forked from coreos/fedora-coreos-config
-
Notifications
You must be signed in to change notification settings - Fork 0
/
overrides.py
executable file
·383 lines (309 loc) · 13.2 KB
/
overrides.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
#!/usr/bin/python3
import argparse
import functools
import os
import sys
import json
import requests
from urllib.parse import urlparse
import yaml
import subprocess
import bodhi.client.bindings
import dnf
import hawkey
import koji
KOJI_URL = 'https://koji.fedoraproject.org/kojihub'
ARCHES = ['s390x', 'x86_64', 'ppc64le', 'aarch64']
TRIVIAL_FAST_TRACKS = [
# Packages that don't need a reason URL when fast-tracking
'console-login-helper-messages',
'ignition',
'ostree',
'rpm-ostree',
'rust-afterburn',
'rust-bootupd',
'rust-coreos-installer',
'rust-ignition-config',
'rust-zincati',
]
BUILDS_JSON_URL_TEMPLATE = 'https://builds.coreos.fedoraproject.org/prod/streams/{stream}/builds/builds.json'
GENERATED_LOCKFILE_URL_TEMPLATE = 'https://builds.coreos.fedoraproject.org/prod/streams/{stream}/builds/{version}/{arch}/manifest-lock.generated.{arch}.json'
OVERRIDES_HEADER = """
# This lockfile should be used to pin to a package version (`type: pin`) or to
# fast-track packages ahead of Bodhi (`type: fast-track`). Fast-tracked
# packages will automatically be removed once they are in the stable repos.
#
# IMPORTANT: YAML comments *will not* be preserved. All `pin` overrides *must*
# include a URL in the `metadata.reason` key. Overrides of type `fast-track`
# *should* include a Bodhi update URL in the `metadata.bodhi` key and a URL
# in the `metadata.reason` key, though it's acceptable to omit a `reason`
# for FCOS-specific packages (ignition, afterburn, etc.).
"""
basedir = os.path.normpath(os.path.join(os.path.dirname(sys.argv[0]), '..'))
def main():
parser = argparse.ArgumentParser(description='Manage overrides.')
# "dest" to work around https://bugs.python.org/issue29298
subcommands = parser.add_subparsers(title='subcommands', required=True,
dest='command')
fast_track = subcommands.add_parser('fast-track',
description='Fast-track Bodhi updates.')
fast_track.add_argument('update', nargs='+',
help='ID or URL of Bodhi update to fast-track')
fast_track.add_argument('-r', '--reason',
help='URL explaining the reason for the fast-track')
fast_track.add_argument('--ignore-dist-mismatch', action='store_true',
help='ignore mismatched Fedora major version')
fast_track.set_defaults(func=do_fast_track)
pin = subcommands.add_parser('pin', description='Pin source RPMs.')
pin.add_argument('nvr', nargs='+',
help='NVR of SRPM to pin')
pin.add_argument('-r', '--reason', required=True,
help='URL explaining the reason for the pin')
pin.add_argument('--ignore-dist-mismatch', action='store_true',
help='ignore mismatched Fedora major version')
pin.set_defaults(func=do_pin)
srpms = subcommands.add_parser('srpms',
description='Name the relevant source RPMs for a Bodhi update.')
srpms.add_argument('update', help='ID or URL of Bodhi update')
srpms.set_defaults(func=do_srpms)
graduate = subcommands.add_parser('graduate',
description='Remove graduated overrides.')
graduate.set_defaults(func=do_graduate)
args = parser.parse_args()
args.func(args)
def do_fast_track(args):
overrides = {}
dist = get_expected_dist_tag()
if args.reason:
check_url(args.reason)
for update in args.update:
update = get_bodhi_update(update)
source_nvrs = get_source_nvrs(update)
for source_nvr in source_nvrs:
source_name = '-'.join(source_nvr.split('-')[:-2])
if not args.reason and source_name not in TRIVIAL_FAST_TRACKS:
raise Exception(f'No reason URL specified and source package {source_name} not in {TRIVIAL_FAST_TRACKS}')
for n, info in get_binary_packages(source_nvrs).items():
if not args.ignore_dist_mismatch:
check_dist_tag(n, info, dist)
info['metadata'] = dict(
type='fast-track',
bodhi=update['url'],
)
if args.reason:
info['metadata']['reason'] = args.reason
overrides[n] = info
if not overrides:
raise Exception('specified updates contain no binary packages listed in lockfiles')
for lockfile_path in get_lockfiles():
merge_overrides(lockfile_path, overrides)
def do_pin(args):
overrides = {}
dist = get_expected_dist_tag()
check_url(args.reason)
for n, info in get_binary_packages(args.nvr).items():
if not args.ignore_dist_mismatch:
check_dist_tag(n, info, dist)
info['metadata'] = dict(
type='pin',
reason=args.reason,
)
overrides[n] = info
if not overrides:
raise Exception('specified source packages produce no binary packages listed in lockfiles')
for lockfile_path in get_lockfiles():
merge_overrides(lockfile_path, overrides)
def do_srpms(args):
printed = False
for nvr in get_source_nvrs(get_bodhi_update(args.update)):
if get_binary_packages([nvr]):
print(nvr)
printed = True
if not printed:
raise Exception('specified update contains no binary packages listed in lockfiles')
def do_graduate(_args):
treefile = get_treefile()
base = get_dnf_base(treefile)
setup_repos(base, treefile)
for fn in get_lockfiles():
graduate_lockfile(base, fn)
def get_treefile():
treefile = subprocess.check_output(['rpm-ostree', 'compose', 'tree',
'--print-only',
os.path.join(basedir, 'manifest.yaml')])
return json.loads(treefile)
def get_dnf_base(treefile):
base = dnf.Base()
base.conf.reposdir = basedir
base.conf.releasever = treefile['releasever']
base.read_all_repos()
return base
@functools.cache
def get_stream():
'''Get the current stream name.'''
with open(os.path.join(basedir, 'manifest.yaml')) as fh:
manifest = yaml.safe_load(fh)
return manifest['variables']['stream']
@functools.cache
def get_build_list():
'''Return list of official builds fetched from builds.json for the current
stream.'''
stream_url = BUILDS_JSON_URL_TEMPLATE.format(stream=get_stream())
resp = requests.get(stream_url)
resp.raise_for_status()
return resp.json()['builds']
@functools.cache
def get_manifest_packages(arch):
'''Return manifest lock package map for the specified arch.'''
# If this branch has any lockfiles in it, return the lockfile for the
# specified arch, or an empty dict if missing.
lockfile_path = lambda arch: os.path.join(basedir, f'manifest-lock.{arch}.json')
if any(os.path.exists(lockfile_path(a)) for a in ARCHES):
try:
with open(lockfile_path(arch)) as f:
manifest = json.load(f)
return manifest['packages']
except FileNotFoundError:
return {}
# Otherwise we're on a mechanical branch. Pull the generated lockfile
# from the most recent successful CI build, or return an empty dict if
# we've never built for this arch. Thus, different arches may return
# lockfiles from different builds if a recent build failed on some arches.
versions = [b['id'] for b in get_build_list() if arch in b['arches']]
if not versions:
return {}
eprint(f'Reading generated lockfile from build {versions[0]} on {arch}')
lockfile_url = GENERATED_LOCKFILE_URL_TEMPLATE.format(stream=get_stream(),
version=versions[0], arch=arch)
resp = requests.get(lockfile_url)
resp.raise_for_status()
return resp.json()['packages']
def get_bodhi_update(id_or_url):
'''Query Bodhi for the specified update ID or URL and return an info
dict.'''
# discard rest of URL if any
id = id_or_url.split('/')[-1]
client = bodhi.client.bindings.BodhiClient()
result = client.query(updateid=id)
if not result.updates:
raise Exception(f'Update {id} not found')
return result.updates[0]
def get_source_nvrs(update):
'''Return list of source NVRs from the update info dict.'''
return [b['nvr'] for b in update.builds]
def get_binary_packages(source_nvrs):
'''Return name => info dict for the specified source NVRs. The info
dict contains "evr" for archful packages and "evra" for noarch ones.
A binary package is included if it is in the manifest lockfiles.'''
binpkgs = {}
accepted_in_arch = {}
client = koji.ClientSession(KOJI_URL)
archful = lambda arch: arch != 'noarch'
def arches_with_package(name, arch):
'''For a given package and arch, return the arches that list the
package in their lockfiles. There may be more than one, since we
check noarch packages against every candidate architecture.'''
candidates = [arch] if archful(arch) else ARCHES
return [a for a in candidates if name in get_manifest_packages(a)]
for source_nvr in source_nvrs:
for binpkg in client.listBuildRPMs(source_nvr):
name = binpkg['name']
evr = f'{binpkg["version"]}-{binpkg["release"]}'
if binpkg['epoch'] is not None:
evr = f'{binpkg["epoch"]}:{evr}'
for arch in arches_with_package(name, binpkg['arch']):
if archful(binpkg['arch']):
binpkgs[name] = {'evr': evr}
else:
binpkgs[name] = {'evra': evr + '.noarch'}
accepted_in_arch.setdefault(arch, set()).add(name)
# Check that every arch has the same package set
if list(accepted_in_arch.values())[:-1] != list(accepted_in_arch.values())[1:]:
raise Exception(f'This tool cannot handle arch-specific overrides: {accepted_in_arch}')
return binpkgs
def setup_repos(base, treefile):
for repo in base.repos.values():
repo.disable()
eprint("Enabled repos:")
for repo in treefile['repos']:
base.repos[repo].enable()
eprint(f"- {repo}")
def get_lockfiles():
lockfiles = ['manifest-lock.overrides.yaml']
# TODO: for now, we only support the archless variant; supporting
# arch-specific lockfiles will require making dnf fetch metadata not just
# for the basearch on which we're running
# lockfiles += [f'manifest-lock.overrides.{arch}.yaml' for arch in ARCHES]
return [os.path.join(basedir, f) for f in lockfiles]
def graduate_lockfile(base, fn):
if not os.path.exists(fn):
return
with open(fn) as f:
lockfile = yaml.safe_load(f)
if len(lockfile.get('packages', {})) == 0:
return
if base.sack is None:
eprint("Downloading metadata")
base.fill_sack(load_system_repo=False)
new_packages = {}
for name, lock in lockfile['packages'].items():
if ('metadata' not in lock or
lock['metadata'].get('type') != "fast-track"):
new_packages[name] = lock
continue
if 'evra' in lock:
nevra = f"{name}-{lock['evra']}"
else:
# it applies to all arches, so we can just check our arch (see
# related TODO above)
nevra = f"{name}-{lock['evr']}.{base.conf.basearch}"
graduated = sack_has_nevra_greater_or_equal(base, nevra)
if not graduated:
new_packages[name] = lock
else:
eprint(f"{fn}: {nevra} has graduated")
if lockfile['packages'] != new_packages:
lockfile['packages'] = new_packages
write_lockfile(fn, lockfile)
else:
eprint(f"{fn}: no packages graduated")
def sack_has_nevra_greater_or_equal(base, nevra):
nevra = hawkey.split_nevra(nevra)
pkgs = base.sack.query().filterm(name=nevra.name,
arch=nevra.arch).latest().run()
if len(pkgs) == 0:
# Odd... the only way I can imagine this happen is if we fast-track a
# brand new package from Koji which hasn't hit the updates repo yet.
# Corner-case, but let's be nice.
eprint(f"couldn't find package {nevra.name}; assuming not graduated")
return False
nevra_latest = hawkey.split_nevra(str(pkgs[0]))
return nevra_latest >= nevra
def merge_overrides(fn, overrides):
'''Modify the file fn by applying the specified package overrides.'''
with open(fn) as f:
lockfile = yaml.safe_load(f)
lockfile.setdefault('packages', {}).update(overrides)
write_lockfile(fn, lockfile)
def write_lockfile(fn, contents):
with open(fn, 'w') as f:
f.write(OVERRIDES_HEADER.strip())
f.write('\n\n')
yaml.dump(contents, f)
def check_url(u):
p = urlparse(u)
if p.scheme not in ('http', 'https'):
raise Exception(f'Invalid URL: {u}')
def get_expected_dist_tag():
with open(os.path.join(basedir, 'manifest.yaml')) as f:
releasever = yaml.safe_load(f)['releasever']
return f'.fc{releasever}'
def check_dist_tag(name, info, dist):
if 'evr' in info and not info['evr'].endswith(dist):
raise Exception(f"Package {name}-{info['evr']} doesn't match expected dist tag {dist}")
if 'evra' in info and not info['evra'].endswith(dist + '.noarch'):
raise Exception(f"Package {name}-{info['evra']} doesn't match expected dist tag {dist}")
def eprint(*args, **kwargs):
print(*args, file=sys.stderr, **kwargs)
if __name__ == "__main__":
sys.exit(main())