Koji 1.35.0 Release notes

All changes can be found in the roadmap. Most important changes are listed here.

Major change is this release is kojira rewrite and repos on-demand.

Migrating from Koji 1.34/1.34.1

For details on migrating see Migrating to Koji 1.35

Security Fixes

None

Client Changes

Don’t try to resolve server version for old hubs

Some CLI commands have extended capabilities with newer hub versions. But if they were run against really old version (one that doesn’t report its version), they’ve failed completely. Now the correctly use older API signatures.

New CLI command list-users

As we’re more using user groups in policies, list-users with --perm=<permission> and --inherited-perm options now could help with finding and debugging such users.

--type option would limit NORMAL/HOST/GROUP user types.

Fix remove-tag-inheritance with priority

Better handling of remove-tag-inheritance <tag> <parent> <priority> command variant.

Taskinfo CLI and webUI info message why output is not in the list

Informational messages for missing logs and task outputs.

API Changes

Anonymous getGroupMembers and getUserGroups

First call was previously requiring admin permission. As the same information is available through other paths this requirement was dropped. Alse new getUserGroups API call was added.

Better default handling for getMultiArchInfo

Simple API default update.

Allow None in repoInfo for backwards compat

Web UI had in some cases problems to corectly display taskinfo page because of the older regression.

System Changes

Keep schema upgrade transactional

Simple fix to migration scripts. Indices are now created as part of the transaction as it doesn’t take much time even in big deployments.

Backup signature headers in delete_rpm_sig

Signatures can be deleted by admin-only call. It is anyway a good practice to store even deleted signatures, so we can audit such situations. They are now stored in build directory.

Stop lowercasing the policy failure reason

Simple update to not convert messages in policies.

Let ``tag.extra`` override tag arches for noarch

In some cases noarch packages can’t be built on some architectures. As there is no first-class support for such routing, tag can be modified via extra.noarch_arches key.

Better index for rpm lookup

Improved index after addition of draft builds.

Auto arch refusal for noarch tasks

Scheduler improvement for noarch tasks which could have been assigned to builders without access to relevant buildroot architecture repos. It would speedup correct assigning of noarch tasks in some cases.

Fix errors in channel policy

Channel policy can refer to non-existent tags, etc. Policy would have failed even in case where there would be other valid rule.

Sort checksums before inserting

create_rpm_checksums could have triggered deadlock. This change would prevent it.

Handle volumes when clearing stray build dirs

recycle_build ignored some files and left them on non-default volumes instead of deleting. Newly created build then already contained some files and failed while trying to recreate them.

Drop unused DBHandler class

Logging class which is not used anywhere.

Stop suggesting that users need repo permission

regen-repo is the correct permission which should be granted to users. repo is a privileged one and is mostly intended for kojira.

CG import updates

Content generator API now allows uploading subdirectories instead of just flat structure. CG_import policy gets also version, release and btypes fields for additional checks.

Fix tz mismatch issues with various queries

Further unification of timestamp/timezone usage.

RetryError is subclass of AuthError

Small fix for unreachable code.

Provide tag data in policy_data_from_task_args

More data available for policy tests.

Builder Changes

Use dnf5-compatible “group install” command

Dnf5 dropped support for group install command so, we’ve made a dnf4/5 compatible changes.

Split out buildroot log watching logic

Rewritten code for handling mock’s logs. It now allows to fetch more logs than before.

Update getNextTask for scheduler

Followup work after introducing new scheduler. Mostly builder code simplification.

Log if a restart is pending

Builder is more verbose about this situation.

Refuse image tasks when required deps are missing

If image-supporting libraries are not present on builder it will decline the image tasks without trying them, so they’ll not fail.

Don’t ignore files in uploadFile

Empty files were ignored before. Now we upload also these.

Kojira

Kojira on demand

Massive overwrite of repo regeneration. Previously, kojira was in charge of regenerating everything what is out of date. It could have been thousands of repos which will be never used. We’ve moved to on-demand behaviour drastically limiting number of newRepo tasks.

Full description of behaviour change is at Repo Generation.

Web UI

Show only active channels at clusterhealth

Simplification of web ui.

Drop part of code related to host without update_ts

Plugins

SCMPolicy

New policy plugin which can decide if build can proceed with data based on SCM checkout results. Typical usecase would be checking that commit beeing built is present on some explicit branch.

Kiwi

Generate full logs with debug information

Uploading additional logs for easier kiwi debugging.

Only add buildroot repo if user repositories are not defined

We’ve changed default behaviour that kiwi has access to buildroot repo. Now it must be explicitly specified via --buildroot-repo option.

Add support for overriding image type attributes

CLI option --set-type-attr for kiwi. For possible values look at kiwi docs.

Add support for overriding kiwi image file name format

CLI option --bundle-format for kiwi. For possible values look at kiwi docs.

Add support for overriding version and releasever

--version and --repo-releasever CLI options for overriding these in the resulting image.

Devtools and tests

Updates for various tests

setup.py: Fix version retrieval on Python 3.13+

make clean - more files

Documentation

Mock’s configuration

Add external koji dev environments’ links

Drop unused auth options

Dropping some older options from example configuration files and documentation.