From 49f43e65bfa8454b3fbc5716bd4d22af16d0424b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Mon, 27 Nov 2023 16:15:49 +0100 Subject: [PATCH 1/2] use variable for cvmfs_server command, and use sudo --- scripts/ingest-tarball.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/scripts/ingest-tarball.sh b/scripts/ingest-tarball.sh index 27899cfc..9985bea7 100755 --- a/scripts/ingest-tarball.sh +++ b/scripts/ingest-tarball.sh @@ -15,6 +15,7 @@ repo=software.eessi.io basedir=versions decompress="gunzip -c" +cvmfs_server="sudo cvmfs_server" # list of supported architectures for compat and software layers declare -A archs=(["aarch64"]= ["ppc64le"]= ["riscv64"]= ["x86_64"]=) # list of supported operating systems for compat and software layers @@ -104,8 +105,8 @@ function check_contents_type() { function cvmfs_regenerate_nested_catalogs() { # Use the .cvmfsdirtab to generate nested catalogs for the ingested tarball echo "Generating the nested catalogs..." - cvmfs_server transaction "${repo}" - cvmfs_server publish -m "Generate catalogs after ingesting ${tar_file_basename}" "${repo}" + ${cvmfs_server} transaction "${repo}" + ${cvmfs_server} publish -m "Generate catalogs after ingesting ${tar_file_basename}" "${repo}" ec=$? if [ $ec -eq 0 ] then @@ -119,7 +120,7 @@ function cvmfs_ingest_tarball() { # Do a regular "cvmfs_server ingest" for a given tarball, # followed by regenerating the nested catalog echo "Ingesting tarball ${tar_file} to ${repo}..." - ${decompress} "${tar_file}" | cvmfs_server ingest -t - -b "${basedir}" "${repo}" + ${decompress} "${tar_file}" | ${cvmfs_server} ingest -t - -b "${basedir}" "${repo}" ec=$? if [ $ec -eq 0 ] then @@ -185,16 +186,16 @@ function ingest_compat_tarball() { then echo_yellow "Compatibility layer for version ${version}, OS ${os}, and architecture ${arch} already exists!" echo_yellow "Removing the existing layer, and adding the new one from the tarball..." - cvmfs_server transaction "${repo}" + ${cvmfs_server} transaction "${repo}" rm -rf "/cvmfs/${repo}/${basedir}/${version}/compat/${os}/${arch}/" tar -C "/cvmfs/${repo}/${basedir}/" -xzf "${tar_file}" - cvmfs_server publish -m "update compat layer for ${version}, ${os}, ${arch}" "${repo}" + ${cvmfs_server} publish -m "update compat layer for ${version}, ${os}, ${arch}" "${repo}" ec=$? if [ $ec -eq 0 ] then echo_green "Successfully ingested the new compatibility layer!" else - cvmfs_server abort "${repo}" + ${cvmfs_server} abort "${repo}" error "error while updating the compatibility layer, transaction aborted." fi else From 09476bb99a181f0a0089545ed54a1393ac5524b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bob=20Dr=C3=B6ge?= Date: Mon, 27 Nov 2023 16:31:45 +0100 Subject: [PATCH 2/2] dont use sudo by default, only add it when we're not the repo owner --- scripts/ingest-tarball.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/scripts/ingest-tarball.sh b/scripts/ingest-tarball.sh index 9985bea7..d71ff733 100755 --- a/scripts/ingest-tarball.sh +++ b/scripts/ingest-tarball.sh @@ -15,7 +15,7 @@ repo=software.eessi.io basedir=versions decompress="gunzip -c" -cvmfs_server="sudo cvmfs_server" +cvmfs_server="cvmfs_server" # list of supported architectures for compat and software layers declare -A archs=(["aarch64"]= ["ppc64le"]= ["riscv64"]= ["x86_64"]=) # list of supported operating systems for compat and software layers @@ -41,6 +41,14 @@ function error() { exit 1 } +function is_repo_owner() { + if [ -f "/etc/cvmfs/repositories.d/${repo}/server.conf" ] + then + . "/etc/cvmfs/repositories.d/${repo}/server.conf" + [ x"$(whoami)" = x"$CVMFS_USER" ] + fi +} + function check_repo_vars() { if [ -z "${repo}" ] then @@ -225,6 +233,9 @@ tar_first_file=$(tar tf "${tar_file}" | head -n 1) tar_top_level_dir=$(echo "${tar_first_file}" | cut -d/ -f1) tar_contents_type_dir=$(tar tf "${tar_file}" | head -n 2 | tail -n 1 | cut -d/ -f2) +# Check if we are running as the CVMFS repo owner, otherwise run cvmfs_server with sudo +is_repo_owner || cvmfs_server="sudo cvmfs_server" + # Do some checks, and ingest the tarball check_repo_vars check_version