Koji 1.31.0 Release notes¶
All changes can be found in the roadmap. Most important changes are listed here.
Migrating from Koji 1.30/1.30.1¶
For details on migrating see Migrating to Koji 1.31
Security Fixes¶
None
Client Changes¶
download-task more specific info for non-CLOSED tasks
A bit more info about state of the task.
Add count and size for download-build
Unification of output how many files are being downloaded.
list-hosts fix when list of channels is empty
Command was failing when builder was not assigned to any channel.
edit-channel set default return value and print error msg to stderr
Unification of return values and error-handling.
Fix nvr sorting in list-builds
Confusing default --sort-key=nvr was replaced by --sort-key=build_id.
NVR sorting was/is in reality alphabetic sort, not NVR sort. We’re not planning
to introduce NVR comparison anywhere, so we’ve changed the default here.
Add regex –filter and –skip option for download-task
download-task command can download many files and default filters like
--arch can be insufficient and lead to downloading much more content than
needed. Two new regexp filters are introduced to further limit bandwith.
API Changes¶
Allow buildTagID and destTagID as string and dict in getBuildTargets
A bit more comfort in specifying these values.
Builder Changes¶
Remove login shell from kojibuilder user
Login shell is not needed for normal kojid usage. It was meant more for
debugging but it is better to lock it off by default due to potential security
risks.
Enable fetching any ref from git repo
Support for fetching any refs which were not fetched by original git clone.
Typically merge requests.
Error on list-tagged –sigs –paths without mount
It was confusing for users that there is no output if they don’t have
/mnt/koji (or other topdir) mounted. Such combination of options now fail
instead of printing empty output.
Fix restartHosts on py 3.5+
Newer python introduced behaviour which leads to non-working restartHosts
task parent.
System Changes¶
Build policy
New build_rpm policy for specifying which builds are allowed. It is
superceeding build_from_srpm and build_from_repo_id policies,
effectively adding capability for build_from_scm policy and merging these to
one more simple. Former two are now deprecated and will be removed in 1.33.
Save source for wrapperRPM
wrapperRPM is now more compatible with regular rpm builds storing
source into metadata.
Header-based sessions
Formerly, we’ve had session id and key as a part of URL. These values are now
moved to HTTP headers to be more in line with current security practices.
Backward compatibility is still ensured and can be turned off by
DisableURLSessions in config. Old-style session support will be removed in
1.34.
Move database classes and functions to koji/db.py
Most of the database queries are rewritten to use *Processor classes which
improves maintanability and allows easier migration to SQLAlchemy or other
library. Also all db code is now in koji/db.py, so also other tools can
utilize it (typically koji-sweep-db script).
Emphasize non-working image XML
Koji is supporting more output formats for images than libvirt can utilize. For these we’re adding some more info directly to libvirt’s XML, so end-user is more informed about need to convert the data to some format libvirt supports.
Log when session ID, session key and hostip is not related
Additional logging for security/audit reasons, so we can more easily detect e.g. session stealing.
Fedora 37 compatibility update
Python 3.11 finally dropped inspect.getargspec, so hub/web are not running
on F37. Simple update to getfullargspec fixes it. Change is backward-compatible to
python 3.6 which is still oldest supported version for hub/web.
Web¶
Add active sessions web page
In line with other security/transparency items in this release, we’ve added simple web page to list all active sessions user currently have.
More generic taskinfo parameter handling
Task web page sometimes shows cryptic messages like “Parameters are not right for this method” and for some less integrated plugins it shows just python dict of values. This was improved to handle such values more systematically.
Plugins¶
kiwi: Fix include path
More safe include handling in kiwi’s profiles.
kiwi: Propagate –type option
New option to select image type.
kiwi: Bind builders’s /dev only in old_chroot
Device-mapper based images needs exposed /dev/mapper/control file, but not whole
dev filesystem. /dev filesystem is now mounted only in old_chroot buildroots.
Nspawn-based buildroots (mock.new_chroot=True) don’t bind it and for dm there
is a corresponding mock change.
Utilities¶
koji-gc: Fix check for type cc_addr, bcc_addr
koji-sweep-db: fix
Add absolute to clean sessions in koji-sweep-db
VM¶
Various updates to kojivmd
Various updates to changes in libvirt, improving error handling, VM cleanup, better repo handling, python3 and documentation fixes.
Documentation¶
Explain waitrepo tasks in vm channel
Change license identifiers to SPDX format
Increase unit tests