[ARVADOS] updated: b0f9d8dcc4cee11e4faed5a6bba593819209d7e2

Git user git at public.curoverse.com
Wed Dec 7 15:59:06 EST 2016 

Summary of changes:
 sdk/cli/bin/crunch-job | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

       via  b0f9d8dcc4cee11e4faed5a6bba593819209d7e2 (commit)
       via  3d30e1a5c2b4edac70628a551ed0a34f7cf3be68 (commit)
      from  bdbcc4024e4320e17634fdfbdeb48a6051b0fccd (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit b0f9d8dcc4cee11e4faed5a6bba593819209d7e2
Merge: bdbcc40 3d30e1a
Author: Tom Clegg <tom at curoverse.com>
Date:   Wed Dec 7 15:58:35 2016 -0500

    Merge branch '10684-ssl-ro' refs #10684


commit 3d30e1a5c2b4edac70628a551ed0a34f7cf3be68
Author: Tom Clegg <tom at curoverse.com>
Date:   Wed Dec 7 15:57:09 2016 -0500

    10684: Use read-only bind mounts for certs and crunchrunner.

diff --git a/sdk/cli/bin/crunch-job b/sdk/cli/bin/crunch-job
index 3587436..40c9cf3 100755
--- a/sdk/cli/bin/crunch-job
+++ b/sdk/cli/bin/crunch-job
@@ -864,9 +864,9 @@ for (my $todo_ptr = 0; $todo_ptr <= $#jobstep_todo; $todo_ptr ++)
         ."&& MEMLIMIT=\$(( (\$MEM * 95) / ($ENV{CRUNCH_NODE_SLOTS} * 100) )) "
         ."&& let SWAPLIMIT=\$MEMLIMIT+\$SWAP "
         .q{&& declare -a VOLUMES=() }
-        .q{&& if which crunchrunner >/dev/null ; then VOLUMES+=("--volume=$(which crunchrunner):/usr/local/bin/crunchrunner") ; fi }
-        .q{&& if test -f /etc/ssl/certs/ca-certificates.crt ; then VOLUMES+=("--volume=/etc/ssl/certs/ca-certificates.crt:/etc/arvados/ca-certificates.crt") ; }
-        .q{elif test -f /etc/pki/tls/certs/ca-bundle.crt ; then VOLUMES+=("--volume=/etc/pki/tls/certs/ca-bundle.crt:/etc/arvados/ca-certificates.crt") ; fi };
+        .q{&& if which crunchrunner >/dev/null ; then VOLUMES+=("--volume=$(which crunchrunner):/usr/local/bin/crunchrunner:ro") ; fi }
+        .q{&& if test -f /etc/ssl/certs/ca-certificates.crt ; then VOLUMES+=("--volume=/etc/ssl/certs/ca-certificates.crt:/etc/arvados/ca-certificates.crt:ro") ; }
+        .q{elif test -f /etc/pki/tls/certs/ca-bundle.crt ; then VOLUMES+=("--volume=/etc/pki/tls/certs/ca-bundle.crt:/etc/arvados/ca-certificates.crt:ro") ; fi };
 
     $command .= "&& exec arv-mount --read-write --mount-by-pdh=by_pdh --mount-tmp=tmp --crunchstat-interval=10 --allow-other $arv_file_cache \Q$keep_mnt\E --exec ";
     $ENV{TASK_KEEPMOUNT} = "$keep_mnt/by_pdh";

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list