurpmi --auto --no-suggests 
 
diff --git a/modules/buildsystem/templates/sudoers.youri b/modules/buildsystem/templates/sudoers.youri
new file mode 100644
index 00000000..4ac92d04
--- /dev/null
+++ b/modules/buildsystem/templates/sudoers.youri
@@ -0,0 +1,3 @@
+Cmnd_Alias	YOURI = /usr/local/bin/mdv-youri-submit.wrapper
+Defaults!YOURI	always_set_home
+%mga-packagers	ALL = (<%= sched_login %>) NOPASSWD: YOURI
-- 
cgit v1.2.1