From 3ba5349bef708a16c61d48fd34fe0a57bec2c016 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Fri, 11 Aug 2017 17:41:27 +0200 Subject: [PATCH] Introduce koji policies for the -stg infra tags Signed-off-by: Patrick Uiterwijk --- roles/koji_hub/templates/hub.conf.j2 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/koji_hub/templates/hub.conf.j2 b/roles/koji_hub/templates/hub.conf.j2 index fb512826f8..708f32d49a 100644 --- a/roles/koji_hub/templates/hub.conf.j2 +++ b/roles/koji_hub/templates/hub.conf.j2 @@ -114,6 +114,14 @@ tag = has_perm autosign && fromtag *-pending && package kernel shim grub2 fedora-release fedora-repos pesign :: allow has_perm secure-boot && package kernel shim grub2 fedora-release fedora-repos pesign :: allow package kernel shim grub2 fedora-release fedora-repos pesign :: deny +# Allow people to tag stuff into infra-candidate if they're infra + tag *-infra-candidate && has_perm infra :: allow + tag *-infra-candidate :: deny +# Allow people from infra to promote builds from -infra-stg to -infra tags + tag *-infra && fromtag *-infra-stg && has_perm infra :: allow +# These two rules makes sure people can't build srpms in infra tags and tag them into distribution tags + tag *infra* && fromtag *infra* && has_perm infra :: allow + fromtag *infra* :: deny all :: allow channel =