Koji running on RHEL / CentOS 7
Didier Fabert
didier.fabert at gmail.com
Fri Jan 30 09:01:29 UTC 2015
On Thursday 29 January 2015 18:11:53 Allen Hewes wrote:
Hi,
el7 have md5 disable and if you have your ssl certificates with
'default_md=md5' parameter, you must recreate your pki with this parameter to
sha1 or better sha256 in your ssl.cnf
(http://fedoraproject.org/wiki/Koji/ServerHowTo).
to be sure that's the problem:
OPENSSL_ENABLE_MD5_VERIFY=1 koji regen-repo el5-decisiv
if this command run successfully, you know what to do ...
> Hi,
>
> I am trying to move from Koji 1.9.0 on RHEL 5.11 to Koji 1.9.0 (gitcd45e886)
> on CentOS 7. But it didn't help my issue:
>
> Testing out the new Koji instance with a task submission:
> $ koji --debug regen-repo el5-decisiv
> successfully connected to hub
> Warning: el5-decisiv is not a build tag
> Warning: tag el5-decisiv has an empty arch list Regenerating repo for tag
> el5-decisiv Watching tasks (this may be safely interrupted)... 30 newRepo
> (el5-decisiv): open (koji.decisiv.net) Traceback (most recent call last):
> File "/usr/bin/koji", line 6566, in <module>
> rv = locals()[command].__call__(options, session, args)
> File "/usr/bin/koji", line 6410, in handle_regen_repo
> return watch_tasks(session, [task_id], quiet=options.quiet)
> File "/usr/bin/koji", line 472, in watch_tasks
> changed = task.update()
> File "/usr/bin/koji", line 377, in update
> self.info = self.session.getTaskInfo(self.id, request=True)
> File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1556, in
> __call__ return self.__func(self.__name,args,opts)
> File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1899, in
> _callMethod return self._sendCall(handler, headers, request)
> File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1810, in
> _sendCall return self._sendOneCall(handler, headers, request)
> File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 1830, in
> _sendOneCall response = cnx.getresponse()
> File "/usr/lib64/python2.7/httplib.py", line 1045, in getresponse
> response.begin()
> File "/usr/lib64/python2.7/httplib.py", line 409, in begin
> version, status, reason = self._read_status()
> File "/usr/lib64/python2.7/httplib.py", line 365, in _read_status
> line = self.fp.readline(_MAXLINE + 1)
> File "/usr/lib64/python2.7/socket.py", line 476, in readline
> data = self._sock.recv(self._rbufsize)
> File "/usr/lib/python2.7/site-packages/koji/ssl/SSLConnection.py", line
> 140, in recv return con.recv(bufsize, flags)
> OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF')
>
> I added a rescue of SSL.SysCallError in the recv() function in
> /usr/lib/python2.7/site-packages/koji/ssl/SSLConnection.py:
>
> diff -uab /usr/lib/python2.7/site-packages/koji/ssl/SSLConnection.py
> /usr/lib/python2.7/site-packages/koji/ssl/SSLConnection.py.b ---
> /usr/lib/python2.7/site-packages/koji/ssl/SSLConnection.py 2015-01-29
> 04:00:08.000000000 +0000 +++
> /usr/lib/python2.7/site-packages/koji/ssl/SSLConnection.py.b
> 2015-01-29 04:00:56.224059850 +0000 @@ -138,6 +138,11 @@
>
> try:
> return con.recv(bufsize, flags)
> + except SSL.SysCallError as e:
> + if e.args == (-1, 'Unexpected EOF'):
> + break
> + else:
> + raise
> except SSL.ZeroReturnError:
> return None
> except SSL.WantReadError:
>
> Which then the task submission succeeds:
> $ koji --debug regen-repo el5-decisiv
> successfully connected to hub
> Warning: el5-decisiv is not a build tag
> Warning: tag el5-decisiv has an empty arch list Regenerating repo for tag
> el5-decisiv Watching tasks (this may be safely interrupted)... 32 newRepo
> (el5-decisiv): free
> 32 newRepo (el5-decisiv): free -> closed
> 0 free 0 open 1 done 0 failed
>
> 32 newRepo (el5-decisiv) completed successfully
>
> I couldn't find a Koji ticket for this error so I don't know if I am making
> it worse or what I added is Good Enough to use? Is this a known issue?
>
> I also had to install a newer createrepo. I was getting the mergerepo error
> here: https://bugzilla.redhat.com/show_bug.cgi?id=1058975
>
> Maybe createrepo should be updated for EPEL 7?
>
> /allen
>
> ________________________________
>
> Disclaimer Confidentiality Notice: This e-mail, and any attachments and/or
> documents linked to this email, are intended for the addressee and may
> contain information that is privileged, confidential, proprietary, or
> otherwise protected by law. Any dissemination, distribution, or copying is
> prohibited. This notice serves as a confidentiality marking for the purpose
> of any confidentiality or nondisclosure agreement. If you have received
> this communication in error, please contact the original sender. --
> buildsys mailing list
> buildsys at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/buildsys
--
Didier
More information about the buildsys
mailing list