From 0064e09bff68176150e897aa8357ac989600397f Mon Sep 17 00:00:00 2001
From: Kalev Lember <klember@redhat.com>
Date: Mon, 6 Nov 2023 11:44:19 +0100
Subject: [PATCH] kojipkgs: slightly relax openh264 blocking/redirect rules

Allow access to gstreamer1-plugin-openh264 package and new noopenh264
stub package that don't contain non-distributable code, while keeping
openh264* and mozilla-openh264* blocked.

See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=2247274 for
"noopenh264" stub package review that makes it possible to build/ship
the gstreamer plugin in Fedora proper while keeping the
non-distributable openh264 package in Cisco repos.
---
 roles/kojipkgs/templates/kojipkgs.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/kojipkgs/templates/kojipkgs.conf b/roles/kojipkgs/templates/kojipkgs.conf
index 977285546d..d9c5715762 100644
--- a/roles/kojipkgs/templates/kojipkgs.conf
+++ b/roles/kojipkgs/templates/kojipkgs.conf
@@ -181,7 +181,7 @@ Alias /pub /pub
 # This IP is sign-bridge01.iad2.fedoraproject.org.
 # It needs to be able to sign openh264 packages.
 RewriteCond %{HTTP:X-Forwarded-For} !10.3.169.120
-RewriteRule ".*/.*openh264.*.(x86_64|armv7hl|i686|ppc64|ppc64le|aarch64|s390x).rpm$" "https://fedoraproject.org/wiki/non-distributable-rpms" [R=302,L]
+RewriteRule ".*/(openh264|mozilla-openh264).*.(x86_64|armv7hl|i686|ppc64|ppc64le|aarch64|s390x).rpm$" "https://fedoraproject.org/wiki/non-distributable-rpms" [R=302,L]
 
 # Set HSTS header via HTTP since it cannot be easily set in squid, which terminates HTTPS
 Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"