simple improvements

defaults/main.yml

@@ -98,6 +98,14 @@ koji_hub_plugins: false
 koji_hub_plugins_list:
   - key_signing
 
+koji_hub_plugin_key_gpg_keyphrase: lol
+koji_hub_plugin_key_gpg_name: testing-signing
+koji_hub_plugin_key_gpg_id: bbe2c108
+koji_hub_plugin_key_build_target: "dist-rocky8 dist-rocky9"
+koji_hub_plugin_key_testing_tag: dist-rocky8-testing
+koji_hub_plugin_key_testing: "True"
+koji_hub_plugin_key_sigul_config: "/etc/koji-hub/sigul.conf"
+
 # Not implemented
 koji_hub_plugin_mqtt_host: mqtt.rockylinux.org
 koji_hub_plugin_mqtt_topic: koji

files/usr/lib/koji-hub-plugins/key_signing.py

@@ -5,6 +5,8 @@
 # Based on another plugin, updated and refinements where needed:
 #   -> Config file introduced
 #   -> Some linting
+#
+# TODO: Hook into a vault system
 
 import sys
 import logging
@@ -28,7 +30,8 @@ gpg_key_name = CONFIG.get('signing', 'gpg_key_name')
 gpg_key_id = CONFIG.get('signing', 'gpg_key_id')
 build_target = CONFIG.get('signing', 'build_target').split()
 testing_tag = CONFIG.get('signing', 'testing_tag')
-send_to_testing = CONFIG.get('signing', 'testing')
+send_to_testing = CONFIG.get('signing', 'send_to_testing')
+sigul_config = CONFIG.get('signing', 'sigul_config')
 
 def key_signing(cbtype, *args, **kws):
     # Make sure this is a package build and nothing else
@@ -56,7 +59,8 @@ def key_signing(cbtype, *args, **kws):
     # If configured, tag for a testing repo
     if send_to_testing:
         kojifunctions.tagBuild(testing_tag,kws['build']['id'])
-        logging.getLogger('koji.plugin.key_signing').info('the package %s has been tagged to %s'%(kws['build']['name'],testing_tag))
+        logging.getLogger('koji.plugin.key_signing').info(
+                'the package %s has been tagged to %s' % (kws['build']['name'],testing_tag))
 
 def run_sigul(command):
     child = subprocess.Popen(command, stdin=subprocess.PIPE,
@@ -66,16 +70,18 @@ def run_sigul(command):
     ret = child.wait()
     logging.getLogger('koji.plugin.key_signing').info('sigul returned with code: %s',ret)
     if ret != 0:
-        logging.getLogger('koji.plugin.key_signing').error('sigul command failed: %s returned: %s',command,child.communicate())
+        logging.getLogger('koji.plugin.key_signing').error(
+                'sigul command failed: %s returned: %s',command,child.communicate())
         sys.exit(1)
 
 def key_signing_rpm(rpm_name):
     # Check to make sure the key works
-    command = "sigul --batch get-public-key %s" % gpg_key_name
+    command = "sigul -c %s --batch get-public-key %s" % (sigul_config, gpg_key_name)
     run_sigul(command)
 
     # Run the actual sign command
-    command = "sigul --batch sign-rpm --koji-only --store-in-koji --v3-signature %s %s" % (gpg_key_name, rpm_name)
+    command = ("sigul -c %s --batch sign-rpm --koji-only --store-in-koji"
+               " --v3-signature %s %s" % (sigul_config, gpg_key_name, rpm_name))
     logging.getLogger('koji.plugin.key_signing').info('running sigul command: %s',command)
     run_sigul(command)
 

templates/etc/koji-hub/plugins/key_signing.conf.j2

@@ -1,6 +1,8 @@
 [signing]
-passphrase = lol
-gpg_key_name = 'testing-signing'
-gpg_key_id = 'bbe2c108'
-build_target = ['dist-rocky8']
-testing_tag = 'dist-rocky8-testing'
+passphrase = {{ koji_hub_key_gpg_keyphrase }}
+gpg_key_name = {{ koji_hub_plugin_key_gpg_name }}
+gpg_key_id = {{ koji_hub_plugin_key_gpg_id }}
+build_target = {{ koji_hub_plugin_key_build_target }}
+testing_tag = {{ koji_hub_plugin_key_testing_tag }}
+send_to_testing = {{ koji_hub_plugin_key_testing }}
+sigul_config = {{ koji_hub_plugin_key_sigul_config }}