mirror of
https://github.com/rocky-linux/ansible-role-kojihub.git
synced 2024-10-13 10:45:10 +00:00
simple improvements
This commit is contained in:
parent
e83200dc47
commit
33dfd7fd2e
@ -98,6 +98,14 @@ koji_hub_plugins: false
|
||||
koji_hub_plugins_list:
|
||||
- key_signing
|
||||
|
||||
koji_hub_plugin_key_gpg_keyphrase: lol
|
||||
koji_hub_plugin_key_gpg_name: testing-signing
|
||||
koji_hub_plugin_key_gpg_id: bbe2c108
|
||||
koji_hub_plugin_key_build_target: "dist-rocky8 dist-rocky9"
|
||||
koji_hub_plugin_key_testing_tag: dist-rocky8-testing
|
||||
koji_hub_plugin_key_testing: "True"
|
||||
koji_hub_plugin_key_sigul_config: "/etc/koji-hub/sigul.conf"
|
||||
|
||||
# Not implemented
|
||||
koji_hub_plugin_mqtt_host: mqtt.rockylinux.org
|
||||
koji_hub_plugin_mqtt_topic: koji
|
||||
|
@ -5,6 +5,8 @@
|
||||
# Based on another plugin, updated and refinements where needed:
|
||||
# -> Config file introduced
|
||||
# -> Some linting
|
||||
#
|
||||
# TODO: Hook into a vault system
|
||||
|
||||
import sys
|
||||
import logging
|
||||
@ -28,7 +30,8 @@ gpg_key_name = CONFIG.get('signing', 'gpg_key_name')
|
||||
gpg_key_id = CONFIG.get('signing', 'gpg_key_id')
|
||||
build_target = CONFIG.get('signing', 'build_target').split()
|
||||
testing_tag = CONFIG.get('signing', 'testing_tag')
|
||||
send_to_testing = CONFIG.get('signing', 'testing')
|
||||
send_to_testing = CONFIG.get('signing', 'send_to_testing')
|
||||
sigul_config = CONFIG.get('signing', 'sigul_config')
|
||||
|
||||
def key_signing(cbtype, *args, **kws):
|
||||
# Make sure this is a package build and nothing else
|
||||
@ -56,7 +59,8 @@ def key_signing(cbtype, *args, **kws):
|
||||
# If configured, tag for a testing repo
|
||||
if send_to_testing:
|
||||
kojifunctions.tagBuild(testing_tag,kws['build']['id'])
|
||||
logging.getLogger('koji.plugin.key_signing').info('the package %s has been tagged to %s'%(kws['build']['name'],testing_tag))
|
||||
logging.getLogger('koji.plugin.key_signing').info(
|
||||
'the package %s has been tagged to %s' % (kws['build']['name'],testing_tag))
|
||||
|
||||
def run_sigul(command):
|
||||
child = subprocess.Popen(command, stdin=subprocess.PIPE,
|
||||
@ -66,16 +70,18 @@ def run_sigul(command):
|
||||
ret = child.wait()
|
||||
logging.getLogger('koji.plugin.key_signing').info('sigul returned with code: %s',ret)
|
||||
if ret != 0:
|
||||
logging.getLogger('koji.plugin.key_signing').error('sigul command failed: %s returned: %s',command,child.communicate())
|
||||
logging.getLogger('koji.plugin.key_signing').error(
|
||||
'sigul command failed: %s returned: %s',command,child.communicate())
|
||||
sys.exit(1)
|
||||
|
||||
def key_signing_rpm(rpm_name):
|
||||
# Check to make sure the key works
|
||||
command = "sigul --batch get-public-key %s" % gpg_key_name
|
||||
command = "sigul -c %s --batch get-public-key %s" % (sigul_config, gpg_key_name)
|
||||
run_sigul(command)
|
||||
|
||||
# Run the actual sign command
|
||||
command = "sigul --batch sign-rpm --koji-only --store-in-koji --v3-signature %s %s" % (gpg_key_name, rpm_name)
|
||||
command = ("sigul -c %s --batch sign-rpm --koji-only --store-in-koji"
|
||||
" --v3-signature %s %s" % (sigul_config, gpg_key_name, rpm_name))
|
||||
logging.getLogger('koji.plugin.key_signing').info('running sigul command: %s',command)
|
||||
run_sigul(command)
|
||||
|
||||
|
@ -1,6 +1,8 @@
|
||||
[signing]
|
||||
passphrase = lol
|
||||
gpg_key_name = 'testing-signing'
|
||||
gpg_key_id = 'bbe2c108'
|
||||
build_target = ['dist-rocky8']
|
||||
testing_tag = 'dist-rocky8-testing'
|
||||
passphrase = {{ koji_hub_key_gpg_keyphrase }}
|
||||
gpg_key_name = {{ koji_hub_plugin_key_gpg_name }}
|
||||
gpg_key_id = {{ koji_hub_plugin_key_gpg_id }}
|
||||
build_target = {{ koji_hub_plugin_key_build_target }}
|
||||
testing_tag = {{ koji_hub_plugin_key_testing_tag }}
|
||||
send_to_testing = {{ koji_hub_plugin_key_testing }}
|
||||
sigul_config = {{ koji_hub_plugin_key_sigul_config }}
|
||||
|
Loading…
Reference in New Issue
Block a user