Closed AdamWill closed 2 months ago
nirik
commented
7 months ago You can tell from the 'Source' field of the build... for example:
Source: git+https://src.fedoraproject.org/rpms/collectd.git#fcee6f7d11dd3cea89dedb9fb9dcd648354610dc
vs
Source: collectd-5.12.0-34.fc40.src.rpm
nirik
commented
2 months ago This doesn't seem to be working as expected...
I'm not sure why, but its not checking correctly...
mattiaverga
commented
2 months ago yeah, I saw you already figured out that commenting out the setting will just bypass the feature... thanks. I'll try to check why it's not working correctly.
mattiaverga
commented
2 months ago Ah, wrong setting format:
trusted_build_sources = git+https://src.fedoraproject.org/,https://src.fedoraproject.org/
should be
trusted_build_sources = git+https://src.fedoraproject.org/ https://src.fedoraproject.org/
(whitespace separator, not comma)
nirik
commented
2 months ago Ah. ok. We can try re-enabling it next week then I suppose...
nirik
commented
2 months ago It's back in without the , and seems to be working. ;)
I found a Rawhide update - https://bodhi.fedoraproject.org/updates/FEDORA-2023-7c0c58a874 , but it's fixed now - which was stuck in gating because greenwave was 502ing and tripping up Bodhi (see https://github.com/release-engineering/greenwave/issues/218 for the greenwave side here). Kevin says it's because he mistakenly did one of the builds from a .src.rpm - regular packagers and even proven packagers can't do that, but Koji admins like Kevin can.
I'm going to try and make greenwave/Bodhi handle this situation a bit more elegantly, but also, we think Bodhi should probably just reject such builds out of hand. They shouldn't be allowed into updates. Kevin can probably provide more info on how to distinguish such a build from a 'normal' one.