diff options
| author | Vagrant Cascadian <vagrant@debian.org> | 2017-09-07 21:05:06 -0700 |
|---|---|---|
| committer | Holger Levsen <holger@layer-acht.org> | 2017-09-16 15:20:18 +0200 |
| commit | 1791bed0c22b51e5feddc5a5230271f693fe1de2 (patch) | |
| tree | 971503789fc315cf2b41f1f415671b7a0546386b /hosts/jtx1c-armhf-rb/etc/sudoers.d | |
| parent | 32cc781c3545909105b6b50e66c11c606f5448a9 (diff) | |
| download | jenkins.debian.net-1791bed0c22b51e5feddc5a5230271f693fe1de2.tar.xz | |
reproducible: Add new armhf builder, jtx1c.
Signed-off-by: Holger Levsen <holger@layer-acht.org>
Diffstat (limited to 'hosts/jtx1c-armhf-rb/etc/sudoers.d')
| -rw-r--r-- | hosts/jtx1c-armhf-rb/etc/sudoers.d/jenkins | 52 | ||||
| -rw-r--r-- | hosts/jtx1c-armhf-rb/etc/sudoers.d/jenkins-adm | 7 |
2 files changed, 59 insertions, 0 deletions
diff --git a/hosts/jtx1c-armhf-rb/etc/sudoers.d/jenkins b/hosts/jtx1c-armhf-rb/etc/sudoers.d/jenkins new file mode 100644 index 00000000..be21ba55 --- /dev/null +++ b/hosts/jtx1c-armhf-rb/etc/sudoers.d/jenkins @@ -0,0 +1,52 @@ +jenkins ALL= \ + NOPASSWD: /usr/sbin/debootstrap *, \ + /usr/bin/tee /schroots/*, \ + /usr/bin/tee -a /schroots/*, \ + /usr/bin/tee /etc/schroot/chroot.d/jenkins*, \ + /bin/chmod +x /schroots/*, \ + /bin/chmod +x /chroots/*, \ + /usr/sbin/chroot /schroots/*, \ + /usr/sbin/chroot /chroots/*, \ + /usr/sbin/chroot /media/*, \ + /bin/ls -la /media/*, \ + /bin/rm -rf --one-file-system /chroots/*, \ + /bin/rm -rf --one-file-system /schroots/*, \ + /bin/rm -rf --one-file-system /srv/live-build/*, \ + /bin/rm -rf --one-file-system /srv/workspace/pbuilder/*, \ + /bin/cp -v *.iso /srv/live-build/results/*, \ + /bin/mv /chroots/* /schroots/*, \ + /bin/mv /schroots/* /schroots/*, \ + /bin/umount -l /chroots/*, \ + /bin/umount -l /schroots/*, \ + /bin/umount -l /media/*, \ + /bin/rmdir /media/*, \ + /bin/mount -o loop*, \ + /bin/mount --bind *, \ + /usr/bin/du *, \ + /bin/kill *, \ + /usr/bin/file *, \ + /bin/dd if=/dev/zero of=/dev/jenkins*, \ + /usr/bin/qemu-system-x86_64 *, \ + /usr/bin/qemu-img *, \ + /sbin/lvcreate *, /sbin/lvremove *, \ + /bin/mkdir -p /media/*, \ + /usr/bin/guestmount *, \ + /bin/cp -rv /media/*, \ + /bin/chown -R jenkins\:jenkins /var/lib/jenkins/jobs/*,\ + SETENV: NOPASSWD: /usr/sbin/pbuilder *, \ + SETENV: NOPASSWD: /usr/bin/timeout -k ??.?h ??h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder *, \ + SETENV: NOPASSWD: /usr/bin/timeout -k ??.?h ??h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder *, \ + /bin/mv /var/cache/pbuilder/*base*.tgz /var/cache/pbuilder/*base*.tgz, \ + /bin/rm /var/cache/pbuilder/*base*.tgz, \ + /bin/rm -v /var/cache/pbuilder/*base*.tgz, \ + /bin/rm /var/cache/pbuilder/result/*, \ + /usr/bin/dcmd rm *.changes, \ + /usr/bin/dcmd rm *.dsc, \ + /usr/bin/apt-get update, \ + /usr/bin/killall timeout, \ + /usr/sbin/slay 1111, \ + /usr/sbin/slay 2222, \ + /usr/sbin/slay jenkins + +# keep these environment variables +Defaults env_keep += "http_proxy", env_reset diff --git a/hosts/jtx1c-armhf-rb/etc/sudoers.d/jenkins-adm b/hosts/jtx1c-armhf-rb/etc/sudoers.d/jenkins-adm new file mode 100644 index 00000000..3c357be2 --- /dev/null +++ b/hosts/jtx1c-armhf-rb/etc/sudoers.d/jenkins-adm @@ -0,0 +1,7 @@ +# allow member of the jenkins-adm group to sudo-to the jenkins-adm user (owner +# of jenkins script) and the jenkins user itself +%jenkins-adm ALL=(jenkins:jenkins) NOPASSWD: ALL +%jenkins-adm ALL=(jenkins-adm:jenkins-adm) NOPASSWD: ALL +# allow jenkins-adm to run everything as root +%jenkins-adm ALL= NOPASSWD: ALL + |