particle-os/debian-koji
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-koji/vm/kojivmd.conf
Yu Ming Zhu 47c4b5d70b kojid: extend SCM.assert_allowed with hub policy 
This is a simple extention of `SCM.assert_allowed`

- `assert_allowed_by_policy` will set the default "use_common" to False which is different to the old behavior
- `channel`, `user_id`, `scratch` are passed in the `policy_data` with scminfo right now.

This is a prototype for this change, and there are some other solutions could be implemented too

- Use a scmpolicy plugin as `postSCMCheckout` callback, the pro is that we can do more checks after the source is initialized on builder, meanwhile, the con is that the source will be downloaded even it is denied by policy. It might be a potential risk?
- Do the scm check in hub's `make_task`, this looks straightforward, but may lack some builder's information

fixes: #2757
2021-08-16 17:55:26 +00:00

59 lines
2.1 KiB
Text
Raw Blame History

[kojivmd]
; The number of seconds to sleep between tasks
; sleeptime=15
; The maximum number of jobs that kojivmd will handle at a time
; maxjobs=10
; Minimum amount of memory (in MBs) not allocated to a VM for kojivmd to take a new task
; minmem=4096
; The user the VM/emulator runs as (cloned disk images will be readable and writable by this user)
; vmuser=qemu
; The directory root for temporary storage
; workdir=/tmp/koji
; The url where the Koji root directory (/mnt/koji) can be accessed
topurl=http://koji.example.com/kojiroot
; The URL for the xmlrpc server
server=http://hub.example.com/kojihub
; A space-separated list of hostname:repository[:use_common] tuples that kojivmd is authorized to checkout from (no quotes).
; Wildcards (as supported by fnmatch) are allowed.
; If use_common is specified and is one of "false", "no", "off", or "0" (without quotes), then kojid will not attempt to checkout
; a common/ dir when checking out sources from the source control system. Otherwise, it will attempt to checkout a common/
; dir, and will raise an exception if it cannot.
allowed_scms=scm.example.com:/cvs/example git.example.org:/example svn.example.org:/users/*:no
; If use the option allowed_scms above for allowing / denying SCM, default: true
; allowed_scms_use_config = true
; If use hub policy: build_from_scm for allowing / denying SCM, default: false
; notice that if both options are enabled, both assertions will be applied, and user_common
; will be overridden by the policy's result.
; allowed_scms_use_policy = false
; The mail host to use for sending email notifications
smtphost=example.com
; The From address used when sending email notifications
from_addr=Koji Build System <buildsys@example.com>
;configuration for Kerberos authentication
;the format of the principal used by the build hosts
;%s will be replaced by the FQDN of the host
;host_principal_format = compile/%s@EXAMPLE.COM
;location of the keytab
;keytab = /etc/kojivmd/kojivmd.keytab
;configuration for SSL authentication
;client certificate
;cert = /etc/kojivmd/client.crt
;certificate of the CA that issued the HTTP server certificate
;serverca = /etc/kojivmd/serverca.crt
Reference in a new issue View git blame Copy permalink