diff --git a/.gitignore b/.gitignore index eafe7d7..40d455d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ ./postgres/data/* ./postgres/pagure-data-20241118-0030.sql - +./data diff --git a/mbs/etc/fedmsg.d/base.py b/mbs/etc/fedmsg.d/base.py index 4aa3890..9ff0341 100644 --- a/mbs/etc/fedmsg.d/base.py +++ b/mbs/etc/fedmsg.d/base.py @@ -19,7 +19,7 @@ config = dict( # Prefix for the topic of each message sent. - topic_prefix="org.kylinosproject", + topic_prefix="org.fedoraproject", # Set this to dev if you're hacking on fedmsg or an app. # Set to stg or prod if running in the Fedora Infrastructure diff --git a/mbs/etc/fedmsg.d/endpoints.py b/mbs/etc/fedmsg.d/endpoints.py index a71b343..86611d4 100644 --- a/mbs/etc/fedmsg.d/endpoints.py +++ b/mbs/etc/fedmsg.d/endpoints.py @@ -25,7 +25,7 @@ config = dict( # These are here so your local box can listen to the upstream # infrastructure's bus. Cool, right? :) "fedora-infrastructure": [ - # "tcp://hub.fedoraproject.org:9940", + "tcp://hub.fedoraproject.org:9940", # "tcp://stg.fedoraproject.org:9940", ], # "debian-infrastructure": [ diff --git a/mbs/etc/fedmsg.d/mbs-fedmsg.py b/mbs/etc/fedmsg.d/mbs-fedmsg.py deleted file mode 100644 index fe3a30a..0000000 --- a/mbs/etc/fedmsg.d/mbs-fedmsg.py +++ /dev/null @@ -1,17 +0,0 @@ -#import socket -# -#config = { -# # So that the MBS can find it's cert in /etc/fedmsg.d/ssl.py -# 'cert_prefix': 'mbs', -# 'name': 'mbs.%s' % socket.gethostname().split('.', 1)[0], -#} -config = { - 'zmq_enabled': True, - 'validate_signatures': False, - 'moksha.blocking_mode': True, - # moksha-monitor-exporter's point of contact - 'moksha.monitoring.socket': 'tcp://0.0.0.0:10030', -} - - - diff --git a/mbs/etc/fedmsg.d/mbs-logging.py b/mbs/etc/fedmsg.d/mbs-logging.py index eef2143..6ab8e01 100644 --- a/mbs/etc/fedmsg.d/mbs-logging.py +++ b/mbs/etc/fedmsg.d/mbs-logging.py @@ -3,12 +3,14 @@ config = dict( loggers=dict( # Quiet this guy down... requests={ - "level": "DEBUG", + "level": "INFO", "propagate": True, + "handlers": ["console"] }, module_build_service={ - "level": "DEBUG", + "level": "INFO", "propagate": True, + "handlers": ["console"] }, ), root=dict( diff --git a/mbs/etc/fedmsg.d/mbs-scheduler.py b/mbs/etc/fedmsg.d/mbs-scheduler.py index acb7098..2138699 100644 --- a/mbs/etc/fedmsg.d/mbs-scheduler.py +++ b/mbs/etc/fedmsg.d/mbs-scheduler.py @@ -1 +1 @@ -config = {"mbsconsumer": True} +config = {"mbsconsumer": True,"mbspoller":True} diff --git a/mbs/etc/fedmsg.d/module_build_service.py b/mbs/etc/fedmsg.d/module_build_service.py index 90a14fd..e2574ed 100644 --- a/mbs/etc/fedmsg.d/module_build_service.py +++ b/mbs/etc/fedmsg.d/module_build_service.py @@ -12,7 +12,7 @@ config = { "fedora-infrastructure": [ # Just listen to staging for now, not to production (spam!) # "tcp://hub.fedoraproject.org:9940", - #"tcp://stg.fedoraproject.org:9940" + "tcp://stg.fedoraproject.org:9940" ] }, # Start of code signing configuration diff --git a/mbs/etc/fedmsg.d/relay.py b/mbs/etc/fedmsg.d/relay.py index 7e3b07f..eedbec4 100644 --- a/mbs/etc/fedmsg.d/relay.py +++ b/mbs/etc/fedmsg.d/relay.py @@ -23,7 +23,8 @@ config = dict( # This is the output side of the relay to which all other # services can listen. "relay_outbound": [ - "tcp://127.0.0.1:4001", + "tcp://0.0.0.0:4001", + #"tcp://127.0.0.1:4001", #"tcp://127.0.0.1:9941", ], }, diff --git a/mbs/etc/module-build-service/config.py b/mbs/etc/module-build-service/config.py index a880660..9af7c6c 100755 --- a/mbs/etc/module-build-service/config.py +++ b/mbs/etc/module-build-service/config.py @@ -122,9 +122,9 @@ class ProdConfiguration(object): DEBUG = False # Make this random (used to generate session keys) - SECRET_KEY = "74d9e9f9cd40e66fc6c4c2e9987dce48df3ce98542529126" - SQLALCHEMY_DATABASE_URI = "sqlite:///{0}".format(path.join(dbdir, "module_build_service.db")) # 测试期间就用 SQLite 了 - #SQLALCHEMY_DATABASE_URI = 'postgresql://mbs:mysupersecretepasswordmbs@koji.gnulab.org/mbs' + SECRET_KEY = "74d9e9f9cd40e66fc6c4c2e9987dce48df3ce98542529fd0" + #SQLALCHEMY_DATABASE_URI = "sqlite:///{0}".format(path.join(dbdir, "module_build_service.db")) # 测试期间就用 SQLite 了 + SQLALCHEMY_DATABASE_URI = 'postgresql://postgres:Kylin123@db/koji' SQLALCHEMY_TRACK_MODIFICATIONS = True # Where we should run when running "manage.py run" directly. #HOST = "0.0.0.0" @@ -136,30 +136,30 @@ class ProdConfiguration(object): #DISTGITS = {"git+https://git.centos.org": ("git clone {repo_path}", "get_sources.sh")} SYSTEM = "koji" - MESSAGING = "in_memory" # in_memory, fedmsg or amq + MESSAGING = "fedmsg" # in_memory, fedmsg or amq #MESSAGING_TOPIC_PREFIX = ["org.kylinosproject.prod"] # 修改为与 Fedmsg 配置一致 + MESSAGING_TOPIC_PREFIX = ["org.fedoraproject.prod"] # 修改为与 Fedmsg 配置一致 #MESSAGING_TOPIC_PREFIX = ['org.kylinosproject.mbs','org.kylinosprojec.prod','org.kylinosprojec.dev'] # 修改为与 Fedmsg 配置一致 KOJI_CONFIG = "/etc/module-build-service/koji.conf" KOJI_PROFILE = "koji" - ARCHES = ["x86_64"] ### 需要修改 + ARCHES = ["i686", "armv7hl", "x86_64"] ### 需要修改 ALLOW_ARCH_OVERRIDE = False KOJI_PROXYUSER = True #KOJI_PROXYUSER = False - KOJI_REPOSITORY_URL = "http://leap.host:9081/kojifiles/repo" - #KOJI_REPOSITORY_URL = "http://leap.host/kojifilesi/repo" - #KOJI_REPOSITORY_URL = "http://leap.host/kojifiles" + KOJI_REPOSITORY_URL = "http://buildsystem.kylinos.cn:8242/kojifiles/repos/" #KOJI_TAG_PREFIXES = ["module", "scrmod"] ## 前缀 - KOJI_TAG_PREFIXES = ["module","scrmod" ] + KOJI_TAG_PREFIXES = ["module"] + #KOJI_TAG_PREFIXES = ["module","scrmod" ] # 是否将模块导入koji KOJI_ENABLE_CONTENT_GENERATOR = True ## - KOJI_TAG_PERMISSION = "admin" + #KOJI_TAG_PERMISSION = "admin" DEFAULT_DIST_TAG_PREFIX = 'module_' @@ -177,7 +177,8 @@ class ProdConfiguration(object): PDC_DEVELOP = True ## 提交 SUBMIT - SCMURLS = ["https://src.fedoraproject.org","git+https://git.centos.org/", "https://git.centos.org/","git+https://gitea.warlockfish.com/"] ## 需要修改 + SCMURLS = ["git+https://server.kylinos.cn:40080/modules/"] ## 需要修改 + #SCMURLS = ["https://src.fedoraproject.org","git+https://git.centos.org/", "https://git.centos.org/","git+https://gitea.warlockfish.com/"] ## 需要修改 ALLOW_STREAM_OVERRIDE_FROM_SCM = True YAML_SUBMIT_ALLOWED = True @@ -193,24 +194,26 @@ class ProdConfiguration(object): # How often should we resort to polling, in seconds # Set to zero to disable polling - POLLING_INTERVAL = 3600 + # 轮训时间 + POLLING_INTERVAL = 60 ## 编译优先级 KOJI_BUILD_PRIORITY = 4 # Determines how many builds that can be submitted to the builder # and be in the build state at a time. Set this to 0 for no restrictions - NUM_CONCURRENT_BUILDS = 5 - NUM_CONSECUTIVE_BUILDS = 5 #增 + # 并发个数 + NUM_CONCURRENT_BUILDS = 15 + NUM_CONSECUTIVE_BUILDS = 15 #增 ALLOW_CUSTOM_SCMURLS = True - RPMS_DEFAULT_REPOSITORY = "git+https://git.centos.org/rpms/" ## 需要修改 + RPMS_DEFAULT_REPOSITORY = "git+https://server.kylinos.cn:40080/rpms" ## 需要修改 RPMS_ALLOW_REPOSITORY = False - RPMS_DEFAULT_CACHE = "https://src.fedoraproject.org/repo/pkgs/" ## 需要修改 + RPMS_DEFAULT_CACHE = "https://server.kylinos.cn:40080/sources/" ## 需要修改 RPMS_ALLOW_CACHE = False - MODULES_DEFAULT_REPOSITORY = "git+https://git.centos.org/modules/" ##需要修改 + MODULES_DEFAULT_REPOSITORY = "git+https://server.kylinos.cn:40080/modules" ##需要修改 MODULES_ALLOW_REPOSITORY = False MODULES_ALLOW_SCRATCH = True ALLOW_ONLY_COMPATIBLE_BASE_MODULES = True @@ -230,7 +233,7 @@ class ProdConfiguration(object): # REBUILD_STRATEGY = 'only-changed' ## all , only-changed - REBUILD_STRATEGY = 'all' + REBUILD_STRATEGY = 'only-changed' REBUILD_STRATEGY_ALLOW_OVERRIDE = True # backends 日志类型: console, file, journal. @@ -281,7 +284,7 @@ class ProdConfiguration(object): RESOLVER = "db" - NUM_WORKERS = 3 + NUM_WORKERS = 4 # Extra options set for newly created Koji tags #KOJI_TAG_EXTRA_OPTS = { @@ -301,7 +304,7 @@ class ProdConfiguration(object): #} ### 每次构建日志 - BUILD_LOGS_DIR = '/var/tmp' #增 + BUILD_LOGS_DIR = '/app/tmp' #增 #class LocalBuildConfiguration(BaseConfiguration): diff --git a/mbs/etc/module-build-service/koji.conf b/mbs/etc/module-build-service/koji.conf index 27f8b1a..3e75a01 100755 --- a/mbs/etc/module-build-service/koji.conf +++ b/mbs/etc/module-build-service/koji.conf @@ -1,18 +1,19 @@ [koji] #server = http://192.168.68.86:9080/kojihub -server = https://leap.host:9081/kojihub +server = https://buildsystem.kylinos.cn:8242/kojihub -weburl = https://leap.host:9081/koji +weburl = https://buildsystem.kylinos.cn:8242/koji #weburl = http://192.168.68.86:9080/koji -topdir = /mnt/koji -topurl = https://leap.host:9081/kojifiles +#topdir = /mnt/koji +topurl = https://buildsystem.kylinos.cn:8242/kojifiles #topurl = http://192.168.68.86:9080/kojifiles authtype = ssl +ca = /etc/pki/koji_ca_cert.crt cert = /etc/pki/mbs.pem -#cert = /home/mbs/.koji/mbs.pem -#serverca = /home/mbs/.koji/koji_ca_cert.crt serverca = /etc/pki/koji_ca_cert.crt + +max_retries = 120 diff --git a/mbs/etc/module-build-service/module_build_service.db.1 b/mbs/etc/module-build-service/module_build_service.db.1 deleted file mode 100755 index 5bd5177..0000000 Binary files a/mbs/etc/module-build-service/module_build_service.db.1 and /dev/null differ diff --git a/mbs/etc/module-build-service/module_build_service.db.2 b/mbs/etc/module-build-service/module_build_service.db.2 deleted file mode 100755 index 7723a34..0000000 Binary files a/mbs/etc/module-build-service/module_build_service.db.2 and /dev/null differ diff --git a/mbs/etc/pki/koji_ca_cert.crt b/mbs/etc/pki/koji_ca_cert.crt old mode 100755 new mode 100644 index 78c4762..5661d16 --- a/mbs/etc/pki/koji_ca_cert.crt +++ b/mbs/etc/pki/koji_ca_cert.crt @@ -1,25 +1,26 @@ -----BEGIN CERTIFICATE----- -MIIELjCCAxagAwIBAgIUHdcaXR8tFKmRSia/UV76WozhHW0wDQYJKoZIhvcNAQEL -BQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl -aWppbmcxDTALBgNVBAoTBExlYXAxDzANBgNVBAsTBmtvamlDQTESMBAGA1UEAxMJ -bGVhcC5ob3N0MB4XDTI0MDkxMjE2MTUwN1oXDTM0MDkxMDE2MTUwN1owZTELMAkG -A1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0JlaWppbmcxDTAL -BgNVBAoTBExlYXAxDzANBgNVBAsTBmtvamlDQTESMBAGA1UEAxMJbGVhcC5ob3N0 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6/fyyFDFQG4tNMVyoHE2 -cRKBm4Xpwo+h2tMIDDhZX1fjXIWw13p/d7z5sU58eG3RUdSW3zipJkQbFqyOPMPt -Ix04pOTr0uNtHjr8bJL+APvWv64aKHzLEM+Zifs9RI7X/LFm62CvnjiLrklPuR1z -BrkSPufjtGWuvTKQzk20UXxHEIgtI+1IsQYI9sf14lHvSK2vbs9UdGC6xRmVbTcS -Fk/AlsHkVVJSsfnFWAjut/pz8UbKo7oH8yhEQkM+tjrWiE/hY1rQhqGKeGw1bQW4 -UkzEOB7ylVzAkK6H7uRiPzwp4D1yXAC9bmvpy0Vjc9PH29OFoYMoE+W12AG5JIC6 -6wIDAQABo4HVMIHSMB0GA1UdDgQWBBRCQDrgLau1HJVnzVrpEKyV5emFFDCBogYD -VR0jBIGaMIGXgBRCQDrgLau1HJVnzVrpEKyV5emFFKFppGcwZTELMAkGA1UEBhMC -Q04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0JlaWppbmcxDTALBgNVBAoT -BExlYXAxDzANBgNVBAsTBmtvamlDQTESMBAGA1UEAxMJbGVhcC5ob3N0ghQd1xpd -Hy0UqZFKJr9RXvpajOEdbTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IB -AQAJE6oON+chOPPFea1b4FdRKhORO5i/Raehvma09q++keKb2VvrrBXv4q3zx+nm -GvkbZCwNeyJBcT2MP4ZY5TLCO7jYvWlTWk9piTBn/dXFhNWEE/Sf5+GJUy+bImca -If9t4E7Gv0HaksbKKTVmUmoO1xaA64DtSWQ4cPmNOizIeFUZqcuxkxBIp3GYFuqD -BNuCl+ElrIa5naotfhgAKCP+YTL9k9OMdzbC1ERFeu4DqN7mu9dyQQ/bGV5DP+TQ -mL8C7MaS1/g0E3I3rnA6zBkctGtxPTzb/2/Nk3OhAYXWiwlMoJZZFk5O0W7lvpoG -MVV8DOJyV/Y9v/fhiwrLtGJc +MIIEcTCCA1mgAwIBAgIJAN/ULkeKHWa8MA0GCSqGSIb3DQEBCwUAMIGBMQswCQYD +VQQGEwJDTjEQMA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzENMAsG +A1UEChMEY3MyYzEOMAwGA1UECxMFYnVpbGQxDTALBgNVBAMTBGtvamkxIDAeBgkq +hkiG9w0BCQEWEWx1b2ZlaUBreWxpbm9zLmNuMB4XDTIwMDQyOTA0MjY0MVoXDTMw +MDQyNzA0MjY0MVowgYExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdCZWlqaW5nMRAw +DgYDVQQHEwdCZWlqaW5nMQ0wCwYDVQQKEwRjczJjMQ4wDAYDVQQLEwVidWlsZDEN +MAsGA1UEAxMEa29qaTEgMB4GCSqGSIb3DQEJARYRbHVvZmVpQGt5bGlub3MuY24w +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7l8ljz13Rg+jzA+dv90yN +4haT5RB05Q2jDMPMORgE0ArtPXs8gd/OEmk5RCU5B5IE5NHoKXtx6ctcqhxsJbVQ +R5gdSI0LU1OH6SpYh7YBla4lTrjnsNJ0QYf/a1KPbv1I0/sEYNAsAdLp15pKvMXJ +kqtqrSU+0857E3FYAjQGN0W3TH/hEAmyt57f2aQ4y4z7ZJVJnt6+eLKVIZdP5kbZ +TdC5j7PzZBnd/SQix+M8E7eJueYgIghgU7cBRGUuY+aB0PUQKwZDJ+AUcX7GLwgm +ixAweHxwkIGAxr9pvUTvTTquKKWlqCUOxnT76f2dvjk01S1KTt+2e3ZlXr8Esa6D +AgMBAAGjgekwgeYwHQYDVR0OBBYEFOjszUs9ZK8EZiogHmPdkGEEiaIUMIG2BgNV +HSMEga4wgauAFOjszUs9ZK8EZiogHmPdkGEEiaIUoYGHpIGEMIGBMQswCQYDVQQG +EwJDTjEQMA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzENMAsGA1UE +ChMEY3MyYzEOMAwGA1UECxMFYnVpbGQxDTALBgNVBAMTBGtvamkxIDAeBgkqhkiG +9w0BCQEWEWx1b2ZlaUBreWxpbm9zLmNuggkA39QuR4odZrwwDAYDVR0TBAUwAwEB +/zANBgkqhkiG9w0BAQsFAAOCAQEAg1oO5eEi5GzL5Mvqkc8AAMtn7btp8Von4Z0h +iqIVIyM0EqOIdV213fiKo87qSFzfW0u+jRAXSH75ALyRYf3UZaELTGl+OKxIH/MM +oGWTEldbDWVOA852SGN+BG/dJ3pcgMwj0XZY5bn/LU8gkaydjr2ox/scJMguw3xp +rLbZDzi7241iPyvsa/a30bUoDWeKMDtOOYmCxJQNLeebsiLbpDYN/+YlsbjZWxnf +CVafPPjoOUy1iwqBJKJKbpTkaNw2Bu7UG04wYPKCzIIon0tF5L3U3zTa1piMpgVO +WB0AJJVU9Xcf2sjalGJuejNyWPNnj0+5djoHsQWKEXzGuWGCAA== -----END CERTIFICATE----- diff --git a/mbs/etc/pki/mbs.pem b/mbs/etc/pki/mbs.pem index 6789a84..2fb8c34 100755 --- a/mbs/etc/pki/mbs.pem +++ b/mbs/etc/pki/mbs.pem @@ -1,113 +1,114 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 7 (0x7) + Serial Number: 26 (0x1a) Signature Algorithm: sha256WithRSAEncryption - Issuer: C=CN, ST=Beijing, L=Beijing, O=Leap, OU=kojiCA, CN=leap.host + Issuer: C=CN, ST=Beijing, L=Beijing, O=cs2c, OU=build, CN=koji/emailAddress=luofei@kylinos.cn Validity - Not Before: Sep 12 16:19:53 2024 GMT - Not After : Sep 10 16:19:53 2034 GMT - Subject: C=CN, ST=Beijing, O=Leap, OU=user, CN=mbs + Not Before: Aug 6 08:20:36 2021 GMT + Not After : Aug 4 08:20:36 2031 GMT + Subject: C=CN, ST=Beijing, O=cs2c, CN=mbs/emailAddress=luofei@kylinos.cn Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: - 00:dc:cb:19:32:81:30:4b:65:10:af:24:da:d7:f4: - 25:85:15:fb:d3:6d:43:76:77:5e:7b:c1:61:e6:b5: - 94:f1:5e:1c:9c:ec:cd:73:17:49:ed:99:7a:04:59: - 29:0d:54:c7:7f:64:fb:cd:69:b6:c0:32:0e:a6:b6: - 3b:1f:94:ef:6c:56:31:9a:0b:3c:52:10:cb:ab:4d: - 13:ac:70:1f:a5:3b:48:58:2f:d9:5e:81:19:2a:5f: - 9a:a7:d5:59:f4:64:4e:bf:75:b3:b1:73:65:ce:9c: - 74:a6:ae:65:7e:20:15:47:98:0c:00:0f:5e:64:28: - 1a:1a:93:ef:79:e3:87:2b:e1:2c:24:7e:16:ef:4e: - e2:50:99:3e:71:9f:9f:5f:8e:0d:61:3d:80:b3:fb: - 1c:d6:f6:5d:bb:02:84:a2:36:95:10:5b:83:81:4a: - ef:ba:e0:e4:b5:f0:d4:9e:1d:43:24:8d:b2:af:58: - 0e:51:5d:91:67:c3:b6:d0:ec:c0:c6:6d:85:a8:7b: - 3f:c3:76:ee:24:45:49:41:60:46:86:08:38:8b:62: - 03:b7:6e:11:d6:ae:00:e0:eb:b3:cf:76:6e:91:68: - dd:29:db:d0:e0:03:11:42:1b:df:75:58:70:63:36: - 63:c5:38:51:ec:c8:2f:fc:22:b6:da:3b:cd:c8:b7: - 9c:ad + 00:a9:f6:a7:8f:94:01:70:a9:6f:52:11:48:fe:12: + b3:7c:c1:89:e0:e1:8d:4f:ef:ee:0f:4b:77:de:9e: + 3f:53:21:95:b6:2f:2f:2f:18:e2:4a:87:35:40:f0: + 74:20:2f:ba:d2:9f:cb:e3:1a:4f:16:db:67:c9:0a: + f9:26:33:64:a0:95:cd:60:c0:33:2b:b2:67:2f:d5: + 22:b9:40:e2:12:40:29:11:e8:53:78:05:1b:33:b5: + a1:3a:47:74:60:85:6c:f0:f9:2e:d2:33:3f:9d:2d: + 43:3d:81:0d:4f:d3:0a:61:75:33:f4:11:23:95:e1: + 2c:6c:53:96:f7:d3:0b:3e:25:20:1b:a9:37:ee:e3: + ec:40:ef:4b:87:db:66:f0:8a:19:22:bc:41:7a:65: + cd:d8:a1:60:fb:2d:e1:7e:de:5e:90:4b:08:f7:58: + eb:81:ba:0f:33:49:a3:94:04:c1:7f:96:ce:40:e6: + 1b:ff:da:40:90:d8:cc:f1:6d:36:96:4a:a6:d7:a5: + 4b:c0:4a:99:d1:cd:29:8c:19:c4:26:a1:08:f9:af: + f8:bb:62:71:d5:a8:6e:18:b3:b2:85:ce:e7:26:42: + c3:d5:fb:fe:d6:f0:f0:ea:a9:bb:5e:8b:44:e6:4f: + e9:7e:3b:28:4d:65:2c:54:2c:05:5f:ff:89:64:dc: + 11:0f Exponent: 65537 (0x10001) X509v3 extensions: - X509v3 Basic Constraints: + X509v3 Basic Constraints: CA:FALSE - Netscape Comment: + Netscape Comment: OpenSSL Generated Certificate - X509v3 Subject Key Identifier: - 13:91:17:5C:C4:FE:0C:5B:49:91:12:53:B8:72:29:35:44:24:6C:B7 - X509v3 Authority Key Identifier: - keyid:42:40:3A:E0:2D:AB:B5:1C:95:67:CD:5A:E9:10:AC:95:E5:E9:85:14 - DirName:/C=CN/ST=Beijing/L=Beijing/O=Leap/OU=kojiCA/CN=leap.host - serial:1D:D7:1A:5D:1F:2D:14:A9:91:4A:26:BF:51:5E:FA:5A:8C:E1:1D:6D + X509v3 Subject Key Identifier: + DD:03:85:DF:74:2F:59:7A:6D:7A:A7:E5:E9:86:27:65:ED:24:8F:3E + X509v3 Authority Key Identifier: + keyid:E8:EC:CD:4B:3D:64:AF:04:66:2A:20:1E:63:DD:90:61:04:89:A2:14 + DirName:/C=CN/ST=Beijing/L=Beijing/O=cs2c/OU=build/CN=koji/emailAddress=luofei@kylinos.cn + serial:DF:D4:2E:47:8A:1D:66:BC Signature Algorithm: sha256WithRSAEncryption - 5a:49:34:e4:ed:ed:f1:ab:d5:bb:72:61:0d:d8:1b:13:65:75: - 18:3c:90:be:5e:bf:84:15:5d:c6:be:4e:59:b0:61:f4:0d:c3: - ad:17:d6:c3:61:e5:83:b2:f5:3b:5a:4e:fd:0f:0f:ce:99:74: - 2a:87:1e:80:be:b3:e6:fc:d1:d1:94:e6:e9:3b:ef:be:88:00: - f2:29:f9:1f:1f:42:fb:63:8c:66:39:63:28:b4:fa:19:51:b2: - 22:36:e2:1f:f5:c1:6b:00:9f:66:86:c6:92:18:3e:b5:dd:ea: - a3:b1:e5:30:55:b2:17:f3:5c:9b:6b:8a:bf:81:77:bf:44:93: - d7:34:5b:cb:81:23:8a:06:b1:06:bc:98:de:8f:f0:8e:24:46: - b5:f9:c2:2e:05:24:e0:7b:4b:48:27:dd:59:1e:89:87:4b:b2: - ac:de:49:bd:69:3b:d8:30:d7:44:aa:a1:2a:66:14:3a:28:70: - 00:e9:2f:19:27:2b:db:f4:b3:fe:0a:8e:c3:2f:c0:7e:94:b9: - f8:ff:1d:e3:be:89:50:fe:e8:2d:f0:a5:e2:5f:1c:dd:ff:13: - 38:47:77:04:49:5c:8f:35:e4:db:42:5b:a1:e8:d5:f1:cf:28: - dc:fd:1f:41:77:b0:cd:54:db:6f:49:db:43:f2:95:d9:be:9b: - 96:af:eb:af + 48:76:33:f8:e2:0d:7d:c0:6b:50:1c:6b:73:73:9a:13:f6:36: + d3:b4:62:bf:4b:fb:cd:09:eb:0a:3e:21:ae:d9:29:e1:30:11: + 2d:21:51:5c:a6:ae:90:74:df:16:fa:ba:d4:af:e8:ed:d7:3b: + 26:69:c3:8b:9c:ab:00:33:d7:b4:0f:67:19:1e:6c:35:93:39: + 2e:3b:10:d9:74:90:b0:33:0a:ad:1e:8a:91:da:ae:10:97:7c: + 3c:51:02:5c:d7:cc:d8:a5:9d:a4:dc:94:c8:2a:31:95:25:72: + ab:36:62:bd:8d:59:b4:a7:85:6e:1d:e9:69:67:1d:72:5c:cf: + 41:ea:bc:f7:24:9a:cf:96:ad:91:68:4f:cd:41:67:37:52:66: + 36:07:fb:3b:35:35:68:02:5e:ce:1b:3d:0b:54:48:86:a3:5a: + 3e:99:db:b3:2a:9f:4f:14:26:24:20:c2:2e:fc:70:88:a6:d6: + 16:33:0c:d7:8d:e9:2d:c1:87:16:b5:76:39:8d:f3:12:77:64: + f8:de:2c:44:05:ea:58:b8:f2:32:1b:b7:98:b3:7f:50:bf:47: + 98:6e:b7:91:c5:5c:15:cb:1e:b1:58:77:96:85:82:21:90:12: + 6c:b4:e3:cb:72:1c:b4:eb:ef:82:0d:b0:a0:9c:07:64:42:d6: + 8e:76:13:7c -----BEGIN CERTIFICATE----- -MIIELTCCAxWgAwIBAgIBBzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEQ -MA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzENMAsGA1UEChMETGVh -cDEPMA0GA1UECxMGa29qaUNBMRIwEAYDVQQDEwlsZWFwLmhvc3QwHhcNMjQwOTEy -MTYxOTUzWhcNMzQwOTEwMTYxOTUzWjBLMQswCQYDVQQGEwJDTjEQMA4GA1UECBMH -QmVpamluZzENMAsGA1UEChMETGVhcDENMAsGA1UECxMEdXNlcjEMMAoGA1UEAxMD -bWJzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3MsZMoEwS2UQryTa -1/QlhRX7021Ddndee8Fh5rWU8V4cnOzNcxdJ7Zl6BFkpDVTHf2T7zWm2wDIOprY7 -H5TvbFYxmgs8UhDLq00TrHAfpTtIWC/ZXoEZKl+ap9VZ9GROv3WzsXNlzpx0pq5l -fiAVR5gMAA9eZCgaGpPveeOHK+EsJH4W707iUJk+cZ+fX44NYT2As/sc1vZduwKE -ojaVEFuDgUrvuuDktfDUnh1DJI2yr1gOUV2RZ8O20OzAxm2FqHs/w3buJEVJQWBG -hgg4i2IDt24R1q4A4Ouzz3ZukWjdKdvQ4AMRQhvfdVhwYzZjxThR7Mgv/CK22jvN -yLecrQIDAQABo4IBADCB/TAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu -U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUE5EXXMT+DFtJkRJT -uHIpNUQkbLcwgaIGA1UdIwSBmjCBl4AUQkA64C2rtRyVZ81a6RCsleXphRShaaRn -MGUxCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdCZWlqaW5nMRAwDgYDVQQHEwdCZWlq -aW5nMQ0wCwYDVQQKEwRMZWFwMQ8wDQYDVQQLEwZrb2ppQ0ExEjAQBgNVBAMTCWxl -YXAuaG9zdIIUHdcaXR8tFKmRSia/UV76WozhHW0wDQYJKoZIhvcNAQELBQADggEB -AFpJNOTt7fGr1btyYQ3YGxNldRg8kL5ev4QVXca+TlmwYfQNw60X1sNh5YOy9Tta -Tv0PD86ZdCqHHoC+s+b80dGU5uk7776IAPIp+R8fQvtjjGY5Yyi0+hlRsiI24h/1 -wWsAn2aGxpIYPrXd6qOx5TBVshfzXJtrir+Bd79Ek9c0W8uBI4oGsQa8mN6P8I4k -RrX5wi4FJOB7S0gn3VkeiYdLsqzeSb1pO9gw10SqoSpmFDoocADpLxknK9v0s/4K -jsMvwH6Uufj/HeO+iVD+6C3wpeJfHN3/EzhHdwRJXI815NtCW6Ho1fHPKNz9H0F3 -sM1U229J20Pyldm+m5av668= +MIIEcjCCA1qgAwIBAgIBGjANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMCQ04x +EDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0JlaWppbmcxDTALBgNVBAoTBGNz +MmMxDjAMBgNVBAsTBWJ1aWxkMQ0wCwYDVQQDEwRrb2ppMSAwHgYJKoZIhvcNAQkB +FhFsdW9mZWlAa3lsaW5vcy5jbjAeFw0yMTA4MDYwODIwMzZaFw0zMTA4MDQwODIw +MzZaMF4xCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdCZWlqaW5nMQ0wCwYDVQQKEwRj +czJjMQwwCgYDVQQDEwNtYnMxIDAeBgkqhkiG9w0BCQEWEWx1b2ZlaUBreWxpbm9z +LmNuMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqfanj5QBcKlvUhFI +/hKzfMGJ4OGNT+/uD0t33p4/UyGVti8vLxjiSoc1QPB0IC+60p/L4xpPFttnyQr5 +JjNkoJXNYMAzK7JnL9UiuUDiEkApEehTeAUbM7WhOkd0YIVs8Pku0jM/nS1DPYEN +T9MKYXUz9BEjleEsbFOW99MLPiUgG6k37uPsQO9Lh9tm8IoZIrxBemXN2KFg+y3h +ft5ekEsI91jrgboPM0mjlATBf5bOQOYb/9pAkNjM8W02lkqm16VLwEqZ0c0pjBnE +JqEI+a/4u2Jx1ahuGLOyhc7nJkLD1fv+1vDw6qm7XotE5k/pfjsoTWUsVCwFX/+J +ZNwRDwIDAQABo4IBFTCCAREwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3Bl +blNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFN0Dhd90L1l6bXqn +5emGJ2XtJI8+MIG2BgNVHSMEga4wgauAFOjszUs9ZK8EZiogHmPdkGEEiaIUoYGH +pIGEMIGBMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMH +QmVpamluZzENMAsGA1UEChMEY3MyYzEOMAwGA1UECxMFYnVpbGQxDTALBgNVBAMT +BGtvamkxIDAeBgkqhkiG9w0BCQEWEWx1b2ZlaUBreWxpbm9zLmNuggkA39QuR4od +ZrwwDQYJKoZIhvcNAQELBQADggEBAEh2M/jiDX3Aa1Aca3NzmhP2NtO0Yr9L+80J +6wo+Ia7ZKeEwES0hUVymrpB03xb6utSv6O3XOyZpw4ucqwAz17QPZxkebDWTOS47 +ENl0kLAzCq0eipHarhCXfDxRAlzXzNilnaTclMgqMZUlcqs2Yr2NWbSnhW4d6Wln +HXJcz0HqvPckms+WrZFoT81BZzdSZjYH+zs1NWgCXs4bPQtUSIajWj6Z27Mqn08U +JiQgwi78cIim1hYzDNeN6S3Bhxa1djmN8xJ3ZPjeLEQF6li48jIbt5izf1C/R5hu +t5HFXBXLHrFYd5aFgiGQEmy048tyHLTr74INsKCcB2RC1o52E3w= -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEA3MsZMoEwS2UQryTa1/QlhRX7021Ddndee8Fh5rWU8V4cnOzN -cxdJ7Zl6BFkpDVTHf2T7zWm2wDIOprY7H5TvbFYxmgs8UhDLq00TrHAfpTtIWC/Z -XoEZKl+ap9VZ9GROv3WzsXNlzpx0pq5lfiAVR5gMAA9eZCgaGpPveeOHK+EsJH4W -707iUJk+cZ+fX44NYT2As/sc1vZduwKEojaVEFuDgUrvuuDktfDUnh1DJI2yr1gO -UV2RZ8O20OzAxm2FqHs/w3buJEVJQWBGhgg4i2IDt24R1q4A4Ouzz3ZukWjdKdvQ -4AMRQhvfdVhwYzZjxThR7Mgv/CK22jvNyLecrQIDAQABAoIBAQCiiWzKLipURlkq -5fGoqlV4jH9u3G+eZS+L4QdmJGQ57zMXHof74rgMjkAxtUUwSCn4kWmAhQMAp5j7 -hwktLaG3Whh3sy+7phuYxkvmVEAnjeWq7caR+G2DMRAT306yR6lk7ovS5QWcPLbv -AVE7sPiZVMf4v1eYWaEl0aOoUiPu2x1rwpTE+juIXpQBi2f5ox1SGcbE5TUGBLrr -73OA6U/DFak4g9pH9CdH/trWwFyfMgeuNFF7/pjuXvx8jcDAM5qC9pi4lrTpa6mg -hxJF+7G5gJ1FrGkSR3N9pBzZXxt1LNRCh0EJM/O+ZIlCtNnDAwrvtxG0iUVmR4ZY -upEuQ+jNAoGBAO/OfFA4SxDxtGjiL6TN6JsbqFci2EDlAKy15YaUQa5gmhN7RYC+ -P8qhUEd74Ey63SQBY6XopvvKwKWmsx9o5/lT60zXXqxpwcEOfrOfGGZZ7u9NRDbT -Z7akjbYAiIXiXgmS+UdfhFqE6T2czZR7vyzgXxp+Z9gm+ZJgFnjfaopPAoGBAOuz -7s8TGCCh2lTG6CF4BEDb3v0pIkEyo4/J6NGrztScgfJazHzqsR7FQBA3UviMXixV -DcdXa3LFzTLiH147G9gJcO+BCJnE6TcmbHXt/+Uu5TqeQFbmQdmRVpYsuQstnbTd -Q6eHDxIUOV4gUGyRtQWbAFvGl8XDvZ5e9l3WW3ZDAoGBAIVgwG3R0ZacCO7pFvy/ -9ecHbAsC+2qktEpbZU0D+sAlRK0fPBoONubZ8A/CS5ABwuu6xhTKIM4dCCdaX3hR -3ewkC9SSWTrmG3joOfpnu6d5z9ZTkGQ6Ew5X2eXnyAdHT2xdzb4v1yqNkDjPlNxI -M52fMeZHdjSYAOmz/eu+v8ArAoGBAN9VpQhNHWV+NzRxLG7aG52hOI9EtJJ2ewi5 -1oMlelt22KJdarlKX/26BVPYOCQOTQVQqjeiG8uqpR57qCFPfLidaYdnClE5hYme -PNMZaoksgEOkw24Ty31t+09cnRF8bZx8s6g/jwYgZ6NKlynoflALaLGNYS4gpME1 -VdfgTtWlAoGAYDWkUksy4i/ZaBXWjfBAJw2lNzO+79iimMPd3xJ2QYqKES4rIXfm -+18CVIIKFT3TL8PBKGRiwA0/txzt5lwGHitheHUzewCFJFFQjjKzQWcUSC+RQ/vB -d4BAhcgPhpJGwzLCr7W4WQnwVeEagKMxrX0VMiU++R3Pxtr2wwbnz1Q= +MIIEogIBAAKCAQEAqfanj5QBcKlvUhFI/hKzfMGJ4OGNT+/uD0t33p4/UyGVti8v +LxjiSoc1QPB0IC+60p/L4xpPFttnyQr5JjNkoJXNYMAzK7JnL9UiuUDiEkApEehT +eAUbM7WhOkd0YIVs8Pku0jM/nS1DPYENT9MKYXUz9BEjleEsbFOW99MLPiUgG6k3 +7uPsQO9Lh9tm8IoZIrxBemXN2KFg+y3hft5ekEsI91jrgboPM0mjlATBf5bOQOYb +/9pAkNjM8W02lkqm16VLwEqZ0c0pjBnEJqEI+a/4u2Jx1ahuGLOyhc7nJkLD1fv+ +1vDw6qm7XotE5k/pfjsoTWUsVCwFX/+JZNwRDwIDAQABAoIBAEn6BrKSnBHaXY6d +4WRc5WyenJGZ+rTZXIehtHnb7PoU+yHB5cqdDRmdQguS3SiJPcqhLNAbSmNLeh/i +O9Fpuxm+OhcrcNpLG2iRXzy8xellrbqSoYnyxwU5wAQqx7efO2yjOMLa9YxHACZL +/mxJEhKbPdK0hwWcbYZ015fkbtdMAdZtKcrBZ7EfIprxF9dxe1xFMabc7xmh9UpV +ZtpVr1yLs+YhmEMTydXdaLQYnLOMEuFF9RfMF9abw0+JptQXoCZebq/gqzy4Tr2/ +F00l9Mvey1p1LJV1vcJ9bHdZump4SFWOC/HFQUbyU2OVoNz2OUTXxW/PEcCmXBOQ +FtyUhnECgYEA0wnvXi2GZh45haSh/6v1OM+M+Trl/KG5e4gN9MGos288l748B2qo +lX/h8EMlf3UigLJcowBC+Czun+p6UslN+7w22pNKqCYoU9yHyHDn1SnuqZjlZhYd +Gtifi7qdwL11ErFCdlAr3+bGga8bTrwlOYviyGuUqy6LHICVkIi77pcCgYEAzix4 +YQn3ywUPQIZLjUwgUzqP++sv0XFWvffH4eZxaj2mG9ckUYLcjZUmSeDCPrW34v+Z +qyHz9SUNJot3w6WoAkuXwGjbaE+dFeO2zjct9AfeLahCRV5K8IcesCbZAPc0toVL +/CywqrP/2esXXEf9DvXBVGzhTMPN+TdT1kQMOEkCgYAiIV40BfrRcxvscDa+6amM +GYz8FblyRRmBT/yp09QbyOasx9hffrFrFDaPK9zZozEETVRMDFPIXUPuWvaTgvj4 +uHTKnr2ZOiqVfXn8Qb5MrC5sAU1AWF02pUgQSgsPS9SuRDqydb7SxDjgalhpQGZo +yyXPMg7mLG3VGzqVGHgEWwKBgCLeio1+7hW8CVRUYjrHgUASS3/DyxaVIKKIYZnn +K49YVduni1Dt3PdlHlCoXrHUcgFGUWsMFwKC/bJjLCI+xid9OXElStZdgKfPF3/Q +/UikfAMkzfCFfg8oCxyntVPge13TNYK03DxCrSbiB9Vnp3j8P3JT59bf1torbVZz +s81hAoGAU6HMFFVFO58COIFhQIlU9P1/Ag+fzhipXPhqxD/S3jRv6LaTV/USkPKR +ZAQ8k/iXyIt/cDL7my/5Q6v42t94S50btTVHAj1iK6tZftsIcXk3rHYNDUQ9HvdQ +JPmOzve1pp8KITfTs/O2JwxuZeWt8Sl5BdxE6qk7u5CZHQWXpCw= -----END RSA PRIVATE KEY----- diff --git a/mbs/etc/rpkg/fedpkg.conf b/mbs/etc/rpkg/fedpkg.conf index 7fb8348..4226fa2 100644 --- a/mbs/etc/rpkg/fedpkg.conf +++ b/mbs/etc/rpkg/fedpkg.conf @@ -1,38 +1,22 @@ [fedpkg] -lookaside = https://git.centos.org/repo/pkgs +lookaside = http://server.kylinos.cn:40080/repo/pkgs lookasidehash = sha512 -lookaside_cgi = https://git.centos.org/repo/pkgs/upload.cgi -gitbaseurl = ssh://%(user)s@git.centos.org/%(repo)s -anongiturl = https://git.centos.org/%(repo)s.git -branchre = f\d$|f\d\d$|el\d$|olpc\d$|rawhide$ +lookaside_cgi = http://server.kylinos.cn:40080/repo/pkgs/upload.cgi +gitbaseurl = http://server.kylinos.cn:40080/%(repo)s +anongiturl = http://server.kylinos.cn:40080/%(repo)s.git +branchre = f\d$|f\d\d$|el\d$|olpc\d$|master$ kojiprofile = koji build_client = koji -clone_config_rpms = +clone_config = bz.default-tracker bugzilla.redhat.com bz.default-product Fedora bz.default-version rawhide bz.default-component %(repo)s sendemail.to %(repo)s-owner@fedoraproject.org -clone_config_modules = - bz.default-tracker bugzilla.redhat.com - bz.default-product Fedora Modules - bz.default-version rawhide - bz.default-component %(repo)s - sendemail.to module-%(repo)s-owner@fedoraproject.org -clone_config_container = - bz.default-tracker bugzilla.redhat.com - bz.default-product Fedora Container Images - bz.default-version rawhide - bz.default-component %(repo)s - sendemail.to container-%(repo)s-owner@fedoraproject.org distgit_namespaced = True distgit_namespaces = rpms container modules flatpaks lookaside_namespaced = True kerberos_realms = FEDORAPROJECT.ORG -oidc_id_provider = http://192.168.68.86:8080/realms/master/protocol/openid-connect/ -oidc_client_id = fedpkg -oidc_client_secret = notsecret -oidc_scopes = openid,https://id.fedoraproject.org/scope/groups,https://mbs.fedoraproject.org/oidc/submit-build,https://src.fedoraproject.org/push git_excludes = i386/ i686/ @@ -43,36 +27,31 @@ git_excludes = mips/ arm/ noarch/ - /*.src.rpm - /build*.log - /.build-*.log - results/ - results_*/ + *.src.rpm + build*.log + .build-*.log + results_* clog -results_dir=root [fedpkg.bodhi] -# This is for the bodhi-client 2.x, that do not require an option to switch to -# different instance. Instead, --staging is available to switch to the stage -# bodhi, and production is used without providing --staging. staging = False -releases_service = https://bodhi.fedoraproject.org/releases/%(release)s [fedpkg.mbs] + auth_method = oidc -api_url = http://127.0.0.1/module-build-service/1/ -#api_url = http://mbs.leap.host:8443/module-build-service/1/ -oidc_id_provider = http://192.168.68.86:8080/realms/master/protocol/openid-connect/ + +api_url = https://server.kylinos.cn:48443/module-build-service/1/ +oidc_id_provider = https://keycloak.kylinos.cn:8088/auth/realms/master/protocol/openid-connect/ oidc_client_id = module_build_service -oidc_client_secret = b8hjG9hI05CPceq83wDudu7t9fQpoJXo +#oidc_client_secret = 0ebfaf0c-e663-47e7-8bc7-c12ca4f3a8d6 +oidc_client_secret = Ic9SKFDaxpotnptWV0nqjirLWJITZ2Ie oidc_scopes = openid,groups,username [fedpkg.bugzilla] url = https://bugzilla.redhat.com/ [fedpkg.pagure] -url = https://pagure.io/ -token = +url = http://server.kylinos.cn:40080/ [fedpkg.pdc] url = https://pdc.fedoraproject.org/ @@ -81,5 +60,4 @@ url = https://pdc.fedoraproject.org/ url = https://greenwave.fedoraproject.org/ [fedpkg.distgit] -apibaseurl = https://src.fedoraproject.org -token = +apibaseurl = http://server.kylinos.cn:40080/