PR#662: ostree: allow waiting for signature - pungi

pungi

#662 ostree: allow waiting for signature

Merged 7 years ago by lsedlar. Opened 7 years ago by lsedlar.

lsedlar/pungi ostree-waiting into master

ostree: Add notification handler to wait for signature

Lubomír Sedlář • 7 years ago

f7a9c77

ostree: Add URL to repo to message

Lubomír Sedlář • 7 years ago

e246aef

bin/pungi-wait-for-signed-ostree-handler

file added

+37

		`@@ -0,0 +1,37 @@`
		`+ #!/usr/bin/env python`
		`+ # -- coding: utf-8 --`
		`+`
		`+ from __future__ import print_function`
		`+`
		`+ import argparse`
		`+ import datetime`
		`+ import json`
		`+ import os`
		`+ import sys`
		`+ import time`
		`+`
		`+ if __name__ == '__main__':`
		`+ parser = argparse.ArgumentParser()`
		`+ parser.add_argument('cmd')`
		`+ opts = parser.parse_args()`
		`+`
		`+ if opts.cmd != 'ostree':`
		`+ # Not an announcement of new ostree commit, nothing to do.`
		`+ sys.exit()`
		`+`
		`+ try:`
		`+ data = json.load(sys.stdin)`
		`+ except ValueError:`
		`+ print('Failed to decode data', file=sys.stderr)`
		`+ sys.exit(1)`
		`+`
		`+ repo = data['local_repo_path']`
		`+ commit = data['commitid']`
		`+ path = '%s/objects/%s/%s.commitmeta' % (repo, commit[:2], commit[2:])`
		`+`
		`+ while not os.path.exists(path):`
		`+ print('%s: Commit not signed yet, waiting...'`
		`+ % datetime.datetime.utcnow())`
		`+ time.sleep(5)`
		`+`
		`+ print('Found signature.')`

pungi/phases/ostree.py

file modified

+4 -2

		`@@ -9,7 +9,7 @@`
		`from .base import ConfigGuardedPhase`
		`from .. import util`
		`from ..ostree.utils import get_ref_from_treefile, get_commitid_from_commitid_file`
		`- from ..util import get_repo_dicts`
		`+ from ..util import get_repo_dicts, translate_path`
		`from ..wrappers import kojiwrapper, scm`


		`@@ -87,7 +87,9 @@`
		`variant=variant.uid,`
		`arch=arch,`
		`ref=ref,`
		`- commitid=commitid)`
		`+ commitid=commitid,`
		`+ repo_path=translate_path(compose, config['ostree_repo']),`
		`+ local_repo_path=config['ostree_repo'])`

		`self.pool.log_info('[DONE ] %s (task id: %s)' % (msg, task_id))`

setup.py

file modified

		`@@ -43,6 +43,7 @@`
		`'bin/pungi-koji',`
		`'bin/pungi-make-ostree',`
		`'bin/pungi-patch-iso',`
		`+ 'bin/pungi-wait-for-signed-ostree-handler',`

		`'contrib/yum-dnf-compare/pungi-compare-depsolving',`
		`],`

tests/test_ostree_phase.py

file modified

+7 -2

		`@@ -170,6 +170,7 @@`
		`get_dir_from_scm.side_effect = self._dummy_config_repo`

		`self.compose.notifier = mock.Mock()`
		`+ self.compose.conf['translate_paths'] = [(self.topdir, 'http://example.com/')]`

		`koji = KojiWrapper.return_value`
		`koji.run_runroot_cmd.side_effect = self._mock_runroot(`
		`@@ -186,7 +187,9 @@`
		`variant='Everything',`
		`arch='x86_64',`
		`ref='fedora-atomic/25/x86_64',`
		`- commitid='fca3465861a')])`
		`+ commitid='fca3465861a',`
		`+ repo_path='http://example.com/place/for/atomic',`
		`+ local_repo_path=self.repo)])`

		`@mock.patch('pungi.wrappers.scm.get_dir_from_scm')`
		`@mock.patch('pungi.wrappers.kojiwrapper.KojiWrapper')`
		`@@ -208,7 +211,9 @@`
		`variant='Everything',`
		`arch='x86_64',`
		`ref='fedora-atomic/25/x86_64',`
		`- commitid=None)])`
		`+ commitid=None,`
		`+ repo_path=self.repo,`
		`+ local_repo_path=self.repo)])`

		`@mock.patch('pungi.wrappers.scm.get_dir_from_scm')`
		`@mock.patch('pungi.wrappers.kojiwrapper.KojiWrapper')`

lsedlar commented 7 years ago

First commit in this PR updates the format of message sent on new commit creation to include path to the ostree repo itself. The message announcing new ostree commit so far contained hash of the commit, the ref it's for, but there was no information about where the repo actually is. This patch adds repo_path key into the message with URL of the repo and local_repo_path with path to the repo on local filesystem.

The second commit adds a notification handler script to wait for signature. This script can be used with the --notification-script argument of pungi-koji. For most messages it does nothing, but when it sees a new commit in an ostree repo, it will wait for a signature of the new commit to appear.

Fixes: #650

rebased

7 years ago

rebased

7 years ago

Pull-Request has been merged by lsedlar

7 years ago

dustymabe commented 7 years ago

hey @lsedlar - great work. Is there anything we need to add to the pungi config to make this happen?

lsedlar commented 7 years ago

You will need to add --notification-script=pungi-wait-for-signed-ostree-handler to the pungi-koji command invocation.

dustymabe commented 7 years ago

can you help us get this implemented for rawhide?

lsedlar commented 7 years ago

See pungi-fedora#362

dustymabe commented 7 years ago

hey @lsedlar - thanks so much for this. seems to work like a charm for rawhide. I just opened a PR for f27, do you mind reviewing?

@lsedlar - for the 'calling pungi from bodhi' work it would be nice if we could specify something like this inside the pungi config rather than having to do it from the command line (similar to the need for https://pagure.io/pungi/issue/694). Would it be possible to do something like that for this option as well?

lsedlar commented 7 years ago

I'd rather not add this option to the existing config file. It's not really compose configuration, but instead it's configuring the environment. What about adding a separate file that would list command line arguments and it would just be possible to tell pungi-koji to read it.

$ cat pungirc
--target-dir=/mnt/koji/compose/
--config=fedora.conf
# Maybe even comments?
--notification-script=foobar
$ pungi-koji --arguments-file pungirc

What do you think?