Bodhi should reject builds done from .src.rpms
AdamWill opened this issue · 6 comments
I found a Rawhide update - https://bodhi.fedoraproject.org/updates/FEDORA-2023-7c0c58a874 , but it's fixed now - which was stuck in gating because greenwave was 502ing and tripping up Bodhi (see release-engineering/greenwave#218 for the greenwave side here). Kevin says it's because he mistakenly did one of the builds from a .src.rpm - regular packagers and even proven packagers can't do that, but Koji admins like Kevin can.
I'm going to try and make greenwave/Bodhi handle this situation a bit more elegantly, but also, we think Bodhi should probably just reject such builds out of hand. They shouldn't be allowed into updates. Kevin can probably provide more info on how to distinguish such a build from a 'normal' one.
You can tell from the 'Source' field of the build... for example:
Source: git+https://src.fedoraproject.org/rpms/collectd.git#fcee6f7d11dd3cea89dedb9fb9dcd648354610dc
vs
Source: collectd-5.12.0-34.fc40.src.rpm
This doesn't seem to be working as expected...
I'm not sure why, but its not checking correctly...
yeah, I saw you already figured out that commenting out the setting will just bypass the feature... thanks.
I'll try to check why it's not working correctly.
Ah, wrong setting format:
trusted_build_sources = git+https://src.fedoraproject.org/,https://src.fedoraproject.org/
should be
trusted_build_sources = git+https://src.fedoraproject.org/ https://src.fedoraproject.org/
(whitespace separator, not comma)
Ah. ok. We can try re-enabling it next week then I suppose...
It's back in without the , and seems to be working. ;)