mdmillerii
commented
3 years ago Can we make hard links where supported? Or will that cause more confusion.
Open geissonator opened 3 years ago
mdmillerii
commented
3 years ago Can we make hard links where supported? Or will that cause more confusion.
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-1452 was a change by the jenkins team that removes files which are links from the jenkins archival view (i.e. https://jenkins.openbmc.org/job/latest-master/label=docker-builder,target=witherspoon/lastSuccessfulBuild/artifact/openbmc/build/tmp/deploy/images/witherspoon/)
The way our bitbake process works is it generates a timestamped version of the file (i.e. obmc-phosphor-image-witherspoon-20210407025132.ubi.mtd) and then generates a link to that file with a generic name (i.e. obmc-phosphor-image-witherspoon.ubi.mtd)
OpenBMC tooling and documentation assumes that generic file name which is going to be a problem once we upgrade to a jenkins level with this security change.
I think we probably need a jenkins/run-ci-openbmc which runs build-setup.sh as normal and then at the end turns these links into real files. It will burn some extra space in jenkins but it shouldn't be too much of an issue.
Something that searches over all files under the deploy dir, checks if they are a link, does a cp -L of the file to a tmp dir, removes the link, then moves the copied file back into the dir.