summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbertagaz <bertagaz@ptitcanardnoir.org>2017-06-06 13:42:24 +0200
committerbertagaz <bertagaz@ptitcanardnoir.org>2017-06-06 13:42:24 +0200
commitfd3db2dfaba9bd8dcf4d5e8cfe14ad297f62a8e1 (patch)
tree8943d25f9e873080dd433f172e563f458f97a0b0
parent52f0191eb42ba50c69084bce6f3f8b4d2e101f20 (diff)
parentf4513e5c63625e3ae43c6f72f987892ae2bf815b (diff)
Merge remote-tracking branch 'origin/master' into feature/11355-reenable-jenkins-notificationsfeature/11355-reenable-jenkins-notifications
-rw-r--r--files/jenkins/slaves/isobuilders/cleanup_build_jobs_leftovers15
-rw-r--r--files/jenkins/slaves/isobuilders/compare_artifacts23
-rw-r--r--files/jenkins/slaves/isobuilders/sign_artifacts4
-rw-r--r--files/jenkins/slaves/isotesters/wrap_test_suite13
-rw-r--r--manifests/apt.pp3
-rw-r--r--manifests/iso_builder.pp30
-rw-r--r--manifests/jenkins/slave/iso_builder.pp9
-rw-r--r--manifests/whisperback/relay.pp42
8 files changed, 97 insertions, 42 deletions
diff --git a/files/jenkins/slaves/isobuilders/cleanup_build_jobs_leftovers b/files/jenkins/slaves/isobuilders/cleanup_build_jobs_leftovers
new file mode 100644
index 0000000..7148508
--- /dev/null
+++ b/files/jenkins/slaves/isobuilders/cleanup_build_jobs_leftovers
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+set -u
+set -x
+
+[ "${WORKSPACE}" ] || exit 2
+
+[ -d "${WORKSPACE}" ] || exit 3
+
+for dir in /var/lib/jenkins/workspace/*build_Tails_ISO_*; do
+ if [ "${dir}" != "${WORKSPACE}" ]; then
+ rm -rf "${dir}/vagrant/"
+ fi
+done
diff --git a/files/jenkins/slaves/isobuilders/compare_artifacts b/files/jenkins/slaves/isobuilders/compare_artifacts
index 5c961e4..5403893 100644
--- a/files/jenkins/slaves/isobuilders/compare_artifacts
+++ b/files/jenkins/slaves/isobuilders/compare_artifacts
@@ -4,22 +4,25 @@ set -e
set -u
set -x
-[ "${WORKSPACE}" ] || exit 2
+[ "${WORKSPACE}" ] || exit 3
-[ -d "${WORKSPACE}" ] || exit 3
+[ -d "${WORKSPACE}" ] || exit 4
ARTIFACTS_DIR="${WORKSPACE}/build-artifacts"
-[ -d "${ARTIFACTS_DIR}" ] || exit 4
+[ -d "${ARTIFACTS_DIR}" ] || exit 5
echo "Running diffoscope"
-sudo diffoscope \
- --text "${ARTIFACTS_DIR}/tails-diffoscope.txt" \
- --html "${ARTIFACTS_DIR}/tails-diffoscope.html" \
- --html-dir "${ARTIFACTS_DIR}/tails-diffoscope-html" \
+if sudo TMPDIR="${WORKSPACE}" diffoscope \
+ --text "${ARTIFACTS_DIR}/diffoscope.txt" \
+ --html "${ARTIFACTS_DIR}/diffoscope.html" \
--max-report-size 262144000 \
--max-diff-block-lines 10000 \
--max-diff-input-lines 10000000 \
- ${ARTIFACTS_DIR}/tails-*.iso && \
-sudo rm $(ls ${ARTIFACTS_DIR}/tails-*.iso | head -n 1)
-sudo chown -R jenkins:jenkins "${ARTIFACTS_DIR}"/tails-diffoscope*
+ ${ARTIFACTS_DIR}/tails-*.iso; then
+ sudo rm ${ARTIFACTS_DIR}/tails-*.iso
+else
+ exit_code="$?"
+ sudo chown -R jenkins:jenkins "${ARTIFACTS_DIR}"
+ exit $exit_code
+fi
diff --git a/files/jenkins/slaves/isobuilders/sign_artifacts b/files/jenkins/slaves/isobuilders/sign_artifacts
index 144f517..51cf18a 100644
--- a/files/jenkins/slaves/isobuilders/sign_artifacts
+++ b/files/jenkins/slaves/isobuilders/sign_artifacts
@@ -14,9 +14,7 @@ ARTIFACTS_DIR="${WORKSPACE}/build-artifacts"
cd "${ARTIFACTS_DIR}"
-ISO=$(ls *.iso)
-
-for file in *; do
+for file in tails-*; do
sha512sum "$file" >> tails-build-artifacts.shasum
done
diff --git a/files/jenkins/slaves/isotesters/wrap_test_suite b/files/jenkins/slaves/isotesters/wrap_test_suite
index 936c0f3..bb02326 100644
--- a/files/jenkins/slaves/isotesters/wrap_test_suite
+++ b/files/jenkins/slaves/isotesters/wrap_test_suite
@@ -96,17 +96,10 @@ else
TAGS_ARGS="--tag ~@fragile"
fi
-if [ -n "$(rake -T test)" ]; then
- TEST_SUITE_CMD='rake test --'
- CUCUMBER_ARGS=''
-else
- TEST_SUITE_CMD='./run_test_suite'
- CUCUMBER_ARGS=" -- ${TAGS_ARGS}"
-fi
-
-as_root_do ${TEST_SUITE_CMD} \
+as_root_do ./run_test_suite \
--old-iso "${PREVIOUS_ISO}" \
--iso "${UPSTREAMJOB_ISO}" \
--artifacts-base-uri "${JENKINS_URL}job/${JOB_NAME}/${BUILD_NUMBER}/artifact/build-artifacts/" \
--capture \
- ${CUCUMBER_ARGS}
+ -- \
+ $TAGS_ARGS
diff --git a/manifests/apt.pp b/manifests/apt.pp
index b2608a1..ceed6f1 100644
--- a/manifests/apt.pp
+++ b/manifests/apt.pp
@@ -24,4 +24,7 @@ class tails::apt (
include apt::reboot_required_notify
+ ::apt::apt_conf { '09_autoclean':
+ content => "APT::Periodic::AutocleanInterval \"1\";\nAPT::Periodic::CleanInterval \"1\";",
+ }
}
diff --git a/manifests/iso_builder.pp b/manifests/iso_builder.pp
index e5327b8..c104f22 100644
--- a/manifests/iso_builder.pp
+++ b/manifests/iso_builder.pp
@@ -15,6 +15,35 @@ class tails::iso_builder (
default => present,
}
+ # XXX: update once Stretch is out and a newer diffoscope gets into Buster
+ # or is backported.
+ apt::sources_list { 'experimental.list':
+ ensure => $ensure,
+ content => "deb http://ftp.us.debian.org/debian/ experimental main\n",
+ }
+
+ # XXX: Remove me once deployed everywhere
+ apt::preferences_snippet { 'experimental':
+ ensure => absent,
+ package => '*',
+ pin => 'release o=Debian,n=experimental',
+ priority => 100,
+ require => Apt::Sources_list['experimental.list'],
+ }
+
+ apt::preferences_snippet { 'diffoscope':
+ ensure => $ensure,
+ package => 'diffoscope',
+ pin => 'release o=Debian,n=experimental',
+ priority => 991,
+ require => Apt::Sources_list['experimental.list'],
+ }
+
+ package { 'diffoscope':
+ ensure => $package_ensure,
+ require => Apt::Preferences_snippet['diffoscope'],
+ }
+
$builder_packages = [
'git',
'rake',
@@ -26,7 +55,6 @@ class tails::iso_builder (
'vagrant',
'vagrant-libvirt',
'sudo',
- 'diffoscope',
'vmdebootstrap'
]
diff --git a/manifests/jenkins/slave/iso_builder.pp b/manifests/jenkins/slave/iso_builder.pp
index b1f28bf..74bfb44 100644
--- a/manifests/jenkins/slave/iso_builder.pp
+++ b/manifests/jenkins/slave/iso_builder.pp
@@ -2,7 +2,7 @@
class tails::jenkins::slave::iso_builder (
$master_url,
$http_proxy,
- $use_vagrant = false,
+ $use_vagrant = true,
) {
if $http_proxy {
@@ -48,6 +48,13 @@ class tails::jenkins::slave::iso_builder (
group => 'root',
}
+ file { '/usr/local/bin/cleanup_build_jobs_leftovers':
+ source => 'puppet:///modules/tails/jenkins/slaves/isobuilders/cleanup_build_jobs_leftovers',
+ mode => '0755',
+ owner => 'root',
+ group => 'root',
+ }
+
file { '/usr/local/bin/sign_artifacts':
source => 'puppet:///modules/tails/jenkins/slaves/isobuilders/sign_artifacts',
mode => '0755',
diff --git a/manifests/whisperback/relay.pp b/manifests/whisperback/relay.pp
index 0a33ee1..c1a7a40 100644
--- a/manifests/whisperback/relay.pp
+++ b/manifests/whisperback/relay.pp
@@ -1,3 +1,4 @@
+# Manage a SMTP relay used by WhisperBack to send email to Tails help desk
class tails::whisperback::relay {
include tails_secrets_whisperback
@@ -27,20 +28,29 @@ class tails::whisperback::relay {
device => $onion_src_dir,
fstype => 'none',
options => 'bind',
- require => [ File[$onion_src_dir], File[$onion_dir] ];
+ require => [
+ File[$onion_src_dir],
+ File[$onion_dir],
+ ];
$ssl_dir:
ensure => 'mounted',
device => $ssl_src_dir,
fstype => 'none',
options => 'bind',
- require => [ File[$ssl_src_dir], File[$ssl_dir] ];
+ require => [
+ File[$ssl_src_dir],
+ File[$ssl_dir],
+ ];
}
include tor::daemon
tor::daemon::hidden_service { 'tails_whisperback_relay':
ports => [ '25 127.0.0.2:25' ],
- require => [ Service['postfix-hidden'], Mount[$onion_dir] ],
+ require => [
+ Service['postfix@postfix-hidden'],
+ Mount[$onion_dir],
+ ],
}
postfix::config {
@@ -55,23 +65,21 @@ class tails::whisperback::relay {
require => File[$postfix_instance_conf_dir];
}
- service { 'postfix-hidden':
- ensure => running,
- hasstatus => true,
- start => 'postmulti -i postfix-hidden -p start',
- stop => 'postmulti -i postfix-hidden -p stop',
- status => 'postmulti -i postfix-hidden -p status',
- restart => 'postmulti -i postfix-hidden -p reload',
- require => [
+ service { 'postfix@postfix-hidden':
+ ensure => running,
+ enable => true,
+ require => [
Service['postfix'],
Postfix::Config['multi_instance_directories'],
File["${postfix_instance_conf_dir}/dynamicmaps.cf"],
],
}
- file {
- [ $postfix_instance_conf_dir ]:
- ensure => directory, owner => 'root', group => 'root', mode => '0755';
+ file { $postfix_instance_conf_dir:
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755';
}
# Mountpoints
@@ -108,7 +116,7 @@ class tails::whisperback::relay {
group => 'root',
mode => '0644',
source => 'puppet:///modules/tails/whisperback/relay/master.cf',
- notify => Service['postfix-hidden'],
+ notify => Service['postfix@postfix-hidden'],
require => Package['postfix'];
"${postfix_instance_conf_dir}/main.cf":
@@ -117,7 +125,7 @@ class tails::whisperback::relay {
group => 'root',
mode => '0644',
source => 'puppet:///modules/tails/whisperback/relay/main.cf',
- notify => Service['postfix-hidden'],
+ notify => Service['postfix@postfix-hidden'],
require => [
Package['postfix'],
Mount[$ssl_dir],
@@ -139,7 +147,7 @@ class tails::whisperback::relay {
"${postfix_instance_conf_dir}/dynamicmaps.cf":
ensure => link,
target => '/etc/postfix/dynamicmaps.cf',
- notify => Service['postfix-hidden'];
+ notify => Service['postfix@postfix-hidden'];
}
exec {