FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Build System

LinkBack Thread Tools
Old 10-28-2009, 12:08 PM
Jitesh Shah
Default Add a policy spec so that only package owners can tag builds

We recently had a requirement that builds of a particular package should
only be managed by package owners (owner derived from the [package,tag]
pair) (Just to clear any possible confusion, I do NOT mean the build
owner, but the package owner)

Initially, I had assumed that only package owners can schedule builds of
their package, but a quick look at the code yielded nothing to prove the
assumption. So, I created a random user and verified that he can build
and tag packages.

Then, I looked at whether I can write a policy to this effect. But, none
of the tests that were already there seemed to provide the
functionality. So, I hacked up a patch to add a test.

With this patch in place, I can add a like "is_package_owner :: allow"
to allow only package owners to build. the policy spec in
my /etc/koji-hub/hub.conf looks like this now:
tag =
has_perm admin :: allow
is_package_owner :: allow
all :: deny

Do let me know whether it is sane and makes sense.
(The patch is NOT taken against the git HEAD, but it should apply easily
with some fuzz)


>From f10b458131c5a1aa75f97e2cb458051630918f04 Mon Sep 17 00:00:00 2001
From: Jitesh Shah <jiteshs@marvell.com>
Date: Wed, 28 Oct 2009 17:20:01 +0530
Subject: [PATCH] Add own policy spec

Signed-off-by: Jitesh Shah <jiteshs@marvell.com>
hub/kojihub.py | 20 ++++++++++++++++++++
1 files changed, 20 insertions(+), 0 deletions(-)

diff --git a/hub/kojihub.py b/hub/kojihub.py
index a281b5e..ef1c364 100644
--- a/hub/kojihub.py
+++ b/hub/kojihub.py
@@ -4443,6 +4443,26 @@ class IsBuildOwnerTest(koji.policy.BaseSimpleTest):
return False

+class IsPackageOwnerTest(koji.policy.BaseSimpleTest):
+ """Check if user owns the build"""
+ name = "is_package_owner"
+ def run(self, data):
+ build = get_build(data['build'])
+ pkg_id = get_package_id(koji.parse_NVR(build['nvr'])['name'], strict=True)
+ tag = get_tag(data['tag'])
+ pkgs = readPackageList(tagID=tag['id'], pkgID=pkg_id, inherit=True)
+ owner_id = pkgs.get(pkg_id,None)['owner_id']
+ owner = get_user(owner_id)
+ user = get_user(data['user_id'])
+ if owner_id == user['id']:
+ return True
+ if owner['usertype'] == koji.USERTYPES['GROUP']:
+ # owner is a group, check to see if user is a member
+ if owner['id'] in koji.auth.get_user_groups(user['id']):
+ return True
+ #otherwise...
+ return False
class UserInGroupTest(koji.policy.BaseSimpleTest):
"""Check if user is in group(s)


Fedora-buildsys-list mailing list

Thread Tools

All times are GMT. The time now is 04:48 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org