15d604f32e
If you pass --key to download-build and signed packages aren't available, Koji will skip the unsigned package, or error out. This adds a modified behavior controlled by the new --fallback-unsigned arg. If this is passed with --key, unsigned copies will be downloaded for packages for which no signed copy can be found. This is primarily intended to work with a proposed Bodhi feature: https://github.com/fedora-infra/bodhi/pull/5859 . That would make Bodhi's `bodhi updates download` command automatically try to download signed copies, but I think it would be best if it falls back to getting unsigned copies if that doesn't work. Just failing out entirely seems wrong for that case. Implementing the fallback in Bodhi itself is more awkward and messy than adding it in Koji, and it may be useful for others in Koji I guess. Note there are two distinct 'no signed copies' cases. In the simple one, queryRPMSigs tells us Koji has no record of the package ever being signed with the key in question. In this case we don't bother trying to download a signed copy. In the other case, queryRPMSigs tells us the package *has* been signed with the key, but it turns out that signed copy has been garbage- collected and we can no longer download it. In this case we have to catch the failure on the download attempt and retry the download with sigkey set to None. Signed-off-by: Adam Williamson <awilliam@redhat.com> |
||
|---|---|---|
| .. | ||
| koji_cli | ||
| koji | ||
| koji.conf | ||
| Makefile | ||