Koji 1.26.0 Release notes

All changes can be found in the roadmap. Most important changes are listed here.

Migrating from Koji 1.25/1.25.1

For details on migrating see Migrating to Koji 1.26

Security Fixes


Client Changes

New command userinfo

Similarly to web user info page, we’ve added command userinfo listing basic informations like principals, permissions and activity statistics.

Add noverifyssl option to oz image builds

Image builds could want to use development repos which are not recognized by CAs installed inside the image. In such case there is a way to add --noverifyssl into the generated kickstart. The option must be explicitly enabled on builders which will handle those tasks.

download-build now pre-check non-existing sigkey

When downloading builds with specified sigkey it could have been confusing that 404 error returned for non-existing sigkeys. Raising explicit error eliminates network suspicion.

API Changes

Remove jump/stops options from readFullInheritance

These unused options were finally removed.

listBuilds accept also package name and user name

It is an extension to previously required IDs.

Remove deprecated readGlobalInheritance

add_rpm_sign catches IntegrityError

Better error-handling in case of insert race-condition.

Get info for deleted tag entries

There was no simple way how to obtain information about tag which are deleted. Extension of getTag’s event option for value auto will now return existing tag or for deleted tag - last known configuration.

Builder Changes

Livecd handler set up release if release not given

Standard getNextRelease call is used in such case now.

Prune user repos for image tasks

If multiple repos are specified in task, they’ll get pruned. This could happen if task is created by some automation. Using multiple repos with same url just consumes memory of anaconda’s ramdisk and can result in failed tasks.

Use getNextRelease for scratch image builds

System Changes

Policy test buildtag_inheritance

This new test can be used to check if tag’s inheritance contains other specific tag.

Fix SQL condition

listTagged was broken in regression from https://pagure.io/koji/pull-request/2791

Channels can now be disabled and described

dist-repo takes inherited arch when arch is not set

If tag for dist-repo doesn’t have any configured architectures, koji will look into the inheritance chain and try to find something there.

Extend SCM.assert_allowed with hub policy

SCM policy can be defined at the hub now. It also allow more granular policies like allowing some SCMs for scratch builds while others also for regular ones. This approach can be combined with the current kojid.conf allowed_scms option. See example kojid.conf for more details.

DBConnectionString/dsn option for db connection

Alternative method for specifying DB connection is now provided via single DSN connection string.

Add remove-sig CLI and deleteRPMSig hub call

The deleteRPMSig hub call removes RPM signatures from Koji. Only use this method in extreme situations, because it goes against Koji’s design of immutable, auditable data. This call requires admin permission (sign is not sufficient).


py3 kojikamid fixes

Python 3 port of kojikamid had a few regressions.


Drop download link from deleted build

It was confusing that link was there even for non-existing files.

Fix getting tag ID for buildMaven taskinfo page.

Maven task info page was broken for some time due to wrong tag ID handling.

Hosts page with more filters and added channel column

Simple extension for hosts list page.

Update webUI number of tasks

As we’ve dropped number of results on first task info page due to speed reasons, it is now a bit confusing for users. We’ve added a bit more indicative result.


Configurable naming template for sidetags

Sidetags now can be named according to set of templates in the config. These templates then can be used in hub policies for differentiating among the different side tag types.

Add btype to protonmsg

Build types are now part of proton messages.



Don’t fail on deleted needed tag

Deleted tags could have caused kojira’s thread crash which could have been seen only in the log but kojira still have run. Repository cleanup then could have failed without notice.

Do not ever clean up repositories where ‘latest’ points to

We now skip all “latest” repos.

Sweep DB

Read options from main hub config and its config dir

koji-sweep-db now properly reads whole config structure, not only basic kojihub.conf


Update irc info

Docs for KojiHubCA/ClientCA for web

Remove old mod_ssl instructions from server howto

Document readTaggedRPMS method

Add signing documentation

“download-logs –help” fixes

cli: improve –config and –profile help text