Update to 2022-01-12 23:00
This commit is contained in:
parent
e73f05f073
commit
106aeda320
|
|
@ -7,8 +7,6 @@ rpm_packager: RPM Builder <rpms@{{ ansible_domain }}>
|
|||
rpm_user: rpmbuilder
|
||||
# Unix group allowed to submit builds
|
||||
rpm_build_group: rpmbuilders
|
||||
# Admin email where notifications will be sent
|
||||
rpm_admin_email: "{{ system_admin_email | default('root@' ~ ansible_domain) }}"
|
||||
# name of the GPG key used to sign the packages
|
||||
rpm_gpg_name: RPM Signing Key
|
||||
rpm_gpg_email: rpms@{{ ansible_domain }}
|
||||
|
|
|
|||
|
|
@ -53,48 +53,7 @@ if ( -e $opt->{config} ) {
|
|||
die "Config file " . $opt->{config} . " doesn't exist\n";
|
||||
}
|
||||
|
||||
# If ldap is configured, we'll use it to lookup email
|
||||
# addresses of submitters to send them notifications
|
||||
my $ldap;
|
||||
my $ldap_msg;
|
||||
if (defined $conf->{ldap} and defined $conf->{ldap}->{servers}){
|
||||
log_verbose("Connecting to " . join(', ', @{$conf->{ldap}->{servers}}));
|
||||
$ldap = new Net::LDAP($conf->{ldap}->{servers},
|
||||
timeout => 10,
|
||||
);
|
||||
if (not defined $ldap){
|
||||
log_info("Couldn't connect to any LDAP servers (" . join(',', @{$conf->{ldap}->{servers}}) . ")");
|
||||
} else {
|
||||
if (defined $conf->{ldap}->{start_tls} and $conf->{ldap}->{start_tls}){
|
||||
log_verbose("Upgrade LDAP connection using StartTLS");
|
||||
$ldap_msg = $ldap->start_tls(
|
||||
verify => 'require'
|
||||
);
|
||||
if ($ldap_msg->code){
|
||||
log_verbose("StartTLS failed : " . $ldap_msg->error);
|
||||
log_verbose("LDAP support will be disabled");
|
||||
$ldap = undef;
|
||||
}
|
||||
}
|
||||
if (defined $conf->{ldap}->{bind_dn} and defined $conf->{ldap}->{bind_pass}){
|
||||
log_verbose("Binding as $conf->{ldap}->{bind_dn}");
|
||||
$ldap_msg = $ldap->bind(
|
||||
$conf->{ldap}->{bind_dn},
|
||||
password => $conf->{ldap}->{bind_pass}
|
||||
);
|
||||
if ($ldap_msg->code){
|
||||
log_verbose("LDAP bind failed : " . $ldap_msg->error);
|
||||
log_verbose("LDAP support will be disabled");
|
||||
$ldap = undef;
|
||||
}
|
||||
} else {
|
||||
log_verbose("Using anonymous bind");
|
||||
$ldap_msg = $ldap->bind;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
log_verbose("No LDAP servers configured");
|
||||
}
|
||||
|
||||
my $inotify = new Linux::Inotify2
|
||||
or die "Unable to create new inotify object: $!";
|
||||
|
|
@ -161,8 +120,9 @@ sub handle_submit {
|
|||
my $submiter = getpwuid(stat($srpm)->uid);
|
||||
my $email;
|
||||
log_info("File submited by $submiter");
|
||||
my $ldap = ldap_connect();
|
||||
if (defined $ldap){
|
||||
$email = user2email($submiter);
|
||||
$email = user2email($ldap, $submiter);
|
||||
if (not defined $email){
|
||||
log_verbose("LDAP returned no result");
|
||||
}
|
||||
|
|
@ -172,6 +132,8 @@ sub handle_submit {
|
|||
} else {
|
||||
log_verbose("No email address for $submiter, no notification will be sent");
|
||||
}
|
||||
$ldap->done;
|
||||
$ldap->disconnect;
|
||||
# Do not check the signature here
|
||||
# We could try to submit a signed src.rpm for which we do not have the key system-wide
|
||||
my $src_pkg = RPM2->open_package($srpm, RPM2->_rpmvsf_nosignatures);
|
||||
|
|
@ -288,6 +250,11 @@ sub handle_submit {
|
|||
);
|
||||
}
|
||||
}
|
||||
if (defined $ldap){
|
||||
$ldap->done;
|
||||
$ldap->disconnect;
|
||||
}
|
||||
return;
|
||||
}
|
||||
|
||||
# Handle errors. Log it, and notify the admin
|
||||
|
|
@ -298,13 +265,6 @@ sub handle_error {
|
|||
my $dest = shift;
|
||||
|
||||
log_error( $err );
|
||||
if ( defined $conf->{notify}->{to} ) {
|
||||
send_notification(
|
||||
$conf->{notify}->{to},
|
||||
"Error while building $job_id",
|
||||
"Building $job_id failed at step '$step'. The error was\n$err\n"
|
||||
);
|
||||
}
|
||||
if ( defined $dest ) {
|
||||
send_notification(
|
||||
$dest,
|
||||
|
|
@ -337,8 +297,10 @@ sub send_notification {
|
|||
|
||||
# Lookup in LDAP if we can get the email address of a user
|
||||
sub user2email {
|
||||
my $ldap = shift;
|
||||
my $user = shift;
|
||||
if (not defined $ldap or not defined $conf->{ldap}->{search_base} or not defined $conf->{ldap}->{search_filter}){
|
||||
log_verbose("LDAP not connected or not configured, skiping lookup");
|
||||
return;
|
||||
}
|
||||
my $filter = $conf->{ldap}->{search_filter};
|
||||
|
|
@ -359,3 +321,48 @@ sub user2email {
|
|||
}
|
||||
return $results->entry(0)->get_value( $conf->{ldap}->{email_attr} );
|
||||
}
|
||||
|
||||
# Connect to LDAP
|
||||
# which will be used to lookup the email address of the submiter
|
||||
sub ldap_connect {
|
||||
my $ldaph;
|
||||
if (defined $conf->{ldap} and defined $conf->{ldap}->{servers}){
|
||||
log_verbose("Connecting to " . join(', ', @{$conf->{ldap}->{servers}}));
|
||||
$ldaph = new Net::LDAP($conf->{ldap}->{servers},
|
||||
timeout => 10,
|
||||
);
|
||||
if (not defined $ldaph){
|
||||
log_info("Couldn't connect to any LDAP servers (" . join(',', @{$conf->{ldap}->{servers}}) . ")");
|
||||
} else {
|
||||
if (defined $conf->{ldap}->{start_tls} and $conf->{ldap}->{start_tls}){
|
||||
log_verbose("Upgrade LDAP connection using StartTLS");
|
||||
$ldap_msg = $ldaph->start_tls(
|
||||
verify => 'require'
|
||||
);
|
||||
if ($ldap_msg->code){
|
||||
log_verbose("StartTLS failed : " . $ldap_msg->error);
|
||||
log_verbose("LDAP support will be disabled");
|
||||
$ldaph = undef;
|
||||
}
|
||||
}
|
||||
if (defined $conf->{ldap}->{bind_dn} and defined $conf->{ldap}->{bind_pass}){
|
||||
log_verbose("Binding as $conf->{ldap}->{bind_dn}");
|
||||
$ldap_msg = $ldaph->bind(
|
||||
$conf->{ldap}->{bind_dn},
|
||||
password => $conf->{ldap}->{bind_pass}
|
||||
);
|
||||
if ($ldap_msg->code){
|
||||
log_verbose("LDAP bind failed : " . $ldap_msg->error);
|
||||
log_verbose("LDAP support will be disabled");
|
||||
$ldaph = undef;
|
||||
}
|
||||
} else {
|
||||
log_verbose("Using anonymous bind");
|
||||
$ldap_msg = $ldaph->bind;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
log_verbose("No LDAP servers configured");
|
||||
}
|
||||
return $ldaph;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ WorkingDirectory={{ rpm_root_dir }}/
|
|||
Restart=always
|
||||
ReadWritePaths=/run {{ rpm_root_dir }}/repo {{ rpm_root_dir }}/cache {{ rpm_root_dir }}/builds
|
||||
PrivateTmp=true
|
||||
SyslogIdentifier=build-watcher
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@ paths:
|
|||
|
||||
notify:
|
||||
from: buildsys@{{ ansible_domain }}
|
||||
to: {{ rpm_admin_email }}
|
||||
|
||||
{% if rpm_mirrors is defined and rpm_mirrors | length > 0 %}
|
||||
mirror:
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
# MaxUsers = "9"
|
||||
# Mode = "subscription"
|
||||
# etc...
|
||||
seafile_version: "{{ seafile_license is defined | ternary('8.0.15','9.0.2') }}"
|
||||
seafile_version: "{{ seafile_license is defined | ternary('8.0.17','9.0.2') }}"
|
||||
|
||||
# Archive URL and sha1 are only used for the community version
|
||||
seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz
|
||||
|
|
|
|||
BIN
roles/seafile/files/seafile-pro-server_8.0.15_x86-64_CentOS.tar.gz (Stored with Git LFS)
BIN
roles/seafile/files/seafile-pro-server_8.0.15_x86-64_CentOS.tar.gz (Stored with Git LFS)
Binary file not shown.
BIN
roles/seafile/files/seafile-pro-server_8.0.17_x86-64_CentOS.tar.gz (Stored with Git LFS)
Normal file
BIN
roles/seafile/files/seafile-pro-server_8.0.17_x86-64_CentOS.tar.gz (Stored with Git LFS)
Normal file
Binary file not shown.
Loading…
Reference in New Issue