Issue #3018: deleteRPMSign should be more verbose and optional - koji

koji

#3018 deleteRPMSign should be more verbose and optional

Closed: Fixed 2 years ago by julian8628. Opened 2 years ago by tkopecek.

Current level of messages (info) can be missed in some envs. As it is dangerous operation it should be logged always (with user doing that)
This API point should be turned on optionally - not all environments want such things
Same could be done for deleteBuild

In https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/RWILIHQJEKIQM5LAH7UJ7KMRPZEXCKQL/ @kevin wrote "no longer shipped packages have their signed packages removed after a while to save space"

What is performing that action?

tkopecek commented 2 years ago

koji prune-signed-copies run via cronjob typically. Anyway, it is removing only signed copies (from signed directoty) not signatures themselves (they are still in sigcache) and can be reconstructed via write-signed-rpms. Neither it deletes signature info from database. deleteRPMSign call completely destroys the signature.

Metadata Update from @tkopecek:
- Custom field Size adjusted to None

2 years ago

ktdreyer commented 2 years ago

Thanks for explaining this. I think we could improve the --help docs to explain the differences between prune-signed-copies and remove-sig.

As far as making this API optional, it's going to make QE more difficult if we add another hub configurable. Users will probably always toggle it "on", too and then forget about it. As a compromise, PR #3026 adds warnings to the RPC docs and CLI so users don't casually see the command in --help and try to run this without thinking about it.