<pre style='margin:0'>
Rainer Müller (raimue) pushed a commit to branch master
in repository macports-infrastructure.
</pre>
<p><a href="https://github.com/macports/macports-infrastructure/commit/39529f6b446714b5263b53713c86979c030a0c28">https://github.com/macports/macports-infrastructure/commit/39529f6b446714b5263b53713c86979c030a0c28</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 39529f6 buildbot: Keep MaxCDN secrets in a separate file
</span>39529f6 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 39529f6b446714b5263b53713c86979c030a0c28
</span>Author: Rainer Müller <raimue@macports.org>
AuthorDate: Thu Nov 16 20:53:16 2017 +0100
<span style='display:block; white-space:pre;color:#404040;'> buildbot: Keep MaxCDN secrets in a separate file
</span><span style='display:block; white-space:pre;color:#404040;'>
</span><span style='display:block; white-space:pre;color:#404040;'> When passing secrets over the environment, they can end up in public
</span><span style='display:block; white-space:pre;color:#404040;'> readable log files. Therefore, this change puts the secrets into
</span><span style='display:block; white-space:pre;color:#404040;'> a completely separate configuration file that is only read by
</span><span style='display:block; white-space:pre;color:#404040;'> maxcdn-purge.py.
</span>---
buildbot/config.json.sample | 3 +--
buildbot/master.cfg | 6 ++----
buildbot/maxcdn-purge/maxcdn-purge.py | 19 ++++++++++++-------
buildbot/maxcdn-secrets.json.sample | 4 ++++
4 files changed, 19 insertions(+), 13 deletions(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/buildbot/config.json.sample b/buildbot/config.json.sample
</span><span style='display:block; white-space:pre;color:#808080;'>index 68ad0de..d500efb 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/buildbot/config.json.sample
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/buildbot/config.json.sample
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -6,8 +6,7 @@
</span> "toolsprefix": "/opt/mports",
"deploy": {
"maxcdn": {
<span style='display:block; white-space:pre;background:#ffe0e0;'>- "key": "",
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- "secret": ""
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "secrets": "/var/keys/maxcdn-secrets.json",
</span> },
"www": {
"host": "",
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/buildbot/master.cfg b/buildbot/master.cfg
</span><span style='display:block; white-space:pre;color:#808080;'>index b526ad1..bb57940 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/buildbot/master.cfg
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/buildbot/master.cfg
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -601,10 +601,8 @@ class CDNPurgeStep(steps.MasterShellCommand):
</span> name='cdn',
description='purging',
descriptionDone='purged',
<span style='display:block; white-space:pre;background:#ffe0e0;'>- command="./maxcdn-purge/maxcdn-purge.py %s" % (zoneid,),
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- env={'MAXCDN_KEY': config['deploy']['maxcdn']['key'],
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 'MAXCDN_SECRET': config['deploy']['maxcdn']['secret'],
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- 'PATH': "${PATH}"},
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ command="./maxcdn-purge/maxcdn-purge.py %s %s" % (zoneid, config['deploy']['maxcdn']['secrets']),
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ env={'PATH': "${PATH}"},
</span> **kwargs)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/buildbot/maxcdn-purge/maxcdn-purge.py b/buildbot/maxcdn-purge/maxcdn-purge.py
</span><span style='display:block; white-space:pre;color:#808080;'>index ac4befd..dc82677 100755
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/buildbot/maxcdn-purge/maxcdn-purge.py
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/buildbot/maxcdn-purge/maxcdn-purge.py
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -5,20 +5,25 @@ from __future__ import print_function
</span> import sys
import os
import pprint as pp
<span style='display:block; white-space:pre;background:#e0ffe0;'>+import json
</span> from maxcdn import MaxCDN
<span style='display:block; white-space:pre;background:#ffe0e0;'>-if not all(k in os.environ for k in ["MAXCDN_KEY", "MAXCDN_SECRET"]):
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- print("Error: MAXCDN_KEY or MAXCDN_SECRET not set in environment!", file=sys.stderr)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if len(sys.argv) != 3:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ print("Usage: {} <zoneid> <secretsfile>".format(sys.argv[0]), file=sys.stderr)
</span> sys.exit(1)
<span style='display:block; white-space:pre;background:#ffe0e0;'>-if len(sys.argv) != 2:
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>- print("Usage: {} <zoneid>".format(sys.argv[0]), file=sys.stderr)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+zoneid = sys.argv[1]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+with open(sys.argv[2]) as f:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ config = json.load(f)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+if not all(k in config for k in ["key", "secret"]):
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ print("Error: secretsfile does not contain key and/or secret!", file=sys.stderr)
</span> sys.exit(1)
<span style='display:block; white-space:pre;background:#ffe0e0;'>-zoneid = sys.argv[1]
</span> MAXCDN_ALIAS = "macports"
<span style='display:block; white-space:pre;background:#ffe0e0;'>-MAXCDN_KEY = os.environ["MAXCDN_KEY"]
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>-MAXCDN_SECRET = os.environ["MAXCDN_SECRET"]
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+MAXCDN_KEY = config['key']
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+MAXCDN_SECRET = config['secret']
</span>
# Initialize MaxCDN API
maxcdn = MaxCDN(MAXCDN_ALIAS, MAXCDN_KEY, MAXCDN_SECRET)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/buildbot/maxcdn-secrets.json.sample b/buildbot/maxcdn-secrets.json.sample
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 0000000..8323ce9
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/buildbot/maxcdn-secrets.json.sample
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,4 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+{
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "key": "",
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ "secret": ""
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span></pre><pre style='margin:0'>
</pre>