Correct revoke-sudo to actually work
* jenkins/jobs/macros.yaml(revoke-sudo): Simplify the sudoers include file deletion to not rely on a conditional check, and then test that it actually worked. Previously, systems where /etc/sudoers.d was non-world-readable caused it to be a silent no-op. Change-Id: Ie713482acbd454eeb58c3481e8b8820049daaab8
This commit is contained in:
parent
397cbe5373
commit
64f23c918b
@ -15,10 +15,10 @@
|
||||
name: revoke-sudo
|
||||
builders:
|
||||
- shell: |
|
||||
#!/bin/bash
|
||||
if [ -f /etc/sudoers.d/jenkins-sudo ] ; then
|
||||
sudo rm /etc/sudoers.d/jenkins-sudo
|
||||
fi
|
||||
#!/bin/bash -x
|
||||
sudo rm -f /etc/sudoers.d/jenkins-sudo
|
||||
# Prove that general sudo access is actually revoked
|
||||
! sudo -n true
|
||||
|
||||
- builder:
|
||||
name: coverage
|
||||
|
Loading…
x
Reference in New Issue
Block a user