add warnings for remove-sig

Update all references to remove-sig to explain that admins should not normally run this.
2021-09-10 11:13:07 -04:00 · 2021-09-10 11:13:07 -04:00 · f6aeec9265
commit f6aeec9265
parent e81138d51c
4 changed files with 18 additions and 4 deletions
--- a/cli/koji_cli/commands.py
+++ b/cli/koji_cli/commands.py
@ -1664,7 +1664,9 @@ def handle_import_sig(goptions, session, args):
 def handle_remove_sig(goptions, session, args):
    "[admin] Remove signed RPMs from db and disk"
    usage = _("usage: %prog remove-sig [options] <rpm-id/n-v-r.a/rpminfo>")
-    parser = OptionParser(usage=get_usage_str(usage))
+    description = _("Only use this method in extreme situations, because it ")
+    description += _("goes against Koji's design of immutable, auditable data.")
+    parser = OptionParser(usage=get_usage_str(usage), description=description)
    parser.add_option("--sigkey", action="store", default=None, help=_("Specify signature key"))
    parser.add_option("--all", action="store_true", default=False,
                      help=_("Remove all signed copies for specified RPM"))
--- a/docs/source/release_notes/release_notes_1.26.rst
+++ b/docs/source/release_notes/release_notes_1.26.rst
@ -146,9 +146,10 @@ connection string

 | PR: https://pagure.io/koji/pull-request/2965

-New call for removing signatures. This call should be used only in extreme
-situations as it is going partly against auditable nature of koji's date, so it
-is limited only for ``admin`` permission (``sign`` is not sufficient here).
+The ``deleteRPMSig`` hub call removes RPM signatures from Koji. Only use this
+method in extreme situations, because it goes against Koji's design of
+immutable, auditable data. This call requires ``admin`` permission (``sign``
+is not sufficient).

 VM
 --
--- a/hub/kojihub.py
+++ b/hub/kojihub.py
@ -7622,6 +7622,9 @@ def add_rpm_sig(an_rpm, sighdr):
 def delete_rpm_sig(rpminfo, sigkey=None, all_sigs=False):
    """Delete rpm signature

+    Only use this method in extreme situations, because it goes against
+    Koji's design of immutable, auditable data.
+
    :param dict/str/id rpm: map containing 'name', 'version', 'release', and 'arch'
                            string N-V-R.A
                            int ID
@ -12063,6 +12066,11 @@ class RootExports(object):
    def deleteRPMSig(self, rpminfo, sigkey=None, all_sigs=False):
        """Delete rpm signature

+        Only use this method in extreme situations, because it goes against
+        Koji's design of immutable, auditable data.
+
+        This call requires ``admin`` permission (``sign`` is not sufficient).
+
        :param dict/str/id rpm: map containing 'name', 'version', 'release', and 'arch'
                                string N-V-R.A
                                int ID
--- a/tests/test_cli/test_remove_sig.py
+++ b/tests/test_cli/test_remove_sig.py
@ -23,6 +23,9 @@ class TestRemoveSig(utils.CliTestCase):
            """Usage: %s remove-sig [options] <rpm-id/n-v-r.a/rpminfo>
 (Specify the --help global option for a list of other help options)

+Only use this method in extreme situations, because it goes against Koji's
+design of immutable, auditable data.
+
 Options:
  -h, --help       show this help message and exit
  --sigkey=SIGKEY  Specify signature key