WarlockFish/fedora-infra_ansible
1
0
Fork 0
mirror of https://pagure.io/fedora-infra/ansible.git synced 2026-03-20 03:57:02 +08:00
Code Issues Packages Projects Releases Wiki Activity

koji_hub / rules: drop fedora-release and fedora-repos from secure-boot channel

Browse Source 
FESCo voted to do this: https://pagure.io/fesco/issue/2358

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi
2020-03-30 15:19:08 +00:00
committed by Pierre-Yves Chibon
parent 5740d0c62e
commit b9b91103f3
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
roles/koji_hub/templates/hub.conf.j2
View File

@@ -82,12 +82,12 @@ Plugins = fedmsg-koji-plugin runroot_hub hub_containerbuild tag2distrepo sidetag
[policy]
tag =
user mbs/mbs.fedoraproject.org && tag module-* && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
user mbs/mbs.fedoraproject.org && fromtag module-* && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
user bodhi && tag *-override && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
has_perm autosign && fromtag *-pending && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
has_perm autosign && fromtag *-candidate && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
has_perm secure-boot && package kernel shim grub2 fedora-release fedora-repos pesign :: allow
user mbs/mbs.fedoraproject.org && tag module-* && package kernel shim grub2 pesign :: allow
user mbs/mbs.fedoraproject.org && fromtag module-* && package kernel shim grub2 pesign :: allow
user bodhi && tag *-override && package kernel shim grub2 pesign :: allow
has_perm autosign && fromtag *-pending && package kernel shim grub2 pesign :: allow
has_perm autosign && fromtag *-candidate && package kernel shim grub2 pesign :: allow
has_perm secure-boot && package kernel shim grub2 pesign :: allow
# CoreOS continuous builds, https://pagure.io/releng/issue/8165
operation tag && tag f*-coreos-continuous && has_perm coreos-continuous :: allow
operation untag && fromtag f*-coreos-continuous && has_perm coreos-continuous :: allow
@@ -96,7 +96,7 @@ tag =
operation tag && tag coreos-pool f*-coreos-signing-pending coreos-release && has_perm coreos-continuous :: allow
operation untag && fromtag coreos-pool f*-coreos-signing-pending coreos-release && has_perm coreos-continuous :: allow
# deny tagging secureboot packages that are not related to coreos-continuous
package kernel shim grub2 fedora-release fedora-repos pesign :: deny
package kernel shim grub2 pesign :: deny
# Allow people to tag stuff into infra-candidate if they're infra
tag *-infra-candidate && has_perm infra :: allow
tag *-infra-candidate :: deny