From ebe1522d9ce6dacd07c5672580e7b15b234b6270 Mon Sep 17 00:00:00 2001 From: Tomas Kopecek Date: Wed, 23 Nov 2016 14:34:56 +0100 Subject: [PATCH] make stripped paths configurable --- docs/source/plugins.rst | 11 +++++++++++ plugins/builder/save_failed_tree.py | 20 ++++++++++++++++---- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/docs/source/plugins.rst b/docs/source/plugins.rst index b3d98ade..b3c9572b 100644 --- a/docs/source/plugins.rst +++ b/docs/source/plugins.rst @@ -17,6 +17,17 @@ build failed. Reconstructing this environment via mock needn't end with exactly same structure (due to builder settings, etc.). In such case this plugin can be used to retrieve tarball with complete mock tree. +Additional feature is that some paths from buildroot can be left out from +tarball. Feature can be configured via +`/etc/kojid/plugins/save_failed_tree.conf` file. Currently only field +filters.paths is used and it consists of globs (standard python's fnmatch is +used) separated by ':'. + +.. code-block:: ini + + [filters] + paths = /etc/*.keytab:/tmp/secret_data + .. warning:: For security reasons, currently all ``/tmp/krb5cc*`` and ``/etc/*.keytab`` files are removed from tarball. If we found some other dangerous pieces, diff --git a/plugins/builder/save_failed_tree.py b/plugins/builder/save_failed_tree.py index 223e821c..4b82b9a7 100644 --- a/plugins/builder/save_failed_tree.py +++ b/plugins/builder/save_failed_tree.py @@ -1,19 +1,30 @@ import fnmatch import os import tarfile +import ConfigParser import koji.tasks as tasks from __main__ import BuildRoot __all__ = ('SaveFailedTreeTask',) +CONFIG_FILE = '/etc/kojid/plugins/save_failed_tree.conf' +config = None -def omit_ccache(tarinfo): - if fnmatch.fnmatch(tarinfo.name, '*/tmp/krb5cc') or \ - fnmatch.fnmatch(tarinfo.name, '*/etc/*.keytab'): +def omit_paths(tarinfo): + if any([fnmatch.fnmatch(tarinfo.name, f) for f in config['path_filters']]): return None else: return tarinfo +def read_config(): + global config + cp = ConfigParser.SafeConfigParser() + cp.read(CONFIG_FILE) + config = { + 'path_filters': [], + } + if cp.has_option('filters', 'paths'): + config['path_filters'] = cp.get('filters', 'paths').split(':') class SaveFailedTreeTask(tasks.BaseTaskHandler): Methods = ['saveFailedTree'] @@ -21,6 +32,7 @@ class SaveFailedTreeTask(tasks.BaseTaskHandler): def handler(self, taskID, full=False): self.logger.debug("Starting saving buildroots for task %d [full=%s]" % (taskID, full)) + read_config() tar_path = os.path.join(self.workdir, 'broots-task-%s.tar.gz' % taskID) f = tarfile.open(tar_path, "w:gz") for broot in self.session.listBuildroots(taskID=taskID): @@ -31,7 +43,7 @@ class SaveFailedTreeTask(tasks.BaseTaskHandler): else: path = os.path.join(path, 'builddir') self.logger.debug("Adding buildroot: %s" % path) - f.add(path, filter=omit_ccache) + f.add(path, filter=omit_paths) f.close() self.logger.debug("Uploading %s to hub." % tar_path) self.uploadFile(tar_path)