Wednesday, March 11, 2015

Koji Autobuild from git

This week I took some time to write a solution to automatically trigger koji builds upon committing to a privately hosted git repo. The code is in a pub repo on github, bear in mind that this is the first working code release with many improvements to come. It's also my first attempt at netcode so any tips or constructive criticisms are welcome.

Repo @
https://github.com/aeboccia/koji-buildfromgit

An rpm package of koji-bfg will be coming soon, for now the repo has instructions for setting up the listener and git hook.

Note:
Currently I have only written service support for Systemd, I am sure there are SysV boxes with Koji instances running, I plan to create initscripts for the service eventually.

Tuesday, February 3, 2015

Koji Copy Signed

Recently I implemented a Koji RPM Build Server at my place of work. When it came time to signing packages before mashing repo's I was faced with a small dilemma. Sigul signing server is a great solution for signing hundreds of packages and moving them to the correct destination on disk for mash to pick them up from and mash together a repo. However for my use we would not need something so robust as we only would require a hundred or so packages in total, thus I set out in search of a simpiler solution. Fortunately I found one. A koji plugin by the name of sign.py written by Paul B Schroeder <paulbsch "at" vbridges "dot" com>. It is a neat little plugin which signs packages at build time. The issue I ran into was that the packages would be signed at build then left in /mnt/koji/packages/pkgname/#/#/arch/package.rpm Mash when using strict_keys for packages looks under /mnt/koji/packages/pkgname/#/#/data/signed/keyid/arch/package.rpm for the signed packages to mash into a repo. I plan on eventually implementing this change directly into the plugin but since I was in a hurry I whipped up a quick script to run in between mash crons which copies the signed rpms to the correct location for mash to pickup.

I will admit this is a bit redundant since the packages are already signed at build time and can be mashed into a repo just fine provided I don't set strict_keys with mash. I prefer this method as it ensures packages mashed into repos's have the key I specify. In terms of disk space I rationalize this concern with the idea that if i were to implement sigul the rpms would be copied to the same signed dir as my solution here so really either way I'd be eating up space in two places for the same RPM.

The script can be found on github @ copy_signed.py