particle-os/debian-koji
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-koji/builder/kojid.conf
Tim Smith 80021ab904 Provide for passing credentials to SRPMfromSCM 
Some places force every access to their systems to be authenticated for
audit purposes, which means even an https fetch of a source tarball
needs access to some sort of credential.

Provide for a directory intended to contain credentials to be
bind-mounted into the BuildRoot for the BuildSRPMFromSCM task as
"/credentials". Whatever runs a a result of the source_cmd ("make
sources") is responsible for doing something useful with the contents.
2019-12-12 15:22:01 +01:00

118 lines
3.6 KiB
Text
Raw Blame History

[kojid]
; The number of seconds to sleep between tasks
; sleeptime=15
; The maximum number of jobs that kojid will handle at a time
; maxjobs=10
; The minimum amount of free space (in MBs) required for each build root
; minspace=8192
; The directory root where work data can be found from the koji hub
; topdir=/mnt/koji
; The directory root for temporary storage
; workdir=/tmp/koji
; The temporary directory in buildroot
; chroot_tmpdir = /chroot_tmpdir
; The directory root for mock
; mockdir=/var/lib/mock
; The user to run as when doing builds
; mockuser=kojibuilder
; The vendor to use in rpm headers
; vendor=Koji
; The packager to use in rpm headers
; packager=Koji
; The distribution to use in rpm headers
; distribution=Koji
; The _host string to use in mock
; mockhost=koji-linux-gnu
; Timeout for build duration (24 hours)
; rpmbuild_timeout=86400
; Install timeout(seconds) for image build
; Default value is 0, which means using the number in /etc/oz/oz.cfg,
; supported since oz-0.16.0
; oz_install_timeout=7200
; The URL for the xmlrpc server
server=http://hub.example.com/kojihub
; The URL for the file access
topurl=http://hub.example.com/kojifiles
; use createrepo_c rather than createrepo
; use_createrepo_c=True
; A space-separated list of tuples from which kojid is allowed to checkout.
; The format of those tuples is:
;
; host:repository[:use_common[:source_cmd]]
;
; Incorrectly-formatted tuples will be ignored.
;
; If use_common is not present, kojid will attempt to checkout a common/
; directory from the repository. If use_common is set to no, off, false, or 0,
; it will not attempt to checkout a common/ directory.
;
; source_cmd is a shell command (args separated with commas instead of spaces)
; to run before building the srpm. It is generally used to retrieve source
; files from a remote location. If no source_cmd is specified, "make sources"
; is run by default.
allowed_scms=scm.example.com:/cvs/example git.example.org:/example svn.example.org:/users/*:no
; A directory to bind mount into Source RPM creation so that some
; credentials can be supplied when required to fetch sources, e.g.
; when the place the sources are fetched from requires all accesses to
; be authenticated in order to satisfy auditing requirements.
;
; The directory specified here will turn up in the SRPMfromSCM chroot
; as /credentials. It is up to whatever implements "make_source_cmd"
; to make appropriate use of any credentials supplied.
;
; Be aware that this means "make_source_cmd" has access to these
; credentials and could steal them; any credentials supplied
; should be easily disabled, and not used for other purposes.
; scm_credentials_dir = /etc/kojid/scmcredentials
; The mail host to use for sending email notifications
smtphost=example.com
; The From address used when sending email notifications
from_addr=Koji Build System <buildsys@example.com>
;configuration for Kerberos authentication
;the format of the principal used by the build hosts
;%s will be replaced by the FQDN of the host
;host_principal_format = compile/%s@EXAMPLE.COM
;location of the keytab
;keytab = /etc/kojid/kojid.keytab
;the service name of the principal being used by the hub
;krbservice = host
;configuration for SSL authentication
;client certificate
;cert = /etc/kojid/client.crt
;certificate of the CA that issued the HTTP server certificate
;serverca = /etc/kojid/serverca.crt
;if set to True, failing subtask will not automatically cancel other siblings
;build_arch_can_fail = False
;if set to True additional logs with timestamps will get created and uploaded
;to hub. It could be useful for debugging purposes, but creates twice as many
;log files
;log_timestamps = False
Reference in a new issue View git blame Copy permalink