There was a typo and we were resigning eln with f38 ima key instead of
f39 one. ;( Fixed
Also added f38/f39 retag signing so we can get everything signed with
the right keys.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This will allow us to resign everything with this new key.
Normal builds shouldn't be using it as they come via bodhi.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
See https://pagure.io/fedora-comps/pull-request/797 - we need the
greenwave policy ready for that change before we land it, so updates
are gated on the correct tests and Bodhi doesn't crash because
there is no policy for the new contexts.
Signed-off-by: Adam Williamson <awilliam@redhat.com>
Set MAILTO for the particular cron file to the email address
of the Linux system roles community so any output from the log
pruning job going to stderr is reported to them. Send stdout to
/dev/null since it is not important.
Signed-off-by: Jiri Kucera <jkucera@redhat.com>
Normalize RHEL image names to RHEL-X.Y. Since RHEL images are
produced quite frequently it is sufficient to keep just one
RHEL <major>.<minor> after the log expires.
Also add contacts to Linux system roles maintainers.
Signed-off-by: Jiri Kucera <jkucera@redhat.com>
We have tested it for a week now and it turned out that the bot's
verbosity was effectively killing communication in the channel.
Signed-off-by: Kalev Lember <klember@redhat.com>
Once a resource quota is set for a namespace, kube will refuse to
schedule any pod without limits set, including build pod.
This can be difficult to figure out unless you know where to look, and
can be challenging for new openshift/kubernetes users.
Setting a default limit would, at least, avoid the non-schedulable
issue.
ns01 and ns02 are used by internal iad2 ssytems for dns resolution.
This means bastion uses them for smtp outgoing at least.
Lots of dnssec servers out there still are using SHA1 signatures, and
without this the hosts will simply not resolve at all.
So, until things are better we need to set these back to allow SHA1.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
Try to limit the messages to PRs and git commits in flatpaks/
namespace, and bodhi FEDORA-FLATPAK updates.
Signed-off-by: Kalev Lember <klember@redhat.com>
So, instead we need to user the kojibuilder user on the acl. That should
match up to the mockbuild user in the chroot.
Hopefully.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We need also to allow pesign to the dir/socket so it can start and then
we need kojibuilder access to the socket too.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
We have to use acls here because the mock chroot has it's own user/group
files and it dynamically adds users, but if we use acls it will look up
the user and do the right thing because the name is the same.
(Hopefully)
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This used to get set in pesignd when it started, but upstream has
dropped that because it's more of a local config issue.
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
