Modular variants can either be specified by a list of modules, or by a
list of Koji tags. In terms of comps preprocessing there should not be
any difference between the two.
Resolves: https://pagure.io/pungi/issue/1640
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
When there is an existing kerberos ticket, it gets precedence over the
environment variable with path to a keytab. That is not expected and the
user ticket can possibly lack permissions in CTS to be able to run the
compose successfully.
This patch fixes that by setting KRB5CCNAME to a fresh path. That way
there will not be any valid ticket, since the credentials cache does not
exist yet.
JIRA: RHELCMP-9742
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
Since version 9, the `koji-osbuild` plugin supports specifying upload
options as part of a Koji build. This enables one to upload the built
image directly to the cloud environment as part of the image build in
Koji.
Extend the configuration schema with `upload_options`.
Extend the documentation and describe valid `upload_options` values.
Add a unit test testing a scenario when `upload_options` are specified.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Modify the osbuild configuration schema to accept only an array with a
single value as the `image_types`, in addition to a single string. The
single string was supported by the schema also before, but this fact was
not mentioned in the documentation, nor it was supported by the
`koji-osbuild` plugin of version lower than `9`.
Update the documentation accordingly.
Add unit test for invalid configuration containing more than one image
type.
Signed-off-by: Tomas Hozza <thozza@redhat.com>
Apparently redirecting stderr to the same pipe as stdout does not
guarantee that the data will not be mangled together.
Flushing stdout before the profiler data is printed should ensure that
it does not end up in the middle of some RPM path.
Fixes: https://pagure.io/pungi/issue/1627
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
Pungi expects each module to be built for all architectures by default.
Unless the module is filtered out, missing metadata for a particular
arch would cause it to crash with a incomprehensible error message. This
should make it a little better.
Relates: https://pagure.io/releng/failed-composes/issue/3889
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
In order to start building Fedora IoT images with osbuild, we need to be able
to pass ostree options from pungi to the koji's osbuildImage task.
This commit adds support for it via new configuration options: ostree_url,
ostree_url and ostree_parent.
A test was added to cover these new options and they are were also added
into the documentation.
JIRA: COMPOSER-1702
Merges: https://pagure.io/pungi/pull-request/1624
Signed-off-by: Ondřej Budai <ondrej@budai.cz>
Use a different approach for building DVDs when xorriso is enabled.
The default of using genisoimage is not changed at all. When the config
option is set to use xorriso, the actual execution is different between
bootable and non-bootable images.
The non-bootable images are still created by running xorrisofs (which is
a compatibility tool with same UI as genisoimage). Since the image is
not bootable, there should be no problems with boot options.
For bootable images, Pungi will instead take the boot.iso generated by
Lorax, and use xorriso to inject all the extra files into the image.
The shell script that used to invoke all the commands to build the ISO
now runs the `xorriso` command in interactive mode and feeds another
file into it. The new file contains the xorriso commands to add the
required files to the image.
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
Fedora Rawhide (to be 37) packages jsonschema 4.9.0 at the moment, so we
can no longer get by with limiting the requirements. This patch makes
the validation work with both old and new version.
Fixes: rhbz#2113607
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
The pickle files are used for reusing results from old compose and the
failure should not block the compose process.
JIRA: RHELCMP-9494
Signed-off-by: Haibo Lin <hlin@redhat.com>
Checking start of the line is not sufficient for extra_isos that have
the variants in separate directories.
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
- Remove validation for modules obsoletes
We can have multiple obsoletes for one module
- Add unit tests to cover basic scenarios for
modules defaults && obsoletes
- Add additional check for invalid yaml file
in Defaults. Previously, empty list of default would
be returned when invalid yaml is present in Defaults
directory.
- Using MergeIndex for Obsoletes only (for now).
https://pagure.io/pungi/issue/1592
Signed-off-by: Marek Kulik <mkulik@redhat.com>
- This change is required for the following issue. Authentication is required for
importing composes to the CTS and finding generic keytabs
in different servers.
JIRA: RHELCMP-8930
Signed-off-by: Ozan Unsal <ounsal@redhat.com>
When looking for task ID in output of koji runroot command, do not check
just the first line. Instead look for first line that contains just a
number.
Most of the time, this should really be the first line. But if koji
client decides to print any warnings, this patch should skip that.
JIRA: RHELCMP-8944
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
There's a new major version released on PyPI, and it doesn't seem to
work with Pungi yet. Until code is updated to be compatible, let's
ensure tox won't try to install it.
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
The gssapi_login call is not retried automatically by Koji yet (see
koji#3170). Let's try to work around that by retrying in the calling
code.
JIRA: RHELCMP-8700
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
rcm-metadata configs contain definition of variants file. It can
be in form of SCM or file path. Before the fix, only variants
file's basename was consireded. Now the path can be written.
Example: variants_file = "comps/variants-rcmtools-2.0-rhel-8.xml"
JIRA: RHELCMP-8705
Signed-off-by: Ondrej Nosek <onosek@redhat.com>
Explain the use-case for this setting, and use the active voice to
explain what actions Pungi performs relative to other tools.
Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
Prior to this change, if a container image used Cachito with OSBS, then
OSBS would store additional "remote-sources" files in the Koji archives
for the build. Pungi cannot parse the metadata for these archive
entries, so it would crash in add_metadata():
File "pungi/phases/osbs.py", line 81, in process
self.worker(compose, variant, config)
File "pungi/phases/osbs.py", line 141, in worker
nvr, archive_ids = add_metadata(variant, task_id, compose, scratch)
File "pungi/phases/osbs.py", line 447, in add_metadata
arch = archive["extra"]["image"]["arch"]
KeyError: 'image'
Tell Koji to only return container image archives, and ignore these
remote-source archives.
Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
Clone the directory to the compose tmp directory
Update the test_scm in order to create real Compose object. Mock objects are not allowed
to create/delete files for preventing multiple clones
JIRA: RHELCMP-5250
Signed-off-by: Ozan Unsal <ounsal@redhat.com>
This should cover case where we there's a build like this:
foo-1-1.src.rpm
foo-sub-1-1.noarch.rpm
foo-debugsource-1-1.x86_64.rpm
The compose contains the noarch package, and should also have the
debugsource package. The original code only checked for
foo-sub-debugsource though.
JIRA: RHELCMP-7628
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
When the temporary directory is created with 0700, other programs
(potentially on another host) will have problems reading it.
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
JIRA: RHELCMP-7635
With this param, get_dir_from_scm will try to copy the tmp git dir to
compose target dir when error occurs.
This does not fix the issue but it would be helpful for debugging when
it occurs again.
JIRA: RHELCMP-7244
Signed-off-by: Haibo Lin <hlin@redhat.com>
The JSON source file should not require a mapping for all
variants/architectures. When something is specified, it should be
included.
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
Mention the corresponding "gather" or "repoclosure" backend settings in
the documentation for each setting.
Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
It was checked in a condition together with the configuration value, and
only ever explicitly used with the same value.
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
When a compose doesn't build any images, it won't produce any metadata
file for them, and thus it makes no sense to validate it.
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
Fixes: https://pagure.io/pungi/issue/1565
DNF repoclosure requires this option when checking a repository that is
not compatible with host architecture. It seems that when it is
compatible, it works as well.
Based on how the list of architectures is generated, we know that the
main one will always be first.
Fixes: https://pagure.io/pungi/issue/1562
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
When nothing in configuration or the image itself changed, let's just
copy the older one.
JIRA: RHELCMP-5969
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
This patch allows Pungi to reuse ISO image created in previous compose
if a list of assumptions proves to hold:
* If image is bootable, buildinstall phase must have been reused too.
* Compose configuration must have not changed (except for a few
whitelisted options).
* Volume ID of the ISO much not have changed.
* No RPM on the ISO must have changed.
The ISO also contains other files. Changes in extra files and product ID
certificates should be visible in configuration (the SHA will differ).
Similarly any repodata configuration would be reflected in
configuration.
JIRA: RHELCMP-5969
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
When the value is not specified in the configuration file, let Koji pick
the default channel.
JIRA: RHELBLD-8088
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
When ODCS starts a compose, it will provide base composeinfo file, but
it doesn't create COMPOSE_ID. This leads to a crash when updating CTS,
since the compose id can't be read from the file. We can instead use the
value we already have in memory.
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
The image type value passed to the task doesn't match the type as it
will be recorded by Koji.
JIRA: RHELCMP-5727
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
If cts_keytab is also enabled then the HTTP requests are handled with
Kerberos Authentication otherwise no authentication is used.
If cts_url is defined in the configuration, translate_paths is required.
This is needed in order to get the host and the path of the composes.
Jira: RHELCMP-6318
Signed-off-by: Ozan Unsal <ounsal@redhat.com>
Update get_mkisofs_cmd in createiso.py file in order to prevent using
default value. With this change it is possible to enable xorriso format
Jira: RHELCMP-6325
Signed-off-by: Ozan Unsal <ounsal@redhat.com>
If the given directory is not a valid git directory, it raises RuntimeError.
This can be catched and raised as GitUrlResolveError, so compose can continue
to log the failure.
Jira: RHELCMP-6077
Signed-off-by: Ozan Unsal <ounsal@redhat.com>
- Use ModuleIndex's update_from_file/update_from_string instead of ModuleStream's
read_file/read_string which is deprecated.
- Extend tests to work with real module streams instead of mocks.
Signed-off-by: Filip Valder <fvalder@redhat.com>
Multithreading was added to parallelize the
computation of image checksums. Resulting memory structures
are protected via synchronization primitives. Max number of
threads is uncapped- experiments were done to determine
whether a maximum number of threads would yield greater
efficiency and there were no gains from this.
Likewise, experiments were done to determine whether pools of
threads computed in separate processes could likewise decrease
compute-time. Evidence did not suggest that this was the
case. This indicate that the checksum operation is bounded
by I/O read/write times.
Merges: https://pagure.io/pungi/pull-request/1520
Jira: RHELCMP-5967
Signed-off-by: James Kunstle jkunstle@redhat.com
Contrast the additional_packages setting with the comps_file setting.
Explain what happens when a user lists a package in additional_packages
but Pungi cannot find it.
Give an example of composing all builds in a Koji tag.
Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
Reword the signed_packages_retries and signed_packages_wait
configuration option documentation to use the active voice. This makes
it easier to understand who is doing what in a signing workflow.
Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
Explain how to discover the API documentation about the buildContainer
method, so users can discover more about how "scratch" and "priority"
work.
Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
The original code could cause a source RPM to be present in two variants
that have a dependency relation.
There is always only one source repo for a variant in the final compose.
When gathering packages for a variant that depends on another variant,
we need to build a temporary lookaside repo that has similar content to
the parent variant. This lookaside only contained source RPMs for
packages present the the architecture.
This could result in duplicated SRPMs in the compose.
Example situation:
* Variant B depends on variant A.
* A contains foo.x86_64.rpm (only on x86_64)
* B pulls in subpackage foo-bar.s390x.rpm (on s390x)
Source repo for A will correctly contain foo.src.rpm. With original code
the srpm would also end up in B.src. By adding all sources to the
temporary lookaside Pungi will know that source repo for B doesn't need
to duplicate the package.
The refactoring to use a set to store the packages is meant to avoid
listing the same SRPM multiple times in the repo in the most common
situation when SRPM is listed in multiple architectures.
JIRA: RHELCMP-6002
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
It is possible to try to re-run a compose with old event. When trying to
reuse pkgset data, we must use set the bounds not based on
current/reused event, but actually check which was first.
JIRA: CWFHEALTH-495
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
Make sure that the function returns a path even for local files
specified by file:// urls.
JIRA: RHELCMP-5340
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
Trying to compose from external classic repositories return an error trying the hardling from
a yum cache directory located in /tmp to the target directory in another filesystem.
This commit fixes this using the 'link' method form linker module which handle the link_type
configuration parameter instead of the hardcoded method 'hardlink'.
Change-Id: Ib79cfbd72f9def6462fddb2ae368730c55f257cd
Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
- Do not reuse when there is any external lookaside repo
- Do not reuse when lookaside variant is not reused
JIRA: RHELCMP-4596
Signed-off-by: Haibo Lin <hlin@redhat.com>
The original code ended up downloading all repodata from the lookaside
repo. This could cause a lot of memory to be used.
The new code only downloads the repomd.xml and then primary record,
which is sufficient to obtain all needed information. A lot less memory
is used and the code is also significantly faster.
Here are some alternative ways of getting a list of packages from the
lookaside repo and reasons why they did not work:
* dnf repoquery - this doesn't include modular packages unless the
stream is default
* dnf reposync - requires `--urls` option to only print the names,
which is not available on RHEL 7
JIRA: RHELCMP-4761
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
There are two images because it's hard to install both Python 2
and Python 3 packages (e.g. libcomps) in latest fedora release.
JIRA: RHELCMP-4580
Signed-off-by: Haibo Lin <hlin@redhat.com>
OSBS will reject no scratch builds with arch_override.
When the option is not specified in Pungi, it would do `"".split(" ")`
to get list of arches, which returns a list with empty string instead of
an empty list.
With this fixed, it might be possible to have multiple images match the
spec (unless arch is used in the filter). To fix that, we can replace
arch with $basearch variable.
JIRA: RHELCMP-3824
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
Previously commands to adjust permissions do not run when main
command failed and then files can't be cleaned up due to
Permission Denied problem.
JIRA: RHELCMP-4253
Signed-off-by: Haibo Lin <hlin@redhat.com>
The name brings a different expectation than how it actually worked.
This patch makes the code work similarly to the expectation.
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
When a module is skipped from the compose, we should not add it to a
mapping of module tags. If it's there, we then spend time building a
repo for the module, and it get's passed to buildinstall, despite the
packages not being supposed to be included in the compose.
If the packages are not included in any variant, they shouldn't be
available to buildinstall either.
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
When a gathering thread raises an exception, it gets forwarded to the
main thread and re-raised there. However, during this transition it
loses details about exact location of the problem.
This patch creates an extended traceback in the worker, which should
make it easier to track the problem down later.
JIRA: RHELCMP-4259
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
If packages are appearing quickly in Koji, and signing them is triggered
by automation, there may be a delay between the package being signed and
compose running. In such case it may be preferable to wait for the
signed copy rather than fail the compose.
JIRA: RHELCMP-3932
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
This phase runs after image-build and osbuild and can embed an image
into a container.
JIRA: RHELCMP-3820
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
Rather than tracking this directly in OSBS phase, move this into Compose
object, which will allow access to this from multiple phases.
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
This file can contain all Pungi specific exceptions.
It should also fix an issue encountered on Python 2.7:
AttributeError: 'module' object has no attribute 'pkgsets'
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
When adding extra modules via option *pkgset_koji_module_builds*, all
other versions of the same stream potentially available in a Brew tag
should be skipped.
JIRA: RHELCMP-3689
Signed-off-by: Haibo Lin <hlin@redhat.com>
In such case we never want to reuse the pkgset, as it risks leaking
unsigned packages. Safest option is to remove the file completely.
Fixes: https://pagure.io/pungi/issue/1480
JIRA: RHELCMP-3720
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
createrepo_checksum already defaults to sha256. Remove this setting from
the documented Minimal Example configuration to make it easier to read.
Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
When the wrapper processes comps file, it wasn't emitting "default"
argument for groupid element. The default is false and most entries are
actually using the default, so let's only emit it if set to true.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1882358
Signed-off-by: Lubomír Sedlář <lsedlar@redhat.com>
