async def sign_build_rpms(build_rpms):
for build_rpm in build_rpms:
rpm_sigs = koji_session.queryRPMSigs(build_rpm["id"])
for rpm_sig in rpm_sigs:
if rpm_sig["sigkey"] == settings.sigul_key_id:
continue
nvr_arch = "%s.%s" % (build_rpm["nvr"], build_rpm["arch"])
logger.debug(f"[*] signing NVR {nvr_arch}")
await sign_koji_package(nvr_arch)
koji_session.writeSignedRPM(nvr_arch, settings.sigul_key_id)
async def check_build_status():
while True:
try:
logger.debug("[*] Running periodic task: check_build_status")
builds = await Build.filter(status=BuildStatus.BUILDING).all()
for build in builds:
try:
await atomic_check_build_status(build)
except Exception as e:
logger.error(f"check_build_status: {e}")
# run every 5 minutes
await asyncio.sleep(60 * 5)
except Exception as e:
logger.error(f"check_build_status wrapper: {e}")
async def sign_unsigned_builds():
if not settings.disable_sigul:
try:
while True:
logger.debug("[*] Running periodic task: sign_unsigned_builds")
builds = await Build.filter(signed=False, status=BuildStatus.SUCCEEDED).prefetch_related(
"package").all()
for build in builds:
try:
await atomic_sign_unsigned_builds(build)
except Exception as e:
logger.error(f"sign_unsigned_builds: {e}")
# run every 5 minutes
await asyncio.sleep(60 * 5)
except Exception as e:
logger.error(f"sign_unsigned_builds wrapper: {e}")
async def run_sigul(args: List[str]):
args.insert(0, "-c")
args.insert(1, settings.sigul_config_file)
args.insert(2, "--batch")
proc = await asyncio.create_subprocess_exec("sigul",
*args,
stdin=asyncio.subprocess.PIPE,
stdout=asyncio.subprocess.PIPE,
stderr=asyncio.subprocess.PIPE)
proc.stdin.write(f"{settings.sigul_passphrase}\0".encode())
await proc.wait()
if proc.returncode != 0:
err = (await proc.stderr.read()).decode()
# means that the package is already signed.
# stupid error
if "ERROR: I/O error: EOFError()" not in err:
logger.debug('sigul returned with code: %s', proc.returncode)
raise SigulException(err)
return await proc.communicate()
async def atomic_check_build_status(build: Build):
if build.koji_id:
task_info = koji_session.getTaskInfo(build.koji_id, request=True)
if task_info["state"] == koji.TASK_STATES["CLOSED"]:
build.status = BuildStatus.SUCCEEDED
await build.save()
package = await Package.filter(id=build.package_id).get()
package.last_build = datetime.datetime.now()
await package.save()
elif task_info["state"] == koji.TASK_STATES["CANCELED"]:
build.status = BuildStatus.CANCELLED
await build.save()
elif task_info["state"] == koji.TASK_STATES["FAILED"]:
try:
task_result = koji_session.getTaskResult(build.koji_id)
logger.debug(task_result)
except (koji.BuildError, xmlrpc.client.Fault):
build.status = BuildStatus.FAILED
except koji.GenericError:
build.status = BuildStatus.CANCELLED
finally:
await build.save()
elif build.mbs_id:
build_info = await mbs_client.get_build(build.mbs_id)
state = build_info["state_name"]
if state == "ready":
build.status = BuildStatus.SUCCEEDED
await build.save()
package = await Package.filter(id=build.package_id).get()
package.last_build = datetime.datetime.now()
await package.save()
elif state == "failed":
build.status = BuildStatus.FAILED
await build.save()