rpms
/
koji
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

1.10.1 release

Browse Source 
Signed-off-by: Dennis Gilmore <dennis@ausil.us>
epel9
Dennis Gilmore 9 years ago
parent f6bb05f57d
commit e4df500e21
5 changed files with 11 additions and 104 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -6,3 +6,4 @@ koji-1.4.0.tar.bz2
/koji-1.8.0.tar.bz2
/koji-1.9.0.tar.bz2
/koji-1.10.0.tar.bz2
/koji-1.10.1.tar.bz2

49
0001-Be-more-careful-when-detect-cert-expiry-exceptions.patch
Unescape View File

@ -1,49 +0,0 @@
From 9103bda257e235b26bdbeb9198299cbc13a0d515 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Sat, 15 Aug 2015 14:35:03 -0400
Subject: [PATCH] Be more careful when detect cert-expiry exceptions.
We ran into this in the Fedora koji instance today after an upgrade last night.
The inline comments explain the reasoning
---
koji/__init__.py | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/koji/__init__.py b/koji/__init__.py
index 81064c3..f45ff70 100644
--- a/koji/__init__.py
+++ b/koji/__init__.py
@@ -1943,8 +1943,29 @@ class ClientSession(object):
except Exception, e:
self._close_connection()
if isinstance(e, OpenSSL.SSL.Error):
+ # pyOpenSSL doesn't use different exception
+ # subclasses, we have to actually parse the args
for arg in e.args:
- for _, _, ssl_reason in arg:
+ # First, check to see if 'arg' is iterable because
+ # it can be anything..
+ try:
+ iter(arg)
+ except TypeError:
+ continue
+
+ # We do all this so that we can detect cert expiry
+ # so we can avoid retrying those over and over.
+ for items in arg:
+ try:
+ iter(items)
+ except TypeError:
+ continue
+
+ if len(items) != 3:
+ continue
+
+ _, _, ssl_reason = items
+
if ('certificate revoked' in ssl_reason or
'certificate expired' in ssl_reason):
# There's no point in retrying for this
--
2.5.0

45
0001-Better-catch-SSL-errors.patch
Unescape View File

@ -1,45 +0,0 @@
From ab0b2e465d0f8ad930f28eb3a49850afb57250c2 Mon Sep 17 00:00:00 2001
From: Mathieu Bridon <bochecha@daitauha.fr>
Date: Thu, 23 Jul 2015 10:19:23 +0200
Subject: [PATCH] Better catch SSL errors
Commit 4de27c52de80596d256b059a67d10c7ed5e61238 made Koji to not retry
on SSL errors.
However, it turns out that some SSL errors are transient, and Koji
should still retry for them.
This commit changes that, so that we are more specific about which SSL
errors should be fatal: expired or revoked certificates.
https://bugzilla.redhat.com/show_bug.cgi?id=1207178
---
koji/__init__.py | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/koji/__init__.py b/koji/__init__.py
index fadbada..e7a66f2 100644
--- a/koji/__init__.py
+++ b/koji/__init__.py
@@ -1940,11 +1940,15 @@ class ClientSession(object):
except (SystemExit, KeyboardInterrupt):
#(depending on the python version, these may or may not be subclasses of Exception)
raise
- except OpenSSL.SSL.Error as e:
- # There's no point in retrying this
- raise
except Exception, e:
self._close_connection()
+ if isinstance(e, OpenSSL.SSL.Error):
+ for arg in e.args:
+ for _, _, ssl_reason in arg:
+ if ('certificate revoked' in ssl_reason or
+ 'certificate expired' in ssl_reason):
+ # There's no point in retrying for this
+ raise
if not self.logged_in:
#in the past, non-logged-in sessions did not retry. For compatibility purposes
#this behavior is governed by the anon_retry opt.
--
2.5.0

18
koji.spec
Unescape View File

@ -1,6 +1,6 @@
%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%if 0%{?fedora} >= 23 || 0%{?redhat} >= 7
%if 0%{?fedora} >= 23 || 0%{?rhel} >= 7
%global use_systemd 1
%else
%global use_systemd 0
@ -8,17 +8,14 @@
%endif
Name: koji
Version: 1.10.0
Release: 2%{?dist}
Version: 1.10.1
Release: 1%{?dist}
License: LGPLv2 and GPLv2+
# koji.ssl libs (from plague) are GPLv2+
Summary: Build system tools
Group: Applications/System
URL: https://fedorahosted.org/koji
Patch0: fedora-config.patch
# Backported upstream patches
Patch1: 0001-Better-catch-SSL-errors.patch
Patch2: 0001-Be-more-careful-when-detect-cert-expiry-exceptions.patch
Source: https://fedorahosted.org/released/koji/koji-%{version}.tar.bz2
BuildArch: noarch
@ -26,6 +23,7 @@ Requires: python-krbV >= 1.0.13
Requires: rpm-python
Requires: pyOpenSSL
Requires: python-urlgrabber
Requires: yum
BuildRequires: python
%if %{use_systemd}
BuildRequires: systemd
@ -91,7 +89,7 @@ Requires: createrepo >= 0.4.11-2
Requires: python-hashlib
Requires: python-createrepo
%endif
%if 0%{?fedora} >= 9
%if 0%{?fedora} >= 9 or 0%{?rhel} >= 5
Requires: createrepo >= 0.9.2
%endif
@ -156,8 +154,6 @@ koji-web is a web UI to the Koji system.
%prep
%setup -q
%patch0 -p1 -b orig
%patch1 -p1
%patch2 -p1
%build
@ -320,6 +316,10 @@ fi
%endif
%changelog
* Tue Nov 17 2015 Dennis Gilmore <dennis@ausil.us> - 1.10.1-1
- update to 1.10.1
- Requires yum in the cli rhbz#1230888
* Thu Sep 24 2015 Kalev Lember <klember@redhat.com> - 1.10.0-2
- Backport two patches to fix ClientSession SSL errors

2
sources
Unescape View File

@ -1 +1 @@
c947bbdfc507858b03ed6496ab403e41 koji-1.10.0.tar.bz2
55768668dc963512801540957ac1d084 koji-1.10.1.tar.bz2

Write Preview
Loading…
Cancel
Save