PR#1932: per-tag settings for mock's sign plugin - koji

koji

#1932 per-tag settings for mock's sign plugin

Merged 3 years ago by tkopecek. Opened 4 years ago by tkopecek.

tkopecek/koji issue84 into master

flake8 fix

Tomas Kopecek • 3 years ago

ae15618

update docs

Tomas Kopecek • 3 years ago

baa14dd

fix option names

Tomas Kopecek • 3 years ago

8e7b616

per-tag settings for mock's sign plugin

Tomas Kopecek • 3 years ago

477fb48

builder/kojid

file modified

+13

		`@@ -290,6 +290,19 @@`
		`opts['package_manager'] = self.config['extra']['mock.package_manager']`
		`if 'mock.yum.module_hotfixes' in self.config['extra']:`
		`opts['module_hotfixes'] = self.config['extra']['mock.yum.module_hotfixes']`
		`+ # Append opts['plugin_conf'] to enable Mock package signing`
		`+ if 'mock.plugin_conf.sign_enable' in self.config['extra']:`
		`+ # check rest of configuration`
		`+ if ('mock.plugin_conf.sign_cmd' not in self.config['extra'] or`
		`+ 'mock.plugin_conf.sign_opts' not in self.config['extra']):`
		`+ raise koji.GenericError("Tag is not configured properly for mock's sign plugin'")`
		`+ opts['plugin_conf'] = {`
		`+ 'sign_enable': self.config['extra']['mock.plugin_conf.sign_enable'],`
		`+ 'sign_opts': {`
		`+ 'cmd': self.config['extra']['mock.plugin_conf.sign_cmd'],`
		`+ 'opts': self.config['extra']['mock.plugin_conf.sign_opts'],`
		`+ }`
		`+ }`
		`if self.internal_dev_setup is not None:`
		`opts['internal_dev_setup'] = bool(self.internal_dev_setup)`
		`opts['tag_macros'] = {}`

docs/source/using_the_koji_build_system.rst

file modified

+16 -2

		`@@ -391,7 +391,7 @@`

		* ``mock.package_manager`` - If this is set, it will override mock's default
		package manager. Typically used with ``yum`` or ``dnf`` values.
		- * ``mock.new_chroot`` - 0/1 value. If it is set, `--new-chroot` or
		+ * ``mock.new_chroot`` - 0/1 value. If it is set, ``--new-chroot`` or
		`--old-chroot` option is appended to any mock call. If it is not set,
		`mock's default behavior is used.`
		* ``mock.use_bootstrap`` - 0/1 value. If it is set, ``--bootstrap-chroot``
		`@@ -429,7 +429,21 @@`

		- this option will automatically turn ``mock.use_bootstrap`` (this is how
		`it is implemented in mock)`
		`-`
		+ * ``mock.yum.module_hotfixes`` - 0/1 value. If set, yum/dnf will use packages
		`+ regardless if they come from modularity repo or not. It makes sense only for`
		+ tags with external repositories. (See dnf `docs
		+ <https://dnf.readthedocs.io/en/latest/modularity.html#hotfix-repositories>`__)
		`+`
		+ * `mock signing plugin
		+ <https://github.com/rpm-software-management/mock/wiki/Plugin-Sign>`__ -
		+ Options ``mock.plugin_conf.sign_enable``, ``mock.plugin_conf.sign_cmd`` and
		+ ``mock.plugin_conf.sign_opts`` are propagated to mock conf to be used by this
		`+ plugin. Note, that these tools are run outside of the jailed env. Note, that`
		`+ this functionality doesn't interfere with koji's standard signing commands`
		+ (``import-sig``, ``write-signed-rpm``, etc.). Note, that rpmsign vs gpg must
		`+ be configured correctly. If it is not it a) can silently ignore problems`
		`+ during signing b) can hang forever when e.g. gpg password store is not`
		`+ accessible.`

		`You may also specify per-tag environment variables for mock to use.`
		`For example, to set the CC environment variable to clang, you could`

koji/__init__.py

file modified

+10 -1

		`@@ -1648,6 +1648,8 @@`
		`'yum_cache_enable': False,`
		`'root_cache_enable': False`
		`}`
		`+ # Append config_opts['plugin_conf'] to enable Mock package signing`
		`+ plugin_conf.update(opts.get('plugin_conf', {}))`

		`macros = {`
		`'%_rpmfilename': '%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm',`
		`@@ -1689,7 +1691,14 @@`
		`parts.append("\n")`
		`for key in sorted(plugin_conf):`
		`value = plugin_conf[key]`
		`- parts.append("config_opts['plugin_conf'][%r] = %r\n" % (key, value))`
		`+ # allow two-level dicts`
		`+ if isinstance(value, dict):`
		`+ parts.append("config_opts['plugin_conf'][%r] = {}\n" % key)`
		`+ for key2 in sorted(value):`
		`+ value2 = value[key2]`
		`+ parts.append("config_opts['plugin_conf'][%r][%r] = %r\n" % (key, key2, value2))`
		`+ else:`
		`+ parts.append("config_opts['plugin_conf'][%r] = %r\n" % (key, value))`
		`parts.append("\n")`

		`if bind_opts:`

tkopecek commented 4 years ago

Based on amessina's patch

Fixes: https://pagure.io/koji/issue/84

pretty please pagure-ci rebuild

4 years ago

amessina commented on line 8 of builder/kojid 4 years ago

These entries do not normally exist in the dict. The entries from the latest mock config are:

config_opts['plugin_conf']['sign_enable']
config_opts['plugin_conf']['sign_opts']
config_opts['plugin_conf']['sign_opts']['cmd']
config_opts['plugin_conf']['sign_opts']['opts']

ignatenkobrain commented 4 years ago

@tkopecek just curious, will this properly record things in koji's sign functionality? Like list-signed and such will work?

tkopecek commented 4 years ago

I'm afraid, that not. It will behave like bare rpm, so it will skip the add_rpm_sig phase. Need to test, what mock's plugin will really create and maybe update the import_rpm method.

rebased onto 4f19754204b8adca37991e9173dd04da0c433de0

3 years ago

tkopecek commented 3 years ago

Ok, I've fixed one bug and tested that it will correctly parse/save signatures.

Metadata Update from @tkopecek:
- Pull-request tagged with: testing-ready

3 years ago

amessina commented 3 years ago

Thank you @tkopecek. Will this be pulled forward to the next Koji point release?

tkopecek commented 3 years ago

Yes, it is scheduled for 1.22 (not 1.21.1 as it is behaviour-changing patch)

Edited 3 years ago by tkopecek