#6572 Kerberize all the tooling
Closed 3 years ago by ausil. Opened 3 years ago by puiterwijk.
puiterwijk/releng kerberize  into  master

file modified
+2 -2
@@ -84,8 +84,8 @@ 

      Get a list of all blocked and unblocked packages in a branch.

      """

      url = PRODUCTION_KOJI if not staging else STAGING_KOJI

-     kojisession = koji.ClientSession(url)

-     kojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

+     kojisession = koji.ClientSession(url, {'krb_rdns': False})

+     kojisession.krb_login()

      pkglist = kojisession.listPackages(tagID=tag, inherited=True)

      blocked = []

      unblocked = []

file modified
+3 -8
@@ -19,11 +19,6 @@ 

  REMOTEKOJIHUB = 'http://koji.fedoraproject.org/kojihub'

  PACKAGEURL = 'http://kojipkgs.fedoraproject.org/'

  

- # Should probably set these from a koji config file

- SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert')

- CLIENTCA = os.path.expanduser('~/.fedora-server-ca.cert')

- CLIENTCERT = os.path.expanduser('~/.fedora.cert')

- 

  workpath = '/tmp/build-recent'

  

  loglevel = logging.DEBUG
@@ -139,9 +134,9 @@ 

  

  # setup the koji session

  logging.info('Setting up koji session')

- localkojisession = koji.ClientSession(LOCALKOJIHUB)

- remotekojisession = koji.ClientSession(REMOTEKOJIHUB)

- localkojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

+ localkojisession = koji.ClientSession(LOCALKOJIHUB, {'krb_rdns': False})

+ remotekojisession = koji.ClientSession(REMOTEKOJIHUB, {'krb_rdns': False})

+ localkojisession.krb_login()

  

  tag = 'f18-rebuild'

  

file modified
+3 -3
@@ -130,9 +130,9 @@ 

  

  # setup the koji session

  logging.info('Setting up koji session')

- localkojisession = koji.ClientSession(LOCALKOJIHUB)

- remotekojisession = koji.ClientSession(REMOTEKOJIHUB)

- localkojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

+ localkojisession = koji.ClientSession(LOCALKOJIHUB, {'krb_rdns': False})

+ remotekojisession = koji.ClientSession(REMOTEKOJIHUB, {'krb_rdns': False})

+ localkojisession.krb_login()

  

  tag = 'dist-f16'

  

@@ -62,8 +62,8 @@ 

          return -1

  

  

- kojisession = koji.ClientSession(KOJIHUB)

- kojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

+ kojisession = koji.ClientSession(KOJIHUB, {'krb_rdns': False})

+ kojisession.krb_login()

  

  if args.package == []:

      latest_builds = sorted(kojisession.listTagged(args.tag, latest=True),

file modified
+2 -6
@@ -16,13 +16,9 @@ 

  tag = 'f25'

  oldtag = 'f24'

  # Create a koji session

- kojisession = koji.ClientSession('http://ppc.koji.fedoraproject.org/kojihub')

+ kojisession = koji.ClientSession('http://ppc.koji.fedoraproject.org/kojihub', {'krb_rdns': False})

  

- # Log into koji

- clientcert = os.path.expanduser('~/.fedora.cert')

- clientca = os.path.expanduser('~/.fedora-upload-ca.cert')

- serverca = os.path.expanduser('~/.fedora-server-ca.cert')

- kojisession.ssl_login(clientcert, clientca, serverca)

+ kojisession.krb_login()

  

  # Get all builds tagged into the tag w/o inherited builds

  builds = kojisession.listTagged(tag, latest=True)

file modified
+4 -12
@@ -35,11 +35,6 @@ 

  REMOTEKOJIHUB = 'https://koji.fedoraproject.org/kojihub'

  PACKAGEURL = 'http://kojipkgs.fedoraproject.org/'

  

- # Should probably set these from a koji config file

- SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert')

- CLIENTCA = os.path.expanduser('~/.fedora-upload-ca.cert')

- CLIENTCERT = os.path.expanduser('~/.fedora.cert')

- 

  session_opts = {}

  session_opts['krbservice'] = 'host'

  session_opts['krb_rdns'] = False
@@ -69,14 +64,11 @@ 

  # setup the koji session

  logging.info('Setting up koji session')

  localkojisession = koji.ClientSession(LOCALKOJIHUB, session_opts)

- remotekojisession = koji.ClientSession(REMOTEKOJIHUB)

- if os.path.isfile(CLIENTCERT):

-     localckojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

+ remotekojisession = koji.ClientSession(REMOTEKOJIHUB, {'krb_rdns': False})

+ if args.keytab and args.principal:

+     localkojisession.krb_login(principal=args.principal, keytab=args.keytab)

  else:

-     if args.keytab and args.principal:

-         localkojisession.krb_login(principal=args.principal, keytab=args.keytab)

-     else:

-         localkojisession.krb_login()

+     localkojisession.krb_login()

  

  pg = progress.TextMeter()

  

file modified
+4 -7
@@ -148,14 +148,11 @@ 

  # setup the koji session

  logging.info('Setting up koji session')

  localkojisession = koji.ClientSession(LOCALKOJIHUB, session_opts)

- remotekojisession = koji.ClientSession(REMOTEKOJIHUB)

- if os.path.isfile(CLIENTCERT):

-     localckojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

+ remotekojisession = koji.ClientSession(REMOTEKOJIHUB, {'krb_rdns': False})

+ if args.keytab and args.principal:

+     localkojisession.krb_login(principal=args.principal, keytab=args.keytab)

  else:

-     if args.keytab and args.principal:

-         localkojisession.krb_login(principal=args.principal, keytab=args.keytab)

-     else:

-         localkojisession.krb_login()

+     localkojisession.krb_login()

  

  for build in args.build:

      buildinfo = remotekojisession.getBuild(build)

file modified
+3 -3
@@ -28,9 +28,9 @@ 

  clientcrt = os.path.expanduser('~/.fedora.cert')

  primarykoji = 'https://koji.fedoraproject.org/kojihub'

  secondarykoji = 'https://ppc.koji.fedoraproject.org/kojihub' 

- primary = koji.ClientSession(primarykoji)

- secondary = koji.ClientSession(secondarykoji)

- secondary.ssl_login(clientcrt, clientca, serverca) 

+ primary = koji.ClientSession(primarykoji, {'krb_rdns': False})

+ secondary = koji.ClientSession(secondarykoji, {'krb_rdns': False})

+ secondary.krb_login()

  

  # do the thing: 

  

file modified
+2 -2
@@ -95,8 +95,8 @@ 

  # parse the koji-shadow config file, login to our koji:

  ks_config = ConfigParser.ConfigParser()

  ks_config.read(shadowconfig)

- local = koji.ClientSession(ks_config.get("main", "server"))

- local.ssl_login(auth_cert, auth_ca, serverca)

+ local = koji.ClientSession(ks_config.get("main", "server"), {'krb_rdns': False})

+ local.krb_login()

  

  # set up the queues

  buildqueue = deque()

file modified
+2 -5
@@ -21,13 +21,10 @@ 

  tasks = {} # dict of new build task info

  

  # Create a koji session

- kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub')

+ kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub', {'krb_rdns': False})

  

  # Log into koji

- clientcert = os.path.expanduser('~/.fedora.cert')

- clientca = os.path.expanduser('~/.fedora-upload-ca.cert')

- serverca = os.path.expanduser('~/.fedora-server-ca.cert')

- kojisession.ssl_login(clientcert, clientca, serverca)

+ kojisession.krb_login()

  

  # Generate a list of builds to iterate over, sorted by package name

  builds = sorted(kojisession.listTagged(holdingtag, latest=True),

file modified
+2 -2
@@ -60,8 +60,8 @@ 

  

  # setup the koji session

  logging.info('Setting up koji session')

- kojisession = koji.ClientSession(KOJIHUB)

- if not kojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA):

+ kojisession = koji.ClientSession(KOJIHUB, {'krb_rdns': False})

+ if not kojisession.krb_login():

      logging.error('Unable to log into koji')

      sys.exit(1)

  

file modified
+2 -4
@@ -315,6 +315,7 @@ 

          self.options.kojihub = 'http://koji.fedoraproject.org/kojihub'

          self.options.regex = False

          self.options.ignore = []

+         self.options.krb_rdns = False

  

      def create_koji_session(self):

          # used options: debug, debug_xmlrpc, user, password
@@ -742,10 +743,7 @@ 

  

      def cmd_default(self):

          self.tweak_options()

-         clientcert = '/etc/pki/pkgsigner/pkgsigner.pem'

-         clientca = '/etc/pki/pkgsigner/fedora-upload-ca.cert'

-         serverca = '/etc/pki/pkgsigner/fedora-server-ca.cert'

-         self.koji_session.ssl_login(clientcert, clientca, serverca) # NEEDSWORK

+         self.koji_session.krb_login()

          self.print_msg("Getting rpm list from koji")

          if self.options.builds:

              rpms = self.get_build_rpms(self.options.builds)

@@ -51,8 +51,8 @@ 

  for arch in arches:

      print "== Working on Arch: %s" % arch

      # Create a koji session

-     seckojisession = koji.ClientSession('https://%s.koji.fedoraproject.org/kojihub' % arch )

-     seckojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

+     seckojisession = koji.ClientSession('https://%s.koji.fedoraproject.org/kojihub' % arch, {'krb_rdns': False})

+     seckojisession.krb_login()

  

      for tag in tags:

          print "=== Working on tag: %s" % tag

@@ -65,13 +65,10 @@ 

  # Create a koji session

  kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub')

  seckojisession = koji.ClientSession('https://%s.koji.fedoraproject.org/kojihub' % args.arch, session_opts)

- if os.path.isfile(CLIENTCERT):

-     seckojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA)

+ if args.keytab and args.principal:

+     seckojisession.krb_login(principal=args.principal, keytab=args.keytab)

  else:

-     if args.keytab and args.principal:

-         seckojisession.krb_login(principal=args.principal, keytab=args.keytab)

-     else:

-         seckojisession.krb_login()

+     seckojisession.krb_login()

  

  for tag in args.tag:

      print "=== Working on tag: %s ====" % tag