make stripped paths configurable

2016-11-23 14:34:56 +01:00 · 2016-11-23 14:34:56 +01:00 · ebe1522d9c
commit ebe1522d9c
parent 7b8fcd989f
2 changed files with 27 additions and 4 deletions
--- a/docs/source/plugins.rst
+++ b/docs/source/plugins.rst
@ -17,6 +17,17 @@ build failed. Reconstructing this environment via mock needn't end with
 exactly same structure (due to builder settings, etc.). In such case this
 plugin can be used to retrieve tarball with complete mock tree.

+Additional feature is that some paths from buildroot can be left out from
+tarball. Feature can be configured via
+`/etc/kojid/plugins/save_failed_tree.conf` file. Currently only field
+filters.paths is used and it consists of globs (standard python's fnmatch is
+used) separated by ':'.
+
+.. code-block:: ini
+
+  [filters]
+  paths = /etc/*.keytab:/tmp/secret_data
+
 .. warning::
  For security reasons, currently all ``/tmp/krb5cc*`` and ``/etc/*.keytab``
  files are removed from tarball. If we found some other dangerous pieces,
--- a/plugins/builder/save_failed_tree.py
+++ b/plugins/builder/save_failed_tree.py
@ -1,19 +1,30 @@
 import fnmatch
 import os
 import tarfile
+import ConfigParser
 import koji.tasks as tasks
 from __main__ import BuildRoot

 __all__ = ('SaveFailedTreeTask',)

+CONFIG_FILE = '/etc/kojid/plugins/save_failed_tree.conf'
+config = None

-def omit_ccache(tarinfo):
-    if fnmatch.fnmatch(tarinfo.name, '*/tmp/krb5cc') or \
-       fnmatch.fnmatch(tarinfo.name, '*/etc/*.keytab'):
+def omit_paths(tarinfo):
+    if any([fnmatch.fnmatch(tarinfo.name, f) for f in config['path_filters']]):
        return None
    else:
        return tarinfo

+def read_config():
+    global config
+    cp = ConfigParser.SafeConfigParser()
+    cp.read(CONFIG_FILE)
+    config = {
+        'path_filters': [],
+    }
+    if cp.has_option('filters', 'paths'):
+        config['path_filters'] = cp.get('filters', 'paths').split(':')

 class SaveFailedTreeTask(tasks.BaseTaskHandler):
    Methods = ['saveFailedTree']
@ -21,6 +32,7 @@ class SaveFailedTreeTask(tasks.BaseTaskHandler):

    def handler(self, taskID, full=False):
        self.logger.debug("Starting saving buildroots for task %d [full=%s]" % (taskID, full))
+        read_config()
        tar_path = os.path.join(self.workdir, 'broots-task-%s.tar.gz' % taskID)
        f = tarfile.open(tar_path, "w:gz")
        for broot in self.session.listBuildroots(taskID=taskID):
@ -31,7 +43,7 @@ class SaveFailedTreeTask(tasks.BaseTaskHandler):
            else:
                path = os.path.join(path, 'builddir')
                self.logger.debug("Adding buildroot: %s" % path)
-            f.add(path, filter=omit_ccache)
+            f.add(path, filter=omit_paths)
        f.close()
        self.logger.debug("Uploading %s to hub." % tar_path)
        self.uploadFile(tar_path)