Muehlenhoff has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/370361 )
Change subject: Run Lilypond from Firejail ...................................................................... Run Lilypond from Firejail This change adds the python command, encapsulating Lilypond within Firejail, with the `mediawiki-converters` profile, like in similar scripts. See also I5a0579b0e and I926fbe6b3. Bug: T172582 Change-Id: I011db0e9a2d9da825cf3ac02bfba23b562e052f6 --- A modules/mediawiki/files/mediawiki-firejail-abc2ly A modules/mediawiki/files/mediawiki-firejail-timidity M modules/mediawiki/manifests/init.pp 3 files changed, 25 insertions(+), 2 deletions(-) Approvals: Muehlenhoff: Looks good to me, approved jenkins-bot: Verified diff --git a/modules/mediawiki/files/mediawiki-firejail-abc2ly b/modules/mediawiki/files/mediawiki-firejail-abc2ly new file mode 100644 index 0000000..3b12f2a --- /dev/null +++ b/modules/mediawiki/files/mediawiki-firejail-abc2ly @@ -0,0 +1,5 @@ +#! /usr/bin/python +# -*- coding: utf-8 -*- + +import sys, subprocess +subprocess.call(['/usr/bin/firejail', '--profile=/etc/firejail/mediawiki-converters.profile', '/usr/bin/abc2ly'] + sys.argv[1:]) diff --git a/modules/mediawiki/files/mediawiki-firejail-timidity b/modules/mediawiki/files/mediawiki-firejail-timidity new file mode 100644 index 0000000..ebb6fa6 --- /dev/null +++ b/modules/mediawiki/files/mediawiki-firejail-timidity @@ -0,0 +1,5 @@ +#! /usr/bin/python +# -*- coding: utf-8 -*- + +import sys, subprocess +subprocess.call(['/usr/bin/firejail', '--profile=/etc/firejail/mediawiki-converters.profile', '/usr/bin/timidity'] + sys.argv[1:]) diff --git a/modules/mediawiki/manifests/init.pp b/modules/mediawiki/manifests/init.pp index 5fdc47c..f56bebc 100644 --- a/modules/mediawiki/manifests/init.pp +++ b/modules/mediawiki/manifests/init.pp @@ -32,8 +32,7 @@ # This profile is used to contain the convert command of imagemagick using # firejail Profiles specific to the image/video scalers are handled via - # mediawiki::firejail, but imagemagick is also used on the general purpose - # appscalers for scaling musical typesheets in the Score extension + # mediawiki::firejail file { '/etc/firejail/mediawiki-imagemagick.profile': source => 'puppet:///modules/mediawiki/mediawiki-imagemagick.profile', owner => 'root', @@ -70,6 +69,20 @@ mode => '0555', } + file { '/usr/local/bin/mediawiki-firejail-abc2ly': + source => 'puppet:///modules/mediawiki/mediawiki-firejail-abc2ly', + owner => 'root', + group => 'root', + mode => '0555', + } + + file { '/usr/local/bin/mediawiki-firejail-timidity': + source => 'puppet:///modules/mediawiki/mediawiki-firejail-timidity', + owner => 'root', + group => 'root', + mode => '0555', + } + # /var/log/mediawiki contains log files for the MediaWiki jobrunner # and for various periodic jobs that are managed by cron. file { '/var/log/mediawiki': -- To view, visit https://gerrit.wikimedia.org/r/370361 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I011db0e9a2d9da825cf3ac02bfba23b562e052f6 Gerrit-PatchSet: 4 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Ebe123 <beauleetien...@gmail.com> Gerrit-Reviewer: Alex Monk <kren...@gmail.com> Gerrit-Reviewer: Ebe123 <beauleetien...@gmail.com> Gerrit-Reviewer: Elukey <ltosc...@wikimedia.org> Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org> Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits