Merge pull request 'refs #2831 set safe.directory just once' (#47 ) from safe_dir into main

Reviewed-on: #47
refs #2831 set safe.directory just once
2025-09-30 12:38:34 +02:00 · 2025-09-30 12:37:57 +02:00 · 2025-09-22 13:12:34 +02:00 · 2025-09-22 13:11:13 +02:00
3 changed files with 55 additions and 43 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [0.10.4] - 2025-09-30
+
+### Fixed
+
+- Set safe.directory just once
+
 ## [0.10.3] - 2025-09-18

 ### Changed
--- a/api/repo_api.py
+++ b/api/repo_api.py
@ -14,15 +14,13 @@ Librerías Python requeridas: - flask (se puede instalar con "sudo apt install p
                             - flasgger (se puede instalar con "sudo apt install python3-flasgger")
 """

-# --------------------------------------------------------------------------------------------
-#                                        IMPORTS
-# --------------------------------------------------------------------------------------------
-
 from flask import Flask, jsonify, request
 import os
 import subprocess
 import json
-from time import sleep
+import time
+import sys
+import git
 import paramiko
 import logging
 import threading
@ -34,13 +32,8 @@ from systemd import journal
 # Imports para Swagger:
 from flasgger import Swagger
 import yaml
-import time


-# --------------------------------------------------------------------------------------------
-#                                        VARIABLES
-# --------------------------------------------------------------------------------------------
-
 repo_path = '/opt/opengnsys/ogrepository/images/' # No borrar la barra final
 vm_path = '/opt/opengnsys/ogrepository/images_virtual/' # No borrar la barra final
 script_path = '/opt/opengnsys/ogrepository/bin'
@ -48,21 +41,10 @@ repo_file = '/opt/opengnsys/ogrepository/etc/repoinfo.json'
 trash_file = '/opt/opengnsys/ogrepository/etc/trashinfo.json'
 config_file = '/opt/opengnsys/ogrepository/etc/ogAdmRepo.cfg'

-
-
-
-# --------------------------------------------------------------------------------------------
-#                                        GIT
-# --------------------------------------------------------------------------------------------
-
 REPOSITORIES_BASE_PATH = "/opt/opengnsys/ogrepository/oggit/git/"
 OGGIT_USER = "oggit"
 OGGIT_FORGEJO_PORT = 3100

-import sys
-import git
-import paramiko
-

 # --------------------------------------------------------------------------------------------
 #                                        FUNCTIONS
@ -273,7 +255,7 @@ def check_lock_local(image_file_path, job_id):
    journal.send("Running function 'check_lock_local'...", PRIORITY=journal.LOG_INFO, SYSLOG_IDENTIFIER="ogrepo-api_DEBUG")

    # Esperamos 30 segundos, para dar tiempo a que se cree el archivo ".lock":
-    sleep(30)
+    time.sleep(30)

    # Creamos un bucle infinito:
    while True:
@ -310,7 +292,7 @@ def check_lock_local(image_file_path, job_id):
            journal.send("Task in process (.lock file exists)", PRIORITY=journal.LOG_INFO, SYSLOG_IDENTIFIER="ogrepo-api_DEBUG")

        # Esperamos 1 minuto para volver a realizar la comprobación:
-        sleep(60)
+        time.sleep(60)


 # ---------------------------------------------------------
@ -335,7 +317,7 @@ def check_remote_backup(image_name, remote_ip, remote_user, remote_path, job_id)
    sftp_client = ssh_client.open_sftp()

    # Esperamos 30 segundos antes de empezar a realizar la comprobación:
-    sleep(30)
+    time.sleep(30)

    # Creamos una lista con las extensiones de los archivos asociados a la imagen (incluyendo ninguna extensión, que corresponde a la propia imagen):
    extensions = ['', '.size', '.sum', '.full.sum', '.info']
@ -424,7 +406,7 @@ def check_remote_backup(image_name, remote_ip, remote_user, remote_path, job_id)
            journal.send("Task in process (backup incomplete)", PRIORITY=journal.LOG_INFO, SYSLOG_IDENTIFIER="ogrepo-api_DEBUG")

        # Esperamos 1 minuto para volver a realizar la comprobación:
-        sleep(60)
+        time.sleep(60)

    # Ya fuera del bucle, cerramos el cliente SSH y el cliente SFTP:
    ssh_client.close()
@ -490,7 +472,7 @@ def check_aux_files(image_file_path, job_id):
            recall_ogcore(data)
            break
        # Esperamos 10 segundos para volver a realizar la comprobación:
-        sleep(10)
+        time.sleep(10)


 # ---------------------------------------------------------
@ -506,7 +488,7 @@ def check_virtual_image_conversion(image_name, job_id):
    journal.send("Running function 'check_virtual_image_conversion'...", PRIORITY=journal.LOG_INFO, SYSLOG_IDENTIFIER="ogrepo-api_DEBUG")

    # Esperamos 30 segundos, para dar tiempo a que se cree algún archivo:
-    sleep(30)
+    time.sleep(30)

    # Construimos la ruta de la imagen (una vez convertida):
    image_file_path = f"{repo_path}{image_name}.img"
@ -547,7 +529,7 @@ def check_virtual_image_conversion(image_name, job_id):
            journal.send("Task in process (Conversion not finalized)", PRIORITY=journal.LOG_INFO, SYSLOG_IDENTIFIER="ogrepo-api_DEBUG")

        # Esperamos 1 minuto para volver a realizar la comprobación:
-        sleep(60)
+        time.sleep(60)


 # ---------------------------------------------------------
@ -562,7 +544,7 @@ def check_virtual_image_reconversion(image_name, vm_extension, job_id):
    journal.send("Running function 'check_virtual_image_reconversion'...", PRIORITY=journal.LOG_INFO, SYSLOG_IDENTIFIER="ogrepo-api_DEBUG")

    # Esperamos 30 segundos, para dar tiempo a que se cree algún archivo:
-    sleep(30)
+    time.sleep(30)

    # Construimos la ruta de la imagen virtual (una vez exportada), y la ruta de exportación:
    virtual_image_file_path = f"{vm_path}export/{image_name}.{vm_extension}"
@ -604,7 +586,7 @@ def check_virtual_image_reconversion(image_name, vm_extension, job_id):
            journal.send("Task in process (Conversion not finalized)", PRIORITY=journal.LOG_INFO, SYSLOG_IDENTIFIER="ogrepo-api_DEBUG")

        # Esperamos 1 minuto para volver a realizar la comprobación:
-        sleep(60)
+        time.sleep(60)


 # ---------------------------------------------------------
@ -1504,7 +1486,7 @@ def send_udpcast():
        result = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, encoding='UTF8')

        # Comprobamos si está corriendo el proceso correspondiente de "udp-sender" (esperando 5 segundos para darle tiempo a iniciarse):
-        sleep(5)
+        time.sleep(5)
        process_running = search_process('udp-sender', f"{param_dict['name']}.{param_dict['extension']}")

        # Evaluamos el resultado de la ejecución, y devolvemos una respuesta:
@ -1577,7 +1559,7 @@ def send_uftp():
        result = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, encoding='UTF8')

        # Comprobamos si está corriendo el proceso correspondiente de "uftp" (esperando 5 segundos para darle tiempo a iniciarse):
-        sleep(5)
+        time.sleep(5)
        process_running = search_process('uftp', f"{param_dict['name']}.{param_dict['extension']}")

        # Evaluamos el resultado de la ejecución, y devolvemos una respuesta:
@ -1659,7 +1641,7 @@ def send_p2p():

    # Comprobamos si el tracker y el seeder están corriendo, y si apuntan al directorio que le hemos pasado
    #   (esperamos 10 segundos antes de hacerlo, porque los procesos no se inician inmediatamente):
-    sleep(10)
+    time.sleep(10)
    seeder_running = search_process('aria2c', f"{param_dict['name']}.img.torrent")  # El seeder se ejecuta con "aria2c" y el nombre de la imagen como parámetro


@ -2267,6 +2249,11 @@ def rename_image():
 #
 # -----------------------------------------------------------

+def repo_set_safe_directory (repo, path):
+    try:
+        repo.git.config ('--get', 'safe-directory')
+    except:
+        repo.git.config ('--global', '--add', 'safe.directory', path)

 def git_forgejo_post_command(url, json_data):
    token = ""
@ -2321,7 +2308,7 @@ def git_compact_repository_task(repo, job_id):

    git_repo_path = os.path.join(REPOSITORIES_BASE_PATH, OGGIT_USER, repo + ".git")
    git_repo = git.Repo(git_repo_path)
-    git_repo.git.config('--global', '--add', 'safe.directory', git_repo_path)
+    repo_set_safe_directory (git_repo, git_repo_path)

    git_repo.git.gc()

@ -2338,7 +2325,7 @@ def git_sync_repository_task(repo, remote_repository, job_id):

    git_repo_path = os.path.join(REPOSITORIES_BASE_PATH, OGGIT_USER, repo + ".git")
    git_repo = git.Repo(git_repo_path)
-    git_repo.git.config('--global', '--add', 'safe.directory', git_repo_path)
+    repo_set_safe_directory (git_repo, git_repo_path)

    # Recreate the remote every time, it might change
    if "backup" in git_repo.remotes:
@ -2366,7 +2353,7 @@ def git_backup_repository_task(repo, params, job_id):

    git_repo_path = os.path.join(REPOSITORIES_BASE_PATH, OGGIT_USER, repo + ".git")
    git_repo = git.Repo(git_repo_path)
-    git_repo.git.config('--global', '--add', 'safe.directory', git_repo_path)
+    repo_set_safe_directory (git_repo, git_repo_path)

    ssh = paramiko.SSHClient()
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
@ -2581,7 +2568,7 @@ def git_get_branches(repo):
        return jsonify({"error": "Repository not found"}), 404

    git_repo = git.Repo(repo_path)
-    git_repo.git.config('--global', '--add', 'safe.directory', repo_path)
+    repo_set_safe_directory (git_repo, repo_path)

    branches = []
    for branch in git_repo.branches:
@ -2617,7 +2604,7 @@ def git_get_commits(repo, branch):


    git_repo = git.Repo(repo_path)
-    git_repo.git.config('--global', '--add', 'safe.directory', repo_path)
+    repo_set_safe_directory (git_repo, repo_path)


    if not branch in git_repo.branches:
@ -2707,7 +2694,7 @@ def git_create_branch(repo):
        return jsonify({"error": "Repository not found"}), 404

    git_repo = git.Repo(repo_path)
-    git_repo.git.config('--global', '--add', 'safe.directory', repo_path)
+    repo_set_safe_directory (git_repo, repo_path)

    data = request.json
    if data is None:
@ -2752,7 +2739,7 @@ def git_delete_branch(repo, branch):
        return {"error": "Repository not found"}, 404

    git_repo = git.Repo(repo_path)
-    git_repo.git.config('--global', '--add', 'safe.directory', repo_path)
+    repo_set_safe_directory (git_repo, repo_path)


    if not branch in git_repo.branches:
@ -2784,7 +2771,7 @@ def git_list_tags(repo):
        return jsonify({"error": "Repository not found"}), 404

    git_repo = git.Repo(repo_path)
-    git_repo.git.config('--global', '--add', 'safe.directory', repo_path)
+    repo_set_safe_directory (git_repo, repo_path)


    tags = []
@ -2876,7 +2863,7 @@ def git_delete_tag(repo, tag):
        return {"error": "Repository not found"}, 404

    git_repo = git.Repo(repo_path)
-    git_repo.git.config('--global', '--add', 'safe.directory', repo_path)
+    repo_set_safe_directory (git_repo, repo_path)


    if not tag in git_repo.tags:
--- a/etc/opengnsys-repository
+++ b/etc/opengnsys-repository
@ -10,6 +10,25 @@ Cmnd_Alias MOUNT_RECOVERY = \
    /usr/bin/umount /mnt/recovery/sys, \
    /usr/bin/umount -l /mnt/recovery

+Cmnd_Alias OGBOOT = \
+    /opt/bin/oglivecli, \
+    /usr/bin/chmod, \
+    /usr/bin/chown, \
+    /usr/bin/md5sum, \
+    /usr/bin/smbpasswd, \
+    /usr/bin/cat, \
+    /usr/bin/tee, \
+    /usr/bin/sed, \
+    /usr/bin/gzip, \
+    /usr/bin/lz4, \
+    /usr/bin/cpio, \
+    /usr/bin/find, \
+    /bin/tee, \
+    /usr/bin/dd, \
+    /usr/bin/mkfs.ext4, \
+    /usr/bin/rsync, \
+    /opt/opengnsys/ogboot/lib/*.iso /mnt
+
 Cmnd_Alias CHROOT_GRUB = \
    /usr/sbin/chroot /mnt/recovery /usr/sbin/grub-install --target=i386-pc *, \
    /usr/sbin/chroot /mnt/recovery /usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg
@ -28,4 +47,4 @@ Cmnd_Alias KILL_BT = \
 Cmnd_Alias PYTHON_OGREPO = /usr/bin/python3 /opt/opengnsys/ogrepository/bin/*

 # Permitir al usuario opengnsys ejecutar estos comandos sin contraseña
-opengnsys ALL=(root) NOPASSWD: MOUNT_RECOVERY, CHROOT_GRUB, LOOP_KPARTX, KILL_BT, PYTHON_OGREPO
+opengnsys ALL=(root) NOPASSWD: MOUNT_RECOVERY, CHROOT_GRUB, LOOP_KPARTX, OGBOOT, KILL_BT, PYTHON_OGREPO
Author	SHA1	Message	Date
Natalia Serrano	b2066d3e5d	Merge pull request 'refs #2831 set safe.directory just once' (#47 ) from safe_dir into main ogrepository/pipeline/head This commit looks good Details ogrepository/pipeline/tag This commit looks good Details Reviewed-on: #47	2025-09-30 12:38:34 +02:00
Natalia Serrano	eace7142ae	refs #2831 set safe.directory just once	2025-09-30 12:37:57 +02:00
Luis Gerardo Romero Garcia	8bd472fd6b	Merge pull request 'refs #2789 Adds necessary ogboot commands to sudoers' (#46 ) from sudoers-ogboot into main ogrepository/pipeline/head This commit looks good Details Reviewed-on: #46	2025-09-22 13:12:34 +02:00
Luis Gerardo Romero Garcia	6ea7699ca5	refs #2789 Adds necessary ogboot commands to sudoers	2025-09-22 13:11:13 +02:00