[MediaWiki-commits] [Gerrit] operations/puppet[production]: Run Lilypond from Firejail

Sat, 05 Aug 2017 16:42:10 -0700 

Ebe123 has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/370361 )

Change subject: Run Lilypond from Firejail
......................................................................

Run Lilypond from Firejail

This change adds the python command, encapsulating Lilypond within
Firejail, with the `mediawiki-converters` profile, like in similar
scripts.

See also I5a0579b0e and I926fbe6b3.

Bug: T171372
Change-Id: I011db0e9a2d9da825cf3ac02bfba23b562e052f6
---
A modules/mediawiki/files/mediawiki-firejail-lilypond
M modules/mediawiki/manifests/init.pp
2 files changed, 14 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/61/370361/1

diff --git a/modules/mediawiki/files/mediawiki-firejail-lilypond 
b/modules/mediawiki/files/mediawiki-firejail-lilypond
new file mode 100644
index 0000000..cbee57b
--- /dev/null
+++ b/modules/mediawiki/files/mediawiki-firejail-lilypond
@@ -0,0 +1,5 @@
+#! /usr/bin/python
+# -*- coding: utf-8 -*-
+
+import sys, subprocess
+subprocess.call(['/usr/bin/firejail', 
'--profile=/etc/firejail/mediawiki-converters.profile', '/usr/bin/lilypond'] + 
sys.argv[1:])
diff --git a/modules/mediawiki/manifests/init.pp 
b/modules/mediawiki/manifests/init.pp
index 8b54677..9929fdc 100644
--- a/modules/mediawiki/manifests/init.pp
+++ b/modules/mediawiki/manifests/init.pp
@@ -32,8 +32,7 @@
 
     # This profile is used to contain the convert command of imagemagick using
     # firejail Profiles specific to the image/video scalers are handled via
-    # mediawiki::firejail, but imagemagick is also used on the general purpose
-    # appscalers for scaling musical typesheets in the Score extension
+    # mediawiki::firejail
     file { '/etc/firejail/mediawiki-imagemagick.profile':
         source  => 'puppet:///modules/mediawiki/mediawiki-imagemagick.profile',
         owner   => 'root',
@@ -63,6 +62,14 @@
         mode   => '0555',
     }
 
+    # The Score extension uses Lilypond, which requires the use of Firejail
+    file { '/usr/local/bin/mediawiki-firejail-lilypond':
+        source => 'puppet:///modules/mediawiki/mediawiki-firejail-lilypond',
+        owner  => 'root',
+        group  => 'root',
+        mode   => '0555',
+    }
+
     # /var/log/mediawiki contains log files for the MediaWiki jobrunner
     # and for various periodic jobs that are managed by cron.
     file { '/var/log/mediawiki':

-- 
To view, visit https://gerrit.wikimedia.org/r/370361
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I011db0e9a2d9da825cf3ac02bfba23b562e052f6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ebe123 <beauleetien...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to