[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] jenkins nodes: make sure /srv/jenkins/kgb always has the correct permissions
Holger Levsen (@holger)
gitlab at salsa.debian.org
Sun Apr 9 13:28:04 BST 2023
Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net
Commits:
b92348ae by Holger Levsen at 2023-04-09T14:27:38+02:00
jenkins nodes: make sure /srv/jenkins/kgb always has the correct permissions
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
1 changed file:
- update_jdn.sh
Changes:
=====================================
update_jdn.sh
=====================================
@@ -881,6 +881,8 @@ fi
if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "osuosl1-amd64" ] || [ "$HOSTNAME" = "osuosl2-amd64" ] || [ "$HOSTNAME" = "osuosl3-amd64" ] || [ "$HOSTNAME" = "ionos2-i386" ] || [ "$HOSTNAME" = "ionos12-i386" ] ; then
cd $BASEDIR
KGB_SECRETS="/srv/jenkins/kgb/secrets.yml"
+ sudo mkdir -p $(dirname $KGB_SECRETS)
+ sudo chown jenkins-adm:root $(dirname $KGB_SECRETS)
if [ -f "$KGB_SECRETS" ] && [ $(stat -c "%a:%U:%G" "$KGB_SECRETS") = "640:jenkins-adm:jenkins-adm" ] ; then
# the last condition is to assure the files are owned by the right user/team
if [ "$KGB_SECRETS" -nt $STAMP ] || [ "/srv/jenkins/bin/deploy_kgb.py" -nt "$STAMP" ] || [ ! -f $STAMP ] ; then
@@ -894,6 +896,9 @@ if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "osuosl1-amd64" ] || [ "$HOSTN
echo "We expect the secrets file to be mode 640 and owned by jenkins-adm:jenkins-adm."
echo "/srv/jenkins/kgb should be mode 755 and owned by jenkins-adm:root."
echo "/srv/jenkins/kgb/client-status should be mode 755 and owned by jenkins:jenkins."
+ echo
+ ls -lart $KGB_SECRETS
+ exit 1
fi
KGB_STATUS="/srv/jenkins/kgb/client-status"
sudo mkdir -p $KGB_STATUS
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/b92348ae6a2787986b472d3d3d094dc1a42b1412
--
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/b92348ae6a2787986b472d3d3d094dc1a42b1412
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20230409/7849b2a0/attachment-0001.htm>
More information about the Qa-jenkins-scm
mailing list