From e4df500e21c8708eaab8a1b64f64a213b45dc873 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Tue, 17 Nov 2015 21:56:58 -0600 Subject: [PATCH] 1.10.1 release Signed-off-by: Dennis Gilmore --- .gitignore | 1 + ...l-when-detect-cert-expiry-exceptions.patch | 49 ------------------- 0001-Better-catch-SSL-errors.patch | 45 ----------------- koji.spec | 18 +++---- sources | 2 +- 5 files changed, 11 insertions(+), 104 deletions(-) delete mode 100644 0001-Be-more-careful-when-detect-cert-expiry-exceptions.patch delete mode 100644 0001-Better-catch-SSL-errors.patch diff --git a/.gitignore b/.gitignore index 8887952..b52e9f4 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ koji-1.4.0.tar.bz2 /koji-1.8.0.tar.bz2 /koji-1.9.0.tar.bz2 /koji-1.10.0.tar.bz2 +/koji-1.10.1.tar.bz2 diff --git a/0001-Be-more-careful-when-detect-cert-expiry-exceptions.patch b/0001-Be-more-careful-when-detect-cert-expiry-exceptions.patch deleted file mode 100644 index e0e410f..0000000 --- a/0001-Be-more-careful-when-detect-cert-expiry-exceptions.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 9103bda257e235b26bdbeb9198299cbc13a0d515 Mon Sep 17 00:00:00 2001 -From: Ralph Bean -Date: Sat, 15 Aug 2015 14:35:03 -0400 -Subject: [PATCH] Be more careful when detect cert-expiry exceptions. - -We ran into this in the Fedora koji instance today after an upgrade last night. -The inline comments explain the reasoning ---- - koji/__init__.py | 23 ++++++++++++++++++++++- - 1 file changed, 22 insertions(+), 1 deletion(-) - -diff --git a/koji/__init__.py b/koji/__init__.py -index 81064c3..f45ff70 100644 ---- a/koji/__init__.py -+++ b/koji/__init__.py -@@ -1943,8 +1943,29 @@ class ClientSession(object): - except Exception, e: - self._close_connection() - if isinstance(e, OpenSSL.SSL.Error): -+ # pyOpenSSL doesn't use different exception -+ # subclasses, we have to actually parse the args - for arg in e.args: -- for _, _, ssl_reason in arg: -+ # First, check to see if 'arg' is iterable because -+ # it can be anything.. -+ try: -+ iter(arg) -+ except TypeError: -+ continue -+ -+ # We do all this so that we can detect cert expiry -+ # so we can avoid retrying those over and over. -+ for items in arg: -+ try: -+ iter(items) -+ except TypeError: -+ continue -+ -+ if len(items) != 3: -+ continue -+ -+ _, _, ssl_reason = items -+ - if ('certificate revoked' in ssl_reason or - 'certificate expired' in ssl_reason): - # There's no point in retrying for this --- -2.5.0 - diff --git a/0001-Better-catch-SSL-errors.patch b/0001-Better-catch-SSL-errors.patch deleted file mode 100644 index c85b4d7..0000000 --- a/0001-Better-catch-SSL-errors.patch +++ /dev/null @@ -1,45 +0,0 @@ -From ab0b2e465d0f8ad930f28eb3a49850afb57250c2 Mon Sep 17 00:00:00 2001 -From: Mathieu Bridon -Date: Thu, 23 Jul 2015 10:19:23 +0200 -Subject: [PATCH] Better catch SSL errors - -Commit 4de27c52de80596d256b059a67d10c7ed5e61238 made Koji to not retry -on SSL errors. - -However, it turns out that some SSL errors are transient, and Koji -should still retry for them. - -This commit changes that, so that we are more specific about which SSL -errors should be fatal: expired or revoked certificates. - -https://bugzilla.redhat.com/show_bug.cgi?id=1207178 ---- - koji/__init__.py | 10 +++++++--- - 1 file changed, 7 insertions(+), 3 deletions(-) - -diff --git a/koji/__init__.py b/koji/__init__.py -index fadbada..e7a66f2 100644 ---- a/koji/__init__.py -+++ b/koji/__init__.py -@@ -1940,11 +1940,15 @@ class ClientSession(object): - except (SystemExit, KeyboardInterrupt): - #(depending on the python version, these may or may not be subclasses of Exception) - raise -- except OpenSSL.SSL.Error as e: -- # There's no point in retrying this -- raise - except Exception, e: - self._close_connection() -+ if isinstance(e, OpenSSL.SSL.Error): -+ for arg in e.args: -+ for _, _, ssl_reason in arg: -+ if ('certificate revoked' in ssl_reason or -+ 'certificate expired' in ssl_reason): -+ # There's no point in retrying for this -+ raise - if not self.logged_in: - #in the past, non-logged-in sessions did not retry. For compatibility purposes - #this behavior is governed by the anon_retry opt. --- -2.5.0 - diff --git a/koji.spec b/koji.spec index 2307d9f..00860d4 100644 --- a/koji.spec +++ b/koji.spec @@ -1,6 +1,6 @@ %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} -%if 0%{?fedora} >= 23 || 0%{?redhat} >= 7 +%if 0%{?fedora} >= 23 || 0%{?rhel} >= 7 %global use_systemd 1 %else %global use_systemd 0 @@ -8,17 +8,14 @@ %endif Name: koji -Version: 1.10.0 -Release: 2%{?dist} +Version: 1.10.1 +Release: 1%{?dist} License: LGPLv2 and GPLv2+ # koji.ssl libs (from plague) are GPLv2+ Summary: Build system tools Group: Applications/System URL: https://fedorahosted.org/koji Patch0: fedora-config.patch -# Backported upstream patches -Patch1: 0001-Better-catch-SSL-errors.patch -Patch2: 0001-Be-more-careful-when-detect-cert-expiry-exceptions.patch Source: https://fedorahosted.org/released/koji/koji-%{version}.tar.bz2 BuildArch: noarch @@ -26,6 +23,7 @@ Requires: python-krbV >= 1.0.13 Requires: rpm-python Requires: pyOpenSSL Requires: python-urlgrabber +Requires: yum BuildRequires: python %if %{use_systemd} BuildRequires: systemd @@ -91,7 +89,7 @@ Requires: createrepo >= 0.4.11-2 Requires: python-hashlib Requires: python-createrepo %endif -%if 0%{?fedora} >= 9 +%if 0%{?fedora} >= 9 or 0%{?rhel} >= 5 Requires: createrepo >= 0.9.2 %endif @@ -156,8 +154,6 @@ koji-web is a web UI to the Koji system. %prep %setup -q %patch0 -p1 -b orig -%patch1 -p1 -%patch2 -p1 %build @@ -320,6 +316,10 @@ fi %endif %changelog +* Tue Nov 17 2015 Dennis Gilmore - 1.10.1-1 +- update to 1.10.1 +- Requires yum in the cli rhbz#1230888 + * Thu Sep 24 2015 Kalev Lember - 1.10.0-2 - Backport two patches to fix ClientSession SSL errors diff --git a/sources b/sources index 61a2a0e..a6b234c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c947bbdfc507858b03ed6496ab403e41 koji-1.10.0.tar.bz2 +55768668dc963512801540957ac1d084 koji-1.10.1.tar.bz2