#3026 add warnings for remove-sig
Merged 8 months ago by tkopecek. Opened 8 months ago by ktdreyer.
ktdreyer/koji warn-remove-sig  into  master

file modified
+3 -1
@@ -1664,7 +1664,9 @@ 

  def handle_remove_sig(goptions, session, args):

      "[admin] Remove signed RPMs from db and disk"

      usage = _("usage: %prog remove-sig [options] <rpm-id/n-v-r.a/rpminfo>")

-     parser = OptionParser(usage=get_usage_str(usage))

+     description = _("Only use this method in extreme situations, because it ")

+     description += _("goes against Koji's design of immutable, auditable data.")

+     parser = OptionParser(usage=get_usage_str(usage), description=description)

      parser.add_option("--sigkey", action="store", default=None, help=_("Specify signature key"))

      parser.add_option("--all", action="store_true", default=False,

                        help=_("Remove all signed copies for specified RPM"))

@@ -146,9 +146,10 @@ 

  

  | PR: https://pagure.io/koji/pull-request/2965

  

- New call for removing signatures. This call should be used only in extreme

- situations as it is going partly against auditable nature of koji's date, so it

- is limited only for ``admin`` permission (``sign`` is not sufficient here).

+ The ``deleteRPMSig`` hub call removes RPM signatures from Koji. Only use this

+ method in extreme situations, because it goes against Koji's design of

+ immutable, auditable data. This call requires ``admin`` permission (``sign``

+ is not sufficient).

  

  VM

  --

file modified
+8
@@ -7622,6 +7622,9 @@ 

  def delete_rpm_sig(rpminfo, sigkey=None, all_sigs=False):

      """Delete rpm signature

  

+     Only use this method in extreme situations, because it goes against

+     Koji's design of immutable, auditable data.

+ 

      :param dict/str/id rpm: map containing 'name', 'version', 'release', and 'arch'

                              string N-V-R.A

                              int ID
@@ -12063,6 +12066,11 @@ 

      def deleteRPMSig(self, rpminfo, sigkey=None, all_sigs=False):

          """Delete rpm signature

  

+         Only use this method in extreme situations, because it goes against

+         Koji's design of immutable, auditable data.

+ 

+         This call requires ``admin`` permission (``sign`` is not sufficient).

+ 

          :param dict/str/id rpm: map containing 'name', 'version', 'release', and 'arch'

                                  string N-V-R.A

                                  int ID

@@ -23,6 +23,9 @@ 

              """Usage: %s remove-sig [options] <rpm-id/n-v-r.a/rpminfo>

  (Specify the --help global option for a list of other help options)

  

+ Only use this method in extreme situations, because it goes against Koji's

+ design of immutable, auditable data.

+ 

  Options:

    -h, --help       show this help message and exit

    --sigkey=SIGKEY  Specify signature key

Update all references to remove-sig to explain that admins should not normally run this.

Metadata Update from @tkopecek:
- Pull-request tagged with: doc, no_qe

8 months ago

Commit 70817c9 fixes this pull-request

Pull-Request has been merged by tkopecek

8 months ago