[PATCH] Mock autosigning

Julien Ballet lta at fb.com
Fri Apr 17 23:20:25 UTC 2015


Thank you very much Mirek for the review, here’s a fixed version.

>First it does not apply cleanly. Please rebase on mater and send output of
> git format-patch HEAD~1
>instead of
> git show

Very bad habit, sorry :-/

>Anyway I resolved two conflicts there manually, but I am getting;
>  You must set "%_gpg_name" in your macro file
>Despite the fact that I have it in my
>  ~/.rpmmacros
>despite the fact I put it into
>  config_opts['macros']['%_gpg_name'] = "msuchy"
>in site-defaults.cfg

It looks like mock mess with the environment, and by the time the sign
plugin is invoked, os.environ[‘HOME’] contains /builddir which prevent rpm
—addsign to work. To be honest, we sign with a different tool so I didn’t
tested enough 'rpm —addsign'
I updated the site-defaults.cfg with a way to make it work using -D options

>Another problem can be, that the plugin is executed as root.
>You may want to call
>  self.uid_manager.dropPrivsTemp()
>before calling do()
>and then:
>  self.buildroot.uid_manager.restorePrivs()

Done. Thank you for pointing that out !

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-a-plugin-that-calls-command-from-the-host-on-the.patch
Type: application/octet-stream
Size: 5051 bytes
Desc: 0001-Add-a-plugin-that-calls-command-from-the-host-on-the.patch
URL: <http://lists.fedoraproject.org/pipermail/buildsys/attachments/20150417/4301856f/attachment.obj>

More information about the buildsys mailing list