Koji 1.31.0 Release notes

All changes can be found in the roadmap. Most important changes are listed here.

Migrating from Koji 1.30/1.30.1

For details on migrating see Migrating to Koji 1.31

Security Fixes


Client Changes

download-task more specific info for non-CLOSED tasks

A bit more info about state of the task.

Add count and size for download-build

Unification of output how many files are being downloaded.

list-hosts fix when list of channels is empty

Command was failing when builder was not assigned to any channel.

edit-channel set default return value and print error msg to stderr

Unification of return values and error-handling.

Fix nvr sorting in list-builds

Confusing default --sort-key=nvr was replaced by --sort-key=build_id. NVR sorting was/is in reality alphabetic sort, not NVR sort. We’re not planning to introduce NVR comparison anywhere, so we’ve changed the default here.

Add regex –filter and –skip option for download-task

download-task command can download many files and default filters like --arch can be insufficient and lead to downloading much more content than needed. Two new regexp filters are introduced to further limit bandwith.

API Changes

Allow buildTagID and destTagID as string and dict in getBuildTargets

A bit more comfort in specifying these values.

Builder Changes

Remove login shell from kojibuilder user

Login shell is not needed for normal kojid usage. It was meant more for debugging but it is better to lock it off by default due to potential security risks.

Enable fetching any ref from git repo

Support for fetching any refs which were not fetched by original git clone. Typically merge requests.

Error on list-tagged –sigs –paths without mount

It was confusing for users that there is no output if they don’t have /mnt/koji (or other topdir) mounted. Such combination of options now fail instead of printing empty output.

Fix restartHosts on py 3.5+

Newer python introduced behaviour which leads to non-working restartHosts task parent.

System Changes

Build policy

New build_rpm policy for specifying which builds are allowed. It is superceeding build_from_srpm and build_from_repo_id policies, effectively adding capability for build_from_scm policy and merging these to one more simple. Former two are now deprecated and will be removed in 1.33.

Save source for wrapperRPM

wrapperRPM is now more compatible with regular rpm builds storing source into metadata.

Header-based sessions

Formerly, we’ve had session id and key as a part of URL. These values are now moved to HTTP headers to be more in line with current security practices. Backward compatibility is still ensured and can be turned off by DisableURLSessions in config. Old-style session support will be removed in 1.34.

Move database classes and functions to koji/db.py

Most of the database queries are rewritten to use *Processor classes which improves maintanability and allows easier migration to SQLAlchemy or other library. Also all db code is now in koji/db.py, so also other tools can utilize it (typically koji-sweep-db script).

Emphasize non-working image XML

Koji is supporting more output formats for images than libvirt can utilize. For these we’re adding some more info directly to libvirt’s XML, so end-user is more informed about need to convert the data to some format libvirt supports.

Log when session ID, session key and hostip is not related

Additional logging for security/audit reasons, so we can more easily detect e.g. session stealing.

Fedora 37 compatibility update

Python 3.11 finally dropped inspect.getargspec, so hub/web are not running on F37. Simple update to getfullargspec fixes it. Change is backward-compatible to python 3.6 which is still oldest supported version for hub/web.


Add active sessions web page

In line with other security/transparency items in this release, we’ve added simple web page to list all active sessions user currently have.

More generic taskinfo parameter handling

Task web page sometimes shows cryptic messages like “Parameters are not right for this method” and for some less integrated plugins it shows just python dict of values. This was improved to handle such values more systematically.


kiwi: Fix include path

More safe include handling in kiwi’s profiles.

kiwi: Propagate –type option

New option to select image type.

kiwi: Bind builders’s /dev only in old_chroot

Device-mapper based images needs exposed /dev/mapper/control file, but not whole dev filesystem. /dev filesystem is now mounted only in old_chroot buildroots. Nspawn-based buildroots (mock.new_chroot=True) don’t bind it and for dm there is a corresponding mock change.


koji-gc: Fix check for type cc_addr, bcc_addr

koji-sweep-db: fix

Add absolute to clean sessions in koji-sweep-db


Various updates to kojivmd

Various updates to changes in libvirt, improving error handling, VM cleanup, better repo handling, python3 and documentation fixes.


Explain waitrepo tasks in vm channel

Change license identifiers to SPDX format

Increase unit tests