simple improvements

2024-12-03 17:26:24 +00:00 · 2021-02-16 21:55:35 -07:00 · 2021-02-16 21:55:35 -07:00 · 33dfd7fd2e
commit 33dfd7fd2e
parent e83200dc47
3 changed files with 26 additions and 10 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -98,6 +98,14 @@ koji_hub_plugins: false
 koji_hub_plugins_list:
  - key_signing

+koji_hub_plugin_key_gpg_keyphrase: lol
+koji_hub_plugin_key_gpg_name: testing-signing
+koji_hub_plugin_key_gpg_id: bbe2c108
+koji_hub_plugin_key_build_target: "dist-rocky8 dist-rocky9"
+koji_hub_plugin_key_testing_tag: dist-rocky8-testing
+koji_hub_plugin_key_testing: "True"
+koji_hub_plugin_key_sigul_config: "/etc/koji-hub/sigul.conf"
+
 # Not implemented
 koji_hub_plugin_mqtt_host: mqtt.rockylinux.org
 koji_hub_plugin_mqtt_topic: koji
--- a/files/usr/lib/koji-hub-plugins/key_signing.py
+++ b/files/usr/lib/koji-hub-plugins/key_signing.py
@ -5,6 +5,8 @@
 # Based on another plugin, updated and refinements where needed:
 #   -> Config file introduced
 #   -> Some linting
+#
+# TODO: Hook into a vault system

 import sys
 import logging
@ -28,7 +30,8 @@ gpg_key_name = CONFIG.get('signing', 'gpg_key_name')
 gpg_key_id = CONFIG.get('signing', 'gpg_key_id')
 build_target = CONFIG.get('signing', 'build_target').split()
 testing_tag = CONFIG.get('signing', 'testing_tag')
-send_to_testing = CONFIG.get('signing', 'testing')
+send_to_testing = CONFIG.get('signing', 'send_to_testing')
+sigul_config = CONFIG.get('signing', 'sigul_config')

 def key_signing(cbtype, *args, **kws):
    # Make sure this is a package build and nothing else
@ -56,7 +59,8 @@ def key_signing(cbtype, *args, **kws):
    # If configured, tag for a testing repo
    if send_to_testing:
        kojifunctions.tagBuild(testing_tag,kws['build']['id'])
-        logging.getLogger('koji.plugin.key_signing').info('the package %s has been tagged to %s'%(kws['build']['name'],testing_tag))
+        logging.getLogger('koji.plugin.key_signing').info(
+                'the package %s has been tagged to %s' % (kws['build']['name'],testing_tag))

 def run_sigul(command):
    child = subprocess.Popen(command, stdin=subprocess.PIPE,
@ -66,16 +70,18 @@ def run_sigul(command):
    ret = child.wait()
    logging.getLogger('koji.plugin.key_signing').info('sigul returned with code: %s',ret)
    if ret != 0:
-        logging.getLogger('koji.plugin.key_signing').error('sigul command failed: %s returned: %s',command,child.communicate())
+        logging.getLogger('koji.plugin.key_signing').error(
+                'sigul command failed: %s returned: %s',command,child.communicate())
        sys.exit(1)

 def key_signing_rpm(rpm_name):
    # Check to make sure the key works
-    command = "sigul --batch get-public-key %s" % gpg_key_name
+    command = "sigul -c %s --batch get-public-key %s" % (sigul_config, gpg_key_name)
    run_sigul(command)

    # Run the actual sign command
-    command = "sigul --batch sign-rpm --koji-only --store-in-koji --v3-signature %s %s" % (gpg_key_name, rpm_name)
+    command = ("sigul -c %s --batch sign-rpm --koji-only --store-in-koji"
+               " --v3-signature %s %s" % (sigul_config, gpg_key_name, rpm_name))
    logging.getLogger('koji.plugin.key_signing').info('running sigul command: %s',command)
    run_sigul(command)

--- a/templates/etc/koji-hub/plugins/key_signing.conf.j2
+++ b/templates/etc/koji-hub/plugins/key_signing.conf.j2
@ -1,6 +1,8 @@
 [signing]
-passphrase = lol
-gpg_key_name = 'testing-signing'
-gpg_key_id = 'bbe2c108'
-build_target = ['dist-rocky8']
-testing_tag = 'dist-rocky8-testing'
+passphrase = {{ koji_hub_key_gpg_keyphrase }}
+gpg_key_name = {{ koji_hub_plugin_key_gpg_name }}
+gpg_key_id = {{ koji_hub_plugin_key_gpg_id }}
+build_target = {{ koji_hub_plugin_key_build_target }}
+testing_tag = {{ koji_hub_plugin_key_testing_tag }}
+send_to_testing = {{ koji_hub_plugin_key_testing }}
+sigul_config = {{ koji_hub_plugin_key_sigul_config }}