diff --git a/roles/bodhi2/backend/files/new-updates-sync b/roles/bodhi2/backend/files/new-updates-sync index e7dca2ffe1..0df4b7c2c3 100755 --- a/roles/bodhi2/backend/files/new-updates-sync +++ b/roles/bodhi2/backend/files/new-updates-sync @@ -38,6 +38,9 @@ RELEASES = {'f39': {'topic': 'fedora', 'dest': OSTREEDEST, 'arches': ['x86_64', 'ppc64le', 'aarch64']}, {'ref': 'fedora/39/%(arch)s/updates/sericea', + 'dest': OSTREEDEST, + 'arches': ['x86_64', 'ppc64le', 'aarch64']}, + {'ref': 'fedora/39/%(arch)s/updates/onyx', 'dest': OSTREEDEST, 'arches': ['x86_64', 'ppc64le', 'aarch64']}], 'to': [{'arches': ['x86_64', 'aarch64', 'source'], @@ -54,6 +57,9 @@ RELEASES = {'f39': {'topic': 'fedora', 'dest': OSTREEDEST, 'arches': ['x86_64', 'ppc64le', 'aarch64']}, {'ref': 'fedora/39/%(arch)s/testing/sericea', + 'dest': OSTREEDEST, + 'arches': ['x86_64', 'ppc64le', 'aarch64']}, + {'ref': 'fedora/39/%(arch)s/testing/onyx', 'dest': OSTREEDEST, 'arches': ['x86_64', 'ppc64le', 'aarch64']}], 'to': [{'arches': ['x86_64', 'aarch64', 'source'], diff --git a/roles/koji_hub/templates/koji-gc.conf.j2 b/roles/koji_hub/templates/koji-gc.conf.j2 index 275cbff4a2..028df25852 100644 --- a/roles/koji_hub/templates/koji-gc.conf.j2 +++ b/roles/koji_hub/templates/koji-gc.conf.j2 @@ -48,6 +48,7 @@ key_aliases = 5323552a fedora-37 18b8e74c fedora-38 eb10b464 fedora-39 + a15B79cc fedora-40 DBBDCF7C fedora-iot-2019 217521F6 fedora-epel 0608B895 fedora-epel-6 @@ -81,6 +82,7 @@ unprotected_keys = fedora-37 fedora-38 fedora-39 + fedora-40 fedora-iot-2019 fedora-extras redhat-beta diff --git a/roles/robosignatory/templates/robosignatory.toml.j2 b/roles/robosignatory/templates/robosignatory.toml.j2 index 85c56d4be8..ad10b14d37 100644 --- a/roles/robosignatory/templates/robosignatory.toml.j2 +++ b/roles/robosignatory/templates/robosignatory.toml.j2 @@ -137,12 +137,22 @@ handlers = ["console"] from = "f39-infra-candidate" to = "f39-infra-stg" key = "{{ (env == 'production')|ternary('fedora-infra', 'testkey') }}" - keyid = "{{ (env == 'production')|ternary('18B8e74c', 'd300e724') }}" + keyid = "{{ (env == 'production')|ternary('47dd8ef9', 'd300e724') }}" {% if env == "production" %} # ima file signing - enabled in f37 file_signing_key = "fedora-39-ima" {% endif %} + [[consumer_config.koji_instances.primary.tags]] + from = "f40-infra-candidate" + to = "f40-infra-stg" + key = "{{ (env == 'production')|ternary('fedora-infra', 'testkey') }}" + keyid = "{{ (env == 'production')|ternary('47dd8ef9', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-40-ima" + {% endif %} + # Gated coreos-pool tag [[consumer_config.koji_instances.primary.tags]] @@ -175,8 +185,50 @@ handlers = ["console"] file_signing_key = "fedora-39-ima" {% endif %} + [[consumer_config.koji_instances.primary.tags]] + from = "f40-coreos-signing-pending" + to = "coreos-pool" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + keyid = "{{ (env == 'production')|ternary('a15B79cc', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-40-ima" + {% endif %} + # Gated rawhide + [[consumer_config.koji_instances.primary.tags]] + from = "f40-signing-pending" + to = "f40-updates-testing-pending" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + keyid = "{{ (env == 'production')|ternary('a15B79cc', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-40-ima" + {% endif %} + + [consumer_config.koji_instances.primary.tags.sidetags] + pattern = 'f40-build-side-' + from = '-signing-pending' + to = '-testing-pending' + trusted_taggers = ['bodhi'] + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-40-ima" + {% endif %} + + [[consumer_config.koji_instances.primary.tags]] + from = "f40-pending" + to = "f40" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + keyid = "{{ (env == 'production')|ternary('a15B79cc', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-40-ima" + {% endif %} + + # Branched + [[consumer_config.koji_instances.primary.tags]] from = "f39-signing-pending" to = "f39-updates-testing-pending" @@ -207,7 +259,7 @@ handlers = ["console"] file_signing_key = "fedora-39-ima" {% endif %} - # Branched + # stable releases [[consumer_config.koji_instances.primary.tags]] from = "f38-signing-pending" @@ -253,8 +305,6 @@ handlers = ["console"] keyid = "{{ (env == 'production')|ternary('eb10b464', 'd300e724') }}" type = "modular" - # stable releases - [[consumer_config.koji_instances.primary.tags]] from = "f37-signing-pending" to = "f37-updates-testing-pending" @@ -400,7 +450,17 @@ handlers = ["console"] file_signing_key = "fedora-39-ima" # openh264 signing - + + [[consumer_config.koji_instances.primary.tags]] + from = "f40-openh264" + to = "f40-openh264" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + keyid = "{{ (env == 'production')|ternary('a15B79cc', 'd300e724') }}" + {% if env == "production" %} + # ima file signing - enabled in f37 + file_signing_key = "fedora-40-ima" + {% endif %} + [[consumer_config.koji_instances.primary.tags]] from = "f39-openh264" to = "f39-openh264" @@ -438,14 +498,6 @@ handlers = ["console"] key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}" keyid = "{{ (env == 'production')|ternary('eb10b464', 'd300e724') }}" file_signing_key = "fedora-38-ima" - - # f40 resigning - [[consumer_config.koji_instances.primary.tags]] - from = "f39" - to = "f39" - key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" - keyid = "{{ (env == 'production')|ternary('a15B79cc', 'd300e724') }}" - file_signing_key = "fedora-40-ima" # f39-python signing [[consumer_config.koji_instances.primary.tags]] @@ -476,23 +528,23 @@ handlers = ["console"] [consumer_config.ostree_refs] [consumer_config.ostree_refs."fedora/rawhide/x86_64/iot"] directory = "/mnt/fedora_koji/koji/compose/iot/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/aarch64/iot"] directory = "/mnt/fedora_koji/koji/compose/iot/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/armhfp/iot"] directory = "/mnt/fedora_koji/koji/compose/iot/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/devel/x86_64/iot"] directory = "/mnt/fedora_koji/koji/compose/iot/repo/" - key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" [consumer_config.ostree_refs."fedora/devel/aarch64/iot"] directory = "/mnt/fedora_koji/koji/compose/iot/repo/" - key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" [consumer_config.ostree_refs."fedora/devel/armhfp/iot"] directory = "/mnt/fedora_koji/koji/compose/iot/repo/" - key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" [consumer_config.ostree_refs."fedora/stable/x86_64/iot"] directory = "/mnt/fedora_koji/koji/compose/iot/repo/" @@ -560,15 +612,43 @@ handlers = ["console"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/x86_64/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/aarch64/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/ppc64le/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/x86_64/updates/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/x86_64/testing/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/aarch64/updates/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/aarch64/testing/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/ppc64le/updates/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/ppc64le/testing/silverblue"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/rawhide/aarch64/silverblue"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/ppc64le/silverblue"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/x86_64/silverblue"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/37/x86_64/kinoite"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" @@ -626,15 +706,43 @@ handlers = ["console"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/x86_64/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/aarch64/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/ppc64le/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/x86_64/updates/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/x86_64/testing/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/aarch64/updates/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/aarch64/testing/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/ppc64le/updates/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/ppc64le/testing/kinoite"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/rawhide/aarch64/kinoite"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/ppc64le/kinoite"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/x86_64/kinoite"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/38/x86_64/sericea"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" @@ -664,25 +772,81 @@ handlers = ["console"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" key = "{{ (env == 'production')|ternary('fedora-38', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/x86_64/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/aarch64/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/ppc64le/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/x86_64/updates/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/x86_64/testing/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/aarch64/updates/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/aarch64/testing/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/ppc64le/updates/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/ppc64le/testing/sericea"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/rawhide/aarch64/sericea"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/ppc64le/sericea"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/x86_64/sericea"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" + + [consumer_config.ostree_refs."fedora/39/x86_64/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/aarch64/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/ppc64le/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/x86_64/updates/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/x86_64/testing/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/aarch64/updates/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/aarch64/testing/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/ppc64le/updates/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" + key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + [consumer_config.ostree_refs."fedora/39/ppc64le/testing/onyx"] + directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/aarch64/onyx"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/ppc64le/onyx"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.ostree_refs."fedora/rawhide/x86_64/onyx"] directory = "/mnt/fedora_koji/koji/compose/ostree/repo/" - key = "{{ (env == 'production')|ternary('fedora-39', 'testkey') }}" + key = "{{ (env == 'production')|ternary('fedora-40', 'testkey') }}" [consumer_config.coreos] bucket = "fcos-builds"