From 33dfd7fd2e709a733d8ca5b66210795ca92a870b Mon Sep 17 00:00:00 2001 From: nazunalika Date: Tue, 16 Feb 2021 21:55:35 -0700 Subject: [PATCH] simple improvements --- defaults/main.yml | 8 ++++++++ files/usr/lib/koji-hub-plugins/key_signing.py | 16 +++++++++++----- .../etc/koji-hub/plugins/key_signing.conf.j2 | 12 +++++++----- 3 files changed, 26 insertions(+), 10 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index ccbe839..c5fa589 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -98,6 +98,14 @@ koji_hub_plugins: false koji_hub_plugins_list: - key_signing +koji_hub_plugin_key_gpg_keyphrase: lol +koji_hub_plugin_key_gpg_name: testing-signing +koji_hub_plugin_key_gpg_id: bbe2c108 +koji_hub_plugin_key_build_target: "dist-rocky8 dist-rocky9" +koji_hub_plugin_key_testing_tag: dist-rocky8-testing +koji_hub_plugin_key_testing: "True" +koji_hub_plugin_key_sigul_config: "/etc/koji-hub/sigul.conf" + # Not implemented koji_hub_plugin_mqtt_host: mqtt.rockylinux.org koji_hub_plugin_mqtt_topic: koji diff --git a/files/usr/lib/koji-hub-plugins/key_signing.py b/files/usr/lib/koji-hub-plugins/key_signing.py index a9e8589..0d8b422 100644 --- a/files/usr/lib/koji-hub-plugins/key_signing.py +++ b/files/usr/lib/koji-hub-plugins/key_signing.py @@ -5,6 +5,8 @@ # Based on another plugin, updated and refinements where needed: # -> Config file introduced # -> Some linting +# +# TODO: Hook into a vault system import sys import logging @@ -28,7 +30,8 @@ gpg_key_name = CONFIG.get('signing', 'gpg_key_name') gpg_key_id = CONFIG.get('signing', 'gpg_key_id') build_target = CONFIG.get('signing', 'build_target').split() testing_tag = CONFIG.get('signing', 'testing_tag') -send_to_testing = CONFIG.get('signing', 'testing') +send_to_testing = CONFIG.get('signing', 'send_to_testing') +sigul_config = CONFIG.get('signing', 'sigul_config') def key_signing(cbtype, *args, **kws): # Make sure this is a package build and nothing else @@ -56,7 +59,8 @@ def key_signing(cbtype, *args, **kws): # If configured, tag for a testing repo if send_to_testing: kojifunctions.tagBuild(testing_tag,kws['build']['id']) - logging.getLogger('koji.plugin.key_signing').info('the package %s has been tagged to %s'%(kws['build']['name'],testing_tag)) + logging.getLogger('koji.plugin.key_signing').info( + 'the package %s has been tagged to %s' % (kws['build']['name'],testing_tag)) def run_sigul(command): child = subprocess.Popen(command, stdin=subprocess.PIPE, @@ -66,16 +70,18 @@ def run_sigul(command): ret = child.wait() logging.getLogger('koji.plugin.key_signing').info('sigul returned with code: %s',ret) if ret != 0: - logging.getLogger('koji.plugin.key_signing').error('sigul command failed: %s returned: %s',command,child.communicate()) + logging.getLogger('koji.plugin.key_signing').error( + 'sigul command failed: %s returned: %s',command,child.communicate()) sys.exit(1) def key_signing_rpm(rpm_name): # Check to make sure the key works - command = "sigul --batch get-public-key %s" % gpg_key_name + command = "sigul -c %s --batch get-public-key %s" % (sigul_config, gpg_key_name) run_sigul(command) # Run the actual sign command - command = "sigul --batch sign-rpm --koji-only --store-in-koji --v3-signature %s %s" % (gpg_key_name, rpm_name) + command = ("sigul -c %s --batch sign-rpm --koji-only --store-in-koji" + " --v3-signature %s %s" % (sigul_config, gpg_key_name, rpm_name)) logging.getLogger('koji.plugin.key_signing').info('running sigul command: %s',command) run_sigul(command) diff --git a/templates/etc/koji-hub/plugins/key_signing.conf.j2 b/templates/etc/koji-hub/plugins/key_signing.conf.j2 index b19bf20..7aebb5c 100644 --- a/templates/etc/koji-hub/plugins/key_signing.conf.j2 +++ b/templates/etc/koji-hub/plugins/key_signing.conf.j2 @@ -1,6 +1,8 @@ [signing] -passphrase = lol -gpg_key_name = 'testing-signing' -gpg_key_id = 'bbe2c108' -build_target = ['dist-rocky8'] -testing_tag = 'dist-rocky8-testing' +passphrase = {{ koji_hub_key_gpg_keyphrase }} +gpg_key_name = {{ koji_hub_plugin_key_gpg_name }} +gpg_key_id = {{ koji_hub_plugin_key_gpg_id }} +build_target = {{ koji_hub_plugin_key_build_target }} +testing_tag = {{ koji_hub_plugin_key_testing_tag }} +send_to_testing = {{ koji_hub_plugin_key_testing }} +sigul_config = {{ koji_hub_plugin_key_sigul_config }}