Tails pythonlib is sometimes deployed with wrong permissions on jenkins.lizard
We’ve noticed that our jenkins jobs were sometimes not automatically updated recently.
It happened one time because the jenkins-jobs clone repository on jenkins.lizard had wrong permissions and some files in the .git directory were onwed by root rather than the jenkins user. Why it ended this way wasn’t clear, and it could as well have been a sysadmin mistake.
The second time, the cronjob responsible for the automatic upgrades was
erroring out because the Tails pythonlib installation was deployed with
restrictive permissions (owned by root but with 0{6,7}00), so the script
wasn’t able to import it. Why it happened is not also not clear. It did
after commits pythonlib:38b3c97
and puppet-tails:0425138
We’ll need to watch out on subsequent changes in the Tails pythonlib if and how this problem arises.
Parent Task: #9614
Original created by @bertagaz on 11172 (Redmine)