[MediaWiki-commits] [Gerrit] releases: do not include hostname in sudoers.d - change (operations/puppet)

Wed, 03 Sep 2014 02:08:14 -0700 

Filippo Giunchedi has submitted this change and it was merged.

Change subject: releases: do not include hostname in sudoers.d
......................................................................


releases: do not include hostname in sudoers.d

as it turns out, "#includedir" has a behaviour similar to run-parts, i.e. it
will ignore files that contain dots or tilde:

  sudo will read each file in /etc/sudoers.d, skipping file names that end in ~
  or contain a . character to avoid causing problems with package manager
  or editor temporary/backup files

also depend on dput for deb-upload

Change-Id: Ie7cee653726633026d5730f94396ef3958b8dd6d
---
M modules/releases/manifests/reprepro.pp
1 file changed, 6 insertions(+), 2 deletions(-)

Approvals:
  Filippo Giunchedi: Verified; Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/releases/manifests/reprepro.pp 
b/modules/releases/manifests/reprepro.pp
index 3fed293..867d393 100644
--- a/modules/releases/manifests/reprepro.pp
+++ b/modules/releases/manifests/reprepro.pp
@@ -146,8 +146,12 @@
         source  => 'puppet:///modules/releases/deb-upload',
     }
 
-    admin::sudo { "releases_dput_${upload_host}":
-        user => $sudo_user,
+    package { 'dput':
+        before => File['/usr/local/bin/deb-upload'],
+    }
+
+    admin::sudo { "releases_dput":
+        user  => $sudo_user,
         privs => ["ALL = (${user}) NOPASSWD: dput"],
     }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/157797
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ie7cee653726633026d5730f94396ef3958b8dd6d
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Filippo Giunchedi <fgiunch...@wikimedia.org>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Filippo Giunchedi <fgiunch...@wikimedia.org>
Gerrit-Reviewer: GWicke <gwi...@wikimedia.org>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to