| |
@@ -0,0 +1,274 @@
|
| |
+ Koji 1.15 Release Notes
|
| |
+ =======================
|
| |
+
|
| |
+ Migrating from the previous release
|
| |
+ -----------------------------------
|
| |
+
|
| |
+ For details on migrating see :doc:`migrating_to_1.15`
|
| |
+
|
| |
+
|
| |
+ Client Changes
|
| |
+ --------------
|
| |
+
|
| |
+
|
| |
+ Display license Info
|
| |
+ ^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/686
|
| |
+
|
| |
+
|
| |
+ The ``rpminfo`` command now displays the ``License`` field from the rpm.
|
| |
+
|
| |
+
|
| |
+ Keytabs for GSSAPI authentication
|
| |
+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/708
|
| |
+
|
| |
+ Previously keytabs were only supported by the older kerberos auth method, which
|
| |
+ is not available on Python 3. Now the gssapi method supports them as well.
|
| |
+
|
| |
+
|
| |
+ Add krb_canon_host option
|
| |
+ ^^^^^^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/653
|
| |
+
|
| |
+ This release adds a ``krb_canon_host`` option that tells Koji clients
|
| |
+ to use the dns canonical hostname for kerberos auth.
|
| |
+
|
| |
+ This option allows kerberos authentication to work in situations where
|
| |
+ the hub is accessed via a cname, but the hub's credentials are under
|
| |
+ its canonical hostname.
|
| |
+
|
| |
+ If specified, this option takes precedence over the older
|
| |
+ option named ``krb_rdns``. That option caused Koji clients to perform a
|
| |
+ reverse name lookup for kerberos auth.
|
| |
+
|
| |
+ When configuring kojiweb (in web.conf), the option is named ``KrbCanonHost``.
|
| |
+
|
| |
+ Both options only affect the older kerberos authentication path, and not
|
| |
+ gssapi.
|
| |
+
|
| |
+
|
| |
+ Watch-task return code
|
| |
+ ^^^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/703
|
| |
+
|
| |
+ Previously, the ``watch-task`` command would return a non-zero exit status
|
| |
+ if any subtask failed, even if this did not cause the parent task to fail.
|
| |
+
|
| |
+ Now that we have cases where subtasks are optional, this no longer makes sense.
|
| |
+ The exit code is now based solely on the results of
|
| |
+ the top level tasks it is asked to watch.
|
| |
+
|
| |
+
|
| |
+ New runroot options
|
| |
+ ^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/633
|
| |
+
|
| |
+ The ``runroot`` command now supports options similar to the various build commands. These new
|
| |
+ options are:
|
| |
+
|
| |
+
|
| |
+ .. code-block:: text
|
| |
+
|
| |
+ --nowait Do not wait on task
|
| |
+ --watch Watch task instead of printing runroot.log
|
| |
+ --quiet Do not print the task information
|
| |
+
|
| |
+
|
| |
+ New watch-logs options
|
| |
+ ^^^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/625
|
| |
+
|
| |
+ The ``watch-logs`` command now supports the following new options:
|
| |
+
|
| |
+ .. code-block:: text
|
| |
+
|
| |
+ --mine Watch logs for all your tasks
|
| |
+ --follow Follow spawned child tasks
|
| |
+
|
| |
+
|
| |
+ Web UI changes
|
| |
+ --------------
|
| |
+
|
| |
+ Archive component display
|
| |
+ ^^^^^^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/610
|
| |
+
|
| |
+ Previously, the web UI only displayed component lists for image builds.
|
| |
+ However, new build types can also have component lists.
|
| |
+
|
| |
+ Now the interface will display components for any archive that has them.
|
| |
+
|
| |
+
|
| |
+ Display license Info
|
| |
+ ^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/686
|
| |
+
|
| |
+
|
| |
+ The ``rpminfo`` page now displays the ``License`` field from the rpm.
|
| |
+
|
| |
+
|
| |
+ Show suid bit
|
| |
+ ^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/617
|
| |
+
|
| |
+ The web UI will now display the setuid bit when displaying rpm/archive file contents.
|
| |
+
|
| |
+
|
| |
+
|
| |
+
|
| |
+ Builder changes
|
| |
+ ---------------
|
| |
+
|
| |
+
|
| |
+ Alternate tmpdir for mock chroots
|
| |
+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/602
|
| |
+
|
| |
+
|
| |
+ Recent versions of mock (1.4+) default to ``use_nspawn=True``, which results
|
| |
+ in /tmp being a fresh tmpfs mount on every run. This means the /tmp
|
| |
+ directory no longer persists outside of the mock invocation.
|
| |
+
|
| |
+ Now, the builder will use /builddir/tmp instead of /tmp for persistent data.
|
| |
+
|
| |
+
|
| |
+ Store git commit hash
|
| |
+ ^^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/674
|
| |
+
|
| |
+ In Koji, for builds from an SCM, the source is specified as an
|
| |
+ scm url.
|
| |
+ For git urls, the revision in that url can be anything that git
|
| |
+ will recognize, including:
|
| |
+
|
| |
+ - a sha1 ref
|
| |
+ - an abbreviated sha1 ref
|
| |
+ - a branch name
|
| |
+ - a tag
|
| |
+ - HEAD
|
| |
+
|
| |
+ With this change:
|
| |
+
|
| |
+ * the revision is replaced with the full sha1 ref for git urls
|
| |
+ * the scm url is stored in build.source
|
| |
+ * the original scm url is saved in build.extra
|
| |
+
|
| |
+ Previously, this source url was not properly stored for rpm builds. It
|
| |
+ appeared in the task parameters, but the build.source field remained blank.
|
| |
+ If a symbolic git ref (e.g. HEAD) was given in the url, the underlying
|
| |
+ sha1 value was only recorded in the task logs.
|
| |
+
|
| |
+
|
| |
+
|
| |
+ System changes
|
| |
+ --------------
|
| |
+
|
| |
+
|
| |
+ Volume policy support
|
| |
+ ^^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/622
|
| |
+
|
| |
+ Koji has for many years had the ability to split its storage across multiple
|
| |
+ volumes. However, there is no automatic process for placing builds onto
|
| |
+ volumes other than the primary. To do so often requires a lot of manual work
|
| |
+ from an admin.
|
| |
+
|
| |
+ This feature:
|
| |
+
|
| |
+ * adds a volume policy check to the key import pathways
|
| |
+ * adds an applyVolumePolicy call to apply the policy to existing builds
|
| |
+
|
| |
+ The hub consults the volume policy at various points to
|
| |
+ determine where a build should live. This allows admins to make rules like:
|
| |
+
|
| |
+ - all kernel builds go to the volume named kstore
|
| |
+ - all builds built from the epel-7-build tag go to the volume named epel7
|
| |
+ - all builds from the osbs content generator go to the volume named osbs
|
| |
+
|
| |
+ The default policy places all builds on the default volume.
|
| |
+
|
| |
+ See also: :doc:`volumes`
|
| |
+
|
| |
+ Messagebus plugin changes
|
| |
+ ^^^^^^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/537
|
| |
+
|
| |
+ There are two notable changes to the messagebus plugin this release:
|
| |
+
|
| |
+
|
| |
+ Deferred sending
|
| |
+ """"""""""""""""
|
| |
+
|
| |
+ Similar to the current behavior of the protonmsg plugin, messages are queued
|
| |
+ up during hub calls and only sent out during the ``postCommit`` callback.
|
| |
+
|
| |
+ This avoids sending messages about failed calls, which can be confusing to
|
| |
+ message consumers (e.g. build state change messages about a build that does
|
| |
+ not exist because it failed to import).
|
| |
+
|
| |
+ Test mode
|
| |
+ """""""""
|
| |
+
|
| |
+ The plugin now looks for a boolean ``test_mode`` option. If it is true, then
|
| |
+ the messages are still queued up, but not actually sent. This makes it
|
| |
+ possible to enable the plugin in test environments without having to set up a
|
| |
+ separate message bus.
|
| |
+
|
| |
+
|
| |
+ Protonmsg plugin changes
|
| |
+ ^^^^^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/657
|
| |
+ | PR: https://pagure.io/koji/pull-request/651
|
| |
+
|
| |
+ There are two changes to how the protonmsg plugin handles rpmsign events:
|
| |
+
|
| |
+ 1. The arch of the rpm is included in messages
|
| |
+ 2. The message are omitted when the sigkey is empty
|
| |
+
|
| |
+
|
| |
+
|
| |
+ No notifications for disabled users or hosts
|
| |
+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/615
|
| |
+
|
| |
+
|
| |
+ Koji will no longer send out email notifications to disabled users or
|
| |
+ to users corresponding to a host.
|
| |
+
|
| |
+
|
| |
+ Replace pycurl with requests
|
| |
+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/601
|
| |
+
|
| |
+ All uses of the pycurl library have been replaced with calls
|
| |
+ to python-requests, so pycurl is no longer required.
|
| |
+
|
| |
+
|
| |
+ Drop importBuildInPlace call
|
| |
+ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
| |
+
|
| |
+ | PR: https://pagure.io/koji/pull-request/606
|
| |
+
|
| |
+ The deprecated ``importBuildInPlace`` call has been dropped.
|
| |
+
|
| |
+ This call was an artifact of a particular bootstrap event that happened a long
|
| |
+ time ago. It was never really documented or recommended for use.
|
| |
+
|
| |
+
|
| |
Final changes for the 1.15.0 release
Fixes #745