From 4174069f98129ab1631d4a1384a805c438c43f59 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Apr 18 2017 20:02:47 +0000 Subject: update to upstream 1.12.0 remove rhel 5 conditionals as its no longer supported in epel Signed-off-by: Dennis Gilmore --- diff --git a/.gitignore b/.gitignore index 1f87e88..535a6b2 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ koji-1.4.0.tar.bz2 /koji-1.10.0.tar.bz2 /koji-1.10.1.tar.bz2 /koji-1.11.0.tar.bz2 +/koji-1.12.0.tar.bz2 diff --git a/fedora-config.patch b/fedora-config.patch index bf8d0c5..4260bed 100644 --- a/fedora-config.patch +++ b/fedora-config.patch @@ -1,6 +1,5 @@ -diff -up koji-1.11.0/cli/koji.conf.clientconf koji-1.11.0/cli/koji.conf ---- koji-1.11.0/cli/koji.conf.clientconf 2017-01-08 12:35:51.681832856 +0100 -+++ koji-1.11.0/cli/koji.conf 2017-01-08 12:37:14.388829788 +0100 +--- koji-1.12.0/cli/koji.conf.orig 2017-04-18 14:35:15.879593521 -0500 ++++ koji-1.12.0/cli/koji.conf 2017-04-18 14:37:45.818233378 -0500 @@ -3,18 +3,20 @@ ;configuration for koji cli tool @@ -25,11 +24,10 @@ diff -up koji-1.11.0/cli/koji.conf.clientconf koji-1.11.0/cli/koji.conf ;the service name of the principal being used by the hub ;krbservice = host -@@ -24,11 +26,3 @@ - +@@ -25,10 +27,4 @@ ;the keytab to auth as for automated clients ;keytab = /etc/krb5.keytab -- + -;configuration for SSL authentication - -;client certificate @@ -37,3 +35,4 @@ diff -up koji-1.11.0/cli/koji.conf.clientconf koji-1.11.0/cli/koji.conf - -;certificate of the CA that issued the HTTP server certificate -;serverca = ~/.koji/serverca.crt ++use_fast_upload = yes diff --git a/koji-pr239-principal-keytab-cli-config.patch b/koji-pr239-principal-keytab-cli-config.patch deleted file mode 100644 index bc6e5e5..0000000 --- a/koji-pr239-principal-keytab-cli-config.patch +++ /dev/null @@ -1,41 +0,0 @@ -From c056a2ff45a0e256aa27e1ca2b86ed4284bcaa52 Mon Sep 17 00:00:00 2001 -From: Patrick Uiterwijk -Date: Dec 15 2016 01:58:50 +0000 -Subject: Allow principal and keytab in cli config - - -Signed-off-by: Patrick Uiterwijk - ---- - -diff --git a/cli/koji.conf b/cli/koji.conf -index 4294603..ae77e4e 100644 ---- a/cli/koji.conf -+++ b/cli/koji.conf -@@ -19,6 +19,12 @@ - ;the service name of the principal being used by the hub - ;krbservice = host - -+;the principal to auth as for automated clients -+;principal = client@EXAMPLE.COM -+ -+;the keytab to auth as for automated clients -+;keytab = /etc/krb5.keytab -+ - ;configuration for SSL authentication - - ;client certificate -diff --git a/koji/__init__.py b/koji/__init__.py -index 144c2c5..9b3c75d 100644 ---- a/koji/__init__.py -+++ b/koji/__init__.py -@@ -1584,6 +1584,8 @@ def read_config(profile_name, user_config=None): - 'poll_interval': 6, - 'krbservice': 'host', - 'krb_rdns': True, -+ 'principal': None, -+ 'keytab': None, - 'cert': None, - 'ca': '', # FIXME: remove in next major release - 'serverca': None, - diff --git a/koji-pr243-CheckClientIP-and-TrustForwardedIP.patch b/koji-pr243-CheckClientIP-and-TrustForwardedIP.patch deleted file mode 100644 index a10fdd6..0000000 --- a/koji-pr243-CheckClientIP-and-TrustForwardedIP.patch +++ /dev/null @@ -1,137 +0,0 @@ -From b7bbd1e835ef7c21809173902fd78375f0aec072 Mon Sep 17 00:00:00 2001 -From: Mike McLean -Date: Dec 14 2016 18:34:16 +0000 -Subject: [PATCH 1/2] new hub CheckClientIP option - - ---- - -diff --git a/hub/kojixmlrpc.py b/hub/kojixmlrpc.py -index 295a197..47c1284 100644 ---- a/hub/kojixmlrpc.py -+++ b/hub/kojixmlrpc.py -@@ -430,6 +430,8 @@ def load_config(environ): - ['DNUsernameComponent', 'string', 'CN'], - ['ProxyDNs', 'string', ''], - -+ ['CheckClientIP', 'boolean', True], -+ - ['LoginCreatesUser', 'boolean', True], - ['KojiWebURL', 'string', 'http://localhost.localdomain/koji'], - ['EmailDomain', 'string', None], -diff --git a/koji/auth.py b/koji/auth.py -index ef2f338..ef7635f 100644 ---- a/koji/auth.py -+++ b/koji/auth.py -@@ -72,11 +72,7 @@ class Session(object): - self.message = 'no session args' - return - args = cgi.parse_qs(args, strict_parsing=True) -- if hostip is None: -- hostip = context.environ['REMOTE_ADDR'] -- #XXX - REMOTE_ADDR not promised by wsgi spec -- if hostip == '127.0.0.1': -- hostip = socket.gethostbyname(socket.gethostname()) -+ hostip = self.get_remote_ip(override=hostip) - try: - id = long(args['session-id'][0]) - key = args['session-key'][0] -@@ -239,6 +235,18 @@ class Session(object): - raise koji.AuthLockError, self.lockerror - return True - -+ def get_remote_ip(self, override=None): -+ if not context.opts['CheckClientIP']: -+ return '-' -+ elif override is not None: -+ return override -+ else: -+ hostip = context.environ['REMOTE_ADDR'] -+ #XXX - REMOTE_ADDR not promised by wsgi spec -+ if hostip == '127.0.0.1': -+ hostip = socket.gethostbyname(socket.gethostname()) -+ return hostip -+ - def checkLoginAllowed(self, user_id): - """Verify that the user is allowed to login""" - cursor = context.cnx.cursor() -@@ -260,12 +268,7 @@ class Session(object): - raise koji.AuthError, 'invalid username or password' - if self.logged_in: - raise koji.GenericError, "Already logged in" -- hostip = opts.get('hostip') -- if hostip is None: -- hostip = context.environ['REMOTE_ADDR'] -- #XXX - REMOTE_ADDR not promised by wsgi spec -- if hostip == '127.0.0.1': -- hostip = socket.gethostbyname(socket.gethostname()) -+ hostip = self.get_remote_ip(override=opts.get('hostip')) - - # check passwd - c = context.cnx.cursor() -@@ -332,10 +335,7 @@ class Session(object): - - self.checkLoginAllowed(user_id) - -- hostip = context.environ['REMOTE_ADDR'] -- #XXX - REMOTE_ADDR not promised by wsgi spec -- if hostip == '127.0.0.1': -- hostip = socket.gethostbyname(socket.gethostname()) -+ hostip = self.get_remote_ip() - - sinfo = self.createSession(user_id, hostip, koji.AUTHTYPE_KERB) - -@@ -412,10 +412,7 @@ class Session(object): - - self.checkLoginAllowed(user_id) - -- hostip = context.environ['REMOTE_ADDR'] -- #XXX - REMOTE_ADDR not promised by wsgi spec -- if hostip == '127.0.0.1': -- hostip = socket.gethostbyname(socket.gethostname()) -+ hostip = self.get_remote_ip() - - sinfo = self.createSession(user_id, hostip, authtype) - return sinfo - -From 09af8f548665fab35174f731bf51bab0c4c65063 Mon Sep 17 00:00:00 2001 -From: Mike McLean -Date: Dec 14 2016 19:15:19 +0000 -Subject: [PATCH 2/2] hub option: TrustForwardedIP - - -An option to trust the X_FORWARDED_FOR header (defaults to false) when -determining client ip address - ---- - -diff --git a/hub/kojixmlrpc.py b/hub/kojixmlrpc.py -index 47c1284..2572e13 100644 ---- a/hub/kojixmlrpc.py -+++ b/hub/kojixmlrpc.py -@@ -431,6 +431,7 @@ def load_config(environ): - ['ProxyDNs', 'string', ''], - - ['CheckClientIP', 'boolean', True], -+ ['TrustForwardedIP', 'boolean', False], - - ['LoginCreatesUser', 'boolean', True], - ['KojiWebURL', 'string', 'http://localhost.localdomain/koji'], -diff --git a/koji/auth.py b/koji/auth.py -index ef7635f..0cf2ffd 100644 ---- a/koji/auth.py -+++ b/koji/auth.py -@@ -241,7 +241,11 @@ class Session(object): - elif override is not None: - return override - else: -- hostip = context.environ['REMOTE_ADDR'] -+ if (context.opts['TrustForwardedIP'] -+ and 'HTTP_X_FORWARDED_FOR' in context.environ): -+ hostip = context.environ['HTTP_X_FORWARDED_FOR'].split(',')[-1].strip() -+ else: -+ hostip = context.environ['REMOTE_ADDR'] - #XXX - REMOTE_ADDR not promised by wsgi spec - if hostip == '127.0.0.1': - hostip = socket.gethostbyname(socket.gethostname()) - diff --git a/koji-pr246-kojigc-krb_rds-support.patch b/koji-pr246-kojigc-krb_rds-support.patch deleted file mode 100644 index fcf2fbf..0000000 --- a/koji-pr246-kojigc-krb_rds-support.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 9a21b78ff5d03f82edb20644684f78fe69aa97d9 Mon Sep 17 00:00:00 2001 -From: Till Maas -Date: Dec 17 2016 16:03:25 +0000 -Subject: [PATCH 1/2] Revert "default krb_rdns to True" - - -This reverts commit 02128ee5777b560619314cc0220e1ed7ca16b28c. - -The second column in cfgmap is an alias and "True" is not a valid alias. -It was mistaken in the reverted commit as a default value, which it is -not. Reverting this commit should fix the following traceback that -koji-gc in Fedora currenty raises: - -Traceback (most recent call last): -File "/usr/sbin/koji-gc", line 901, in -options, args = get_options() -File "/usr/sbin/koji-gc", line 159, in get_options -if config.has_option(*alias): -TypeError: has_option() argument after * must be a sequence, not bool - ---- - -diff --git a/util/koji-gc b/util/koji-gc -index b43f8aa..bf534ed 100755 ---- a/util/koji-gc -+++ b/util/koji-gc -@@ -131,7 +131,7 @@ def get_options(): - ['keytab', None, 'string'], - ['principal', None, 'string'], - ['krbservice', None, 'string'], -- ['krb_rdns', True, 'boolean'], -+ ['krb_rdns', None, 'boolean'], - ['runas', None, 'string'], - ['user', None, 'string'], - ['password', None, 'string'], - -From 1cc9e3052142421ff97e92defed393775ad56441 Mon Sep 17 00:00:00 2001 -From: Till Maas -Date: Dec 18 2016 09:35:22 +0000 -Subject: [PATCH 2/2] koji-gc: Set default value for krb_rdns to False - - -In Fedora infra krb_rdns needs to be set to False. This matches -https://pagure.io/koji/pull-request/244 - ---- - -diff --git a/util/koji-gc b/util/koji-gc -index bf534ed..9cb2144 100755 ---- a/util/koji-gc -+++ b/util/koji-gc -@@ -52,6 +52,8 @@ def get_options(): - parser.add_option("--principal", help=_("specify a Kerberos principal to use")) - parser.add_option("--krbservice", default="host", - help=_("the service name of the principal being used by the hub")) -+ parser.add_option("--krb-rdns", action="store_true", default=False, -+ help=_("get reverse dns FQDN for krb target")) - parser.add_option("--runas", metavar="USER", - help=_("run as the specified user (requires special privileges)")) - parser.add_option("--user", help=_("specify user")) -@@ -111,6 +113,7 @@ def get_options(): - (options, args) = parser.parse_args() - - defaults = parser.get_default_values() -+ - config = ConfigParser.ConfigParser() - cf = getattr(options, 'config_file', None) - if cf: - diff --git a/koji-pr248-kojigc-keytab-support.patch b/koji-pr248-kojigc-keytab-support.patch deleted file mode 100644 index 44691e1..0000000 --- a/koji-pr248-kojigc-keytab-support.patch +++ /dev/null @@ -1,24 +0,0 @@ -From db1eb36c1b74de65ddf479859a437eab1823727b Mon Sep 17 00:00:00 2001 -From: Patrick Uiterwijk -Date: Dec 17 2016 18:27:49 +0000 -Subject: Make koji-gc also work with principal and keytab - - -Signed-off-by: Patrick Uiterwijk - ---- - -diff --git a/util/koji-gc b/util/koji-gc -index b43f8aa..74f1de7 100755 ---- a/util/koji-gc -+++ b/util/koji-gc -@@ -352,7 +352,7 @@ def activate_session(session): - elif options.user: - #authenticate using user/password - session.login() -- elif has_krb_creds(): -+ elif has_krb_creds() or (options.keytab and options.principal): - try: - if options.keytab and options.principal: - session.krb_login(principal=options.principal, keytab=options.keytab, proxyuser=options.runas) - diff --git a/koji.spec b/koji.spec index 7b7a80c..03cd43f 100644 --- a/koji.spec +++ b/koji.spec @@ -1,6 +1,6 @@ -%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} +%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from %distutils.sysconfig import get_python_lib; print(get_python_lib())")} -%if 0%{?fedora} >= 23 || 0%{?rhel} >= 7 +%if 0%{?fedora} || 0%{?rhel} >= 7 %global use_systemd 1 %else %global use_systemd 0 @@ -8,22 +8,15 @@ %endif Name: koji -Version: 1.11.0 -Release: 6%{?dist} +Version: 1.12.0 +Release: 1%{?dist} # koji.ssl libs (from plague) are GPLv2+ License: LGPLv2 and GPLv2+ Summary: Build system tools Group: Applications/System URL: https://pagure.io/koji/ Source0: https://releases.pagure.org/koji/koji-%{version}.tar.bz2 -# https://pagure.io/koji/pull-request/246 -Patch1: koji-pr246-kojigc-krb_rds-support.patch -# https://pagure.io/koji/pull-request/248 -Patch2: koji-pr248-kojigc-keytab-support.patch -# https://pagure.io/koji/pull-request/243 -Patch3: koji-pr243-CheckClientIP-and-TrustForwardedIP.patch -# https://pagure.io/koji/pull-request/239 -Patch4: koji-pr239-principal-keytab-cli-config.patch + # Not upstreamable Patch100: fedora-config.patch @@ -56,10 +49,7 @@ License: LGPLv2 and GPLv2 # rpmdiff lib (from rpmlint) is GPLv2 (only) Requires: httpd Requires: mod_wsgi -Requires: postgresql-python -%if 0%{?rhel} == 5 -Requires: python-simplejson -%endif +Requires: python-psycopg2 Requires: %{name} = %{version}-%{release} %description hub @@ -72,12 +62,7 @@ License: LGPLv2 Requires: %{name} = %{version}-%{release} Requires: %{name}-hub = %{version}-%{release} Requires: python-qpid >= 0.7 -%if 0%{?rhel} >= 6 Requires: python-qpid-proton -%endif -%if 0%{?rhel} == 5 -Requires: python-ssl -%endif Requires: cpio %description hub-plugins @@ -92,6 +77,7 @@ Requires: %{name} = %{version}-%{release} Requires: mock >= 0.9.14 Requires(pre): /usr/sbin/useradd Requires: squashfs-tools +Requires: python2-multilib %if %{use_systemd} Requires(post): systemd Requires(preun): systemd @@ -106,14 +92,7 @@ Requires: /usr/bin/cvs Requires: /usr/bin/svn Requires: /usr/bin/git Requires: python-cheetah -%if 0%{?rhel} == 5 -Requires: createrepo >= 0.4.11-2 -Requires: python-hashlib -Requires: python-createrepo -%endif -%if 0%{?fedora} >= 9 || 0%{?rhel} > 5 Requires: createrepo >= 0.9.2 -%endif %description builder koji-builder is the daemon that runs on build machines and executes @@ -147,7 +126,7 @@ virtual machine. This package is not required for most installations. Summary: Koji Utilities Group: Applications/Internet License: LGPLv2 -Requires: postgresql-python +Requires: python-psycopg2 Requires: %{name} = %{version}-%{release} %if %{use_systemd} Requires(post): systemd @@ -165,7 +144,7 @@ License: LGPLv2 Requires: httpd Requires: mod_wsgi Requires: mod_auth_kerb -Requires: postgresql-python +Requires: python-psycopg2 Requires: python-cheetah Requires: %{name} = %{version}-%{release} Requires: python-krbV >= 1.0.13 @@ -175,11 +154,6 @@ koji-web is a web UI to the Koji system. %prep %setup -q -%patch1 -p1 -b .246 -%patch2 -p1 -b .248 -# This seems to break the koji hub currently, thefore do not apply it -#patch3 -p1 -b .243 -%patch4 -p1 -b .239 %patch100 -p1 -b .fedoraconfig %build @@ -348,6 +322,10 @@ fi %endif %changelog +* Tue Apr 18 2017 Dennis Gilmore - 1.12.0-1 +- update to upstream 1.12.0 +- remove rhel 5 conditionals as its no longer supported in epel + * Fri Feb 10 2017 Fedora Release Engineering - 1.11.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild diff --git a/sources b/sources index e65b9f4..199c8ab 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -6365645cb73e014f084475fab62876df koji-1.11.0.tar.bz2 +SHA512 (koji-1.12.0.tar.bz2) = 8898de9715c3d7bf828817eacfae55166d654ec8e561f3b1406b9208072af2ca277aeaf9e753d82938a4170aa261bf3d5f7c868142cbe9668e2e149c7f747cc8