koji

Clone

#3951 build_from_srpm policy not really superceded?
Opened 5 months ago by alexi. Modified 5 months ago

Open
Close issue as:
Invalid Insufficient data Fixed Duplicate Dropped

The current documentation states that:

build_rpm: control whether builds are allowed, this is superceding older build_from_srpm

We just updated our policies to include only build_rpm and we had some non-scratch build failures with the following error:

ActionNotAllowed: policy violation (build_from_srpm): only admin can do this via default policy

These errors went away when we added build_from_srpm policies, to be the same as build_rpm. Looking at https://pagure.io/koji/blob/master/f/builder/kojid#_1066, lines 1066-1068 and 1072, it would seem like in fact both policies are necessary in order to build non-scratch RPMs. Is this a bug, or the intended behavior (and therefore the documentation is incorrect)?

Ouch, documentation is not clear here. Policy is still enforced for backward compatibility and rhel6 builders "but" deprecated. It should mean (as you don't have such deployment): Set up build_from_srpm and build_from_repo_id as all :: allow and all requested logic place into build_rpm policy instead. The first two policies can disappear in some new release, so it is not good practice to rely on them.

Metadata Update from @tkopecek:
- Custom field Size adjusted to None
5 months ago

Metadata Update from @tkopecek:
- Issue tagged with: doc, easyfix
5 months ago

Ok, thanks for the clarification. build_from_scm will continue to exist, it won't be replaced with build_rpm, right?

Yes, it will stay. In some usecases it doesn't have an obvious difference. But build_rpm doesn't know git details which will be seen later when buildSRPMFromSCM will check out the sources (git branches, etc.). So, you'll e.g. know scm url in the build_rpm and can decide to not build from that location at all, but more checks couldn't be run until build_from_scm is consulted.

PR #3952

So does this mean that for a scm build, build_rpm will still be checked first? Currently I have all the policies duplicated, should build_from_scm just be all :: allow and just have all the logic in build_rpm?
Edited 5 months ago by alexi

Login to comment on this ticket.

Metadata
None

doc easyfix

None
None
Normal
None
None
Related Pull Requests
  • #3952 Last updated 4 months ago
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.