Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rpmbuild: add copr-builder-rhsm-subscribe script #3434

Merged
merged 1 commit into from
Oct 14, 2024
Merged

rpmbuild: add copr-builder-rhsm-subscribe script #3434

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions rpmbuild/bin/copr-builder-rhsm-subscribe
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
#! /usr/bin/python3

"""
Run `subscription-manager register` without having the --activation key in
/proc/self/environ or /proc/self/comm.
"""

import argparse
import getpass
import sys

from subscription_manager.scripts.subscription_manager import main as rhsm
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am a bit afraid of them changing the location or the internals of the script and I would probably rather call it through subprocess but we can do this.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is sub-optimal, but subprocess.call means the key goes to /proc/self/cmdline

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please add a code comment about that so that I don't get the great idea to re-implement it someday? :-)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done



def read_key():
"""
Read key from stdin if not a tty. Never export as env-var.
"""
if sys.stdin.isatty():
key = getpass.getpass("rhsm key: ")
else:
key = sys.stdin.read()
return key.strip()


def _arg_parser():
parser = argparse.ArgumentParser()
parser.add_argument("--org-id", required=True)
parser.add_argument("--system-name", required=True)
return parser


def _main():
opts = _arg_parser().parse_args()
a_key = read_key()
sys.argv = [
"subscription-manager", "register", "--force",
"--org", opts.org_id,
"--name", opts.system_name,
"--activationkey", a_key,
]
# Call subscription-manager's internal method to avoid polluting the
# /proc/self/cmdline with the key credential!
rhsm()


if __name__ == "__main__":
_main()
44 changes: 44 additions & 0 deletions rpmbuild/bin/copr-builder-rhsm-subscribe-daemon
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
#! /bin/bash

# Try to run subscription-manager register repeatedly (till it succeeds),
# without polluting environment variables or command-line options with
# passwords/keys.

if test $# -ne 2; then
cat <<EOHELP >&2
Usage: $0 ORG_ID SYSTEM_NAME <<<"\$password"

Provide the activation_key on stdin!
EOHELP
exit 1
fi

opt_org_id=$1
opt_system=$2

try_indefinitely()
{
cmd=( "$@" )
while :; do
if "${cmd[@]}"; then
break
fi
sleep 5
done
}

test "$(id -u)" = 0 || {
echo >&2 "run as root"
exit 1
}

test -t 0 && echo -n "RH Activation Key: "
read -r -s opt_pass

register()
{
copr-builder-rhsm-subscribe --org-id "$opt_org_id" --system-name "$opt_system" <<<"$opt_pass"
}

try_indefinitely register
touch /run/copr-builder/rhsm-subscribed
14 changes: 12 additions & 2 deletions rpmbuild/copr-rpmbuild.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ BuildRequires: python3-pyyaml

BuildRequires: /usr/bin/argparse-manpage
BuildRequires: python-rpm-macros
BuildRequires: systemd-rpm-macros

%if "%{?python}" == "python2"
BuildRequires: python2-configparser
Expand All @@ -61,6 +62,7 @@ Requires: python3-backoff >= 1.9.0
Requires: python3-pyyaml

Requires: mock >= 5.0
Requires(pre): mock-filesystem
Requires: git
Requires: git-svn
# for the /bin/unbuffer binary
Expand Down Expand Up @@ -230,8 +232,7 @@ EOF

install -d %{buildroot}%{_mandir}/man1
install -p -m 644 man/copr-rpmbuild.1 %{buildroot}/%{_mandir}/man1/
install -p -m 755 bin/copr-builder %buildroot%_bindir
install -p -m 755 bin/copr-builder-cleanup %buildroot%_bindir
install -p -m 755 bin/copr-builder* %buildroot%_bindir
install -p -m 755 bin/copr-sources-custom %buildroot%_bindir
install -p -m 755 bin/copr-rpmbuild-cancel %buildroot%_bindir
install -p -m 755 bin/copr-rpmbuild-log %buildroot%_bindir
Expand All @@ -250,6 +251,11 @@ install -p -m 755 copr-update-builder %buildroot%_bindir
done
)

mkdir %{buildroot}%{_tmpfilesdir}
cat > %{buildroot}%{_tmpfilesdir}/copr-builder.conf <<EOF
d /run/copr-builder 0775 root mock -
EOF


%files
%{!?_licensedir:%global license %doc}
Expand Down Expand Up @@ -278,9 +284,13 @@ install -p -m 755 copr-update-builder %buildroot%_bindir
%_bindir/copr-builder
%_bindir/copr-update-builder
%_bindir/copr-builder-cleanup
%_bindir/copr-builder-rhsm-subscribe
%_bindir/copr-builder-rhsm-subscribe-daemon
%_sysconfdir/copr-builder
%dir %mock_config_overrides
%doc %mock_config_overrides/README
%ghost %attr(775,root,mock) %dir %_rundir/copr-builder
%_tmpfilesdir/copr-builder.conf


%changelog
Expand Down
Loading