Koji 1.17.0 Release notes

Migrating from Koji 1.16

For details on migrating see Migrating to Koji 1.17

Security Fixes

CVE-2018-1002161 - SQL injection in multiple remote calls

This release includes the fix for CVE-2018-1002161

Client Changes

Volume id option for livemedia and livecd tasks

The spin-livecd and spin-livemedia commands now accept a --volid argument to specify the volume id for the media. If unspecified, the volume id is chosen via the same heuristic as before.

Volume ids must be 32 characters or less.

Build order preserved by clone-tag

This is an improvement to the clone-tag command. Previously, when the command was used without the --latest-only option, it could get the ordering of builds wrong in the destination tag. Now, the order will match the source tag.

Configurable authentication timeout

Previously, the network timeout during authentication was hard coded to 60 seconds. It is now configurable via the auth_timeout configuration option.

Additional information from list-channels command

The list-channels command now shows three separate host counts for each channel:

  • the number of enabled hosts in the channel

  • the number of ready hosts in the channel

  • the number of disabled hosts in the channel

The free-task command requires at least one task-id

Previously this command was a no-op when given no arguments. Now it will return an error.

Library Changes

Drop encode_int function

This is a follow up to the large integer support that we added in version 1.14

See also: Koji 1.14 Release Notes

The encode_int function is no longer used and has been dropped from the library.

Because we no longer call encode_int, the hub will now always use i8 tags when returning large integers, rather than returning them as strings in some cases.

Use custom Kerberos context with krb_login

Clients can now pass in their own Kerberos context to ClientSession.krb_login() using the ctx parameter. This is intended for multi-threaded clients.

Custom keyboard interrupt handling in watch_tasks

The new ki_handler option for the koji_cli.lib.watch_tasks() function allows other cli tools to set their own handler for keyboard interrupts. If specified, the value should be callable and will be called when a keyboard interrupt is encountered. If unspecified, the original behavior is retained.

_unique_path() -> unique_path

The _unique_path function is deprecated. It has been replaced by unique_path.

Web UI Changes

Additional info on builders in channelinfo page

The channelinfo page now shows enabled/ready status for each host and a count for each.

Builder Changes

Builder task_avail_delay check

This delay works around a deficiency in task scheduling. The default delay is 300 seconds and can be adjusted with the task_avail_delay option to kojid. However, it is unlikely that admins will need to adjust this setting.

Despite the name, this does not introduce any new delay compared to the old behavior. The setting controls how long a host will wait before taking a task in a given channel-arch “bin” when that host has an available capacity lower than the median for that bin. Previously, such hosts could wait forever.

System Changes

Python 3 Support

Support for Python 3 has been extended to all components of Koji. Including:

  • Hub

  • Builder

  • Web UI

  • Utils

No more messagebus plugin

The messagebus plugin has been dropped. The protonmsg plugin is still available.

Simple mode for mergerepos

External repos now have a merge_mode option. Valid values are either koji (the old way) or simple (a new alternative). This option can be set with the --mode option to the add-external-repo or edit-external-repo commands.

When an external repo is merged with simple mode, a number of the complex filters that Koji normally applies are skipped. This mode still honors the block list from Koji and ignores duplicate NVRAs, but otherwise it simply merges the repo in.

Multiple merge modes cannot be combined in a single tag. If a tag has two external repos with different modes, then the repo will fail to generate.

Avoid “unknown task” errors in Kojira

This is a bug fix for a minor race condition in Kojira that could cause errors in the log and redundant repo regens.

Full filename display for kojifiles directory indexes

This is simply a change to the default httpd configuration for serving /mnt/koji. It adds NameWidth=* to IndexOptions so that long filenames are fully displayed.

Broader support for target/source/scratch tests in channel policy

It is now possible to write channel policy rules based on build target, source, and scratch options for task types other than build.

Longer Build Target names

Build target names can now be up to 256 characters, the same length restriction as for tag names.