Koji 1.19.0 Release notes¶
GSSAPI authentication checks kerberos principal
When using GSSAPI authentication the user’s kerberos principal will be checked for their username to avoid a potential username and kerberos principal mismatch.
Add user edit
edit-user command and API call was added, allowing for user rename,
and changing, adding, or removing the kerberos principal of a user.
Add remove group
remove-group command was added, allowing the removal of a group
from a tag. It uses the existing
groupListRemove API call.
Query builds per chunks in prune-signed-builds
For bigger installations querying all builds can cause the hub to run out of memory.
prune-signed-builds now queries these in 50k chunks.
Show inheritance flags in list-tag-inheritance output
While not often used, tag inheritance can be modified with a few different options (e.g. maxdepth).
These options are shown in the
taginfo display, but not the
This change adds basic indicators to the latter.
Return usage information in make-task
make-task now returns usage information if no arguments are provided.
Clarify clone-tag usage
clone-tag help text now clarifies that the destination tag will be created
if it does not already exist.
Add option check for list-signed
list-signed command will now fail if no options are provided.
Consolidate config reading style
Changes have been made to make configuration handling more consistent.
With this new implementation:
read_config_filesis extended with a strict option and directory support
ConfigParseris used for all invokings except kojixmlrpc and
RawConfigParseris used for
list_archive_files handles multi-type builds
list_archive_files is provided a build with multiple archive types it now correctly
handles them instead of failing.
Disallow archive imports that don’t match build type
importArchive call now refuses to proceed if the build does not have the given type.
Add listCG RPC
listCGs has been added to list new content generator records.
The purpose of this change is to make it easier for administrators to determine what content generators are present and what user accounts have access to those.
Add method to cancel CG reservations
CGRefundBuild call allows CGs to cancel build reservations, such as in the case
of a failing build.
Allow ClientSession objects to get cleaned up by the garbage collector
This change ensures
koji.ClientSession objects are destroyed once their requests are complete.
Add missing package list check
host.tagBuild method was missing a check to ensure the package was actually listed in the
destination tag. This should now be checked as expected.
Increase buildReferences SQL performance
The performance for
build_references has been improved.
ensuredir does not duplicate directories
koji.ensuredir no longer creates duplicate directories if provided a path ending in a
Warn users if buildroot uses yum instead of dnf
This change sets the mock config
dnf_warning to True for buildroots using yum.
Tag permission can be used for tagBuildBypass and untagBuildBypass
tag permission can now be used in place of admin to call
untagBuildBypass. Admin is still required to use the
Rework update of reserved builds
This change reworks and simplifies the code that updates reserved build entries for cg imports.
It removes redundancy with checks in
prep_build and avoids duplicate
Use correct top limit for randint
The top limit for
randint has been set to 255 from 256 to prevent
creating unneccesarily long tokens.
Add strict option to getRPMFile
getRPMFile now has a
strict option, failing when the RPM or filename does not exist.
groupListRemove now returns an error if the provided group does not exist for the tag.
Clarified docs for build.extra.source
The usage for
build.extra.source has now been clarified in the
Use bytes for debug string
This change fixes debug output for Python 3.
Removed host.repoAddRPM call
host.repoAddRPM call has been removed because it was unused and broken.
Web UI Changes¶
Made difference between Builds and Tags sections more clear
The search page results for packages now has a clearer delineation between builds and tags.
Use preferred arch when builder provides multiple
When using ExclusiveArch for noarch builds the build task will now use the arch specified instead of randomly picking from the arches the builder provides.
This change adds a
preferred_arch parameter to
Log insufficient disk space location
kojid fails due to insufficient disk space, the directory which needs more
disk space is now included as part of the log message.
Allow builder to attempt krb if gssapi is available
kojid will now use
requests_kebreros for kerberos authentication when available.
Add support for new mock exit codes
kojid now expects mock exit code 10 for failed builds (previously 1).
Fix kickstart uploads for Python 3
This change fixes the file handling of kickstarts for Python 3.
Package ownership changes do not trigger repo regens
Changing tag or package owners no longer cause repo regeneration. A new
tag_package_owners table has been added for this purpose.
Support multiple realms by kerberos auth
This change adds a new table
user_krb_principals which tracks a list of
for each user instead of the previous one-to-one mapping. In addition:
all APIs related to user or krb principals are changed
getUserwill contain a new list
krb_principalswill contain all available principals if
there is a new hub option
AllowedKrbRealmsto indicate which realms are allowed
- there is a new client option
krb_server_realmto allow krbV login to set server realm
Previously same as client principal realm before, supported by all clients
- there is a new client option
QueryProcessorhas a new queryOpt
group, which is used to generate
By default, this feature is disabled by arg
Added cronjob for sessions table maintenance
The sessions table is now periodically cleaned up via script (handled by cron by default). Without this the sessions table can grow large enough to affect Koji performance.
Added basic email template for koji-gc
The email message koji-gc uses has been moved to
Add all permissions to database
Permissions previously missing from schema have been added, including
Add new CoreOS artifact types
This change adds the new CoreOS artifact types
vmdk-compressed to the database.
Enforce unique content generator names in database
Set a uniqueness constraint on the content generator name in the database. Prior to this change, we were only enforcing this in the hub application layer. Configure this in postgres for safety.
Fix typo preventing VM builds
This change fixes the options passed to
verifyChecksum which was preventing VM builds.
Fix verifyChecksum for non-output files
verifyChecksum now accepts files under the build requires path as well as the output path.
Other paths can be added as needed.
Set f30+ python-devel default
When installed on a Fedora 30+ host with Python 2 support, Koji will now require
python2-devel instead of
Handle sys.exc_clear for Python 3
sys.exc_clear does not exist in Python 3, so it has been escaped for those instances.
Remove deprecated koji.util.relpath
koji.util.relpath was deprecated in 1.16 and has been removed from 1.19.
Remove deprecated BuildRoot.uploadDir
BuildRoot.uploadDir was deprecated in 1.18 and has been removed from 1.19.
Remove deprecated koji_cli.lib_unique_path
koji_cli.lib_unique_path was deprecated in 1.17 and has been removed from 1.19.
Deprecation of sha1_constructor and md5_constructor
md5_constructor have been deprecated in favor of