Koji 1.22.0 Release notes¶
Important: python 2 support for hub and web have been dropped in koji 1.22, meanwhile CLI and builder are still supporting python2. Please prepare your hub and web service for python3 if you are going to upgrade them to koji 1.22.
All changes can be found at pagure. Most important changes are listed here.
Migrating from Koji 1.21/1.21.1¶
For details on migrating see Migrating to Koji 1.22
Security Fixes¶
None
Client Changes¶
Output extra[‘rpm.macro.*’] to mock-config
The mock-config command honors ‘rpm.macro.*’ options in tag’s extra config now.
–ca option has been deprecated
This option is deprecated for a while and not used internally. We added the deprecation warning and will finally remove it in 1.24. Notes: It is deprecated in koji-gc as well.
Flush stdout during watch-logs
Calling flush() immediately to display the output faster for PY3.
Do not try unnecessary authentication
In some CLI commands we used active_session() which will try its best to
login, but it is not necessary. Now, we only ensure the connection without
authentication.
Unify –debug options
The cli accepts a global --debug option before the command name.
Some commands accepted a separate --debug option local to the command,
which was confusing.
Now these commands take their cue from the global option.
The local option is still accepted for backwards compatibility, though
it has been hidden in the help output.
The following commands were affected:
prune-sigslist-signedlist-tag-historylist-history
New option –wait for download-task
This is a UE enhancement to let the command be able to wait for the tasks to be
finished as the same as the behavior of build command.
Fix image-build-indirection –wait
Previously, the image-build-indirection command accepted the --wait
option, but did not honor it.
This oversight has been fixed.
Fix event option handling in clone-tag
The getTag() call for fetching source tag info in clone_tag didn’t use event
before. Now, it does.
Library Changes¶
Correctly identify “hostname doesn’t match” errors
“hostname doesn’t match” can be identified as a certificate error, so that client will not retry the request.
openRemoteFile retries and checks downloaded content
Sometimes we hit a problem with incorrect downloads caused by various
malfunctions, like cache, filesystem, network, etc. Now, in
openRemoteFile, we are going to
compare http’s
Content-Lengthheader with the data we really downloadedcheck the rpm header is valid if the file is an RPM
do 3 times retries if it fails
API Changes¶
filterResults and countAndFilterResults raise GenericError
API filterResults and countAndFilterResults now raise
koji.GenericError instead of xmlrpc.client.Fault when method’s keyword
argument is not expected.
Deprecation of host.getTask call
This host API will be finally removed in 1.23
Optimizations to the listBuildroots call
For the optimization purpose, the listBuildroots API call avoids
unnecessary checks when the return will be empty.
Additionally, the call avoids some table joins that can slow down the queries
in some cases.
As a result, the return value will no longer include the is_update field
when querying by rpmID.
Disable notifications by default in [un]tagBuildBypass calls
The notify option to the tagBuildBypass and untagBuildBypass now defaults to False.
Tools that wish to generate email notifications will need to explicitly pass notify=True.
Fix a typo in the error message of getChangelogEntries
A new option - pattern for listTags call
This option is a GLOB match pattern for the name of tag. You can now directly
call session.listTags(pattern='prefix-*-postfix') for example, to filter the
result list on server side. The list-tags command tries its best to call it with
pattern as well.
Builder Changes¶
Koji now supports Mock’s bootstrap chroot and image
Koji now supports Mock’s --bootstrap-chroot and --bootstrap-image
options. See:
For the configuration on koji, please refer to Using Koji in Fedora. The bootstrap buildroot will be pruned automatically by kojid as the same as the normal buildroot.
Pass bootloader append option to livemedia builds
Koji is now able to pass --extra-boot-args --append="bootloader --append"
options to livemedia-creator tool for livemedia builds.
Per-tag environment variables in Mock’s buildroot
Now, you can set rpm.env.* in build tag’s extra to specify environment
variables in mock’s buildroot. See Using Koji in Fedora.
Support specific per-settings for Mock’s sign plugin
We are now providing mock.plugin_conf.sign_enable,
mock.plugin_conf.sign_opts.cmd and mock.plugin_conf.sign_opts.opts in
build tag’s extra for enabling and configuring the sign plugin of mock. For
more details, see Using Koji in Fedora.
Per-tag settings of yum’s depsolver policy for Mock
mock.yum.best=0/1 is available in tag’s extra config for the corresponding
setting of mock config.
Use mergerepo_c for all merge modes
As mergerepo_c has supported simple mode since 0.13.0, we now use it on
python3 or use_createrepo_c=True kojid for repo creation. And as issues/213 of
createrepo_c has been fixed in 0.15.11, we also append --arch-expand on
demand. Therefore, koji are now able to use mergerepo_c for all 3 modes: koji,
simple, bare. Nevertheless, we are still providing mergerepos scripts for
python2.
Turn off dnf_warning in mock.cfg
In PR #1595, we set
dnf_warning=True when we started to add this configuration. But since Mock
2.0, bootstrap_chroot is set to True by default, we need to set
dnf_warning to False accordingly. For the details, please refer to
issue #2026.
BuildSRPMFromSCMTask: Support auto-selecting a matching specfile name
When building SRPM from SCM, if there are more than one *.spec found in root
directory, or support_rpm_source_layout=yes in /etc/kojid/kojid.conf and
there are more than one *.spec found in SPECS directory, the builder is
going to use the specfile with the SCM repo’s name in root or SPECS dir.
Pass buildroot to preSCMCheckout and postSCMCheckout where applicable
The preSCMCheckout and postSCMCheckout callbacks for kojid now include
a buildroot field that provides access to the internal BuildRoot
object, when such an object is available.
This change impacts BuildMavenTask, WrapperRPMTask, ImageTask and
BuildSRPMfromRPMTask.
The current exceptions are OzImageTask and BuildIndirectionImageTask,
which do not use this type of buildroot.
Any plugins that use this field should be aware that the behavior of this class may change across releases.
Web UI Changes¶
A new repoinfo page
The new page displays basic information of a normal repo, linked by the repo id on taskinfo and buildrootinfo page.
Win Builder Changes¶
Clone mac address via xml
We’ve hit a problem that while VM is being cloned, the mac address cloning is refused and a new one is assigned instead. We are now using the xml file for mac address setup.
System Changes¶
Drop python2 support for hub and web
Finally, python2 support for hub and web have been dropped in this release.
Drop krbV support
krbV support has been finally removed from this release. For more information, please refer to
Dropped krbV authentication support.
Use requests_gssapi for GSSAPI authentication
requests_gssapi is supported in this release. In all of the components we provide, we now try to
use request_gssapi at first, if it isn’t installed, fallback to requests_kerberos then.
DB: Use timestamps with timezone
We have updated all our timestamp fields to include timezone. This prevents time inconsistencies when the database has a timezone setting other than UTC.
DB: Update sessions_active_and_recent index
We have adjusted the sessions_active_and_recent index so that the planner
will actually use it.
Log tracebacks for multicall
The exceptions inside multicall were not logged before. These tracebacks will benefit us for debugging purpose, as we are often using multicall more and more.
Fix build_notification crashing caused by recipients check
This change fixes an inconsistency in the function where it would return
None instead of an empty list as expected.
Allow packagelist changes with ‘tag’ permission by the default policy
The tag permission was introduced in version 1.18 as part of an effort to
make admin permissions more granular.
This permission now grants access to make package list changes for tags
via the default package_list policy.
Improve race condition for getNextRelease call and images
It was possible to meet the race condition in the old logic of image building.
We are now calling get_next_release() in the initImageBuild call if there is
ino release passed in, rather than calling getNextRelease in the ImageBuild
task individually. This would notably reduce the possibility of the race
condition.
Replace MD5 with SHA-256 in most places
Koji should work on the FIPS enabled system where MD5 is disabled for security reason. We are now using SHA-256 to replace MD5 for web token and file uploading, but only keeping MD5 for RPM file processing.
Remove “GssapiSSLonly Off” option
We have removed the GssapiSSLonly option from our example httpd
configuration.
It was previously shown in the example, set to Off.
This is also the default in mod_auth_gssapi, but it is not the recommended
setting.
For more information, see mod_auth_gssapi doc
Remove “GssapiLocalName Off” option
We have also removed the GssapiLocalName option from our example httpd
configurations.
Similar to the above, our example setting was already the default.
Provide task-based data to volume policy
For builds with associated tasks, more information is now available to the volume policy.
In particular, the buildtag policy test should work for such builds.
Note that some builds (e.g. content generator builds and other imported builds) do not have associated tasks.
For more information on hub policies, see Defining Hub Policies.
Honor volume policy in host.importImage
This fixes a bug where an underlying function as ignoring the volume policy result.
Plugins¶
sidetag¶
listSideTags also returns user info
We now provide an easier way to find the owner of sidetags
Give koji admins the permission to operate sidetags
Users with the admin permission can now manage sidetags even if they are
not their own.
Fix is_sidetag_owner and is_sidetag policy tests
These policy tests would previously always return a null result. Now they return the correct one.
Utilities Changes¶
Garbage Collector¶
Systemd units for koji-gc
The systemd units(service and timer) are now installed by default.
Allow specifying CC and BCC address for email notifications
New options cc_addr, bcc_addr in config file, or CLI options
--cc-addr, --bcc-addr are available now.
Set smtp_host to localhost by default
The previous the default value was None, which would cause failures
if notifications were enabled.
Kojira¶
New option: queue_file for task queue monitoring
With a writable filepath specified, the state information will be saved into this file in each cycle. For more information, please refer to Kojira.
Use mtime of repo directory to determine the age
Kojira should now do a better job of determining the age of a repo at startup.
Fix logic detecting directories for pruneLocalRepos
The condition was opposite before.
Totally drop SysV support
Thus, we won’t provide kojira service on <=EL6 platform.
Repo deletion within thread
Kojira are now able to delete repos in a separated thread.
The old delete_batch_size option is no longer used and has been removed.
koji-sidetag-cleanup¶
Set the shebang to /usr/bin/python2 on RHEL<=7
Otherwise, the build will fail on RHEL<=7.
koji-sweep-db¶
use “Type=oneshot” for systemd
oneshot is the appropriate choice for periodic cleanup scripts, see systemd
docs.