Koji 1.27.0 Release notes¶
All changes can be found in the roadmap. Most important changes are listed here.
Migrating from Koji 1.26/1.26.1¶
For details on migrating see Migrating to Koji 1.27
Security Fixes¶
None
Client Changes¶
set-task-priority permission error fix
CLI confusingly reported “closed task” even in case when user was “just” missing the admin permission.
Honour –force-auth for anonymous commands
This option was not respected in some cases.
Propagate error in write-signed-copies
Due to speedup changes some errors could have been hidden. Now we’re catching them all and displaying properly in write-signed-copies command.
Be tolerant of stops/jumps kwargs in list-tag-inheritance
Older client can emit errors when used against a newer hub as it could use already deprecated options. We’re now more tolerant to these.
Dist-repo with write-signed-rpm option
New option for dist-repo –write-signed-rpms. As there could be
garbage-collected signed copies, dist-repo can fail and these rpms must be
manually reconstructed. This new option will allow user with sign permission
to prepare required rpms to be ready for the distRepo
task.
call –json default option set up to str
Bugfix for converting some datetime values to proper json when using call
command.
Add option for UTC time in list-history
list-history
now accepts --utc
option which will display dates in UTC
instead of local timezone.
API Changes¶
listBuilds/list-builds filtering via CG
API call listBuilds
(and its CLI counterpart) now accepts cgID
(--cg
) option which adds another filter based on content generator type.
Deprecate taskReport
This call will be removed in the future.
queryRPMSigs accepts RPM ID, NVRA and dict
To be aligned with other calls, queryRPMSigs
now accepts all rpm ID
specifications (integer ID, NVRA string or NVRA dict)
Deprecate koji.listFaults
Another candidate for removal
Deprecated force option in groupReqListRemove call
And another one
getBuildType: ensure id exists in buildinfo dict
More robust handling of input (NVR dict is sufficient now)
Add strict option to listTagged, listTaggedRPMS, listTaggedArchives
For better differentiation between empty results for correct inputs and wrong
inputs (non-existing tag, etc.) strict
option was added to these calls.
Builder Changes¶
Import guestfs before dnf
Linking conflicts between json-parsing libraries used by guestfs and dnf led us
to include a small hack. Now it should be again possible to build docker images
via oz
.
Better error messages for Task.lock()
Improved error logging related to multiple builders competing in task allocation.
Restart kojid and kojira services automatically
systemd
services were updated to automatically restart on failure with one
minute delay.
Retry get_next_release to avoid race condition
In rare cases there was still race condition with starting image/maven builds with same auto-incremented release. This should fix this behaviour completely.
System Changes¶
Honour taginfo option in policy_get_build_tags
Deleted buildtags can break some policies. As these are more frequent these days (via sidetag usage patterns) we have also hit this problem. It should be fixed now.
Fix scripts for koji pkg and drop utils from py2
Packaging fixes for regression. koji-utils
are py3-only.
Create symlink before import
Windows builds were not properly handling importing builds back to hub if volume policy put the build to non-default volume.
Speedup untagged_builds query
untagged_builds
call is used by garbage collection and it is now about 100%
faster. It doesn’t matter that much to GC itself as it needn’t to be
particularly fast but other queries/users are not blocked by this query lock.
Support packages that are head-signed
DSA and RSA header signatures (RPMv4 scheme) support.
Tasks respect disabled channels
In last release option to “disable” channel was introduced. Anyway, tasks were happily requesting those channels and were never executed as no builder picked them. Now they fail immediately if the channel is disabled/non-existent in the moment of task creation.
Check spec_url for wrapperRPM task source policy test
wrapperRPM
tasks now properly propagate data for source
policy test.
Allow user on git://, git+http://, git+https://, and git+rsync:// scheme
We’ve not propagated username (or token) to builder. As this data are already visible in task it doesn’t make sense to conceal them on the builder. There are legitimate cases when token is used, so we are now propagating it without restriction.
Logging warning messages about deleteBuild or deletedRPMSig
Last release introduced deleteRPMSig
API call. It is the second call which
irrecoverably destroys build data so it should be better logged. We’re now
capturing more data in the logs (especially the user).
Remove translation stub functions
We’ve never used the i18n _
call and we don’t plan to introduce any
translation. So, we’ve decided to remove these stubs to make code a bit more
readable and consistent.
Add specfile log to wrapperRPM
As specfile in wrapperRPM
is modified from template it is nice to store this
file in similar way to modified kickstarts in oz tasks.
Web¶
Allow kojiweb to proxy users obtained via different mechanisms
New proxyauthtype
option is introduced to gssapi_login
and ssl_login
methods. It allows user1 (typically web interface) to proxy another user2 (via
standard proxyuser
option) with different authentication mechanism than
user1. E.g. user is authenticated to webui by gssapi, while webui itself
authenticates via SSL certificate.
Utilities¶
Kojira¶
Don’t throw exception when auth fails
More proper exit when authentication fails to not trigger abrt.
Implement ignore_other_volumes option
Option to forbid kojira to delete repos on non-default volumes.
Documentation¶
Some documentation updates | PR: https://pagure.io/koji/pull-request/2994 | PR: https://pagure.io/koji/pull-request/2995 | PR: https://pagure.io/koji/pull-request/2996 | PR: https://pagure.io/koji/pull-request/2997 | PR: https://pagure.io/koji/pull-request/3000 | PR: https://pagure.io/koji/pull-request/3013 | PR: https://pagure.io/koji/pull-request/3023 | PR: https://pagure.io/koji/pull-request/3029 | PR: https://pagure.io/koji/pull-request/3038 | PR: https://pagure.io/koji/pull-request/3051 | PR: https://pagure.io/koji/pull-request/3062 | PR: https://pagure.io/koji/pull-request/3070 | PR: https://pagure.io/koji/pull-request/3085 | PR: https://pagure.io/koji/pull-request/3086 | PR: https://pagure.io/koji/pull-request/3096 | PR: https://pagure.io/koji/pull-request/3102 | PR: https://pagure.io/koji/pull-request/3021 | PR: https://pagure.io/koji/pull-request/3026
New tests | PR: https://pagure.io/koji/pull-request/3027 | PR: https://pagure.io/koji/pull-request/3037 | PR: https://pagure.io/koji/pull-request/3056 | PR: https://pagure.io/koji/pull-request/3075
Basic security checks with bandit