async def sign_build_rpms(build_rpms):
    for build_rpm in build_rpms:
        rpm_sigs = koji_session.queryRPMSigs(build_rpm["id"])
        for rpm_sig in rpm_sigs:
            if rpm_sig["sigkey"] == settings.sigul_key_id:
                continue

        nvr_arch = "%s.%s" % (build_rpm["nvr"], build_rpm["arch"])
        logger.debug(f"[*] signing NVR {nvr_arch}")
        await sign_koji_package(nvr_arch)
        koji_session.writeSignedRPM(nvr_arch, settings.sigul_key_id)
async def check_build_status():
    while True:
        try:
            logger.debug("[*] Running periodic task: check_build_status")

            builds = await Build.filter(status=BuildStatus.BUILDING).all()
            for build in builds:
                try:
                    await atomic_check_build_status(build)
                except Exception as e:
                    logger.error(f"check_build_status: {e}")

            # run every 5 minutes
            await asyncio.sleep(60 * 5)
        except Exception as e:
            logger.error(f"check_build_status wrapper: {e}")
async def sign_unsigned_builds():
    if not settings.disable_sigul:
        try:
            while True:
                logger.debug("[*] Running periodic task: sign_unsigned_builds")

                builds = await Build.filter(signed=False, status=BuildStatus.SUCCEEDED).prefetch_related(
                    "package").all()
                for build in builds:
                    try:
                        await atomic_sign_unsigned_builds(build)
                    except Exception as e:
                        logger.error(f"sign_unsigned_builds: {e}")

                # run every 5 minutes
                await asyncio.sleep(60 * 5)
        except Exception as e:
            logger.error(f"sign_unsigned_builds wrapper: {e}")
Exemple #4
0
async def run_sigul(args: List[str]):
    args.insert(0, "-c")
    args.insert(1, settings.sigul_config_file)
    args.insert(2, "--batch")

    proc = await asyncio.create_subprocess_exec("sigul",
                                                *args,
                                                stdin=asyncio.subprocess.PIPE,
                                                stdout=asyncio.subprocess.PIPE,
                                                stderr=asyncio.subprocess.PIPE)
    proc.stdin.write(f"{settings.sigul_passphrase}\0".encode())
    await proc.wait()

    if proc.returncode != 0:
        err = (await proc.stderr.read()).decode()
        # means that the package is already signed.
        # stupid error
        if "ERROR: I/O error: EOFError()" not in err:
            logger.debug('sigul returned with code: %s', proc.returncode)
            raise SigulException(err)

    return await proc.communicate()
async def atomic_check_build_status(build: Build):
    if build.koji_id:
        task_info = koji_session.getTaskInfo(build.koji_id, request=True)
        if task_info["state"] == koji.TASK_STATES["CLOSED"]:
            build.status = BuildStatus.SUCCEEDED
            await build.save()

            package = await Package.filter(id=build.package_id).get()
            package.last_build = datetime.datetime.now()
            await package.save()
        elif task_info["state"] == koji.TASK_STATES["CANCELED"]:
            build.status = BuildStatus.CANCELLED
            await build.save()
        elif task_info["state"] == koji.TASK_STATES["FAILED"]:
            try:
                task_result = koji_session.getTaskResult(build.koji_id)
                logger.debug(task_result)
            except (koji.BuildError, xmlrpc.client.Fault):
                build.status = BuildStatus.FAILED
            except koji.GenericError:
                build.status = BuildStatus.CANCELLED
            finally:
                await build.save()
    elif build.mbs_id:
        build_info = await mbs_client.get_build(build.mbs_id)
        state = build_info["state_name"]
        if state == "ready":
            build.status = BuildStatus.SUCCEEDED
            await build.save()

            package = await Package.filter(id=build.package_id).get()
            package.last_build = datetime.datetime.now()
            await package.save()
        elif state == "failed":
            build.status = BuildStatus.FAILED
            await build.save()