diff --git a/2203.patch b/2203.patch new file mode 100644 index 0000000..bd6e110 --- /dev/null +++ b/2203.patch @@ -0,0 +1,67 @@ +From ce86d84c87709ea6efa4bbc16fabe593de5b4a66 Mon Sep 17 00:00:00 2001 +From: Tomas Kopecek +Date: Apr 28 2020 08:10:24 +0000 +Subject: [PATCH 1/2] hub: admin can't force tag now + + +Fixes: https://pagure.io/koji/issue/2202 + +--- + +diff --git a/hub/kojihub.py b/hub/kojihub.py +index 960c0c6..9ec9bb8 100644 +--- a/hub/kojihub.py ++++ b/hub/kojihub.py +@@ -9760,7 +9760,7 @@ def check_policy(name, data, default='deny', strict=False, force=False): + access: True if the policy result is allow, false otherwise + reason: reason for the access + If strict is True, will raise ActionNotAllowed if the action is not 'allow' +- If force is True, policy will pass, but action will be logged ++ If force is True, policy will pass (under admin), but action will be logged + """ + ruleset = context.policy.get(name) + if not ruleset: +@@ -9791,12 +9791,14 @@ def check_policy(name, data, default='deny', strict=False, force=False): + if result != 'deny': + reason = 'error in policy' + logger.error("Invalid action in policy %s, rule: %s", name, lastrule) +- if force and context.session.hasPerm('admin'): +- msg = "Policy %s overriden by force: %s" % (name, context.session.user_data["name"]) +- if reason: +- msg += ": %s" % reason +- logger.info(msg) +- return True, "overriden by force" ++ if force: ++ user = policy_get_user(data) ++ if 'admin' in koji.auth.get_user_perms(user['id']): ++ msg = "Policy %s overriden by force: %s" % (name, user["name"]) ++ if reason: ++ msg += ": %s" % reason ++ logger.info(msg) ++ return True, "overriden by force" + if not strict: + return False, reason + err_str = "policy violation (%s)" % name + +From 8da87dfd42d63d9252117b331223b4a70f517ac6 Mon Sep 17 00:00:00 2001 +From: Tomas Kopecek +Date: Apr 28 2020 14:08:21 +0000 +Subject: [PATCH 2/2] don't traceback on missing user + + +--- + +diff --git a/hub/kojihub.py b/hub/kojihub.py +index 9ec9bb8..92fb389 100644 +--- a/hub/kojihub.py ++++ b/hub/kojihub.py +@@ -9793,7 +9793,7 @@ def check_policy(name, data, default='deny', strict=False, force=False): + logger.error("Invalid action in policy %s, rule: %s", name, lastrule) + if force: + user = policy_get_user(data) +- if 'admin' in koji.auth.get_user_perms(user['id']): ++ if user and 'admin' in koji.auth.get_user_perms(user['id']): + msg = "Policy %s overriden by force: %s" % (name, user["name"]) + if reason: + msg += ": %s" % reason + diff --git a/koji.spec b/koji.spec index 5f8d8cf..f2ede78 100644 --- a/koji.spec +++ b/koji.spec @@ -79,7 +79,7 @@ Name: koji Version: 1.21.0 -Release: 1%{?dist} +Release: 2%{?dist} # the included arch lib from yum's rpmUtils is GPLv2+ License: LGPLv2 and GPLv2+ Summary: Build system tools @@ -87,6 +87,9 @@ URL: https://pagure.io/koji/ Source0: https://releases.pagure.org/koji/koji-%{version}.tar.bz2 # Patches already upstream +# Patch to allow admin to force tag packages again +# https://pagure.io/koji/issue/2202 +Patch1: https://pagure.io/koji/pull-request/2203.patch # Not upstreamable Patch100: fedora-config.patch @@ -704,6 +707,10 @@ fi %endif %changelog +* Thu Apr 30 2020 Kevin Fenzi - 1.21.0-2 +- Add patch to fix issue with admins not being able to force tagging. +- Fixes https://pagure.io/koji/issue/2202 upstream. + * Tue Apr 21 2020 Kevin Fenzi - 1.21.0-1 - Update to 1.21.1. Fixes bug #1826406