Skip to content

Tails pythonlib is sometimes deployed with wrong permissions on jenkins.lizard

We’ve noticed that our jenkins jobs were sometimes not automatically updated recently.

It happened one time because the jenkins-jobs clone repository on jenkins.lizard had wrong permissions and some files in the .git directory were onwed by root rather than the jenkins user. Why it ended this way wasn’t clear, and it could as well have been a sysadmin mistake.

The second time, the cronjob responsible for the automatic upgrades was erroring out because the Tails pythonlib installation was deployed with restrictive permissions (owned by root but with 0{6,7}00), so the script wasn’t able to import it. Why it happened is not also not clear. It did after commits pythonlib:38b3c97 and puppet-tails:0425138

We’ll need to watch out on subsequent changes in the Tails pythonlib if and how this problem arises.

Parent Task: #9614

Original created by @bertagaz on 11172 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information