zuul
/
zuul
Code Issues Proposed changes
zuul/zuul
History
Tobias Henkel 2bc13cdfaf
Move tmpdir into work root 
Ansible 2.4 changes the way the template module works. It now
processes the template and writes it into a temporary file in a newly
created temporary dir. After that it reuses the copy plugin to copy
this onto the node. This fails for untrusted jobs because the
temporary file is created outside of the work root which fails the
safe path validation of the copy plugin [1].

There are two issues with this behavior. First Ansible doesn't use the
configured local_tmp dir for this temporary file. This can be fixed by
setting the TMP variable.

Second our current local_tmp setting is outside of the work dir so
this needs to be moved into the work dir.

[1] Failed log:
TASK [gitlint : Ensure project has a fallback default config]
node | ERROR
node | {
node |   "msg": "Accessing files from outside the working dir /tmp/54614d6f189a48968648c4e68c05bdba/work is prohibited",
node |   "path": "/tmp/tmpssae4qfb/gitlint.j2"
node | }

Change-Id: Ie2c7518973fc81f51826fa16021b95590e08749e
 		2018-04-04 09:55:37 +02:00
..
ansible Fix no_log bug with result lists 2018-03-15 09:45:55 -07:00
cmd Merge "Import Zuul modules at top of files" 2018-03-14 16:09:30 +00:00
connection Add /info and /{tenant}/info route to zuul-web 2018-02-19 09:31:13 -06:00
driver Merge "Match github model of granting admins write" 2018-03-14 16:26:00 +00:00
execution_context Add wrapper driver execution context 2017-08-18 16:35:12 -07:00
executor Move tmpdir into work root 2018-04-04 09:55:37 +02:00
lib Merge "Unset finger client timeout after connect" 2018-03-14 18:05:20 +00:00
manager Add ConfigLoader initializer 2018-02-16 17:40:38 -08:00
merger Merge "Set remote url on every getRepo in merger" 2018-02-15 21:08:06 +00:00
reporter Move status_url from webapp to web section 2018-01-29 14:16:28 +01:00
source Support cross-source dependencies 2018-01-16 09:37:40 -08:00
sphinx Add zuul-sphinx as a requirement 2017-08-07 14:56:17 -07:00
trigger Remove use of six library 2017-06-19 10:34:57 -05:00
web Serve the static files more dynamically 2018-03-09 15:32:53 -06:00
__init__.py Initial commit. 2012-05-29 14:49:32 -07:00
_setup_hook.py Use yarn and webpack to manage zuul-web javascript 2018-03-04 07:20:40 -06:00
change_matcher.py Fix implied branch matchers and tags 2017-12-01 15:54:24 -08:00
configloader.py Merge "Revert "Don't store references to secret objects from jobs"" 2018-03-15 15:37:44 +00:00
exceptions.py Support post jobs by supporting rev checkout 2016-07-12 12:51:51 +10:00
model.py Merge "Revert "Don't store references to secret objects from jobs"" 2018-03-15 15:37:44 +00:00
nodepool.py Fix stuck node requests across ZK reconnection 2018-02-06 15:40:28 -08:00
rpcclient.py Support autoholding nodes for specific changes/refs 2018-02-08 19:26:08 +01:00
rpclistener.py Add queue size to tenant overview 2018-03-08 07:27:33 +01:00
scheduler.py Skip autohold if no autohold was requested 2018-02-23 08:22:05 +01:00
version.py Migrate to pbr. 2013-06-25 19:04:30 +00:00
zk.py Better exception handling during autohold 2017-10-13 11:26:45 -04:00