This is a simple extention of `SCM.assert_allowed`
- `assert_allowed_by_policy` will set the default "use_common" to False which is different to the old behavior
- `channel`, `user_id`, `scratch` are passed in the `policy_data` with scminfo right now.
This is a prototype for this change, and there are some other solutions could be implemented too
- Use a scmpolicy plugin as `postSCMCheckout` callback, the pro is that we can do more checks after the source is initialized on builder, meanwhile, the con is that the source will be downloaded even it is denied by policy. It might be a potential risk?
- Do the scm check in hub's `make_task`, this looks straightforward, but may lack some builder's information
fixes: #2757
Some places force every access to their systems to be authenticated for
audit purposes, which means even an https fetch of a source tarball
needs access to some sort of credential.
Provide for a directory intended to contain credentials to be
bind-mounted into the BuildRoot for the BuildSRPMFromSCM task as
"/credentials". Whatever runs a a result of the source_cmd ("make
sources") is responsible for doing something useful with the contents.
In some cases it makes sense to continue with sibling task even if some of
them already failed. E.g. with kernel build it could be of use if submitter
knows for which archs it succeed and for which it fails. Repeated builds
could take a lot of time and resources.
Option is turned on by 'build_arch_can_fail' in kojid.conf and it is turned
on per builder. Note, that it shouldn't be enabled by default as it could
result in unnecessary resource consumption.
The client CA is only needed to for authentication on the server side,
not for authentication on the client side. Therefore remove it from all
client login code.
The config file tries to explain to the admin how to specify
allowed_scms, but one option (source_cmd) was missing.
This just reuses the wording of the docstring from the function parsing
this option, providing a complete documentation to admins when they read
the config file.
Create a filelist of packages to include in the repo
Use this filelist with createrepo and a baseurl to create
the repodata. Add a config option for pkgurl where the packages
can be found via http.
- add --topurl option to koji mock-config
- upload in 64k chunks in incrementalUpload
- best-effort to check when mock has truncated a file and started writing from 0 in BuildRoot.mock()
- improvements to cmdline parsing in koji call
