Koji 1.22.0 Release notes¶
Important: python 2 support for hub and web have been dropped in koji 1.22, meanwhile CLI and builder are still supporting python2. Please prepare your hub and web service for python3 if you are going to upgrade them to koji 1.22.
All changes can be found at pagure. Most important changes are listed here.
Output extra[‘rpm.macro.*’] to mock-config
mock-config command honors ‘rpm.macro.*’ options in tag’s extra config now.
–ca option has been deprecated
This option is deprecated for a while and not used internally. We added the deprecation warning and will finally remove it in 1.24. Notes: It is deprecated in koji-gc as well.
Flush stdout during watch-logs
flush() immediately to display the output faster for PY3.
Do not try unnecessary authentication
In some CLI commands we used
active_session() which will try its best to
login, but it is not necessary. Now, we only ensure the connection without
Unify –debug options
The cli accepts a global
--debug option before the command name.
Some commands accepted a separate
--debug option local to the command,
which was confusing.
Now these commands take their cue from the global option.
The local option is still accepted for backwards compatibility, though
it has been hidden in the help output.
The following commands were affected:
New option –wait for download-task
This is a UE enhancement to let the command be able to wait for the tasks to be
finished as the same as the behavior of
Fix image-build-indirection –wait
image-build-indirection command accepted the
option, but did not honor it.
This oversight has been fixed.
Fix event option handling in clone-tag
getTag() call for fetching source tag info in
clone_tag didn’t use event
before. Now, it does.
Correctly identify “hostname doesn’t match” errors
“hostname doesn’t match” can be identified as a certificate error, so that client will not retry the request.
openRemoteFile retries and checks downloaded content
Sometimes we hit a problem with incorrect downloads caused by various
malfunctions, like cache, filesystem, network, etc. Now, in
openRemoteFile, we are going to
Content-Lengthheader with the data we really downloaded
check the rpm header is valid if the file is an RPM
do 3 times retries if it fails
filterResults and countAndFilterResults raise GenericError
countAndFilterResults now raise
koji.GenericError instead of
xmlrpc.client.Fault when method’s keyword
argument is not expected.
Deprecation of host.getTask call
This host API will be finally removed in 1.23
Optimizations to the listBuildroots call
For the optimization purpose, the
listBuildroots API call avoids
unnecessary checks when the return will be empty.
Additionally, the call avoids some table joins that can slow down the queries
in some cases.
As a result, the return value will no longer include the
when querying by
Disable notifications by default in [un]tagBuildBypass calls
notify option to the
untagBuildBypass now defaults to False.
Tools that wish to generate email notifications will need to explicitly pass
Fix a typo in the error message of getChangelogEntries
A new option - pattern for listTags call
This option is a GLOB match pattern for the name of tag. You can now directly
session.listTags(pattern='prefix-*-postfix') for example, to filter the
result list on server side. The
list-tags command tries its best to call it with
pattern as well.
Koji now supports Mock’s bootstrap chroot and image
Koji now supports Mock’s
For the configuration on koji, please refer to Using the koji build system. The bootstrap buildroot will be pruned automatically by kojid as the same as the normal buildroot.
Pass bootloader append option to livemedia builds
Koji is now able to pass
--extra-boot-args --append="bootloader --append"
livemedia-creator tool for livemedia builds.
Per-tag environment variables in Mock’s buildroot
Now, you can set
rpm.env.* in build tag’s
extra to specify environment
variables in mock’s buildroot. See Using the koji build system.
Support specific per-settings for Mock’s sign plugin
We are now providing
extra for enabling and configuring the sign plugin of mock. For
more details, see Using the koji build system.
Per-tag settings of yum’s depsolver policy for Mock
mock.yum.best=0/1 is available in tag’s extra config for the corresponding
setting of mock config.
Use mergerepo_c for all merge modes
mergerepo_c has supported
simple mode since 0.13.0, we now use it on
use_createrepo_c=True kojid for repo creation. And as issues/213 of
createrepo_c has been fixed in 0.15.11, we also append
demand. Therefore, koji are now able to use
mergerepo_c for all 3 modes: koji,
simple, bare. Nevertheless, we are still providing
mergerepos scripts for
Turn off dnf_warning in mock.cfg
In PR #1595, we set
dnf_warning=True when we started to add this configuration. But since Mock
bootstrap_chroot is set to
True by default, we need to set
False accordingly. For the details, please refer to
BuildSRPMFromSCMTask: Support auto-selecting a matching specfile name
When building SRPM from SCM, if there are more than one
*.spec found in root
there are more than one
*.spec found in
SPECS directory, the builder is
going to use the specfile with the SCM repo’s name in root or
Pass buildroot to preSCMCheckout and postSCMCheckout where applicable
postSCMCheckout callbacks for kojid now include
buildroot field that provides access to the internal
object, when such an object is available.
This change impacts
The current exceptions are
which do not use this type of buildroot.
Any plugins that use this field should be aware that the behavior of this class may change across releases.
Web UI Changes¶
A new repoinfo page
The new page displays basic information of a normal repo, linked by the repo id on taskinfo and buildrootinfo page.
Win Builder Changes¶
Clone mac address via xml
We’ve hit a problem that while VM is being cloned, the mac address cloning is refused and a new one is assigned instead. We are now using the xml file for mac address setup.
Drop python2 support for hub and web
Finally, python2 support for hub and web have been dropped in this release.
Drop krbV support
krbV support has been finally removed from this release. For more information, please refer to
Dropped krbV authentication support.
Use requests_gssapi for GSSAPI authentication
requests_gssapi is supported in this release. In all of the components we provide, we now try to
request_gssapi at first, if it isn’t installed, fallback to
DB: Use timestamps with timezone
We have updated all our timestamp fields to include timezone. This prevents time inconsistencies when the database has a timezone setting other than UTC.
DB: Update sessions_active_and_recent index
We have adjusted the
sessions_active_and_recent index so that the planner
will actually use it.
Log tracebacks for multicall
The exceptions inside multicall were not logged before. These tracebacks will benefit us for debugging purpose, as we are often using multicall more and more.
Fix build_notification crashing caused by recipients check
This change fixes an inconsistency in the function where it would return
None instead of an empty list as expected.
Allow packagelist changes with ‘tag’ permission by the default policy
tag permission was introduced in version 1.18 as part of an effort to
make admin permissions more granular.
This permission now grants access to make package list changes for tags
via the default
Improve race condition for getNextRelease call and images
It was possible to meet the race condition in the old logic of image building.
We are now calling
get_next_release() in the
initImageBuild call if there is
ino release passed in, rather than calling
getNextRelease in the ImageBuild
task individually. This would notably reduce the possibility of the race
Replace MD5 with SHA-256 in most places
Koji should work on the FIPS enabled system where MD5 is disabled for security reason. We are now using SHA-256 to replace MD5 for web token and file uploading, but only keeping MD5 for RPM file processing.
Remove “GssapiSSLonly Off” option
We have removed the
GssapiSSLonly option from our example httpd
It was previously shown in the example, set to
This is also the default in mod_auth_gssapi, but it is not the recommended
For more information, see mod_auth_gssapi doc
Remove “GssapiLocalName Off” option
We have also removed the
GssapiLocalName option from our example httpd
Similar to the above, our example setting was already the default.
Provide task-based data to volume policy
For builds with associated tasks, more information is now available to the volume policy.
In particular, the
buildtag policy test should work for such builds.
Note that some builds (e.g. content generator builds and other imported builds) do not have associated tasks.
For more information on hub policies, see Defining Hub Policies.
Honor volume policy in host.importImage
This fixes a bug where an underlying function as ignoring the volume policy result.
listSideTags also returns user info
We now provide an easier way to find the owner of sidetags
Give koji admins the permission to operate sidetags
Users with the
admin permission can now manage sidetags even if they are
not their own.
Fix is_sidetag_owner and is_sidetag policy tests
These policy tests would previously always return a null result. Now they return the correct one.
Systemd units for koji-gc
The systemd units(service and timer) are now installed by default.
Allow specifying CC and BCC address for email notifications
bcc_addr in config file, or CLI options
--bcc-addr are available now.
Set smtp_host to localhost by default
The previous the default value was
None, which would cause failures
if notifications were enabled.
New option: queue_file for task queue monitoring
With a writable filepath specified, the state information will be saved into this file in each cycle. For more information, please refer to Kojira.
Use mtime of repo directory to determine the age
Kojira should now do a better job of determining the age of a repo at startup.
Fix logic detecting directories for pruneLocalRepos
The condition was opposite before.
Totally drop SysV support
Thus, we won’t provide kojira service on <=EL6 platform.
Repo deletion within thread
Kojira are now able to delete repos in a separated thread.
delete_batch_size option is no longer used and has been removed.
Set the shebang to /usr/bin/python2 on RHEL<=7
Otherwise, the build will fail on RHEL<=7.