From f67358c9b2366feeb06b91f05f14aa417804a9a9 Mon Sep 17 00:00:00 2001
From: Holger Levsen <holger@layer-acht.org>
Date: Fri, 23 Sep 2016 16:27:41 +0200
Subject: reproducible F-Droid: add new host, profitbricks-build7-amd64 to
 build F-Droid on a stretch system

---
 hosts/profitbricks-build7-amd64/etc/sudoers.d/jenkins | 19 +++++++++++++++++++
 .../etc/sudoers.d/jenkins-adm                         |  7 +++++++
 2 files changed, 26 insertions(+)
 create mode 100644 hosts/profitbricks-build7-amd64/etc/sudoers.d/jenkins
 create mode 100644 hosts/profitbricks-build7-amd64/etc/sudoers.d/jenkins-adm

(limited to 'hosts/profitbricks-build7-amd64/etc/sudoers.d')

diff --git a/hosts/profitbricks-build7-amd64/etc/sudoers.d/jenkins b/hosts/profitbricks-build7-amd64/etc/sudoers.d/jenkins
new file mode 100644
index 00000000..fa4778f6
--- /dev/null
+++ b/hosts/profitbricks-build7-amd64/etc/sudoers.d/jenkins
@@ -0,0 +1,19 @@
+jenkins ALL=  \
+	NOPASSWD: /usr/sbin/debootstrap *, \
+	/usr/bin/tee /schroots/*, \
+	/usr/bin/tee -a /schroots/*, \
+	/usr/bin/tee /etc/schroot/chroot.d/jenkins*, \
+	/bin/chmod +x /schroots/*, \
+	/usr/sbin/chroot /schroots/*, \
+	/bin/rm -rf --one-file-system /schroots/*, \
+	/bin/rm -rf --one-file-system /srv/live-build/*, \
+	/bin/mv /schroots/* /schroots/*, \
+	/bin/umount -l /schroots/*, \
+	/bin/mount --bind *, \
+	/usr/bin/killall timeout, \
+	/usr/sbin/slay 1111, \
+	/usr/sbin/slay 2222, \
+	/usr/sbin/slay jenkins
+
+# keep these environment variables
+Defaults        env_keep += "http_proxy", env_reset
diff --git a/hosts/profitbricks-build7-amd64/etc/sudoers.d/jenkins-adm b/hosts/profitbricks-build7-amd64/etc/sudoers.d/jenkins-adm
new file mode 100644
index 00000000..3c357be2
--- /dev/null
+++ b/hosts/profitbricks-build7-amd64/etc/sudoers.d/jenkins-adm
@@ -0,0 +1,7 @@
+# allow member of the jenkins-adm group to sudo-to the jenkins-adm user (owner
+# of jenkins script) and the jenkins user itself
+%jenkins-adm ALL=(jenkins:jenkins) NOPASSWD: ALL
+%jenkins-adm ALL=(jenkins-adm:jenkins-adm) NOPASSWD: ALL
+# allow jenkins-adm to run everything as root
+%jenkins-adm ALL= NOPASSWD: ALL
+
-- 
cgit v1.2.3-54-g00ecf