## You probably need to define if the service is run on the client side as
## the default directory is likely not accessible by regular users.
#repo-cache-dir = /var/cache/obs/git-buildpackage-repos/
+
+## User and group
+## The user and group under which gbs is run. The service itself is run under
+## whatever user/group the source service server is configured to use - this
+## user must have the privileges to set uid/gid if you configure these settings.
+## You can give the user and group as name or uid/gid number directly.
+#gbs-user = gbsservice
+#gbs-group = gbsservice
import gbp_repocache
from gbp_repocache import CachedRepo, CachedRepoError
+from obs_service_gbp_utils import GbpServiceError, fork_call, sanitize_uid_gid
# Setup logging
def read_config(filenames):
'''Read configuration file(s)'''
- defaults = {'repo-cache-dir': '/var/cache/obs/gbs-repos/'}
+ defaults = {'repo-cache-dir': '/var/cache/obs/gbs-repos/',
+ 'gbs-user': None,
+ 'gbs-group': None}
filenames = [os.path.expanduser(fname) for fname in filenames]
LOGGER.debug('Trying %s config files: %s' % (len(filenames), filenames))
# We only use keys from one section, for now
return dict(parser.items('general'))
-def gbs_export(repo, args):
+def gbs_export(repo, args, config):
'''Export packaging files with GBS'''
# Create temporary directory
try:
except OSError as err:
raise ServiceError('Failed to create tmpdir: %s' % err, 1)
+ # Determine UID/GID and grant permissions to tmpdir
+ try:
+ uid, gid = sanitize_uid_gid(config['gbs-user'], config['gbs-group'])
+ except GbpServiceError as err:
+ raise ServiceError(err, 1)
+ os.chown(tmpdir, uid, gid)
+
# Do export
try:
gbs_args = construct_gbs_args(args, tmpdir, repo.repodir)
LOGGER.info('Exporting packaging files with GBS')
LOGGER.debug('gbs args: %s' % gbs_args)
try:
- cmd_export(gbs_args)
+ fork_call(uid, gid, cmd_export, gbs_args)
+ except GbpServiceError as err:
+ LOGGER.error('Internal service error when trying to run GBS: '
+ '%s' % err)
+ LOGGER.error('Most likely a configuration error (or a BUG)!')
+ raise ServiceError('Failed to run GBS thread: %s' % err, 1)
except CmdError as err:
raise ServiceError('GBS export failed: %s' % err, 2)
except Exception as err:
raise ServiceError('Failed to create outdir: %s' % err, 1)
# Export sources with GBS
- gbs_export(repo, args)
+ gbs_export(repo, args, config)
except ServiceError as err:
LOGGER.error(err[0])
# MA 02110-1301, USA.
"""Tests for the GBS source service"""
+import grp
import os
import shutil
import stat
ok_(not os.path.exists(default_cache), os.listdir('.'))
ok_(os.path.exists('my-repo-cache'), os.listdir('.'))
+ def test_user_group_config(self):
+ """Test the user/group settings"""
+ # Changing to current user/group should succeed
+ os.environ['OBS_GBS_GBS_USER'] = str(os.getuid())
+ os.environ['OBS_GBS_GBS_GROUP'] = grp.getgrgid(os.getgid()).gr_name
+ eq_(service(['--url', self.orig_repo.path]), 0)
+
+ # Changing to non-existent user should fail
+ os.environ['OBS_GBS_GBS_USER'] = '_non_existent_user'
+ del os.environ['OBS_GBS_GBS_GROUP']
+ eq_(service(['--url', self.orig_repo.path]), 1)
+
+ # Return env
+ del os.environ['OBS_GBS_GBS_USER']