#692 Add smtp authentication support
Merged 2 years ago by tkopecek. Opened 4 years ago by azhelev.
azhelev/koji add-smtp-auth  into  master

file modified
+6
@@ -4647,6 +4647,8 @@ 

          message = koji.fixEncoding(message)

  

          server = smtplib.SMTP(self.options.smtphost)

+         if self.options.smtp_user is not None and self.options.smtp_pass is not None:

+             server.login(self.options.smtp_user, self.options.smtp_pass)

          #server.set_debuglevel(True)

          server.sendmail(from_addr, recipients, message)

          server.quit()
@@ -4852,6 +4854,8 @@ 

          message = koji.fixEncoding(message)

  

          server = smtplib.SMTP(self.options.smtphost)

+         if self.options.smtp_user is not None and self.options.smtp_pass is not None:

+             server.login(self.options.smtp_user, self.options.smtp_pass)

          # server.set_debuglevel(True)

          server.sendmail(from_addr, recipients, message)

          server.quit()
@@ -5596,6 +5600,8 @@ 

                  'distribution': 'Koji',

                  'mockhost': 'koji-linux-gnu',

                  'smtphost': 'example.com',

+                 'smtp_user': None,

+                 'smtp_pass': None,

                  'from_addr': 'Koji Build System <buildsys@example.com>',

                  'krb_principal': None,

                  'host_principal_format': 'compile/%s@EXAMPLE.COM',

file modified
+4
@@ -64,6 +64,10 @@ 

  ; The mail host to use for sending email notifications

  smtphost=example.com

  

+ ; SMTP user and pass (uncomment and fill in if your smtp server requires authentication)

+ ;smtp_user=user@example.com

+ ;smtp_pass=CHANGEME

+ 

  ; The From address used when sending email notifications

  from_addr=Koji Build System <buildsys@example.com>

  

file modified
+8
@@ -76,6 +76,10 @@ 

                        help=_("show xmlrpc debug output"))

      parser.add_option("--smtp-host", metavar="HOST",

                        help=_("specify smtp server for notifications"))

+     parser.add_option("--smtp-user", dest="smtp_user", metavar="USER",

+                       help=_("specify smtp username for notifications"))

+     parser.add_option("--smtp-pass", dest="smtp_pass", metavar="PASSWORD",

+                       help=optparse.SUPPRESS_HELP) # do not allow passwords on a command line

      parser.add_option("--no-mail", action='store_false', default=True, dest="mail",

                        help=_("don't send notifications"))

      parser.add_option("--send-mail", action='store_true', dest="mail",
@@ -147,6 +151,8 @@ 

              ['server', None, 'string'],

              ['weburl', None, 'string'],

              ['smtp_host', None, 'string'],

+             ['smtp_user', None, 'string'],

+             ['smtp_pass', None, 'string'],

              ['from_addr', None, 'string'],

              ['email_domain', None, 'string'],

              ['mail', None, 'boolean'],
@@ -424,6 +430,8 @@ 

              print("Sending warning notice to %s" % msg['To'])

          try:

              s = smtplib.SMTP(options.smtp_host)

+             if options.smtp_user is not None and options.smtp_pass is not None:

+                 s.login(options.smtp_user, options.smtp_pass)

              s.sendmail(msg['From'], msg['To'], msg.as_string())

              s.quit()

          except:

file modified
+4
@@ -23,6 +23,10 @@ 

  # when creating email notifications

  #email_domain = fedoraproject.org

  

+ # SMTP user and pass (uncomment and fill in if your smtp server requires authentication)

+ #smtp_user=user@example.com

+ #smtp_pass=CHANGEME

+ 

  [prune]

  policy =

      #stuff to protect

Add smtp authentication support for notifications mails sent out by the builder

Seems reasonable, though I think we should probably make a similar change in koji-gc.

Also, I wonder if we need to do anything with add_mail_logger. Do you use the admin_emails setting for kojid in your setup? Do you get emails when kojid logs something at the error level?

I do not use admin_emails setting but i have now configured it. I do not know though how to cause a harmless error in kojid intentionally in order to test. Do you have any ideas here?

I will make the change in koji-gc but i have noticed that it exposes every option as a command line argument too and i wonder if there should be an option present to specify smtp password on the command line. It would make the password visible in process list. Should i add "--smtp-user" and "--smtp-pass" cli options too? Or maybe just "--smtp-user" ?

I do not know though how to cause a harmless error in kojid intentionally in order to test. Do you have any ideas here?

One way, I think, is to set some invalid values for rlimit options in kojid.conf. E.g.

RLIMIT_NPROC = 100 100 100

I will make the change in koji-gc but i have noticed that it exposes every option as a command line argument too and i wonder if there should be an option present to specify smtp password on the command line. It would make the password visible in process list. Should i add "--smtp-user" and "--smtp-pass" cli options too? Or maybe just "--smtp-user" ?

Good point. It would definitely not be good practice. At some point we should refactor the options code in koji-gc, but I wouldn't want to require that for this.

Perhaps the simplest way here is to add the cli option, but make it hidden by using help=SUPPRESS_HELP and include a comment in the code about not actually using it.

1 new commit added

  • Add smtp authentication support to koji-gc
4 years ago

Smtp auth support for koji-gc added too.

It seems that add_mail_logger hardcodes the smtp host to localhost. If the local smtp is configured properly the notifications work.

Metadata Update from @tkopecek:
- Pull-request tagged with: testing-ready

2 years ago

Commit 5b232b2 fixes this pull-request

Pull-Request has been merged by tkopecek

2 years ago

Metadata Update from @jcupova:
- Pull-request tagged with: testing-done

2 years ago