[Patch] Add a policy spec so that only package owners can tag builds
by Jitesh Shah
We recently had a requirement that builds of a particular package should
only be managed by package owners (owner derived from the [package,tag]
pair) (Just to clear any possible confusion, I do NOT mean the build
owner, but the package owner)
Initially, I had assumed that only package owners can schedule builds of
their package, but a quick look at the code yielded nothing to prove the
assumption. So, I created a random user and verified that he can build
and tag packages.
Then, I looked at whether I can write a policy to this effect. But, none
of the tests that were already there seemed to provide the
functionality. So, I hacked up a patch to add a test.
With this patch in place, I can add a like "is_package_owner :: allow"
to allow only package owners to build. the policy spec in
my /etc/koji-hub/hub.conf looks like this now:
tag =
has_perm admin :: allow
is_package_owner :: allow
all :: deny
Do let me know whether it is sane and makes sense.
(The patch is NOT taken against the git HEAD, but it should apply easily
with some fuzz)
Jitesh
>From f10b458131c5a1aa75f97e2cb458051630918f04 Mon Sep 17 00:00:00 2001
From: Jitesh Shah <jiteshs(a)marvell.com>
Date: Wed, 28 Oct 2009 17:20:01 +0530
Subject: [PATCH] Add own policy spec
Signed-off-by: Jitesh Shah <jiteshs(a)marvell.com>
---
hub/kojihub.py | 20 ++++++++++++++++++++
1 files changed, 20 insertions(+), 0 deletions(-)
diff --git a/hub/kojihub.py b/hub/kojihub.py
index a281b5e..ef1c364 100644
--- a/hub/kojihub.py
+++ b/hub/kojihub.py
@@ -4443,6 +4443,26 @@ class IsBuildOwnerTest(koji.policy.BaseSimpleTest):
#otherwise...
return False
+class IsPackageOwnerTest(koji.policy.BaseSimpleTest):
+ """Check if user owns the build"""
+ name = "is_package_owner"
+ def run(self, data):
+ build = get_build(data['build'])
+ pkg_id = get_package_id(koji.parse_NVR(build['nvr'])['name'], strict=True)
+ tag = get_tag(data['tag'])
+ pkgs = readPackageList(tagID=tag['id'], pkgID=pkg_id, inherit=True)
+ owner_id = pkgs.get(pkg_id,None)['owner_id']
+ owner = get_user(owner_id)
+ user = get_user(data['user_id'])
+ if owner_id == user['id']:
+ return True
+ if owner['usertype'] == koji.USERTYPES['GROUP']:
+ # owner is a group, check to see if user is a member
+ if owner['id'] in koji.auth.get_user_groups(user['id']):
+ return True
+ #otherwise...
+ return False
+
class UserInGroupTest(koji.policy.BaseSimpleTest):
"""Check if user is in group(s)
--
1.6.0.3
13 years, 7 months
networkmanger fails in network config on boot rescue
by Sergio Monteiro Basto
Hi, newest Fedora 11 , build with pungi ,
when I select a installation from url, netwokmanager always fails to get
IP . its a nic , and try to run wpasupplicant !?
How I tell on grub to not use networkmanger and use the service
network ?
I need to use dhcp
reading this ML some one suggest
label one
kernel vmlinuz
append initrd=initrd.img text nofb gateway=1.2.3.1 dns=1.2.3.4
netmask=255.255.255.0 ks=url_of_ks_file method=url_of_satellite
but I'd like disable networkmanager since since service network works
well and NetworkManager don't. I try this on office where I need dhcp .
and at home with a simple router .
Thanks,
--
Sérgio M. B.
13 years, 7 months
the datails of Missing Dependency
by xiao li
This is the detailed information about Missing Dependency when I built the
srpms.BuildrootError: could not init mock buildroot, mock exited with status
30; see root.log for more information.The attachment is the root.log.Please
do me a favour.Thanks.
13 years, 7 months
Re: Missing Dependency
by Mike McLean
On 10/15/2009 10:53 PM, xiao li wrote:
> Frist,thanks for your help.
> I have expired all the repos before I submitted the problem.As you said,I
> have executed the instruction to expire all the repos in the db.But the
> problem existed all the same.Do you have another solutions? Thanks for your
> reply.
Please keep these discussions on the list.
Your original email doesn't really indicate much other than missing
dependencies. There are numerous possibilities.
Can provide some details about the problem? What does your tag/target
setup look like?
Just to clarify -- Did you mean to say that your setup was working fine
until you changed the ip address of a host? If so...
- are you sure that was the only change?
- was it only the ip address, or did the hostname change also?
- which machine(s) changed address and what was running on them?
- do your pkgurl and topurl settings in kojid.conf still reference an
appropriate address?
13 years, 7 months
Missing Dependency
by lixiao@nudt.edu.cn
Rencently,I changed the IP of my koji and regen-repo,but it shows missing
dependency.The root.log as follows,
redhat-rpm-config-8.0.45-29.el5.noarch from build has depsolving problems
--> Missing Dependency: perl(Getopt::Long) is needed by package
redhat-rpm-config-8.0.45-29.el5.noarch (build)
redhat-rpm-config-8.0.45-29.el5.noarch from build has depsolving problems
--> Missing Dependency: /bin/bash is needed by package
redhat-rpm-config-8.0.45-29.el5.noarch (build)
redhat-rpm-config-8.0.45-29.el5.noarch from build has depsolving problems
--> Missing Dependency: /bin/sh is needed by package
redhat-rpm-config-8.0.45-29.el5.noarch (build)
redhat-rpm-config-8.0.45-29.el5.noarch from build has depsolving problems
--> Missing Dependency: /usr/bin/perl is needed by package
redhat-rpm-config-8.0.45-29.el5.noarch (build)
Error: Missing Dependency: /bin/bash is needed by package
redhat-rpm-config-8.0.45-29.el5.noarch (build)
Error: Missing Dependency: /usr/bin/perl is needed by package
redhat-rpm-config-8.0.45-29.el5.noarch (build)
Error: Missing Dependency: perl(Getopt::Long) is needed by package
redhat-rpm-config-8.0.45-29.el5.noarch (build)
Error: Missing Dependency: /bin/sh is needed by package
redhat-rpm-config-8.0.45-29.el5.noarch (build)
13 years, 7 months
