add sudoer file to avoid input passwd while build

Add a sudoers file for gbs to avoid input passwd for developer
* add data/gbs (sudoers file)
  data/depanneur_sudo (bash script)
* update depanneur and Makefile

Change-Id: I43a2681c7dc17be58ad3f7b6ca1e51895260258c

diff --git a/Makefile b/Makefile
index 1ef2873..34c7c13 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -4,7 +4,7 @@ prefix=/usr
 bindir=$(prefix)/bin
 datadir=$(prefix)/share
 libdir=$(prefix)/lib
-sysconfdir=/etc
+sudodir=/etc/sudoers.d
 DESTDIR=
 
 all:
@@ -15,4 +15,12 @@ install:
        install -m755 \
            depanneur  \
            $(DESTDIR)$(bindir)
+       install -m755 \
+           data/depanneur_sudo  \
+           $(DESTDIR)$(bindir)
+       install -m750 -d \
+           $(DESTDIR)$(sudodir)
+       install -m440 \
+        data/gbs \
+        $(DESTDIR)$(sudodir)
 

diff --git a/data/depanneur_sudo b/data/depanneur_sudo
new file mode 100755 (executable)
index 0000000..5095f5a
--- /dev/null
+++ b/data/depanneur_sudo
@@ -0,0 +1,2 @@
+#!/bin/bash
+sudo $@

diff --git a/data/gbs b/data/gbs
new file mode 100644 (file)
index 0000000..61780ed
--- /dev/null
+++ b/data/gbs
@@ -0,0 +1,9 @@
+Defaults targetpw
+ALL     ALL=(ALL) NOPASSWD:/usr/bin/depanneur_sudo
+
+Defaults env_keep += "http_proxy"
+Defaults env_keep += "no_proxy"
+Defaults env_keep += "https_proxy"
+Defaults env_keep += "HTTP_PROXY"
+Defaults env_keep += "HTTPS_PROXY"
+Defaults env_keep += "BUILD_DIR"

diff --git a/depanneur b/depanneur
index 0f181f6..4e6d57c 100755 (executable)
--- a/depanneur
+++ b/depanneur
@@ -1040,14 +1040,14 @@ sub worker_thread {
 
 sub safe_umount {
     my ($device) = @_;
-    return if (my_system("sudo umount -l $device") == 0);
+    return if (my_system("sudo depanneur_sudo umount -l $device") == 0);
 
     warning("!!!! umount device $device failed. It may cause files lost in ".
         "some cases. Please stop the process which is using this device and ".
         "press any key to umount again !!!!");
 
     <>;
-    if (my_system("sudo umount -l -f $device") != 0) {
+    if (my_system("sudo depanneur_sudo umount -l -f $device") != 0) {
         warning("!!!! IMPORTANT: umount failed again, please backup your ".
         "source code and try to umount manually !!!!");
     }
@@ -1073,7 +1073,7 @@ sub build_package {
     if ($TERM == 1) {
         return -1;
     }
-    push @args, "sudo -E $virtualenv/usr/bin/build";
+    push @args, "sudo depanneur_sudo -E $virtualenv/usr/bin/build";
     if ($arch ne "i586" ) {
         push @args, "--use-system-qemu";
     }
@@ -1159,9 +1159,9 @@ sub build_package {
 
         my $project_base_path = $to_build{$name}->{project_base_path};
         if (! -e "$builddir") {
-            my_system("sudo mkdir -p $builddir");
+            my_system("sudo depanneur_sudo mkdir -p $builddir");
         }
-        my $mount = "sudo mount -o bind $project_base_path $builddir";
+        my $mount = "sudo depanneur_sudo mount -o bind $project_base_path $builddir";
         my_system($mount);
         my $tmp_dir = abs_path(tempdir(CLEANUP=>1));
         my_system("tar -zcf $source_tar $tmp_dir") if ($source_tar ne "");
@@ -1178,7 +1178,7 @@ sub build_package {
     }
 
     # Save build config to build root for --noinit use
-    my_system("sudo cp $dist_configs/$dist.conf $scratch/$dist.conf") if ($noinit == 0);
+    my_system("sudo depanneur_sudo cp $dist_configs/$dist.conf $scratch/$dist.conf") if ($noinit == 0);
 
     if ($ret == 0) {
         if (bsd_glob "$scratch/home/abuild/rpmbuild/SRPMS/*.rpm") {
@@ -1190,7 +1190,7 @@ sub build_package {
         mkdir_p "$success_logs_path/$name-$version-$release";
         if (-e "$scratch/.build.log") {
             my_system ("cp $scratch/.build.log $success_logs_path/$name-$version-$release/log");
-            my_system ("sudo rm -f $scratch/.build.log ");
+            my_system ("sudo depanneur_sudo rm -f $scratch/.build.log ");
         }
         # Detach and terminate
         {
@@ -1207,7 +1207,7 @@ sub build_package {
         mkdir_p "$fail_logs_path/$name-$version-$release";
         if ( -f "$scratch/.build.log" ) {
             my_system ("cp $scratch/.build.log $fail_logs_path/$name-$version-$release/log");
-            my_system ("sudo rm -f $scratch/.build.log");
+            my_system ("sudo depanneur_sudo rm -f $scratch/.build.log");
             warning("build failed, Leaving the logs in $fail_logs_path/$name-$version-$release/log");
         }
         return 1;
@@ -1485,7 +1485,7 @@ $SIG{'INT'} = $SIG{'TERM'} = sub {
 };
 
 $SIG{'ALRM'} = sub {
-    if (my_system("sudo echo -n") != 0) {
+    if (my_system("sudo depanneur_sudo echo -n") != 0) {
         error("sudo: failed to request passwd")
     } else {
         alarm(SUDOV_PERIOD);

diff --git a/packaging/depanneur.spec b/packaging/depanneur.spec
index 834d1b8..493e6ea 100644 (file)
--- a/packaging/depanneur.spec
+++ b/packaging/depanneur.spec
@@ -9,6 +9,9 @@ Source0:        %{name}_%{version}.tar.gz
 Requires:       createrepo >= 0.9.8
 Requires:       perl(YAML)
 Requires:       tizen-build >= 2012.10.10-tizen20121126
+%if 0%{?suse_version}
+BuildRequires:  sudo
+%endif
 Autoreq:        0
 %description
 The depanneur tool goes through local Git trees and evaluates packaging
@@ -30,4 +33,6 @@ make install DESTDIR=$RPM_BUILD_ROOT
 
 %files
 %defattr(-,root,root,-)
+%{_bindir}/depanneur_sudo
 %{_bindir}/depanneur
+%{_sysconfdir}/sudoers.d/gbs