On 02/16/2015 09:11 PM, Clark Williams wrote:
for mock. The wiki page tells to go to Trac, and trac doesn’t say
anything:) So please forgive me for looking at git logs and reaching
Good point. I added point of contact on Trac wiki.
I’ve been working on a small patch to mock that adds automatic signing
of built package. It also introduces a small api change, so please let
me know if it’s wrong and if you have a better idea:) Let me also know
if there’s a better place to post patches:)
Generally I have no problem with adding signing plugin. I doubt that
Koji will use it, but having it disabled will harm nothing. I can
definitely use it in Copr and remove some Copr code when this will be live.
I have some technical comments thou:
Can you please add (commented out) example to etc/mock/site-defaults.cfg ?
I do not understand the necessity of changing API. The result dir is
defined in buildroot.resultdir in __init__() of plugin and stored to
instance variable and then just walk() that directory.
You are adding new dependency on rpm-sign. It is just optional (just
plugin and disabled by default). Therefore I would use "Suggests: rpm-sign".
Better description in commit message would be nice :)
Rather then
self.sign_rpm(item)
i.e. sign each file separately. I would rather pass them all in one
list. So the binary is called just once.
Regards,
Lta.
Original html part
Hi,
I’ve been wandering around the different mock pages (wiki/trac), and I
haven’t found any indications about the preferred way to submit patches
for mock. The wiki page tells to go to Trac, and trac doesn’t say
anything :) So please forgive me for looking at git logs and reaching
out to the most recent/active contributor :)
I’ve been working on a small patch to mock that adds automatic signing
of built package. It also introduces a small api change, so please let
me know if it’s wrong and if you have a better idea :)
Let me also know if there’s a better place to post patches :)
Regards,
Lta.
sign-plugin.patch
commit 04c369b5e829d4007929f00febc44fd433c18601
Author: Julien 'Lta' BALLET<[email protected]>
Date: Wed Jan 21 18:16:36 2015 -0800
yummy:patch0:sign-plugin.patch
diff --git a/Makefile.am b/Makefile.am
index 597906d..84ca35e 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -57,7 +57,8 @@ plugins_PYTHON = \
py/mockbuild/plugins/yum_cache.py \
py/mockbuild/plugins/selinux.py \
py/mockbuild/plugins/mount.py \
- py/mockbuild/plugins/lvm_root.py
+ py/mockbuild/plugins/lvm_root.py \
+ py/mockbuild/plugins/sign.py
mockbuilddir = $(pythondir)/mockbuild
mockbuild_PYTHON = \
diff --git a/py/mockbuild/backend.py b/py/mockbuild/backend.py
index 1fbc228..d1ddede 100644
--- a/py/mockbuild/backend.py
+++ b/py/mockbuild/backend.py
@@ -188,6 +188,7 @@ class Commands(object):
@traceLog()
def build(self, srpm, timeout, check=True):
"""build an srpm into binary rpms, capture log"""
+ results = None
# tell caching we are building
self.plugins.call_hooks('earlyprebuild')
@@ -226,7 +227,7 @@ class Commands(object):
results = self.rebuild_package(spec_path, timeout, check)
if results:
- self.copy_build_results(results)
+ results = self.copy_build_results(results)
elif self.config.get('short_circuit'):
self.buildroot.root_log.info("Short circuit builds don't produce
RPMs")
else:
@@ -238,7 +239,7 @@ class Commands(object):
if not util.USE_NSPAWN:
self.uid_manager.restorePrivs()
# tell caching we are done building
- self.plugins.call_hooks('postbuild')
+ self.plugins.call_hooks('postbuild', results)
self.state.finish(buildstate)
@@ -299,6 +300,7 @@ class Commands(object):
@traceLog()
def buildsrpm(self, spec, sources, timeout, follow_links):
"""build an srpm, capture log"""
+ result = None
# tell caching we are building
self.plugins.call_hooks('earlyprebuild')
@@ -336,13 +338,14 @@ class Commands(object):
self.buildroot.root_log.debug("Copying package to result dir")
shutil.copy2(rebuilt_srpm, self.buildroot.resultdir)
- return os.path.join(self.buildroot.resultdir, srpm_basename)
+ result = os.path.join(self.buildroot.resultdir, srpm_basename)
+ return result
finally:
self.uid_manager.restorePrivs()
# tell caching we are done building
- self.plugins.call_hooks('postbuild')
+ self.plugins.call_hooks('postbuild', [result])
self.state.finish("buildsrpm")
@@ -440,5 +443,10 @@ class Commands(object):
@traceLog()
def copy_build_results(self, results):
self.buildroot.root_log.debug("Copying packages to result dir")
+
+ copied_results = []
for item in results:
shutil.copy2(item, self.buildroot.resultdir)
+ copied_results.append(os.path.join(self.buildroot.resultdir,
+ os.path.basename(item)))
+ return copied_results
diff --git a/py/mockbuild/plugin.py b/py/mockbuild/plugin.py
index 435e0f5..be74a87 100644
--- a/py/mockbuild/plugin.py
+++ b/py/mockbuild/plugin.py
@@ -24,6 +24,7 @@ class Plugins(object):
self.plugin_conf[key]['cache_topdir'] = buildroot.cache_topdir
self.plugin_conf[key]['cachedir'] = buildroot.cachedir
self.plugin_conf[key]['root'] = buildroot.shared_root_name
+ self.plugin_conf[key]['resultdir'] = buildroot.resultdir
self.state.start("init plugins")
# Import plugins (simplified copy of what yum does). Can add yum
diff --git a/py/mockbuild/plugins/sign.py b/py/mockbuild/plugins/sign.py
new file mode 100644
index 0000000..9825c85
--- /dev/null
+++ b/py/mockbuild/plugins/sign.py
@@ -0,0 +1,44 @@
+# vim:expandtab:autoindent:tabstop=4:shiftwidth=4:filetype=python:textwidth=0:
+# License: GPL2 or later see COPYING
+# Written by Julien BALLET<[email protected]>
+# Copyright (C) 2014 Facebook
+
+# python library imports
+from mockbuild.trace_decorator import traceLog, getLog
+from mockbuild.util import do
+import re
+
+requires_api_version = "1.1"
+
+# plugin entry point
+@traceLog()
+def init(plugins, conf, buildroot):
+ Sign(plugins, conf, buildroot)
+
+
+class Sign(object):
+ """Automatically sign package after build"""
+
+ @traceLog()
+ def __init__(self, plugins, conf, buildroot):
+ self.plugins = plugins
+ self.conf = conf
+ self.buildroot = buildroot
+ self.plugins.add_hook('postbuild', self.sign_results)
+
+ getLog().info(conf)
+ getLog().info("enabled package signing")
+
+ def sign_rpm(self, rpm):
+ getLog().info("Signing %s", rpm)
+
+ opts = self.conf['opts'] % {'rpm': rpm}
+ cmd = "{0} {1}".format(self.conf['cmd'], opts)
+ do(cmd, pty=True, printOutput=True, shell=True)
+
+ def sign_results(self, results, *args, **kwargs):
+ if results is None:
+ return
+ for item in results:
+ if re.search(r'\.rpm$', item):
+ self.sign_rpm(item)
diff --git a/py/mockbuild/util.py b/py/mockbuild/util.py
index 33bc617..2fc237c 100644
--- a/py/mockbuild/util.py
+++ b/py/mockbuild/util.py
@@ -72,7 +72,7 @@ personality_defs = {
PLUGIN_LIST = ['tmpfs', 'root_cache', 'yum_cache', 'bind_mount',
'ccache', 'selinux', 'package_state', 'chroot_scan',
- 'lvm_root', 'compress_logs']
+ 'lvm_root', 'compress_logs', 'sign']
# This is set to False on EL6 in build time
USE_NSPAWN = False
@@ -685,6 +685,11 @@ def setup_default_config_opts(unprivUid, version,
pkgpythondir):
"\\bcore(\\.\\d+)?$",
"\\.log$",
]},
+ 'sign_enable': False,
+ 'sign_opts': {
+ 'cmd' : 'rpmsign',
+ 'opts' : '--addsign %(rpm)s',
+ },
}
config_opts['environment'] = {
--
buildsys mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/buildsys
