Fw: Mock, autosigning
Miroslav Suchy
msuchy at redhat.com
Mon Feb 16 22:16:24 UTC 2015
On 02/16/2015 09:11 PM, Clark Williams wrote:
> for mock. The wiki page tells to go to Trac, and trac doesn’t say
> anything:) So please forgive me for looking at git logs and reaching
Good point. I added point of contact on Trac wiki.
> I’ve been working on a small patch to mock that adds automatic signing
> of built package. It also introduces a small api change, so please let
> me know if it’s wrong and if you have a better idea:) Let me also know
> if there’s a better place to post patches:)
Generally I have no problem with adding signing plugin. I doubt that
Koji will use it, but having it disabled will harm nothing. I can
definitely use it in Copr and remove some Copr code when this will be live.
I have some technical comments thou:
Can you please add (commented out) example to etc/mock/site-defaults.cfg ?
I do not understand the necessity of changing API. The result dir is
defined in buildroot.resultdir in __init__() of plugin and stored to
instance variable and then just walk() that directory.
You are adding new dependency on rpm-sign. It is just optional (just
plugin and disabled by default). Therefore I would use "Suggests: rpm-sign".
Better description in commit message would be nice :)
Rather then
self.sign_rpm(item)
i.e. sign each file separately. I would rather pass them all in one
list. So the binary is called just once.
> Regards,
> Lta.
>
>
> Original html part
>
>
> Hi,
>
> I’ve been wandering around the different mock pages (wiki/trac), and I
> haven’t found any indications about the preferred way to submit patches
> for mock. The wiki page tells to go to Trac, and trac doesn’t say
> anything :) So please forgive me for looking at git logs and reaching
> out to the most recent/active contributor :)
>
> I’ve been working on a small patch to mock that adds automatic signing
> of built package. It also introduces a small api change, so please let
> me know if it’s wrong and if you have a better idea :)
> Let me also know if there’s a better place to post patches :)
>
> Regards,
> Lta.
>
> sign-plugin.patch
>
>
> commit 04c369b5e829d4007929f00febc44fd433c18601
> Author: Julien 'Lta' BALLET<lta at fb.com>
> Date: Wed Jan 21 18:16:36 2015 -0800
>
> yummy:patch0:sign-plugin.patch
>
> diff --git a/Makefile.am b/Makefile.am
> index 597906d..84ca35e 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -57,7 +57,8 @@ plugins_PYTHON = \
> py/mockbuild/plugins/yum_cache.py \
> py/mockbuild/plugins/selinux.py \
> py/mockbuild/plugins/mount.py \
> - py/mockbuild/plugins/lvm_root.py
> + py/mockbuild/plugins/lvm_root.py \
> + py/mockbuild/plugins/sign.py
>
> mockbuilddir = $(pythondir)/mockbuild
> mockbuild_PYTHON = \
> diff --git a/py/mockbuild/backend.py b/py/mockbuild/backend.py
> index 1fbc228..d1ddede 100644
> --- a/py/mockbuild/backend.py
> +++ b/py/mockbuild/backend.py
> @@ -188,6 +188,7 @@ class Commands(object):
> @traceLog()
> def build(self, srpm, timeout, check=True):
> """build an srpm into binary rpms, capture log"""
> + results = None
>
> # tell caching we are building
> self.plugins.call_hooks('earlyprebuild')
> @@ -226,7 +227,7 @@ class Commands(object):
>
> results = self.rebuild_package(spec_path, timeout, check)
> if results:
> - self.copy_build_results(results)
> + results = self.copy_build_results(results)
> elif self.config.get('short_circuit'):
> self.buildroot.root_log.info("Short circuit builds don't produce RPMs")
> else:
> @@ -238,7 +239,7 @@ class Commands(object):
> if not util.USE_NSPAWN:
> self.uid_manager.restorePrivs()
> # tell caching we are done building
> - self.plugins.call_hooks('postbuild')
> + self.plugins.call_hooks('postbuild', results)
> self.state.finish(buildstate)
>
>
> @@ -299,6 +300,7 @@ class Commands(object):
> @traceLog()
> def buildsrpm(self, spec, sources, timeout, follow_links):
> """build an srpm, capture log"""
> + result = None
>
> # tell caching we are building
> self.plugins.call_hooks('earlyprebuild')
> @@ -336,13 +338,14 @@ class Commands(object):
> self.buildroot.root_log.debug("Copying package to result dir")
> shutil.copy2(rebuilt_srpm, self.buildroot.resultdir)
>
> - return os.path.join(self.buildroot.resultdir, srpm_basename)
> + result = os.path.join(self.buildroot.resultdir, srpm_basename)
> + return result
>
> finally:
> self.uid_manager.restorePrivs()
>
> # tell caching we are done building
> - self.plugins.call_hooks('postbuild')
> + self.plugins.call_hooks('postbuild', [result])
> self.state.finish("buildsrpm")
>
>
> @@ -440,5 +443,10 @@ class Commands(object):
> @traceLog()
> def copy_build_results(self, results):
> self.buildroot.root_log.debug("Copying packages to result dir")
> +
> + copied_results = []
> for item in results:
> shutil.copy2(item, self.buildroot.resultdir)
> + copied_results.append(os.path.join(self.buildroot.resultdir,
> + os.path.basename(item)))
> + return copied_results
> diff --git a/py/mockbuild/plugin.py b/py/mockbuild/plugin.py
> index 435e0f5..be74a87 100644
> --- a/py/mockbuild/plugin.py
> +++ b/py/mockbuild/plugin.py
> @@ -24,6 +24,7 @@ class Plugins(object):
> self.plugin_conf[key]['cache_topdir'] = buildroot.cache_topdir
> self.plugin_conf[key]['cachedir'] = buildroot.cachedir
> self.plugin_conf[key]['root'] = buildroot.shared_root_name
> + self.plugin_conf[key]['resultdir'] = buildroot.resultdir
>
> self.state.start("init plugins")
> # Import plugins (simplified copy of what yum does). Can add yum
> diff --git a/py/mockbuild/plugins/sign.py b/py/mockbuild/plugins/sign.py
> new file mode 100644
> index 0000000..9825c85
> --- /dev/null
> +++ b/py/mockbuild/plugins/sign.py
> @@ -0,0 +1,44 @@
> +# vim:expandtab:autoindent:tabstop=4:shiftwidth=4:filetype=python:textwidth=0:
> +# License: GPL2 or later see COPYING
> +# Written by Julien BALLET<lta at fb.com>
> +# Copyright (C) 2014 Facebook
> +
> +# python library imports
> +from mockbuild.trace_decorator import traceLog, getLog
> +from mockbuild.util import do
> +import re
> +
> +requires_api_version = "1.1"
> +
> +# plugin entry point
> + at traceLog()
> +def init(plugins, conf, buildroot):
> + Sign(plugins, conf, buildroot)
> +
> +
> +class Sign(object):
> + """Automatically sign package after build"""
> +
> + @traceLog()
> + def __init__(self, plugins, conf, buildroot):
> + self.plugins = plugins
> + self.conf = conf
> + self.buildroot = buildroot
> + self.plugins.add_hook('postbuild', self.sign_results)
> +
> + getLog().info(conf)
> + getLog().info("enabled package signing")
> +
> + def sign_rpm(self, rpm):
> + getLog().info("Signing %s", rpm)
> +
> + opts = self.conf['opts'] % {'rpm': rpm}
> + cmd = "{0} {1}".format(self.conf['cmd'], opts)
> + do(cmd, pty=True, printOutput=True, shell=True)
> +
> + def sign_results(self, results, *args, **kwargs):
> + if results is None:
> + return
> + for item in results:
> + if re.search(r'\.rpm$', item):
> + self.sign_rpm(item)
> diff --git a/py/mockbuild/util.py b/py/mockbuild/util.py
> index 33bc617..2fc237c 100644
> --- a/py/mockbuild/util.py
> +++ b/py/mockbuild/util.py
> @@ -72,7 +72,7 @@ personality_defs = {
>
> PLUGIN_LIST = ['tmpfs', 'root_cache', 'yum_cache', 'bind_mount',
> 'ccache', 'selinux', 'package_state', 'chroot_scan',
> - 'lvm_root', 'compress_logs']
> + 'lvm_root', 'compress_logs', 'sign']
>
> # This is set to False on EL6 in build time
> USE_NSPAWN = False
> @@ -685,6 +685,11 @@ def setup_default_config_opts(unprivUid, version, pkgpythondir):
> "\\bcore(\\.\\d+)?$",
> "\\.log$",
> ]},
> + 'sign_enable': False,
> + 'sign_opts': {
> + 'cmd' : 'rpmsign',
> + 'opts' : '--addsign %(rpm)s',
> + },
> }
>
> config_opts['environment'] = {
More information about the buildsys
mailing list