From cf750a234613d0af4a4c6c411ab6eea5ba6a219b Mon Sep 17 00:00:00 2001 From: Boris Kolpackov Date: Tue, 18 Apr 2017 15:08:40 +0200 Subject: Add --trust agent option --- bbot/agent.cli | 6 ++++++ bbot/agent.cxx | 32 ++++++++++++++++++++++---------- bbot/bbot-agent@.service | 4 +++- bbot/worker.cxx | 9 +++++---- 4 files changed, 36 insertions(+), 15 deletions(-) (limited to 'bbot') diff --git a/bbot/agent.cli b/bbot/agent.cli index 5ca4457..c67535e 100644 --- a/bbot/agent.cli +++ b/bbot/agent.cli @@ -62,6 +62,12 @@ namespace bbot testing)." } + strings --trust + { + "", + "Trust repository certificate with a SHA256 ." + } + size_t --cpu = 1 { "", diff --git a/bbot/agent.cxx b/bbot/agent.cxx index 8e13720..8847e62 100644 --- a/bbot/agent.cxx +++ b/bbot/agent.cxx @@ -693,17 +693,8 @@ try verb = ops.verbose (); if (ops.systemd_daemon ()) - { systemd_diagnostics (true); // With critical errors. - info << "bbot agent " << BBOT_VERSION_STR << - info << "toolchain name " << tc_name << - info << "toolchain num " << tc_num << - info << "toolchain id " << tc_id << - info << "CPU(s) " << ops.cpu () << - info << "RAM(kB) " << ops.ram (); - } - tracer trace ("main"); uid = getuid (); @@ -771,6 +762,21 @@ try fail << "unable to set signal handler: " << system_error (errno, generic_category ()); // Sanitize. + if (ops.systemd_daemon ()) + { + diag_record dr; + + dr << info << "bbot agent " << BBOT_VERSION_STR << + info << "toolchain name " << tc_name << + info << "toolchain num " << tc_num << + info << "toolchain id " << tc_id << + info << "CPU(s) " << ops.cpu () << + info << "RAM(kB) " << ops.ram (); + + for (const string& u: controllers) + dr << info << "controller url " << u; + } + // The work loop. The steps we go through are: // // 1. Enumerate the available machines, (re-)bootstrapping any if necessary. @@ -906,7 +912,7 @@ try continue; } - const task_manifest& t (*tr.task); + task_manifest& t (*tr.task); if (ops.dump_task ()) { @@ -914,6 +920,12 @@ try return 0; } + // If we have our own repository certificate fingerprints, then use them + // to replace what we have received from the controller. + // + if (!ops.trust ().empty ()) + t.trust = ops.trust (); + const dir_path& d (ds[i]); // The - directory. const bootstrapped_machine_manifest& m (ms[i]); diff --git a/bbot/bbot-agent@.service b/bbot/bbot-agent@.service index 5f160cf..b19e97c 100644 --- a/bbot/bbot-agent@.service +++ b/bbot/bbot-agent@.service @@ -18,7 +18,8 @@ Environment=TOOLCHAIN_NAME=%i Environment=TOOLCHAIN_NUM=1 Environment=TOOLCHAIN_ID= -Environment="CONTROLLER_URL=https://example.org/?build-task" +Environment="CONTROLLER_URL=" +Environment="CONTROLLER_TRUST=" ExecStart=/build/bbot/%i/bin/bbot-agent --systemd-daemon \ --verbose ${VERBOSE} \ @@ -30,6 +31,7 @@ ExecStart=/build/bbot/%i/bin/bbot-agent --systemd-daemon \ --toolchain-name ${TOOLCHAIN_NAME} \ --toolchain-num ${TOOLCHAIN_NUM} \ --toolchain-id ${TOOLCHAIN_ID} \ + $CONTROLLER_TRUST \ $CONTROLLER_URL User=build diff --git a/bbot/worker.cxx b/bbot/worker.cxx index 87dfdb4..0212d26 100644 --- a/bbot/worker.cxx +++ b/bbot/worker.cxx @@ -481,12 +481,8 @@ try verb = ops.verbose (); if (ops.systemd_daemon ()) - { systemd_diagnostics (false); - info << "bbot worker " << BBOT_VERSION_STR; - } - // Version. // if (ops.version ()) @@ -522,6 +518,11 @@ try if (ops.bootstrap ()) m = mode::boot; if (ops.startup ()) m = mode::start; + if (ops.systemd_daemon ()) + { + info << "bbot worker " << BBOT_VERSION_STR; + } + // Figure out our path (used for re-exec). // argv0 = process::path_search (argv[0], true); -- cgit v1.1