[Qa-jenkins-scm] [Git][qa/jenkins.debian.net][master] jenkins nodes: make sure /srv/jenkins/kgb always has the correct permissions

Holger Levsen (@holger) gitlab at salsa.debian.org
Sun Apr 9 13:28:04 BST 2023 


Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net


Commits:
b92348ae by Holger Levsen at 2023-04-09T14:27:38+02:00
jenkins nodes: make sure /srv/jenkins/kgb always has the correct permissions

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


1 changed file:

- update_jdn.sh


Changes:

=====================================
update_jdn.sh
=====================================
@@ -881,6 +881,8 @@ fi
 if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "osuosl1-amd64" ] || [ "$HOSTNAME" = "osuosl2-amd64" ] || [ "$HOSTNAME" = "osuosl3-amd64" ] || [ "$HOSTNAME" = "ionos2-i386" ] || [ "$HOSTNAME" = "ionos12-i386" ] ; then
 	cd $BASEDIR
 	KGB_SECRETS="/srv/jenkins/kgb/secrets.yml"
+	sudo mkdir -p $(dirname $KGB_SECRETS)
+	sudo chown jenkins-adm:root $(dirname $KGB_SECRETS)
 	if [ -f "$KGB_SECRETS" ] && [ $(stat -c "%a:%U:%G" "$KGB_SECRETS") = "640:jenkins-adm:jenkins-adm" ] ; then
 		# the last condition is to assure the files are owned by the right user/team
 		if [ "$KGB_SECRETS" -nt $STAMP ] || [ "/srv/jenkins/bin/deploy_kgb.py" -nt "$STAMP" ] || [ ! -f $STAMP ] ; then
@@ -894,6 +896,9 @@ if [ "$HOSTNAME" = "jenkins" ] || [ "$HOSTNAME" = "osuosl1-amd64" ] || [ "$HOSTN
 		echo "We expect the secrets file to be mode 640 and owned by jenkins-adm:jenkins-adm."
 		echo "/srv/jenkins/kgb should be mode 755 and owned by jenkins-adm:root."
 		echo "/srv/jenkins/kgb/client-status should be mode 755 and owned by jenkins:jenkins."
+		echo
+		ls -lart $KGB_SECRETS
+		exit 1
 	fi
 	KGB_STATUS="/srv/jenkins/kgb/client-status"
 	sudo mkdir -p $KGB_STATUS



View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/b92348ae6a2787986b472d3d3d094dc1a42b1412

-- 
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/b92348ae6a2787986b472d3d3d094dc1a42b1412
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20230409/7849b2a0/attachment-0001.htm>

More information about the Qa-jenkins-scm mailing list