diff options
author | Holger Levsen <holger@layer-acht.org> | 2016-09-19 15:08:50 +0200 |
---|---|---|
committer | Holger Levsen <holger@layer-acht.org> | 2016-09-19 15:09:18 +0200 |
commit | 39421cde89372babc21c5813b68de9579a0409c7 (patch) | |
tree | ff22f7665673853d44562cf19968f2ea268d3c33 /hosts/opi2a-armhf-rb/etc | |
parent | 33537327617bce60a0d6fcd724316f771422ffe7 (diff) | |
download | jenkins.debian.net-39421cde89372babc21c5813b68de9579a0409c7.tar.xz |
reproducible Debian armhf: replace opi2a with jtk1a, except for builder jobs
Diffstat (limited to 'hosts/opi2a-armhf-rb/etc')
20 files changed, 0 insertions, 557 deletions
diff --git a/hosts/opi2a-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions b/hosts/opi2a-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions deleted file mode 100644 index 2318f84e..00000000 --- a/hosts/opi2a-armhf-rb/etc/apt/apt.conf.d/10no-package-descriptions +++ /dev/null @@ -1 +0,0 @@ -Acquire::Languages "none"; diff --git a/hosts/opi2a-armhf-rb/etc/apt/apt.conf.d/80proxy b/hosts/opi2a-armhf-rb/etc/apt/apt.conf.d/80proxy deleted file mode 100644 index 9e738254..00000000 --- a/hosts/opi2a-armhf-rb/etc/apt/apt.conf.d/80proxy +++ /dev/null @@ -1,2 +0,0 @@ -Acquire::http::Proxy "http://10.0.0.15:8000/"; - diff --git a/hosts/opi2a-armhf-rb/etc/apt/listchanges.conf b/hosts/opi2a-armhf-rb/etc/apt/listchanges.conf deleted file mode 100644 index 8b598c0a..00000000 --- a/hosts/opi2a-armhf-rb/etc/apt/listchanges.conf +++ /dev/null @@ -1,6 +0,0 @@ -[apt] -frontend=mail -email_address=root -confirm=0 -save_seen=/var/lib/apt/listchanges.db -which=both diff --git a/hosts/opi2a-armhf-rb/etc/apt/sources.list b/hosts/opi2a-armhf-rb/etc/apt/sources.list deleted file mode 100644 index 70669281..00000000 --- a/hosts/opi2a-armhf-rb/etc/apt/sources.list +++ /dev/null @@ -1,11 +0,0 @@ -deb http://ftp.us.debian.org/debian/ jessie main contrib non-free -#deb-src http://ftp.us.debian.org/debian/ jessie main contrib non-free - -deb http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free -#deb-src http://ftp.us.debian.org/debian/ jessie-updates main contrib non-free - -deb http://security.debian.org/ jessie/updates main contrib non-free -#deb-src http://security.debian.org/ jessie/updates main contrib non-free - -deb http://ftp.us.debian.org/debian/ jessie-backports main contrib non-free -#deb-src http://ftp.us.debian.org/debian/ jessie-backports main contrib non-free diff --git a/hosts/opi2a-armhf-rb/etc/cron.d/dsa b/hosts/opi2a-armhf-rb/etc/cron.d/dsa deleted file mode 100755 index 9be64c36..00000000 --- a/hosts/opi2a-armhf-rb/etc/cron.d/dsa +++ /dev/null @@ -1,10 +0,0 @@ -# m h dom mon dow (0|7=sun,1=mon) command - -# -# cron-jobs for jenkins.debian.net and nodes -# - -MAILTO=root - -0 1,13 * * * nobody /usr/bin/chronic /usr/local/bin/dsa-check-running-kernel -2 1,13 * * * nobody /usr/bin/chronic /usr/local/bin/dsa-check-packages diff --git a/hosts/opi2a-armhf-rb/etc/munin/munin-node.conf b/hosts/opi2a-armhf-rb/etc/munin/munin-node.conf deleted file mode 100644 index 65ba8e0f..00000000 --- a/hosts/opi2a-armhf-rb/etc/munin/munin-node.conf +++ /dev/null @@ -1,66 +0,0 @@ -# -# Example config-file for munin-node -# - -log_level 4 -log_file /var/log/munin/munin-node.log -pid_file /var/run/munin/munin-node.pid - -background 1 -setsid 1 - -user root -group root - -# This is the timeout for the whole transaction. -# Units are in sec. Default is 15 min -# -# global_timeout 900 - -# This is the timeout for each plugin. -# Units are in sec. Default is 1 min -# -# timeout 60 - -# Regexps for files to ignore -ignore_file [\#~]$ -ignore_file DEADJOE$ -ignore_file \.bak$ -ignore_file %$ -ignore_file \.dpkg-(tmp|new|old|dist)$ -ignore_file \.rpm(save|new)$ -ignore_file \.pod$ - -# Set this if the client doesn't report the correct hostname when -# telnetting to localhost, port 4949 -# -#host_name localhost.localdomain - -# A list of addresses that are allowed to connect. This must be a -# regular expression, since Net::Server does not understand CIDR-style -# network notation unless the perl module Net::CIDR is installed. You -# may repeat the allow line as many times as you'd like - -allow ^127\.0\.0\.1$ -allow ^::1$ - -# If you have installed the Net::CIDR perl module, you can use one or more -# cidr_allow and cidr_deny address/mask patterns. A connecting client must -# match any cidr_allow, and not match any cidr_deny. Note that a netmask -# *must* be provided, even if it's /32 -# -# Example: -# -# cidr_allow 127.0.0.1/32 -# cidr_allow 192.0.2.0/24 -# cidr_deny 192.0.2.42/32 - -# Which address to bind to; -host * -# host 127.0.0.1 - -# And which port -port 4949 - -allow ^78\.137\.96\.196 -hostname opi2a-armhf-rb.debian.net diff --git a/hosts/opi2a-armhf-rb/etc/munin/plugin-conf.d/df b/hosts/opi2a-armhf-rb/etc/munin/plugin-conf.d/df deleted file mode 100644 index b3fdadcb..00000000 --- a/hosts/opi2a-armhf-rb/etc/munin/plugin-conf.d/df +++ /dev/null @@ -1,6 +0,0 @@ -[df*] -env.exclude none unknown iso9660 squashfs udf romfs ramfs debugfs devtmpfs sysfs -env.exclude_re /srv/workspace/pbuilder /run /dev/disk/by /var/lib/schroot/mount /srv/workspace/varlibschroot /dev/shm /sys/fs/cgroup -env.warning 92 -env.critical 98 - diff --git a/hosts/opi2a-armhf-rb/etc/munin/plugin-conf.d/diskstats b/hosts/opi2a-armhf-rb/etc/munin/plugin-conf.d/diskstats deleted file mode 100644 index 2d11f397..00000000 --- a/hosts/opi2a-armhf-rb/etc/munin/plugin-conf.d/diskstats +++ /dev/null @@ -1,4 +0,0 @@ -[diskstats] -env.trim_labels yes -env.include_only /dev/sda - diff --git a/hosts/opi2a-armhf-rb/etc/munin/plugin-conf.d/munin-node b/hosts/opi2a-armhf-rb/etc/munin/plugin-conf.d/munin-node deleted file mode 100644 index e766928f..00000000 --- a/hosts/opi2a-armhf-rb/etc/munin/plugin-conf.d/munin-node +++ /dev/null @@ -1,117 +0,0 @@ -# This file is used to configure how the plugins are invoked. -# Place in /etc/munin/plugin-conf.d/ or corresponding directory. -# -# PLEASE NOTE: Changes in the plugin-conf.d directory are only -# read at munin-node startup, so restart at any changes. -# -# user <user> # Set the user to run the plugin as. -# group <group> # Set the group to run the plugin as. -# command <command> # Run <command> instead of the plugin. %c expands to -# what would normally be run. -# env.<variable> <value> # Sets <variable> in the plugin's environment, see the -# individual plugins to find out which variables they -# care about. - - -[amavis] -group adm -env.MUNIN_MKTEMP /bin/mktemp -p /tmp/ $1 -env.amavislog /var/log/mail.info - -[apt] -user root - -[courier_mta_mailqueue] -group daemon - -[courier_mta_mailstats] -group adm - -[courier_mta_mailvolume] -group adm - -[cps*] -user root - -[exim_mailqueue] -group adm, (Debian-exim) - -[exim_mailstats] -group adm, (Debian-exim) -env.logdir /var/log/exim4/ -env.logname mainlog - -[fw_conntrack] -user root - -[fw_forwarded_local] -user root - -[hddtemp_smartctl] -user root - -[hddtemp2] -user root - -[if_*] -user root - -[if_err_*] -user nobody - -[ip_*] -user root - -[ipmi_*] -user root - -[mysql*] -user root -env.mysqlopts --defaults-file=/etc/mysql/debian.cnf -env.mysqluser debian-sys-maint -env.mysqlconnection DBI:mysql:mysql;mysql_read_default_file=/etc/mysql/debian.cnf - -[postfix_mailqueue] -user postfix - -[postfix_mailstats] -group adm - -[postfix_mailvolume] -group adm -env.logfile mail.log - -[smart_*] -user root - -[vlan*] -user root - -[ejabberd*] -user ejabberd -env.statuses available away chat xa -env.days 1 7 30 - -[dhcpd3] -user root -env.leasefile /var/lib/dhcp3/dhcpd.leases -env.configfile /etc/dhcp3/dhcpd.conf - -[jmx_*] -env.ip 127.0.0.1 -env.port 5400 - -[samba] -user root - -[munin_stats] -user munin -group munin - -[postgres_*] -user postgres -env.PGUSER postgres -env.PGPORT 5432 - -[fail2ban] -user root diff --git a/hosts/opi2a-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds b/hosts/opi2a-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds deleted file mode 100755 index e990c127..00000000 --- a/hosts/opi2a-armhf-rb/etc/munin/plugins/jenkins_reproducible_builds +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh -# -*- sh -*- - -: << =cut - -=head1 NAME - -jenkins_reproducible_builds - Plugin to measure number of reproducible builds running - -=head1 AUTHOR - -Contributed by Holger Levsen - -=head1 LICENSE - -GPLv2 - -=head1 MAGIC MARKERS - - #%# family=auto - #%# capabilities=autoconf - -=cut - -. $MUNIN_LIBDIR/plugins/plugin.sh - -if [ "$1" = "autoconf" ]; then - echo yes - exit 0 -fi - -JOB_PREFIXES="first second" -if [ "$1" = "config" ]; then - echo 'graph_title Concurrent reproducible builds running' - echo 'graph_args --base 1000 -l 0 ' - echo 'graph_scale no' - echo 'graph_total total' - echo 'graph_vlabel Concurrent reproducible builds running' - echo 'graph_category jenkins' - draw=AREA - for PREFIX in $JOB_PREFIXES ; do - echo "jenkins_reproducible_${PREFIX}_build.label $PREFIX build" - echo "jenkins_reproducible_${PREFIX}_build.draw $draw" - if [ "$draw" = "AREA" ] ; then draw=STACK ; fi - done - exit 0 -fi - -for PREFIX in $JOB_PREFIXES ; do - if [ "$PREFIX" = "first" ] ; then - NR=$(pgrep -fc "bin/bash /srv/jenkins/bin/reproducible_build.sh 1") - else - NR=$(pgrep -fc "bin/bash /srv/jenkins/bin/reproducible_build.sh 2") - fi - echo "jenkins_reproducible_${PREFIX}_build.value $NR" - done diff --git a/hosts/opi2a-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup b/hosts/opi2a-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup deleted file mode 100755 index bbea69fa..00000000 --- a/hosts/opi2a-armhf-rb/etc/pbuilder/rebuild-hooks/B01_cleanup +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/sh - -set -e - -BUILDDIR="${BUILDDIR:-/tmp/buildd}" - -# exit if we are in the same UTS namespace as init ( != 2nd build ) -[ "$(readlink /proc/1/ns/uts)" = "$(readlink /proc/self/ns/uts)" ] && exit 0 - -# cease using disorderfs -if [ -d /tmp/disorderfs ] ; then - echo -n "Unmounting /tmp/disorderfs…" - fusermount -u "$BUILDDIR" - rmdir "$BUILDDIR" - mv /tmp/disorderfs "$BUILDDIR" - echo " done." -fi diff --git a/hosts/opi2a-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup b/hosts/opi2a-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup deleted file mode 100755 index 73f4083c..00000000 --- a/hosts/opi2a-armhf-rb/etc/pbuilder/rebuild-hooks/C01_cleanup +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - -set -e - -BUILDDIR="${BUILDDIR:-/tmp/buildd}" - -echo "debug output: disk usage on $(hostname) at $(date -u)" -df -h -echo - -# exit if we are in the same UTS namespace as init ( != 2nd build ) -[ "$(readlink /proc/1/ns/uts)" = "$(readlink /proc/self/ns/uts)" ] && exit 0 - -# cease using disorderfs -if [ -d /tmp/disorderfs ] ; then - echo -n "Unmounting /tmp/disorderfs…" - fusermount -u "$BUILDDIR" - rmdir "$BUILDDIR" - mv /tmp/disorderfs "$BUILDDIR" - echo " done." -fi diff --git a/hosts/opi2a-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment b/hosts/opi2a-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment deleted file mode 100755 index 27fd6445..00000000 --- a/hosts/opi2a-armhf-rb/etc/pbuilder/rebuild-hooks/D01_modify_environment +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh - -set -e - -BUILDDIR="${BUILDDIR:-/tmp/buildd}" - -# exit if we are in the same UTS namespace as init ( != 2nd build ) -[ "$(readlink /proc/1/ns/uts)" = "$(readlink /proc/self/ns/uts)" ] && exit 0 - -echo "I: Changing host+domainname to test build reproducibility" >&2 -sed -e '/^127.0.0.1/s/$/ i-capture-the-hostname i-capture-the-hostname.i-capture-the-domain/' -i /etc/hosts -hostname i-capture-the-hostname -domainname i-capture-the-domain -echo "I: Adding a custom variable just for the fun of it..." >&2 -export CAPTURE_ENVIRONMENT="I capture the environment" - -echo "I: Changing /bin/sh to bash" >&2 -echo "dash dash/sh boolean false" | debconf-set-selections -DEBIAN_FRONTEND=noninteractive dpkg-reconfigure dash -if [ -n "$BUILDUSERNAME" ] ; then - echo "I: Setting $BUILDUSERNAME's login shell to /bin/bash" >&2 - usermod -s /bin/bash $BUILDUSERNAME - if [ -n "$BUILDUSERGECOS" ] ; then - echo "I: Setting $BUILDUSERNAME's GECOS to $BUILDUSERGECOS" >&2 - usermod -c "$BUILDUSERGECOS" $BUILDUSERNAME - fi -fi - -# temporarily disable disorderfs as we have problems properly unmounting it -exit 0 - -# use disorderfs -if [ -x /usr/bin/disorderfs ] ; then - echo -n "Moving $BUILDDIR to /tmp/disorderfs and mounting this as $BUILDDIR via the fuse disorderfs…" - mknod -m 666 /dev/fuse c 10 229 - mv "$BUILDDIR" /tmp/disorderfs - mkdir "$BUILDDIR" - disorderfs --multi-user=yes /tmp/disorderfs "$BUILDDIR" - echo " done." -else - echo "Warning: disorderfs not available." -fi diff --git a/hosts/opi2a-armhf-rb/etc/pbuilderrc b/hosts/opi2a-armhf-rb/etc/pbuilderrc deleted file mode 100644 index a13ed5b3..00000000 --- a/hosts/opi2a-armhf-rb/etc/pbuilderrc +++ /dev/null @@ -1,48 +0,0 @@ -# this is your configuration file for pbuilder. -# the file in /usr/share/pbuilder/pbuilderrc is the default template. -# /etc/pbuilderrc is the one meant for overwriting defaults in -# the default template -# -# read pbuilderrc.5 document for notes on specific options. -# -# cater for different locations -case $HOSTNAME in - jenkins|jenkins-test-vm|profitbricks-build*) MIRRORSITE=http://ftp.de.debian.org/debian ;; - bbx15|bpi0|cbxi4*|cb3*|hb0|wbq0|odxu4*|odu3*|wbd0|rpi2*|ff2*|ff4*|opi2*) MIRRORSITE=http://ftp.us.debian.org/debian ;; - *) echo "unsupported host, exiting." ; exit 1 ;; -esac -# only use eatmydata on armhf+i386 - on amd64 we build in tmpfs anyway -case $HOSTNAME in - profitbricks-build*i386) - EATMYDATA=yes ;; - bbx15|bpi0|cbxi4*|cb3*|hb0|wbq0|odxu4*|odu3*|wbd0|rpi2*|ff2*|ff4*|opi2*) - EATMYDATA=yes ;; - *) ;; -esac -EXTRAPACKAGES="" # better list them in bin/reproducible_setup_pbuilder.sh -APTCACHE="" -COMPRESSPROG="pigz" -BUILDPLACE=/srv/workspace/pbuilder # build in /srv/workspace, which is in tmpfs - -# there are software wanting /dev/shm writable, so give them so. There are tons -# of bug shm related in pbuilder, that's just a workaround for all of them. -# /run/shm is already mounted as a tmpfs by default. -BINDMOUNTS="/dev/shm" -# set PATH to predictable values, see #780729 and #780725 -PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" - -# used for reproducible builds tests, when doing the 2nd build -if [ "$(readlink /proc/1/ns/uts)" != "$(readlink /proc/self/ns/uts)" ]; then - PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path" -fi - -# needed to ignore failures due to running 398 days in the future… -# (only on those 2 nodes running in the future…) -if [ "$HOSTNAME" = "profitbricks-build5-amd64" ] || [ "$HOSTNAME" = "profitbricks-build6-i386" ] ; then - case "$PBUILDER_OPERATION" in - create) - APTGETOPT=(-o Acquire::Check-Valid-Until="false") - ;; - *) ;; - esac -fi diff --git a/hosts/opi2a-armhf-rb/etc/postfix/main.cf b/hosts/opi2a-armhf-rb/etc/postfix/main.cf deleted file mode 100644 index 729202bb..00000000 --- a/hosts/opi2a-armhf-rb/etc/postfix/main.cf +++ /dev/null @@ -1,41 +0,0 @@ -# See /usr/share/postfix/main.cf.dist for a commented, more complete version - - -# Debian specific: Specifying a file name will cause the first -# line of that file to be used as the name. The Debian default -# is /etc/mailname. -#myorigin = /etc/mailname - -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) -biff = no - -# appending .domain is the MUA's job. -append_dot_mydomain = no - -# Uncomment the next line to generate "delayed mail" warnings -#delay_warning_time = 4h - -readme_directory = no - -# TLS parameters -smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key -smtpd_use_tls=yes -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache -smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache - -# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for -# information on enabling SSL in the smtp client. - -myhostname = opi2a-armhf-rb.debian.net -alias_maps = hash:/etc/aliases -alias_database = hash:/etc/aliases -myorigin = /etc/mailname -mydestination = opi2a-armhf-rb.debian.net, localhost -relayhost = -#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 -mynetworks = 127.0.0.0/8 -mailbox_size_limit = 0 -recipient_delimiter = + -inet_interfaces = all -mailbox_command = /usr/bin/procmail -a "$EXTENSION" diff --git a/hosts/opi2a-armhf-rb/etc/rc.local b/hosts/opi2a-armhf-rb/etc/rc.local deleted file mode 100755 index 1c4ece10..00000000 --- a/hosts/opi2a-armhf-rb/etc/rc.local +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -e -# -# rc.local -# -# This script is executed at the end of each multiuser runlevel. -# Make sure that the script will "exit 0" on success or any other -# value on error. -# -# In order to enable or disable this script just change the execution -# bits. -# -# By default this script does nothing. - -echo "$(date -u) - system was rebooted" | mail -s "$(hostname -f) rebooted" root - -exit 0 diff --git a/hosts/opi2a-armhf-rb/etc/schroot/default/fstab b/hosts/opi2a-armhf-rb/etc/schroot/default/fstab deleted file mode 100644 index 74468dd2..00000000 --- a/hosts/opi2a-armhf-rb/etc/schroot/default/fstab +++ /dev/null @@ -1,24 +0,0 @@ -# fstab: static file system information for chroots. -# Note that the mount point will be prefixed by the chroot path -# (CHROOT_PATH) -# -# <file system> <mount point> <type> <options> <dump> <pass> -/proc /proc none rw,bind 0 0 -/sys /sys none rw,bind 0 0 -/dev /dev none rw,bind 0 0 -/dev/pts /dev/pts none rw,bind 0 0 -/home /home none rw,bind 0 0 -/tmp /tmp none rw,bind 0 0 -/srv/reproducible-results /srv/reproducible-results none rw,bind 0 0 -/srv/d-i /srv/d-i none rw,bind 0 0 -/srv/jenkins /srv/jenkins none rw,bind 0 0 -/srv/live-build /srv/live-build none rw,bind 0 0 - -# It may be desirable to have access to /run, especially if you wish -# to run additional services in the chroot. However, note that this -# may potentially cause undesirable behaviour on upgrades, such as -# killing services on the host. -#/run /run none rw,bind 0 0 -#/run/lock /run/lock none rw,bind 0 0 -/dev/shm /dev/shm none rw,bind 0 0 -/run/shm /run/shm none rw,bind 0 0 diff --git a/hosts/opi2a-armhf-rb/etc/schroot/default/nssdatabases b/hosts/opi2a-armhf-rb/etc/schroot/default/nssdatabases deleted file mode 100644 index 72615e5d..00000000 --- a/hosts/opi2a-armhf-rb/etc/schroot/default/nssdatabases +++ /dev/null @@ -1,11 +0,0 @@ -# System databases to copy into the chroot from the host system. -# -# <database name> -passwd -shadow -group -gshadow -#services -protocols -networks -hosts diff --git a/hosts/opi2a-armhf-rb/etc/sudoers.d/jenkins b/hosts/opi2a-armhf-rb/etc/sudoers.d/jenkins deleted file mode 100644 index 96d501ef..00000000 --- a/hosts/opi2a-armhf-rb/etc/sudoers.d/jenkins +++ /dev/null @@ -1,51 +0,0 @@ -jenkins ALL= \ - NOPASSWD: /usr/sbin/debootstrap *, \ - /usr/bin/tee /schroots/*, \ - /usr/bin/tee -a /schroots/*, \ - /usr/bin/tee /etc/schroot/chroot.d/jenkins*, \ - /bin/chmod +x /schroots/*, \ - /usr/sbin/chroot /schroots/*, \ - /usr/sbin/chroot /chroots/*, \ - /usr/sbin/chroot /media/*, \ - /bin/ls -la /media/*, \ - /bin/rm -rf --one-file-system /chroots/*, \ - /bin/rm -rf --one-file-system /schroots/*, \ - /bin/rm -rf --one-file-system /srv/live-build/*, \ - /bin/rm -rf --one-file-system /srv/workspace/pbuilder/*, \ - /bin/cp -v *.iso /srv/live-build/results/*, \ - /bin/mv /chroots/* /schroots/*, \ - /bin/mv /schroots/* /schroots/*, \ - /bin/umount -l /chroots/*, \ - /bin/umount -l /schroots/*, \ - /bin/umount -l /media/*, \ - /bin/rmdir /media/*, \ - /bin/mount -o loop*, \ - /bin/mount --bind *, \ - /usr/bin/du *, \ - /bin/kill *, \ - /usr/bin/file *, \ - /bin/dd if=/dev/zero of=/dev/jenkins*, \ - /usr/bin/qemu-system-x86_64 *, \ - /usr/bin/qemu-img *, \ - /sbin/lvcreate *, /sbin/lvremove *, \ - /bin/mkdir -p /media/*, \ - /usr/bin/guestmount *, \ - /bin/cp -rv /media/*, \ - /bin/chown -R jenkins\:jenkins /var/lib/jenkins/jobs/*,\ - SETENV: NOPASSWD: /usr/sbin/pbuilder *, \ - SETENV: NOPASSWD: /usr/bin/timeout -k ??.?h ??h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder *, \ - SETENV: NOPASSWD: /usr/bin/timeout -k ??.?h ??h /usr/bin/ionice -c 3 /usr/bin/nice /usr/bin/unshare --uts -- /usr/sbin/pbuilder *, \ - /bin/mv /var/cache/pbuilder/*base*.tgz /var/cache/pbuilder/*base*.tgz, \ - /bin/rm /var/cache/pbuilder/*base*.tgz, \ - /bin/rm -v /var/cache/pbuilder/*base*.tgz, \ - /bin/rm /var/cache/pbuilder/result/*, \ - /usr/bin/dcmd rm *.changes, \ - /usr/bin/dcmd rm *.dsc, \ - /usr/bin/apt-get update, \ - /usr/bin/killall timeout, \ - /usr/sbin/slay 1111, \ - /usr/sbin/slay 2222, \ - /usr/sbin/slay jenkins - -# keep these environment variables -Defaults env_keep += "http_proxy", env_reset diff --git a/hosts/opi2a-armhf-rb/etc/sudoers.d/jenkins-adm b/hosts/opi2a-armhf-rb/etc/sudoers.d/jenkins-adm deleted file mode 100644 index 3c357be2..00000000 --- a/hosts/opi2a-armhf-rb/etc/sudoers.d/jenkins-adm +++ /dev/null @@ -1,7 +0,0 @@ -# allow member of the jenkins-adm group to sudo-to the jenkins-adm user (owner -# of jenkins script) and the jenkins user itself -%jenkins-adm ALL=(jenkins:jenkins) NOPASSWD: ALL -%jenkins-adm ALL=(jenkins-adm:jenkins-adm) NOPASSWD: ALL -# allow jenkins-adm to run everything as root -%jenkins-adm ALL= NOPASSWD: ALL - |