Re: Freeze break request: add pesign to secure-boot channel in koji

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

+1 here.

-re

On 03/05/2015 11:54 AM, Kevin Fenzi wrote:
> The pesign package is kind of delicate and newer versions of it break
> the one we are running on the kernel builders. Someone recently updated
> it in rawhide and rebuilt it, but it resulted in rawhide kernel builds
> all failing to work right. 
> 
> So, I'd like to add pesign to the secure-boot channel in koji, which
> means that only those folks with secure-boot group in koji can tag new
> builds in. This should prevent well meaning provenpackagers from
> rebuilding it and breaking it. 
> 
> This is a short term issue only, as once we move the bkernel machines
> to the new versions they should be in step with rawhide and be fine
> moving forward. We just want to prevent this until that happens. 
> 
> This will require applying this patch and running the koji hub playbook
> to sync up things. 
> 
> +1s?
> 
> kevin
> --
> diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2
> index 4e30401..5e8d993 100644
> --- a/roles/koji_hub/templates/hub.conf.j2
> +++ b/roles/koji_hub/templates/hub.conf.j2
> @@ -61,8 +61,8 @@ Plugins = fedmsg-koji-plugin
>  
>  
>  tag = 
> -    has_perm secure-boot && package kernel shim grub2 fedora-release :: allow
> -    package kernel shim grub2 fedora-release:: deny
> +    has_perm secure-boot && package kernel shim grub2 fedora-release pesign :: allow
> +    package kernel shim grub2 fedora-release pesign :: deny
>      all :: allow
>  
>  channel = 
> @@ -79,6 +79,7 @@ channel =
>      source */shim* && has_perm secure-boot :: use secure-boot
>      source */grub2* && has_perm secure-boot :: use secure-boot
>      source */fedora-release* && has_perm secure-boot :: use secure-boot
> +    source */pesign* && has_perm secure-boot :: use secure-boot
>  
>  # we have some arm builders that have ssd's in them, eclipse is 7 hours faster building on them 
>  # make sure that we always build eclipse on them.
> 
> 
> 
> _______________________________________________
> infrastructure mailing list
> infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
>

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux