forked from libfuse/libfuse
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathJenkinsfile
65 lines (60 loc) · 2.45 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
pipeline {
agent any
stages {
stage('Configure'){
steps {
sh '''
rm -rf build;
mkdir -p build;
cd build;
cmake -G "Unix Makefiles" \
-DOPTION_BUILD_UTILS=ON \
-DOPTION_BUILD_EXAMPLES=ON \
-DCMAKE_INSTALL_PREFIX=./install \
-DCMAKE_BUILD_TYPE=Debug \
..
'''
}
}
stage('Build') {
steps {
echo 'Building..'
sh '''
cd build
make -j \
'''
}
}
stage('Test') {
steps {
echo 'Testing..'
// Actually, this is stupid - I could just as easily let jenkins
// run chown and chmod directly.
// Must be a better way.
// For almost anything to work, fusermount3 has to be setuid root.
// To accomplish this - in a reasonably secure manner - under
// a Jenkins job (which normally runs as an unprivileged user)
// we need two 'helpers' and make use of a customized suders rule file for Jenkins.
// this limits jenkins sudo to only executing these commands
// etc/sudoers.d/jenkins looks like this:
// jenkins <HOSTNAME> = (root) NOPASSWD: /usr/bin/chmod-jenkins, /usr/bin/chown-jenkins
// The two files just call the real chown and chmod like this:
// /usr/bin/chown "$@"
// and
// /usr/bin/chmod "$@"
// * Actually, they should perform a basic sanity test on the parameters first
// * for example: dirname and basename could be checked
// * as well as maybe even doing an 'nm' on the file to see if it
// * contains symbols that only fusermount3 would have
// * There are many other options to help you feel safe with this.
// Don't forget to set executable on them !
sh '''
cd build
sudo /usr/bin/chown-jenkins root:root util/fusermount3
sudo /usr/bin/chmod-jenkins 4755 util/fusermount3
pytest test/
'''
}
}
}
}