jenkins

jenkins ALL=  \
	NOPASSWD: /usr/sbin/debootstrap *, \
	/usr/bin/mmdebstrap *, \
	/usr/bin/cdebootstrap *, \
	/usr/bin/sbuild-createchroot *, \
	/usr/bin/sbuild-update *, \
	/bin/systemctl reset-failed*, \
	/bin/systemctl restart*, \
	/usr/bin/tee /schroots/*, \
	/usr/bin/tee -a /schroots/*, \
	/usr/bin/tee /etc/schroot/chroot.d/jenkins*, \
	/usr/bin/tee -a /etc/schroot/chroot.d/jenkins*, \
	/bin/sed -i * /schroots/reproducible-archlinux/etc/pacman.conf, \
	/bin/chmod +x /schroots/*, \
	/bin/chmod +x /chroots/*, \
	/bin/tar -c --exclude ./sys/\* --exclude ./proc/\* -f /schroots/*, \
        /bin/tar xzf archlinux-bootstrap-*tar.gz -C /schroots, \
        /bin/tar xzf ./alpine-minirootfs-*.tar.gz -C /schroots/reproducible-alpine.new, \
	/bin/tar --mtime=* --clamp-mtime -C /srv/workspace/* -cf *, \
	/usr/sbin/chroot /schroots/*, \
	/usr/sbin/chroot /chroots/*, \
	/usr/sbin/chroot /media/*, \
	/bin/ls -la /media/*, \
	/bin/rm -rf --one-file-system /chroots/*, \
	/bin/rm -rf --one-file-system /schroots/*, \
	/bin/rm -rf --one-file-system /srv/workspace/tempdir/*, \
	/bin/rm -rf --one-file-system /srv/workspace/pbuilder/*, \
	/bin/rm -rf --one-file-system /srv/workspace/live-build*, \
	/bin/rm -rf --one-file-system /srv/workspace/mmdebstrap*, \
	/bin/rm -rf --one-file-system /srv/workspace/debootstrap*, \
	/bin/rm -rf --one-file-system /srv/workspace/cdebootstrap*, \
	/bin/rm -rf --one-file-system /var/lib/sbuild/build/*, \
	/bin/rm -rf --one-file-system /var/lib/schroot/union/*, \
	/bin/rm -rf --one-file-system /tmp/*, \
	/bin/rm -rv --one-file-system /tmp/*, \
	/bin/mv /chroots/* /schroots/*, \
	/bin/mv /schroots/* /schroots/*, \
	/bin/umount -l /chroots/*, \
	/bin/umount -l /schroots/*, \
	/bin/umount -l /media/*, \
	/bin/umount /srv/schroots/*, \
	/bin/rmdir /media/*, \
	/bin/mount -o loop*, \
	/bin/mount --bind *, \
	/usr/bin/du *, \
	/bin/kill *, \
	/usr/bin/file *, \
	/bin/dd if=/dev/zero of=/dev/jenkins*, \
	/usr/bin/qemu-system-x86_64 *, \
	/usr/bin/qemu-img *, \
	/sbin/lvcreate *, /sbin/lvremove *, /sbin/lvdisplay *, \
	/bin/mkdir -p /media/*, \
	/bin/mkdir -p /srv/fakeroot-foreign/*, /bin/chown -R jenkins\:jenkins /srv/fakeroot-foreign/*, \
	/usr/bin/guestmount *, \
	/bin/cp -rv /media/*, /usr/sbin/adduser jenkins docker \
	/bin/chown -R jenkins\:jenkins /var/lib/jenkins/jobs/*, \
	SETENV: NOPASSWD: /usr/sbin/pbuilder *, \
	SETENV: NOPASSWD: /usr/bin/timeout -k ??.?h ??h /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder *, \
	SETENV: NOPASSWD: /usr/bin/timeout -k ??.?h ??h /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder *, \
	/bin/mv /var/cache/pbuilder/*base*.tgz /var/cache/pbuilder/*base*.tgz, \
	/bin/rm /var/cache/pbuilder/*base*.tgz, \
	/bin/rm -v /var/cache/pbuilder/*base*.tgz, \
	/bin/rm /var/cache/pbuilder/result/*, \
	/usr/bin/dcmd rm *.changes, \
	/usr/bin/dcmd rm *.dsc, \
	/usr/bin/apt-get update, \
	/usr/bin/killall timeout, \
	/usr/sbin/slay 1111, \
	/usr/sbin/slay 2222, \
	/usr/sbin/slay jenkins, \
	/bin/chmod -R a+rX /var/lib/libvirt/images

# keep these environment variables
Defaults        env_keep += "http_proxy", env_reset