mirror of
				https://github.com/arcan1s/ahriman.git
				synced 2025-10-26 11:23:44 +00:00 
			
		
		
		
	Compare commits
	
		
			1 Commits
		
	
	
		
			1ed69a48e3
			...
			feature/pk
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| aac3ccfc30 | 
							
								
								
									
										6
									
								
								.github/workflows/setup.sh
									
									
									
									
										vendored
									
									
								
							
							
						
						
									
										6
									
								
								.github/workflows/setup.sh
									
									
									
									
										vendored
									
									
								
							| @ -10,7 +10,7 @@ echo -e '[arcanisrepo]\nServer = http://repo.arcanis.me/$arch\nSigLevel = Never' | |||||||
| # refresh the image | # refresh the image | ||||||
| pacman --noconfirm -Syu | pacman --noconfirm -Syu | ||||||
| # main dependencies | # main dependencies | ||||||
| pacman --noconfirm -Sy base-devel devtools git pyalpm python-cerberus python-inflection python-passlib python-requests python-srcinfo sudo | pacman --noconfirm -Sy base-devel devtools-git-poc git pyalpm python-cerberus python-inflection python-passlib python-requests python-srcinfo sudo | ||||||
| # make dependencies | # make dependencies | ||||||
| pacman --noconfirm -Sy python-build python-installer python-wheel | pacman --noconfirm -Sy python-build python-installer python-wheel | ||||||
| # optional dependencies | # optional dependencies | ||||||
| @ -52,9 +52,9 @@ if [[ -z $MINIMAL_INSTALL ]]; then | |||||||
| fi | fi | ||||||
| # add the first package | # add the first package | ||||||
| # the build itself does not really work in the container | # the build itself does not really work in the container | ||||||
| sudo -u ahriman -- ahriman package-add --now yay | sudo -u ahriman -- ahriman package-add --now ahriman | ||||||
| # check if package was actually installed | # check if package was actually installed | ||||||
| test -n "$(find "/var/lib/ahriman/repository/x86_64" -name "yay*pkg*")" | test -n "$(find "/var/lib/ahriman/repository/x86_64" -name "ahriman*pkg*")" | ||||||
| # run package check | # run package check | ||||||
| sudo -u ahriman -- ahriman repo-update | sudo -u ahriman -- ahriman repo-update | ||||||
| # stop web service lol | # stop web service lol | ||||||
|  | |||||||
| @ -28,7 +28,7 @@ RUN useradd -m -d "/home/build" -s "/usr/bin/nologin" build && \ | |||||||
| COPY "docker/install-aur-package.sh" "/usr/local/bin/install-aur-package" | COPY "docker/install-aur-package.sh" "/usr/local/bin/install-aur-package" | ||||||
| ## install package dependencies | ## install package dependencies | ||||||
| ## darcs is not installed by reasons, because it requires a lot haskell packages which dramatically increase image size | ## darcs is not installed by reasons, because it requires a lot haskell packages which dramatically increase image size | ||||||
| RUN pacman --noconfirm -Sy devtools git pyalpm python-cerberus python-inflection python-passlib python-requests python-srcinfo && \ | RUN pacman --noconfirm -Sy devtools-git-poc git pyalpm python-cerberus python-inflection python-passlib python-requests python-srcinfo && \ | ||||||
|     pacman --noconfirm -Sy python-build python-installer python-wheel && \ |     pacman --noconfirm -Sy python-build python-installer python-wheel && \ | ||||||
|     pacman --noconfirm -Sy breezy mercurial python-aiohttp python-aiohttp-cors python-boto3 python-cryptography python-jinja python-requests-unixsocket rsync subversion && \ |     pacman --noconfirm -Sy breezy mercurial python-aiohttp python-aiohttp-cors python-boto3 python-cryptography python-jinja python-requests-unixsocket rsync subversion && \ | ||||||
|     runuser -u build -- install-aur-package python-aioauth-client python-aiohttp-apispec-git python-aiohttp-jinja2  \ |     runuser -u build -- install-aur-package python-aioauth-client python-aiohttp-apispec-git python-aiohttp-jinja2  \ | ||||||
|  | |||||||
| @ -36,7 +36,6 @@ AHRIMAN_GNUPG_HOME="$(getent passwd "$AHRIMAN_USER" | cut -d : -f 6)/.gnupg" | |||||||
| chown "$AHRIMAN_USER":"$AHRIMAN_USER" "$AHRIMAN_GNUPG_HOME" | chown "$AHRIMAN_USER":"$AHRIMAN_USER" "$AHRIMAN_GNUPG_HOME" | ||||||
|  |  | ||||||
| # run built-in setup command | # run built-in setup command | ||||||
| AHRIMAN_SETUP_ARGS=("--build-as-user" "$AHRIMAN_USER") |  | ||||||
| AHRIMAN_SETUP_ARGS+=("--packager" "$AHRIMAN_PACKAGER") | AHRIMAN_SETUP_ARGS+=("--packager" "$AHRIMAN_PACKAGER") | ||||||
| AHRIMAN_SETUP_ARGS+=("--repository" "$AHRIMAN_REPOSITORY") | AHRIMAN_SETUP_ARGS+=("--repository" "$AHRIMAN_REPOSITORY") | ||||||
| if [ -z "$AHRIMAN_MULTILIB" ]; then | if [ -z "$AHRIMAN_MULTILIB" ]; then | ||||||
|  | |||||||
| @ -63,11 +63,9 @@ Authorized users are stored inside internal database, if any of external provide | |||||||
|  |  | ||||||
| Build related configuration. Group name can refer to architecture, e.g. ``build:x86_64`` can be used for x86_64 architecture specific settings. | Build related configuration. Group name can refer to architecture, e.g. ``build:x86_64`` can be used for x86_64 architecture specific settings. | ||||||
|  |  | ||||||
| * ``archbuild_flags`` - additional flags passed to ``archbuild`` command, space separated list of strings, optional. |  | ||||||
| * ``build_command`` - default build command, string, required. | * ``build_command`` - default build command, string, required. | ||||||
|  | * ``build_flags`` - additional ``pkgctl`` flags, space separated list of strings, optional. | ||||||
| * ``ignore_packages`` - list packages to ignore during a regular update (manual update will still work), space separated list of strings, optional. | * ``ignore_packages`` - list packages to ignore during a regular update (manual update will still work), space separated list of strings, optional. | ||||||
| * ``makepkg_flags`` - additional flags passed to ``makepkg`` command, space separated list of strings, optional. |  | ||||||
| * ``makechrootpkg_flags`` - additional flags passed to ``makechrootpkg`` command, space separated list of strings, optional. |  | ||||||
| * ``triggers`` - list of ``ahriman.core.triggers.Trigger`` class implementation (e.g. ``ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger``) which will be loaded and run at the end of processing, space separated list of strings, optional. You can also specify triggers by their paths, e.g. ``/usr/lib/python3.10/site-packages/ahriman/core/report/report.py.ReportTrigger``. Triggers are run in the order of mention. | * ``triggers`` - list of ``ahriman.core.triggers.Trigger`` class implementation (e.g. ``ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger``) which will be loaded and run at the end of processing, space separated list of strings, optional. You can also specify triggers by their paths, e.g. ``/usr/lib/python3.10/site-packages/ahriman/core/report/report.py.ReportTrigger``. Triggers are run in the order of mention. | ||||||
| * ``vcs_allowed_age`` - maximal age in seconds of the VCS packages before their version will be updated with its remote source, int, optional, default ``604800``. | * ``vcs_allowed_age`` - maximal age in seconds of the VCS packages before their version will be updated with its remote source, int, optional, default ``604800``. | ||||||
|  |  | ||||||
|  | |||||||
| @ -25,45 +25,30 @@ Initial setup | |||||||
|       Configure build tools (it is required for correct dependency management system): |       Configure build tools (it is required for correct dependency management system): | ||||||
|  |  | ||||||
|       #. |       #. | ||||||
|          Create build command (you can choose any name for command, basically it should be ``{name}-{arch}-build``): |          Create configuration file ``{repository}.conf``: | ||||||
|  |  | ||||||
|          .. code-block:: shell |          .. code-block:: shell | ||||||
|  |  | ||||||
|             ln -s /usr/bin/archbuild /usr/local/bin/ahriman-x86_64-build |             cp /usr/local/share/devtools-git-poc/pacman.conf.d/{extra,aur-clone}.conf | ||||||
|  |  | ||||||
|       #.  |  | ||||||
|          Create configuration file (same as previous ``pacman-{name}.conf``): |  | ||||||
|  |  | ||||||
|          .. code-block:: shell |  | ||||||
|  |  | ||||||
|             cp /usr/share/devtools/pacman-{extra,ahriman}.conf |  | ||||||
|  |  | ||||||
|       #.  |       #.  | ||||||
|          Change configuration file, add your own repository, add multilib repository etc: |          Change configuration file, add your own repository, add multilib repository etc: | ||||||
|  |  | ||||||
|          .. code-block:: shell |          .. code-block:: shell | ||||||
|  |  | ||||||
|             echo '[multilib]' | tee -a /usr/share/devtools/pacman-ahriman.conf |             echo '[multilib]' | tee -a /usr/local/share/devtools-git-poc/pacman.conf.d/aur-clone.conf | ||||||
|             echo 'Include = /etc/pacman.d/mirrorlist' | tee -a /usr/share/devtools/pacman-ahriman.conf |             echo 'Include = /etc/pacman.d/mirrorlist' | tee -a /usr/local/share/devtools-git-poc/pacman.conf.d/aur-clone.conf | ||||||
|  |  | ||||||
|             echo '[aur-clone]' | tee -a /usr/share/devtools/pacman-ahriman.conf |             echo '[aur-clone]' | tee -a /usr/local/share/devtools-git-poc/pacman.conf.d/aur-clone.conf | ||||||
|             echo 'SigLevel = Optional TrustAll' | tee -a /usr/share/devtools/pacman-ahriman.conf |             echo 'SigLevel = Optional TrustAll' | tee -a /usr/local/share/devtools-git-poc/pacman.conf.d/aur-clone.conf | ||||||
|             echo 'Server = file:///var/lib/ahriman/repository/$arch' | tee -a /usr/share/devtools/pacman-ahriman.conf |             echo 'Server = file:///var/lib/ahriman/repository/$arch' | tee -a /usr/local/share/devtools-git-poc/pacman.conf.d/aur-clone.conf | ||||||
|  |  | ||||||
|       #. |       #. | ||||||
|          Set ``build_command`` option to point to your command: |          Configure ``/etc/sudoers.d/ahriman`` to allow running devtools command without a password: | ||||||
|  |  | ||||||
|          .. code-block:: shell |          .. code-block:: shell | ||||||
|  |  | ||||||
|             echo '[build]' | tee -a /etc/ahriman.ini.d/build.ini |             echo 'Cmnd_Alias CARCHBUILD_CMD = /usr/bin/pkgctl build *' | tee -a /etc/sudoers.d/ahriman | ||||||
|             echo 'build_command = ahriman-x86_64-build' | tee -a /etc/ahriman.ini.d/build.ini |  | ||||||
|  |  | ||||||
|       #. |  | ||||||
|          Configure ``/etc/sudoers.d/ahriman`` to allow running command without a password: |  | ||||||
|  |  | ||||||
|          .. code-block:: shell |  | ||||||
|  |  | ||||||
|             echo 'Cmnd_Alias CARCHBUILD_CMD = /usr/local/bin/ahriman-x86_64-build *' | tee -a /etc/sudoers.d/ahriman |  | ||||||
|             echo 'ahriman ALL=(ALL) NOPASSWD: CARCHBUILD_CMD' | tee -a /etc/sudoers.d/ahriman |             echo 'ahriman ALL=(ALL) NOPASSWD: CARCHBUILD_CMD' | tee -a /etc/sudoers.d/ahriman | ||||||
|             chmod 400 /etc/sudoers.d/ahriman |             chmod 400 /etc/sudoers.d/ahriman | ||||||
|  |  | ||||||
|  | |||||||
| @ -7,7 +7,7 @@ pkgdesc="ArcH linux ReposItory MANager" | |||||||
| arch=('any') | arch=('any') | ||||||
| url="https://github.com/arcan1s/ahriman" | url="https://github.com/arcan1s/ahriman" | ||||||
| license=('GPL3') | license=('GPL3') | ||||||
| depends=('devtools' 'git' 'pyalpm' 'python-cerberus' 'python-inflection' 'python-passlib' 'python-requests' 'python-srcinfo') | depends=('devtools-git-poc' 'git' 'pyalpm' 'python-cerberus' 'python-inflection' 'python-passlib' 'python-requests' 'python-srcinfo') | ||||||
| makedepends=('python-build' 'python-installer' 'python-wheel') | makedepends=('python-build' 'python-installer' 'python-wheel') | ||||||
| optdepends=('breezy: -bzr packages support' | optdepends=('breezy: -bzr packages support' | ||||||
|             'darcs: -darcs packages support' |             'darcs: -darcs packages support' | ||||||
|  | |||||||
| @ -19,11 +19,9 @@ oauth_scopes = https://www.googleapis.com/auth/userinfo.email | |||||||
| allow_read_only = yes | allow_read_only = yes | ||||||
|  |  | ||||||
| [build] | [build] | ||||||
| archbuild_flags = | build_command = pkgctl | ||||||
| build_command = extra-x86_64-build |  | ||||||
| ignore_packages = | ignore_packages = | ||||||
| makechrootpkg_flags = | pkgctl_flags = | ||||||
| makepkg_flags = --nocolor --ignorearch |  | ||||||
| triggers = ahriman.core.gitremote.RemotePullTrigger ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger ahriman.core.gitremote.RemotePushTrigger | triggers = ahriman.core.gitremote.RemotePullTrigger ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger ahriman.core.gitremote.RemotePushTrigger | ||||||
| vcs_allowed_age = 604800 | vcs_allowed_age = 604800 | ||||||
|  |  | ||||||
|  | |||||||
| @ -70,7 +70,8 @@ def _parser() -> argparse.ArgumentParser: | |||||||
|                                      fromfile_prefix_chars="@", formatter_class=_formatter) |                                      fromfile_prefix_chars="@", formatter_class=_formatter) | ||||||
|     parser.add_argument("-a", "--architecture", help="target architectures. For several subcommands it can be used " |     parser.add_argument("-a", "--architecture", help="target architectures. For several subcommands it can be used " | ||||||
|                                                      "multiple times", action="append") |                                                      "multiple times", action="append") | ||||||
|     parser.add_argument("-c", "--configuration", help="configuration path", type=Path, default=Path("/etc/ahriman.ini")) |     parser.add_argument("-c", "--configuration", help="configuration path", type=Path, | ||||||
|  |                         default=Path("/etc") / "ahriman.ini") | ||||||
|     parser.add_argument("--force", help="force run, remove file lock", action="store_true") |     parser.add_argument("--force", help="force run, remove file lock", action="store_true") | ||||||
|     parser.add_argument("-l", "--lock", help="lock file", type=Path, |     parser.add_argument("-l", "--lock", help="lock file", type=Path, | ||||||
|                         default=Path(tempfile.gettempdir()) / "ahriman.lock") |                         default=Path(tempfile.gettempdir()) / "ahriman.lock") | ||||||
| @ -819,10 +820,9 @@ def _set_service_setup_parser(root: SubParserAction) -> argparse.ArgumentParser: | |||||||
|                              description="create initial service configuration, requires root", |                              description="create initial service configuration, requires root", | ||||||
|                              epilog="Create _minimal_ configuration for the service according to provided options.", |                              epilog="Create _minimal_ configuration for the service according to provided options.", | ||||||
|                              formatter_class=_formatter) |                              formatter_class=_formatter) | ||||||
|     parser.add_argument("--build-as-user", help="force makepkg user to the specific one") |     parser.add_argument("--build-command", help="path to build command", default=Path("/usr") / "bin" / "pkgctl") | ||||||
|     parser.add_argument("--build-command", help="build command prefix", default="ahriman") |     parser.add_argument("--from-configuration", help="path to default devtools pacman configuration", type=Path, | ||||||
|     parser.add_argument("--from-configuration", help="path to default devtools pacman configuration", |                         default=Path("/usr") / "local" / "share" / "devtools-git-poc" / "pacman.conf.d" / "extra.conf") | ||||||
|                         type=Path, default=Path("/usr/share/devtools/pacman-extra.conf")) |  | ||||||
|     parser.add_argument("--makeflags-jobs", help="append MAKEFLAGS variable with parallelism set to number of cores", |     parser.add_argument("--makeflags-jobs", help="append MAKEFLAGS variable with parallelism set to number of cores", | ||||||
|                         action=argparse.BooleanOptionalAction, default=True) |                         action=argparse.BooleanOptionalAction, default=True) | ||||||
|     parser.add_argument("--mirror", help="use the specified explicitly mirror instead of including mirrorlist") |     parser.add_argument("--mirror", help="use the specified explicitly mirror instead of including mirrorlist") | ||||||
|  | |||||||
| @ -33,14 +33,12 @@ class Setup(Handler): | |||||||
|     setup handler |     setup handler | ||||||
|  |  | ||||||
|     Attributes: |     Attributes: | ||||||
|         ARCHBUILD_COMMAND_PATH(Path): (class attribute) default devtools command |  | ||||||
|         MIRRORLIST_PATH(Path): (class attribute) path to pacman default mirrorlist (used by multilib repository) |         MIRRORLIST_PATH(Path): (class attribute) path to pacman default mirrorlist (used by multilib repository) | ||||||
|         SUDOERS_DIR_PATH(Path): (class attribute) path to sudoers.d includes directory |         SUDOERS_DIR_PATH(Path): (class attribute) path to sudoers.d includes directory | ||||||
|     """ |     """ | ||||||
|  |  | ||||||
|     ALLOW_AUTO_ARCHITECTURE_RUN = False |     ALLOW_AUTO_ARCHITECTURE_RUN = False | ||||||
|  |  | ||||||
|     ARCHBUILD_COMMAND_PATH = Path("/usr/bin/archbuild") |  | ||||||
|     MIRRORLIST_PATH = Path("/etc/pacman.d/mirrorlist") |     MIRRORLIST_PATH = Path("/etc/pacman.d/mirrorlist") | ||||||
|     SUDOERS_DIR_PATH = Path("/etc/sudoers.d") |     SUDOERS_DIR_PATH = Path("/etc/sudoers.d") | ||||||
|  |  | ||||||
| @ -63,30 +61,14 @@ class Setup(Handler): | |||||||
|         application = Application(architecture, configuration, report=report, unsafe=unsafe) |         application = Application(architecture, configuration, report=report, unsafe=unsafe) | ||||||
|  |  | ||||||
|         Setup.configuration_create_makepkg(args.packager, args.makeflags_jobs, application.repository.paths) |         Setup.configuration_create_makepkg(args.packager, args.makeflags_jobs, application.repository.paths) | ||||||
|         Setup.executable_create(application.repository.paths, args.build_command, architecture) |         Setup.configuration_create_devtools(architecture, args.from_configuration, args.mirror, | ||||||
|         Setup.configuration_create_devtools(args.build_command, architecture, args.from_configuration, args.mirror, |  | ||||||
|                                             args.multilib, args.repository, application.repository.paths) |                                             args.multilib, args.repository, application.repository.paths) | ||||||
|         Setup.configuration_create_sudo(application.repository.paths, args.build_command, architecture) |         Setup.configuration_create_sudo(args.build_command) | ||||||
|  |  | ||||||
|         application.repository.repo.init() |         application.repository.repo.init() | ||||||
|         # lazy database sync |         # lazy database sync | ||||||
|         application.repository.pacman.handle  # pylint: disable=pointless-statement |         application.repository.pacman.handle  # pylint: disable=pointless-statement | ||||||
|  |  | ||||||
|     @staticmethod |  | ||||||
|     def build_command(root: Path, prefix: str, architecture: str) -> Path: |  | ||||||
|         """ |  | ||||||
|         generate build command name |  | ||||||
|  |  | ||||||
|         Args: |  | ||||||
|             root(Path): root directory for the build command (must be root of the repository) |  | ||||||
|             prefix(str): command prefix in {prefix}-{architecture}-build |  | ||||||
|             architecture(str): repository architecture |  | ||||||
|  |  | ||||||
|         Returns: |  | ||||||
|             Path: valid devtools command name |  | ||||||
|         """ |  | ||||||
|         return root / f"{prefix}-{architecture}-build" |  | ||||||
|  |  | ||||||
|     @staticmethod |     @staticmethod | ||||||
|     def configuration_create_ahriman(args: argparse.Namespace, architecture: str, repository: str, |     def configuration_create_ahriman(args: argparse.Namespace, architecture: str, repository: str, | ||||||
|                                      root: Configuration) -> None: |                                      root: Configuration) -> None: | ||||||
| @ -101,12 +83,10 @@ class Setup(Handler): | |||||||
|         """ |         """ | ||||||
|         configuration = Configuration() |         configuration = Configuration() | ||||||
|  |  | ||||||
|         section = Configuration.section_name("build", architecture) |  | ||||||
|         build_command = Setup.build_command(root.repository_paths.root, args.build_command, architecture) |  | ||||||
|         configuration.set_option(section, "build_command", str(build_command)) |  | ||||||
|         configuration.set_option("repository", "name", repository) |         configuration.set_option("repository", "name", repository) | ||||||
|         if args.build_as_user is not None: |  | ||||||
|             configuration.set_option(section, "makechrootpkg_flags", f"-U {args.build_as_user}") |         section = Configuration.section_name("build", architecture) | ||||||
|  |         configuration.set_option(section, "build_command", str(args.build_command)) | ||||||
|  |  | ||||||
|         section = Configuration.section_name("alpm", architecture) |         section = Configuration.section_name("alpm", architecture) | ||||||
|         if args.mirror is not None: |         if args.mirror is not None: | ||||||
| @ -131,7 +111,7 @@ class Setup(Handler): | |||||||
|             configuration.write(ahriman_configuration) |             configuration.write(ahriman_configuration) | ||||||
|  |  | ||||||
|     @staticmethod |     @staticmethod | ||||||
|     def configuration_create_devtools(prefix: str, architecture: str, source: Path, mirror: str | None, |     def configuration_create_devtools(architecture: str, source: Path, mirror: str | None, | ||||||
|                                       multilib: bool, repository: str, paths: RepositoryPaths) -> None: |                                       multilib: bool, repository: str, paths: RepositoryPaths) -> None: | ||||||
|         """ |         """ | ||||||
|         create configuration for devtools based on ``source`` configuration |         create configuration for devtools based on ``source`` configuration | ||||||
| @ -140,7 +120,6 @@ class Setup(Handler): | |||||||
|             devtools does not allow to specify the pacman configuration, thus we still have to use configuration in /usr |             devtools does not allow to specify the pacman configuration, thus we still have to use configuration in /usr | ||||||
|  |  | ||||||
|         Args: |         Args: | ||||||
|             prefix(str): command prefix in {prefix}-{architecture}-build |  | ||||||
|             architecture(str): repository architecture |             architecture(str): repository architecture | ||||||
|             source(Path): path to source configuration file |             source(Path): path to source configuration file | ||||||
|             mirror(str | None): link to package server mirror |             mirror(str | None): link to package server mirror | ||||||
| @ -178,7 +157,7 @@ class Setup(Handler): | |||||||
|         configuration.set_option(repository, "SigLevel", "Optional TrustAll")  # we don't care |         configuration.set_option(repository, "SigLevel", "Optional TrustAll")  # we don't care | ||||||
|         configuration.set_option(repository, "Server", f"file://{paths.repository}") |         configuration.set_option(repository, "Server", f"file://{paths.repository}") | ||||||
|  |  | ||||||
|         target = source.parent / f"pacman-{prefix}-{architecture}.conf" |         target = source.parent / f"{repository}.conf" | ||||||
|         with target.open("w") as devtools_configuration: |         with target.open("w") as devtools_configuration: | ||||||
|             configuration.write(devtools_configuration) |             configuration.write(devtools_configuration) | ||||||
|  |  | ||||||
| @ -202,31 +181,13 @@ class Setup(Handler): | |||||||
|         (home_dir / ".makepkg.conf").write_text(content, encoding="utf8") |         (home_dir / ".makepkg.conf").write_text(content, encoding="utf8") | ||||||
|  |  | ||||||
|     @staticmethod |     @staticmethod | ||||||
|     def configuration_create_sudo(paths: RepositoryPaths, prefix: str, architecture: str) -> None: |     def configuration_create_sudo(build_command: Path) -> None: | ||||||
|         """ |         """ | ||||||
|         create configuration to run build command with sudo without password |         create configuration to run build command with sudo without password | ||||||
|  |  | ||||||
|         Args: |         Args: | ||||||
|             paths(RepositoryPaths): repository paths instance |             build_command(Path): path to build command | ||||||
|             prefix(str): command prefix in {prefix}-{architecture}-build |  | ||||||
|             architecture(str): repository architecture |  | ||||||
|         """ |         """ | ||||||
|         command = Setup.build_command(paths.root, prefix, architecture) |         sudoers_file = Setup.SUDOERS_DIR_PATH / f"ahriman-{build_command.name}" | ||||||
|         sudoers_file = Setup.build_command(Setup.SUDOERS_DIR_PATH, prefix, architecture) |         sudoers_file.write_text(f"ahriman ALL=(ALL) NOPASSWD: {build_command} build *\n", encoding="utf8") | ||||||
|         sudoers_file.write_text(f"ahriman ALL=(ALL) NOPASSWD: {command} *\n", encoding="utf8") |  | ||||||
|         sudoers_file.chmod(0o400)  # security! |         sudoers_file.chmod(0o400)  # security! | ||||||
|  |  | ||||||
|     @staticmethod |  | ||||||
|     def executable_create(paths: RepositoryPaths, prefix: str, architecture: str) -> None: |  | ||||||
|         """ |  | ||||||
|         create executable for the service |  | ||||||
|  |  | ||||||
|         Args: |  | ||||||
|             paths(RepositoryPaths): repository paths instance |  | ||||||
|             prefix(str): command prefix in {prefix}-{architecture}-build |  | ||||||
|             architecture(str): repository architecture |  | ||||||
|         """ |  | ||||||
|         command = Setup.build_command(paths.root, prefix, architecture) |  | ||||||
|         command.unlink(missing_ok=True) |  | ||||||
|         command.symlink_to(Setup.ARCHBUILD_COMMAND_PATH) |  | ||||||
|         paths.chown(command)  # we would like to keep owner inside ahriman's home |  | ||||||
|  | |||||||
| @ -34,6 +34,10 @@ class Task(LazyLogging): | |||||||
|     base package build task |     base package build task | ||||||
|  |  | ||||||
|     Attributes: |     Attributes: | ||||||
|  |         architecture(str): repository architecture | ||||||
|  |         build_command(str): build command | ||||||
|  |         build_flags(list[str]): list of additional flags to pkgctl | ||||||
|  |         name(str): repository name | ||||||
|         package(Package): package definitions |         package(Package): package definitions | ||||||
|         paths(RepositoryPaths): repository paths instance |         paths(RepositoryPaths): repository paths instance | ||||||
|         uid(int): uid of the repository owner user |         uid(int): uid of the repository owner user | ||||||
| @ -52,12 +56,13 @@ class Task(LazyLogging): | |||||||
|         """ |         """ | ||||||
|         self.package = package |         self.package = package | ||||||
|         self.paths = paths |         self.paths = paths | ||||||
|         self.uid, _ = paths.root_owner |  | ||||||
|  |  | ||||||
|         self.archbuild_flags = configuration.getlist("build", "archbuild_flags", fallback=[]) |         _, self.architecture = configuration.check_loaded() | ||||||
|  |         self.uid, _ = paths.root_owner | ||||||
|  |         self.name = configuration.get("repository", "name") | ||||||
|  |  | ||||||
|         self.build_command = configuration.get("build", "build_command") |         self.build_command = configuration.get("build", "build_command") | ||||||
|         self.makepkg_flags = configuration.getlist("build", "makepkg_flags", fallback=[]) |         self.build_flags = configuration.getlist("build", "pkgctl_flags", fallback=[]) | ||||||
|         self.makechrootpkg_flags = configuration.getlist("build", "makechrootpkg_flags", fallback=[]) |  | ||||||
|  |  | ||||||
|     def build(self, sources_dir: Path) -> list[Path]: |     def build(self, sources_dir: Path) -> list[Path]: | ||||||
|         """ |         """ | ||||||
| @ -69,10 +74,9 @@ class Task(LazyLogging): | |||||||
|         Returns: |         Returns: | ||||||
|             list[Path]: paths of produced packages |             list[Path]: paths of produced packages | ||||||
|         """ |         """ | ||||||
|         command = [self.build_command, "-r", str(self.paths.chroot)] |         command = [self.build_command, "build"] + self.build_flags | ||||||
|         command.extend(self.archbuild_flags) |         command.extend(["--arch", self.architecture]) | ||||||
|         command.extend(["--"] + self.makechrootpkg_flags) |         command.extend(["--repo", self.name]) | ||||||
|         command.extend(["--"] + self.makepkg_flags) |  | ||||||
|         self.logger.info("using %s for %s", command, self.package.base) |         self.logger.info("using %s for %s", command, self.package.base) | ||||||
|  |  | ||||||
|         Task._check_output( |         Task._check_output( | ||||||
|  | |||||||
| @ -134,11 +134,6 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = { | |||||||
|     "build": { |     "build": { | ||||||
|         "type": "dict", |         "type": "dict", | ||||||
|         "schema": { |         "schema": { | ||||||
|             "archbuild_flags": { |  | ||||||
|                 "type": "list", |  | ||||||
|                 "coerce": "list", |  | ||||||
|                 "schema": {"type": "string"}, |  | ||||||
|             }, |  | ||||||
|             "build_command": { |             "build_command": { | ||||||
|                 "type": "string", |                 "type": "string", | ||||||
|                 "required": True, |                 "required": True, | ||||||
| @ -148,12 +143,7 @@ CONFIGURATION_SCHEMA: ConfigurationSchema = { | |||||||
|                 "coerce": "list", |                 "coerce": "list", | ||||||
|                 "schema": {"type": "string"}, |                 "schema": {"type": "string"}, | ||||||
|             }, |             }, | ||||||
|             "makepkg_flags": { |             "pkgctl_flags": { | ||||||
|                 "type": "list", |  | ||||||
|                 "coerce": "list", |  | ||||||
|                 "schema": {"type": "string"}, |  | ||||||
|             }, |  | ||||||
|             "makechrootpkg_flags": { |  | ||||||
|                 "type": "list", |                 "type": "list", | ||||||
|                 "coerce": "list", |                 "coerce": "list", | ||||||
|                 "schema": {"type": "string"}, |                 "schema": {"type": "string"}, | ||||||
|  | |||||||
| @ -23,9 +23,8 @@ def _default_args(args: argparse.Namespace) -> argparse.Namespace: | |||||||
|     Returns: |     Returns: | ||||||
|         argparse.Namespace: generated arguments for these test cases |         argparse.Namespace: generated arguments for these test cases | ||||||
|     """ |     """ | ||||||
|     args.build_as_user = "ahriman" |     args.build_command = Path("/usr") / "bin" / "pkgctl" | ||||||
|     args.build_command = "ahriman" |     args.from_configuration = Path("/usr") / "local" / "share" / "devtools-git-poc" / "pacman.conf.d" / "extra.conf" | ||||||
|     args.from_configuration = Path("/usr/share/devtools/pacman-extra.conf") |  | ||||||
|     args.makeflags_jobs = True |     args.makeflags_jobs = True | ||||||
|     args.mirror = "mirror" |     args.mirror = "mirror" | ||||||
|     args.multilib = True |     args.multilib = True | ||||||
| @ -49,32 +48,17 @@ def test_run(args: argparse.Namespace, configuration: Configuration, repository: | |||||||
|     devtools_configuration_mock = mocker.patch("ahriman.application.handlers.Setup.configuration_create_devtools") |     devtools_configuration_mock = mocker.patch("ahriman.application.handlers.Setup.configuration_create_devtools") | ||||||
|     makepkg_configuration_mock = mocker.patch("ahriman.application.handlers.Setup.configuration_create_makepkg") |     makepkg_configuration_mock = mocker.patch("ahriman.application.handlers.Setup.configuration_create_makepkg") | ||||||
|     sudo_configuration_mock = mocker.patch("ahriman.application.handlers.Setup.configuration_create_sudo") |     sudo_configuration_mock = mocker.patch("ahriman.application.handlers.Setup.configuration_create_sudo") | ||||||
|     executable_mock = mocker.patch("ahriman.application.handlers.Setup.executable_create") |  | ||||||
|     init_mock = mocker.patch("ahriman.core.alpm.repo.Repo.init") |     init_mock = mocker.patch("ahriman.core.alpm.repo.Repo.init") | ||||||
|  |  | ||||||
|     Setup.run(args, "x86_64", configuration, report=False, unsafe=False) |     Setup.run(args, "x86_64", configuration, report=False, unsafe=False) | ||||||
|     ahriman_configuration_mock.assert_called_once_with(args, "x86_64", args.repository, configuration) |     ahriman_configuration_mock.assert_called_once_with(args, "x86_64", args.repository, configuration) | ||||||
|     devtools_configuration_mock.assert_called_once_with( |     devtools_configuration_mock.assert_called_once_with( | ||||||
|         args.build_command, "x86_64", args.from_configuration, args.mirror, args.multilib, args.repository, |         "x86_64", args.from_configuration, args.mirror, args.multilib, args.repository, repository_paths) | ||||||
|         repository_paths) |  | ||||||
|     makepkg_configuration_mock.assert_called_once_with(args.packager, args.makeflags_jobs, repository_paths) |     makepkg_configuration_mock.assert_called_once_with(args.packager, args.makeflags_jobs, repository_paths) | ||||||
|     sudo_configuration_mock.assert_called_once_with(repository_paths, args.build_command, "x86_64") |     sudo_configuration_mock.assert_called_once_with(args.build_command) | ||||||
|     executable_mock.assert_called_once_with(repository_paths, args.build_command, "x86_64") |  | ||||||
|     init_mock.assert_called_once_with() |     init_mock.assert_called_once_with() | ||||||
|  |  | ||||||
|  |  | ||||||
| def test_build_command(args: argparse.Namespace) -> None: |  | ||||||
|     """ |  | ||||||
|     must generate correct build command name |  | ||||||
|     """ |  | ||||||
|     args = _default_args(args) |  | ||||||
|     path = Path("local") |  | ||||||
|  |  | ||||||
|     build_command = Setup.build_command(path, args.build_command, "x86_64") |  | ||||||
|     assert build_command.name == f"{args.build_command}-x86_64-build" |  | ||||||
|     assert build_command.parent == path |  | ||||||
|  |  | ||||||
|  |  | ||||||
| def test_configuration_create_ahriman(args: argparse.Namespace, configuration: Configuration, | def test_configuration_create_ahriman(args: argparse.Namespace, configuration: Configuration, | ||||||
|                                       repository_paths: RepositoryPaths, mocker: MockerFixture) -> None: |                                       repository_paths: RepositoryPaths, mocker: MockerFixture) -> None: | ||||||
|     """ |     """ | ||||||
| @ -84,13 +68,11 @@ def test_configuration_create_ahriman(args: argparse.Namespace, configuration: C | |||||||
|     mocker.patch("pathlib.Path.open") |     mocker.patch("pathlib.Path.open") | ||||||
|     set_option_mock = mocker.patch("ahriman.core.configuration.Configuration.set_option") |     set_option_mock = mocker.patch("ahriman.core.configuration.Configuration.set_option") | ||||||
|     write_mock = mocker.patch("ahriman.core.configuration.Configuration.write") |     write_mock = mocker.patch("ahriman.core.configuration.Configuration.write") | ||||||
|     command = Setup.build_command(repository_paths.root, args.build_command, "x86_64") |  | ||||||
|  |  | ||||||
|     Setup.configuration_create_ahriman(args, "x86_64", args.repository, configuration) |     Setup.configuration_create_ahriman(args, "x86_64", args.repository, configuration) | ||||||
|     set_option_mock.assert_has_calls([ |     set_option_mock.assert_has_calls([ | ||||||
|         MockCall(Configuration.section_name("build", "x86_64"), "build_command", str(command)), |  | ||||||
|         MockCall("repository", "name", args.repository), |         MockCall("repository", "name", args.repository), | ||||||
|         MockCall(Configuration.section_name("build", "x86_64"), "makechrootpkg_flags", f"-U {args.build_as_user}"), |         MockCall(Configuration.section_name("build", "x86_64"), "build_command", str(args.build_command)), | ||||||
|         MockCall(Configuration.section_name("alpm", "x86_64"), "mirror", args.mirror), |         MockCall(Configuration.section_name("alpm", "x86_64"), "mirror", args.mirror), | ||||||
|         MockCall(Configuration.section_name("sign", "x86_64"), "target", |         MockCall(Configuration.section_name("sign", "x86_64"), "target", | ||||||
|                  " ".join([target.name.lower() for target in args.sign_target])), |                  " ".join([target.name.lower() for target in args.sign_target])), | ||||||
| @ -129,8 +111,8 @@ def test_configuration_create_devtools(args: argparse.Namespace, repository_path | |||||||
|     add_section_mock = mocker.patch("ahriman.core.configuration.Configuration.add_section") |     add_section_mock = mocker.patch("ahriman.core.configuration.Configuration.add_section") | ||||||
|     write_mock = mocker.patch("ahriman.core.configuration.Configuration.write") |     write_mock = mocker.patch("ahriman.core.configuration.Configuration.write") | ||||||
|  |  | ||||||
|     Setup.configuration_create_devtools(args.build_command, "x86_64", args.from_configuration, |     Setup.configuration_create_devtools("x86_64", args.from_configuration, None, | ||||||
|                                         None, args.multilib, args.repository, repository_paths) |                                         args.multilib, args.repository, repository_paths) | ||||||
|     add_section_mock.assert_has_calls([MockCall("multilib"), MockCall(args.repository)]) |     add_section_mock.assert_has_calls([MockCall("multilib"), MockCall(args.repository)]) | ||||||
|     write_mock.assert_called_once_with(pytest.helpers.anyvar(int)) |     write_mock.assert_called_once_with(pytest.helpers.anyvar(int)) | ||||||
|  |  | ||||||
| @ -154,8 +136,8 @@ def test_configuration_create_devtools_mirror(args: argparse.Namespace, reposito | |||||||
|     remove_option_mock = mocker.patch("ahriman.core.configuration.Configuration.remove_option") |     remove_option_mock = mocker.patch("ahriman.core.configuration.Configuration.remove_option") | ||||||
|     set_option_mock = mocker.patch("ahriman.core.configuration.Configuration.set_option") |     set_option_mock = mocker.patch("ahriman.core.configuration.Configuration.set_option") | ||||||
|  |  | ||||||
|     Setup.configuration_create_devtools(args.build_command, "x86_64", args.from_configuration, |     Setup.configuration_create_devtools("x86_64", args.from_configuration, args.mirror, | ||||||
|                                         args.mirror, False, args.repository, repository_paths) |                                         False, args.repository, repository_paths) | ||||||
|     get_mock.assert_has_calls([MockCall("core", "Include", fallback=None), MockCall("extra", "Include", fallback=None)]) |     get_mock.assert_has_calls([MockCall("core", "Include", fallback=None), MockCall("extra", "Include", fallback=None)]) | ||||||
|     remove_option_mock.assert_called_once_with("core", "Include") |     remove_option_mock.assert_called_once_with("core", "Include") | ||||||
|     set_option_mock.assert_has_calls([MockCall("core", "Server", args.mirror)])  # non-strict check called intentionally |     set_option_mock.assert_has_calls([MockCall("core", "Server", args.mirror)])  # non-strict check called intentionally | ||||||
| @ -171,8 +153,8 @@ def test_configuration_create_devtools_no_multilib(args: argparse.Namespace, rep | |||||||
|     mocker.patch("ahriman.core.configuration.Configuration.set") |     mocker.patch("ahriman.core.configuration.Configuration.set") | ||||||
|     write_mock = mocker.patch("ahriman.core.configuration.Configuration.write") |     write_mock = mocker.patch("ahriman.core.configuration.Configuration.write") | ||||||
|  |  | ||||||
|     Setup.configuration_create_devtools(args.build_command, "x86_64", args.from_configuration, |     Setup.configuration_create_devtools("x86_64", args.from_configuration, None, | ||||||
|                                         None, False, args.repository, repository_paths) |                                         False, args.repository, repository_paths) | ||||||
|     write_mock.assert_called_once_with(pytest.helpers.anyvar(int)) |     write_mock.assert_called_once_with(pytest.helpers.anyvar(int)) | ||||||
|  |  | ||||||
|  |  | ||||||
| @ -199,26 +181,11 @@ def test_configuration_create_sudo(args: argparse.Namespace, repository_paths: R | |||||||
|     chmod_text_mock = mocker.patch("pathlib.Path.chmod") |     chmod_text_mock = mocker.patch("pathlib.Path.chmod") | ||||||
|     write_text_mock = mocker.patch("pathlib.Path.write_text") |     write_text_mock = mocker.patch("pathlib.Path.write_text") | ||||||
|  |  | ||||||
|     Setup.configuration_create_sudo(repository_paths, args.build_command, "x86_64") |     Setup.configuration_create_sudo(args.build_command) | ||||||
|     chmod_text_mock.assert_called_once_with(0o400) |     chmod_text_mock.assert_called_once_with(0o400) | ||||||
|     write_text_mock.assert_called_once_with(pytest.helpers.anyvar(str, True), encoding="utf8") |     write_text_mock.assert_called_once_with(pytest.helpers.anyvar(str, True), encoding="utf8") | ||||||
|  |  | ||||||
|  |  | ||||||
| def test_executable_create(args: argparse.Namespace, repository_paths: RepositoryPaths, mocker: MockerFixture) -> None: |  | ||||||
|     """ |  | ||||||
|     must create executable |  | ||||||
|     """ |  | ||||||
|     args = _default_args(args) |  | ||||||
|     chown_mock = mocker.patch("ahriman.models.repository_paths.RepositoryPaths.chown") |  | ||||||
|     symlink_mock = mocker.patch("pathlib.Path.symlink_to") |  | ||||||
|     unlink_mock = mocker.patch("pathlib.Path.unlink") |  | ||||||
|  |  | ||||||
|     Setup.executable_create(repository_paths, args.build_command, "x86_64") |  | ||||||
|     chown_mock.assert_called_once_with(Setup.build_command(repository_paths.root, args.build_command, "x86_64")) |  | ||||||
|     symlink_mock.assert_called_once_with(Setup.ARCHBUILD_COMMAND_PATH) |  | ||||||
|     unlink_mock.assert_called_once_with(missing_ok=True) |  | ||||||
|  |  | ||||||
|  |  | ||||||
| def test_disallow_auto_architecture_run() -> None: | def test_disallow_auto_architecture_run() -> None: | ||||||
|     """ |     """ | ||||||
|     must not allow multi architecture run |     must not allow multi architecture run | ||||||
|  | |||||||
| @ -19,11 +19,8 @@ salt = salt | |||||||
| allow_read_only = no | allow_read_only = no | ||||||
|  |  | ||||||
| [build] | [build] | ||||||
| archbuild_flags = | build_command = pkgctl | ||||||
| build_command = extra-x86_64-build |  | ||||||
| ignore_packages = | ignore_packages = | ||||||
| makechrootpkg_flags = |  | ||||||
| makepkg_flags = --skippgpcheck |  | ||||||
| triggers = ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger | triggers = ahriman.core.report.ReportTrigger ahriman.core.upload.UploadTrigger | ||||||
|  |  | ||||||
| [repository] | [repository] | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user