Koji 1.27.0 Release notes

All changes can be found in `the roadmap <https://pagure.io/koji/roadmap/1.27/>`_.
Most important changes are listed here.

Migrating from Koji 1.26/1.26.1

For details on migrating see :doc:`../migrations/migrating_to_1.27`

Security Fixes


Client Changes
**set-task-priority permission error fix**

| PR: https://pagure.io/koji/pull-request/2999

CLI confusingly reported "closed task" even in case when user was "just" missing
the admin permission.

**Honour --force-auth for anonymous commands**

| PR: https://pagure.io/koji/pull-request/3010

This option was not respected in some cases.

**Propagate error in write-signed-copies**

| PR: https://pagure.io/koji/pull-request/3020
| PR: https://pagure.io/koji/pull-request/3093
| PR: https://pagure.io/koji/pull-request/3107

Due to speedup changes some errors could have been hidden. Now we're catching
them all and displaying properly in write-signed-copies command.

**Be tolerant of stops/jumps kwargs in list-tag-inheritance**

| PR: https://pagure.io/koji/pull-request/3055

Older client can emit errors when used against a newer hub as it could use
already deprecated options. We're now more tolerant to these.

**Dist-repo with write-signed-rpm option**

| PR: https://pagure.io/koji/pull-request/3058

New option for dist-repo --write-signed-rpms. As there could be
garbage-collected signed copies, dist-repo can fail and these rpms must be
manually reconstructed. This new option will allow user with `sign` permission
to prepare required rpms to be ready for the ``distRepo`` task.

**call --json default option set up to str**

| PR: https://pagure.io/koji/pull-request/3066

Bugfix for converting some datetime values to proper json when using ``call``

**Add option for UTC time in list-history**

| PR: https://pagure.io/koji/pull-request/3090

``list-history`` now accepts ``--utc`` option which will display dates in UTC
instead of local timezone.

API Changes
**listBuilds/list-builds filtering via CG**

| PR: https://pagure.io/koji/pull-request/3009
| PR: https://pagure.io/koji/pull-request/3111

API call ``listBuilds`` (and its CLI counterpart) now accepts ``cgID``
(``--cg``) option which adds another filter based on content generator type.

**Deprecate taskReport**

| PR: https://pagure.io/koji/pull-request/3036

This call will be removed in the future.

**queryRPMSigs accepts RPM ID, NVRA and dict**

| PR: https://pagure.io/koji/pull-request/3064

To be aligned with other calls, ``queryRPMSigs`` now accepts all rpm ID
specifications (integer ID, NVRA string or NVRA dict)

**Deprecate koji.listFaults**

| PR: https://pagure.io/koji/pull-request/3082

Another candidate for removal

**Deprecated force option in groupReqListRemove call**

| PR: https://pagure.io/koji/pull-request/3089

And another one

**getBuildType: ensure id exists in buildinfo dict**

| PR: https://pagure.io/koji/pull-request/3092

More robust handling of input (NVR dict is sufficient now)

**Add strict option to listTagged, listTaggedRPMS, listTaggedArchives**

| PR: https://pagure.io/koji/pull-request/3095

For better differentiation between empty results for correct inputs and wrong
inputs (non-existing tag, etc.) ``strict`` option was added to these calls.

Builder Changes
**Import guestfs before dnf**

| PR: https://pagure.io/koji/pull-request/2993

Linking conflicts between json-parsing libraries used by guestfs and dnf led us
to include a small hack. Now it should be again possible to build docker images
via ``oz``.

**Better error messages for Task.lock()**

| PR: https://pagure.io/koji/pull-request/3007

Improved error logging related to multiple builders competing in task

**Restart kojid and kojira services automatically**

| PR: https://pagure.io/koji/pull-request/3040

``systemd`` services were updated to automatically restart on failure with one
minute delay.

**Retry get_next_release to avoid race condition**

| PR: https://pagure.io/koji/pull-request/3103

In rare cases there was still race condition with starting image/maven builds
with same auto-incremented release. This should fix this behaviour completely.

System Changes
**Honour taginfo option in policy_get_build_tags**

| PR: https://pagure.io/koji/pull-request/2989

Deleted buildtags can break some policies. As these are more frequent these days
(via sidetag usage patterns) we have also hit this problem. It should be fixed

**Fix scripts for koji pkg and drop utils from py2**

| PR: https://pagure.io/koji/pull-request/3002

Packaging fixes for regression. ``koji-utils`` are py3-only.

**Create symlink before import**

| PR: https://pagure.io/koji/pull-request/3004

Windows builds were not properly handling importing builds back to hub if volume
policy put the build to non-default volume.

**Speedup untagged_builds query**

| PR: https://pagure.io/koji/pull-request/3005

``untagged_builds`` call is used by garbage collection and it is now about 100%
faster. It doesn't matter that much to GC itself as it needn't to be
particularly fast but other queries/users are not blocked by this query lock.

**Support packages that are head-signed**

| PR: https://pagure.io/koji/pull-request/3012

DSA and RSA header signatures (RPMv4 scheme) support.

**Tasks respect disabled channels**

| PR: https://pagure.io/koji/pull-request/3030
| PR: https://pagure.io/koji/pull-request/3124

In last release option to "disable" channel was introduced. Anyway, tasks were
happily requesting those channels and were never executed as no builder picked
them. Now they fail immediately if the channel is disabled/non-existent in the
moment of task creation.

**Check spec_url for wrapperRPM task source policy test**

| PR: https://pagure.io/koji/pull-request/3047

``wrapperRPM`` tasks now properly propagate data for ``source`` policy test.

**Allow user on git://, git+http://, git+https://, and git+rsync:// scheme**

| PR: https://pagure.io/koji/pull-request/3067

We've not propagated username (or token) to builder. As this data are already
visible in task it doesn't make sense to conceal them on the builder. There are
legitimate cases when token is used, so we are now propagating it without

**Logging warning messages about deleteBuild or deletedRPMSig**

| PR: https://pagure.io/koji/pull-request/3076

Last release introduced ``deleteRPMSig`` API call. It is the second call which
irrecoverably destroys build data so it should be better logged. We're now
capturing more data in the logs (especially the user).

**Remove translation stub functions**

| PR: https://pagure.io/koji/pull-request/3077

We've never used the i18n ``_`` call and we don't plan to introduce any
translation. So, we've decided to remove these stubs to make code a bit more
readable and consistent.

**Add specfile log to wrapperRPM**

| PR: https://pagure.io/koji/pull-request/3078

As specfile in ``wrapperRPM`` is modified from template it is nice to store this
file in similar way to modified kickstarts in oz tasks.

**Allow kojiweb to proxy users obtained via different mechanisms**

| PR: https://pagure.io/koji/pull-request/3008

New ``proxyauthtype`` option is introduced to ``gssapi_login`` and ``ssl_login``
methods. It allows user1 (typically web interface) to proxy another user2 (via
standard ``proxyuser`` option) with different authentication mechanism than
user1. E.g. user is authenticated to webui by gssapi, while webui itself
authenticates via SSL certificate.


**Don't throw exception when auth fails**

| PR: https://pagure.io/koji/pull-request/3099

More proper exit when authentication fails to not trigger abrt.

**Implement ignore_other_volumes option**

| PR: https://pagure.io/koji/pull-request/3126

Option to forbid kojira to delete repos on non-default volumes.

**Some documentation updates**
| PR: https://pagure.io/koji/pull-request/2994
| PR: https://pagure.io/koji/pull-request/2995
| PR: https://pagure.io/koji/pull-request/2996
| PR: https://pagure.io/koji/pull-request/2997
| PR: https://pagure.io/koji/pull-request/3000
| PR: https://pagure.io/koji/pull-request/3013
| PR: https://pagure.io/koji/pull-request/3023
| PR: https://pagure.io/koji/pull-request/3029
| PR: https://pagure.io/koji/pull-request/3038
| PR: https://pagure.io/koji/pull-request/3051
| PR: https://pagure.io/koji/pull-request/3062
| PR: https://pagure.io/koji/pull-request/3070
| PR: https://pagure.io/koji/pull-request/3085
| PR: https://pagure.io/koji/pull-request/3086
| PR: https://pagure.io/koji/pull-request/3096
| PR: https://pagure.io/koji/pull-request/3102
| PR: https://pagure.io/koji/pull-request/3021
| PR: https://pagure.io/koji/pull-request/3026

**New tests**
| PR: https://pagure.io/koji/pull-request/3027
| PR: https://pagure.io/koji/pull-request/3037
| PR: https://pagure.io/koji/pull-request/3056
| PR: https://pagure.io/koji/pull-request/3075

**Basic security checks with bandit**

| PR: https://pagure.io/koji/pull-request/3043