launchpad-reviewers team mailing list archive

[Colin Watson <cjwatson@xxxxxxxxxxxxx>]

Colin Watson has proposed merging lp:~cjwatson/launchpad-buildd/fix-sudo-config into lp:launchpad-buildd.

Commit message:
Make sbuild use "sudo -E" rather than just sudo.  It will still filter the environment itself, but this means that variables such as DEB_BUILD_OPTIONS will be passed through given our standard buildd sudoers configuration.

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad-buildd/fix-sudo-config/+merge/263845

Adam Conrad noticed that launchpad-buildd wasn't setting DEB_BUILD_OPTIONS any more, so we aren't getting parallel builds in all cases where we should.  To fix this, we need to make sbuild use "sudo -E" rather than just sudo.  It will still filter the environment itself, but this means that variables such as DEB_BUILD_OPTIONS will be passed through given our standard buildd sudoers configuration.
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~cjwatson/launchpad-buildd/fix-sudo-config into lp:launchpad-buildd.

=== modified file 'debian/changelog'
--- debian/changelog	2015-07-04 14:29:24 +0000
+++ debian/changelog	2015-07-05 12:45:43 +0000
@@ -5,6 +5,10 @@
   * buildrecipe: Pass --only-source to "apt-get build-dep" to force it to
     use the source package we care about rather than trying to map through
     binary package names.
+  * Make sbuild use "sudo -E" rather than just sudo.  It will still filter
+    the environment itself, but this means that variables such as
+    DEB_BUILD_OPTIONS will be passed through given our standard buildd
+    sudoers configuration.
 
  -- Colin Watson <cjwatson@xxxxxxxxxx>  Tue, 30 Jun 2015 13:09:34 +0100
 

=== modified file 'debian/rules'
--- debian/rules	2015-05-11 14:37:01 +0000
+++ debian/rules	2015-07-05 12:45:43 +0000
@@ -18,7 +18,8 @@
 
 slavebins = unpack-chroot mount-chroot update-debian-chroot sbuild-package \
     scan-for-processes umount-chroot remove-build override-sources-list \
-    buildrecipe generate-translation-templates slave-prep buildlivefs
+    buildrecipe generate-translation-templates slave-prep buildlivefs \
+    sudo-wrapper
 
 BUILDDUID=65500
 BUILDDGID=65500

=== modified file 'sbuildrc'
--- sbuildrc	2015-05-22 10:03:13 +0000
+++ sbuildrc	2015-07-05 12:45:43 +0000
@@ -28,6 +28,10 @@
     '^SHELL$',
     '^LANG$'];
 
+# We need to use "sudo -E" so that the above environment variables are
+# allowed through.
+$sudo = "/usr/share/launchpad-buildd/slavebin/sudo-wrapper";
+
 # After that time (in minutes) of inactivity a build is terminated.
 # Activity
 # is measured by output to the log file.

=== added file 'sudo-wrapper'
--- sudo-wrapper	1970-01-01 00:00:00 +0000
+++ sudo-wrapper	2015-07-05 12:45:43 +0000
@@ -0,0 +1,4 @@
+#! /bin/sh
+set -e
+
+exec sudo -E "$@"