From 477fb48b67b58d95ca8fb8874aa6b4c6dece19f2 Mon Sep 17 00:00:00 2001 From: Tomas Kopecek Date: Jun 19 2020 11:21:53 +0000 Subject: [PATCH 1/4] per-tag settings for mock's sign plugin Based on amessina's patch Fixes: https://pagure.io/koji/issue/84 --- diff --git a/builder/kojid b/builder/kojid index 77542b6..fd1704f 100755 --- a/builder/kojid +++ b/builder/kojid @@ -290,6 +290,19 @@ class BuildRoot(object): opts['package_manager'] = self.config['extra']['mock.package_manager'] if 'mock.yum.module_hotfixes' in self.config['extra']: opts['module_hotfixes'] = self.config['extra']['mock.yum.module_hotfixes'] + # Append opts['plugin_conf'] to enable Mock package signing + if 'mock.plugin_conf.sign_enable' in self.config['extra']: + # check rest of configuration + if 'mock.plugin_conf.sign_cmd' not in self.config['extra'] or \ + 'mock.plugin_conf.sign_opts' not in self.config['extra']: + raise koji.GenericError("Tag is not configured properly for mock's sign plugin'") + opts['plugin_conf'] = { + 'sign_enable': self.config['extra']['mock.plugin_conf.sign_enable'], + 'sign_opts': { + 'cmd': self.config['extra']['mock.plugin_conf.sign_opts.cmd'], + 'opts': self.config['extra']['mock.plugin_conf.sign_opts.opts'], + } + } if self.internal_dev_setup is not None: opts['internal_dev_setup'] = bool(self.internal_dev_setup) opts['tag_macros'] = {} diff --git a/koji/__init__.py b/koji/__init__.py index f141c61..ed4c75a 100644 --- a/koji/__init__.py +++ b/koji/__init__.py @@ -1648,6 +1648,8 @@ name=build 'yum_cache_enable': False, 'root_cache_enable': False } + # Append config_opts['plugin_conf'] to enable Mock package signing + plugin_conf.update(opts.get('plugin_conf', {})) macros = { '%_rpmfilename': '%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm', @@ -1689,7 +1691,14 @@ name=build parts.append("\n") for key in sorted(plugin_conf): value = plugin_conf[key] - parts.append("config_opts['plugin_conf'][%r] = %r\n" % (key, value)) + # allow two-level dicts + if isinstance(value, dict): + parts.append("config_opts['plugin_conf'][%r] = {}\n" % key) + for key2 in sorted(value): + value2 = value[key2] + parts.append("config_opts['plugin_conf'][%r][%r] = %r\n" % (key, key2, value2)) + else: + parts.append("config_opts['plugin_conf'][%r] = %r\n" % (key, value)) parts.append("\n") if bind_opts: From 8e7b616ca44a545f0834441d0d8b2992ab9afc2c Mon Sep 17 00:00:00 2001 From: Tomas Kopecek Date: Jun 19 2020 11:21:53 +0000 Subject: [PATCH 2/4] fix option names --- diff --git a/builder/kojid b/builder/kojid index fd1704f..0237c0e 100755 --- a/builder/kojid +++ b/builder/kojid @@ -299,8 +299,8 @@ class BuildRoot(object): opts['plugin_conf'] = { 'sign_enable': self.config['extra']['mock.plugin_conf.sign_enable'], 'sign_opts': { - 'cmd': self.config['extra']['mock.plugin_conf.sign_opts.cmd'], - 'opts': self.config['extra']['mock.plugin_conf.sign_opts.opts'], + 'cmd': self.config['extra']['mock.plugin_conf.sign_cmd'], + 'opts': self.config['extra']['mock.plugin_conf.sign_opts'], } } if self.internal_dev_setup is not None: From baa14dd38e6c851be83f666fdf8668955ae13c95 Mon Sep 17 00:00:00 2001 From: Tomas Kopecek Date: Jun 19 2020 11:21:53 +0000 Subject: [PATCH 3/4] update docs --- diff --git a/docs/source/using_the_koji_build_system.rst b/docs/source/using_the_koji_build_system.rst index e7b5327..bce87d8 100644 --- a/docs/source/using_the_koji_build_system.rst +++ b/docs/source/using_the_koji_build_system.rst @@ -391,7 +391,7 @@ environment follows: * ``mock.package_manager`` - If this is set, it will override mock's default package manager. Typically used with ``yum`` or ``dnf`` values. -* ``mock.new_chroot`` - 0/1 value. If it is set, `--new-chroot` or +* ``mock.new_chroot`` - 0/1 value. If it is set, ``--new-chroot`` or `--old-chroot` option is appended to any mock call. If it is not set, mock's default behavior is used. * ``mock.use_bootstrap`` - 0/1 value. If it is set, ``--bootstrap-chroot`` @@ -429,7 +429,21 @@ environment follows: - this option will automatically turn ``mock.use_bootstrap`` (this is how it is implemented in mock) - +* ``mock.yum.module_hotfixes`` - 0/1 value. If set, yum/dnf will use packages + regardless if they come from modularity repo or not. It makes sense only for + tags with external repositories. (See dnf `docs + `__) + +* `mock signing plugin + `__ - + Options ``mock.plugin_conf.sign_enable``, ``mock.plugin_conf.sign_cmd`` and + ``mock.plugin_conf.sign_opts`` are propagated to mock conf to be used by this + plugin. Note, that these tools are run outside of the jailed env. Note, that + this functionality doesn't interfere with koji's standard signing commands + (``import-sig``, ``write-signed-rpm``, etc.). Note, that rpmsign vs gpg must + be configured correctly. If it is not it a) can silently ignore problems + during signing b) can hang forever when e.g. gpg password store is not + accessible. You may also specify per-tag environment variables for mock to use. For example, to set the CC environment variable to clang, you could From ae1561876c0193ba22bfdb6fcba52b3c82265cd3 Mon Sep 17 00:00:00 2001 From: Tomas Kopecek Date: Jun 19 2020 11:23:59 +0000 Subject: [PATCH 4/4] flake8 fix --- diff --git a/builder/kojid b/builder/kojid index 0237c0e..ef51c10 100755 --- a/builder/kojid +++ b/builder/kojid @@ -293,9 +293,9 @@ class BuildRoot(object): # Append opts['plugin_conf'] to enable Mock package signing if 'mock.plugin_conf.sign_enable' in self.config['extra']: # check rest of configuration - if 'mock.plugin_conf.sign_cmd' not in self.config['extra'] or \ - 'mock.plugin_conf.sign_opts' not in self.config['extra']: - raise koji.GenericError("Tag is not configured properly for mock's sign plugin'") + if ('mock.plugin_conf.sign_cmd' not in self.config['extra'] or + 'mock.plugin_conf.sign_opts' not in self.config['extra']): + raise koji.GenericError("Tag is not configured properly for mock's sign plugin'") opts['plugin_conf'] = { 'sign_enable': self.config['extra']['mock.plugin_conf.sign_enable'], 'sign_opts': {