rpmbuild: add copr-builder-rhsm-subscribe script

This allows us to specify RHSM password so it is not visible on `ps aux` output. The daemon part is almost a C&P from https://pagure.io/fedora-infra/ansible/blob/main/f/roles/copr/backend/files/provision/copr-rh-subscribe.sh
fedora-copr · Sep 30, 2024 · 98cc938 · 98cc938
1 parent 35a23e6
commit 98cc938
Show file tree

Hide file tree

Showing 3 changed files with 111 additions and 2 deletions.
diff --git a/rpmbuild/bin/copr-builder-rhsm-subscribe b/rpmbuild/bin/copr-builder-rhsm-subscribe
@@ -0,0 +1,14 @@
+#!/usr/bin/expect
+
+# Provide username+password for subscription-manager register
+# through RHSM_USER and RHSM_PASS.
+# https://bugzilla.redhat.com/show_bug.cgi?id=2315673
+
+set timeout 30
+set USER $env(RHSM_USER)
+set PASS $env(RHSM_PASS)
+spawn subscription-manager register --force --username=$USER
+expect "Password: "
+send "$PASS\n"
+expect eof
+exit [lindex [wait] 3]
diff --git a/rpmbuild/bin/copr-builder-rhsm-subscribe-daemon b/rpmbuild/bin/copr-builder-rhsm-subscribe-daemon
@@ -0,0 +1,93 @@
+#! /bin/bash
+
+# Try to subscribe to RHSM using RHSM_USER and RHSM_PASS passwords (please
+# provide those securely as environment variables, and run this script as root).
+
+die()
+{
+    echo >&2 "ERROR: $*" && exit 1
+}
+
+show_help()
+{
+cat <<EOHELP >&2
+Usage: $0 --pool-id POOL_ID --system SYSTEM_NAME
+
+Provide RHSM_USER and RHSM_PASS variables securely.
+EOHELP
+
+test -z "$1" || exit "$1"
+}
+
+# handle no arguments
+test ${#@} -eq 0 && show_help 1
+
+ARGS=$(getopt -o "h" -l "pool-id:,system:,help" -n "getopt" -- "$@") \
+    || show_help 1
+eval set -- "$ARGS"
+
+option_variable()
+{
+    # Function to convert '--some-option' to '$opt_some_option".
+    opt=$1
+    opt=${1##--}
+    opt=${opt##-}
+    opt=${opt//-/_}
+    option_variable_result=opt_$opt
+}
+
+opt_system=
+opt_pool_id=
+
+while true; do
+    case $1 in
+    -h|--help)
+        show_help 0
+        ;;
+
+    --pool-id|--system)
+        option_variable "$1"
+        eval "$option_variable_result=\$2"
+        shift 2
+        ;;
+
+    --) shift; break;;  # end
+    *) echo "programmer mistake ($1)" >&2; exit 1;;
+    esac
+done
+
+provided=true
+
+for i in system pool_id; do
+    varname=opt_$i
+    if eval 'test -z "$'"$varname"'"'; then
+        provided=false
+        echo >&2 "$varname required"
+    fi
+done
+$provided || die "some options missing"
+
+try_indefinitely()
+{
+    cmd=( "$@" )
+    while :; do
+        if "${cmd[@]}"; then
+            break
+        fi
+        sleep 5
+    done
+}
+
+test "$(id -u)" = 0 || {
+    echo >&2 "run as root"
+    exit 1
+}
+
+fail=false
+for env_required in RHSM_PASS RHSM_USER; do
+    eval 'test -z "$'$env_required'"' && echo >&2 "ENV ${env_required} required" && fail=true
+done
+$fail && exit 1
+
+try_indefinitely copr-builder-rhsm-subscribe
+try_indefinitely subscription-manager attach --pool "$opt_pool_id"
diff --git a/rpmbuild/copr-rpmbuild.spec b/rpmbuild/copr-rpmbuild.spec
@@ -60,6 +60,7 @@ Requires: %{python_pfx}-specfile >= 0.21.0
 Requires: python3-backoff >= 1.9.0
 Requires: python3-pyyaml
 
+Requires: expect
 Requires: mock >= 5.0
 Requires: git
 Requires: git-svn
@@ -230,8 +231,7 @@ EOF
 
 install -d %{buildroot}%{_mandir}/man1
 install -p -m 644 man/copr-rpmbuild.1 %{buildroot}/%{_mandir}/man1/
-install -p -m 755 bin/copr-builder %buildroot%_bindir
-install -p -m 755 bin/copr-builder-cleanup %buildroot%_bindir
+install -p -m 755 bin/copr-builder* %buildroot%_bindir
 install -p -m 755 bin/copr-sources-custom %buildroot%_bindir
 install -p -m 755 bin/copr-rpmbuild-cancel %buildroot%_bindir
 install -p -m 755 bin/copr-rpmbuild-log %buildroot%_bindir
@@ -278,6 +278,8 @@ install -p -m 755 copr-update-builder %buildroot%_bindir
 %_bindir/copr-builder
 %_bindir/copr-update-builder
 %_bindir/copr-builder-cleanup
+%_bindir/copr-builder-rhsm-subscribe
+%_bindir/copr-builder-rhsm-subscribe-daemon
 %_sysconfdir/copr-builder
 %dir %mock_config_overrides
 %doc %mock_config_overrides/README