aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBoris Kolpackov <boris@codesynthesis.com>2017-04-18 15:08:40 +0200
committerBoris Kolpackov <boris@codesynthesis.com>2017-04-18 15:08:40 +0200
commitcf750a234613d0af4a4c6c411ab6eea5ba6a219b (patch)
tree1d5f1b3bddbc09fadda2a63b41fa78a3a42b4c28
parent2d8dc6c905dbde7da2d324a559d08af77231d062 (diff)
Add --trust agent option
-rw-r--r--bbot/agent.cli6
-rw-r--r--bbot/agent.cxx32
-rw-r--r--bbot/bbot-agent@.service4
-rw-r--r--bbot/worker.cxx9
4 files changed, 36 insertions, 15 deletions
diff --git a/bbot/agent.cli b/bbot/agent.cli
index 5ca4457..c67535e 100644
--- a/bbot/agent.cli
+++ b/bbot/agent.cli
@@ -62,6 +62,12 @@ namespace bbot
testing)."
}
+ strings --trust
+ {
+ "<fingerprint>",
+ "Trust repository certificate with a SHA256 <fingerprint>."
+ }
+
size_t --cpu = 1
{
"<num>",
diff --git a/bbot/agent.cxx b/bbot/agent.cxx
index 8e13720..8847e62 100644
--- a/bbot/agent.cxx
+++ b/bbot/agent.cxx
@@ -693,17 +693,8 @@ try
verb = ops.verbose ();
if (ops.systemd_daemon ())
- {
systemd_diagnostics (true); // With critical errors.
- info << "bbot agent " << BBOT_VERSION_STR <<
- info << "toolchain name " << tc_name <<
- info << "toolchain num " << tc_num <<
- info << "toolchain id " << tc_id <<
- info << "CPU(s) " << ops.cpu () <<
- info << "RAM(kB) " << ops.ram ();
- }
-
tracer trace ("main");
uid = getuid ();
@@ -771,6 +762,21 @@ try
fail << "unable to set signal handler: "
<< system_error (errno, generic_category ()); // Sanitize.
+ if (ops.systemd_daemon ())
+ {
+ diag_record dr;
+
+ dr << info << "bbot agent " << BBOT_VERSION_STR <<
+ info << "toolchain name " << tc_name <<
+ info << "toolchain num " << tc_num <<
+ info << "toolchain id " << tc_id <<
+ info << "CPU(s) " << ops.cpu () <<
+ info << "RAM(kB) " << ops.ram ();
+
+ for (const string& u: controllers)
+ dr << info << "controller url " << u;
+ }
+
// The work loop. The steps we go through are:
//
// 1. Enumerate the available machines, (re-)bootstrapping any if necessary.
@@ -906,7 +912,7 @@ try
continue;
}
- const task_manifest& t (*tr.task);
+ task_manifest& t (*tr.task);
if (ops.dump_task ())
{
@@ -914,6 +920,12 @@ try
return 0;
}
+ // If we have our own repository certificate fingerprints, then use them
+ // to replace what we have received from the controller.
+ //
+ if (!ops.trust ().empty ())
+ t.trust = ops.trust ();
+
const dir_path& d (ds[i]); // The -<toolchain> directory.
const bootstrapped_machine_manifest& m (ms[i]);
diff --git a/bbot/bbot-agent@.service b/bbot/bbot-agent@.service
index 5f160cf..b19e97c 100644
--- a/bbot/bbot-agent@.service
+++ b/bbot/bbot-agent@.service
@@ -18,7 +18,8 @@ Environment=TOOLCHAIN_NAME=%i
Environment=TOOLCHAIN_NUM=1
Environment=TOOLCHAIN_ID=
-Environment="CONTROLLER_URL=https://example.org/?build-task"
+Environment="CONTROLLER_URL="
+Environment="CONTROLLER_TRUST="
ExecStart=/build/bbot/%i/bin/bbot-agent --systemd-daemon \
--verbose ${VERBOSE} \
@@ -30,6 +31,7 @@ ExecStart=/build/bbot/%i/bin/bbot-agent --systemd-daemon \
--toolchain-name ${TOOLCHAIN_NAME} \
--toolchain-num ${TOOLCHAIN_NUM} \
--toolchain-id ${TOOLCHAIN_ID} \
+ $CONTROLLER_TRUST \
$CONTROLLER_URL
User=build
diff --git a/bbot/worker.cxx b/bbot/worker.cxx
index 87dfdb4..0212d26 100644
--- a/bbot/worker.cxx
+++ b/bbot/worker.cxx
@@ -481,12 +481,8 @@ try
verb = ops.verbose ();
if (ops.systemd_daemon ())
- {
systemd_diagnostics (false);
- info << "bbot worker " << BBOT_VERSION_STR;
- }
-
// Version.
//
if (ops.version ())
@@ -522,6 +518,11 @@ try
if (ops.bootstrap ()) m = mode::boot;
if (ops.startup ()) m = mode::start;
+ if (ops.systemd_daemon ())
+ {
+ info << "bbot worker " << BBOT_VERSION_STR;
+ }
+
// Figure out our path (used for re-exec).
//
argv0 = process::path_search (argv[0], true);