Re: ActionNotAllowed: policy violation - but why?
Steve Traylen wrote: On Fri, May 8, 2009 at 4:04 PM, Mike Bonnet wrote: Steve Traylen wrote: On Fri, May 8, 2009 at 11:52 AM, Steve Traylen wrote: Hi, I was reliably building on a tag before but now receive ActionNotAllowed: policy violation A little bit more. ActionNotAllowed: policy violation -- all :: deny What version of Koji are you running? I believe there was a bug in earlier versions that caused a missing "policy" entry in /etc/koji-hub/hub.conf to result in denials of everything. That should be fixed in 1.3.1. Alternately you could add a policy entry to allow building from srpm into the dist-centos4 tag: [policy] build_from_srpm = tag dist-centos4 :: allow has_perm admin :: allow all :: deny Hi Mike, I'm running stock FC10. koji-hub-1.3.1-1.fc10.noarch koji-1.3.1-1.fc10.noarch koji-web-1.3.1-1.fc10.noarch koji-utils-1.3.1-1.fc10.noarch koji-builder-1.3.1-1.fc10.noarch I've not had had any [policy] in the hub.conf file up to now and things have been okay, i.e I could build from cvs and svn for instance which I did yesterday. It's just building from srpm that has been blocked but I have not tried that in a while so that may have been the before the recent upgrade. Actually I was wrong, if no policy is present the default policy forbids building from srpm by anyone but an admin (this is for consistency with previous versions of Koji). But this is now overrideable with custom policy, whereas it was hard-coded before. Certainly making a very open policy [policy] build_from_srpm = tag dist-centos4 :: allow has_perm admin :: allow all :: all and then things proceed, I'll tune that now. More generally now about policies. Do you have some description on these and what can be set? If nothing exists if you can give me something brief then I'll try and write something up for the wiki. Unfortunately the policy stuff is not well-documented at the moment, but we're working on fixing that. It is actually a very powerful mechanism that allows you to control what types of source repositories you can build from, setup elaborate building and tagging policy, etc. We'll get some basic documentation onto the fedoraproject.org wiki soon, and any help expanding on it at that point would be appreciated. As it happens I'm giving a presentation in a weeks time to my colleagues on mock, koji and mash and certainly any content (e.g diagrams) I produce I'll write up in a generic way for inclusion in documentation. That'd be great! Thanks again Steve Steve and can't seem shake it or understand why for a particular package Is is possible to get an explanation? http://skoji.cern.ch/koji/taskinfo?taskID=2918 This is following a build as CN=straylen koji build --nowait dist-centos4 ../SRPMS/mpich-1.2.7p1-2.el4.src.rpm My permissions. id | name | password | status | usertype | krb_principal +--+--++--+--- 1 | straylen | | 0 |0 | and user_id=1 does not appear in user_perms . i.e I am a boring user. The package has been added. koji list-pkgs --tag=dist-centos4 --package=mpich Package Tag Extra Arches Owner --- --- --- mpich dist-centos4 straylen Thanks again for the help. -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: ActionNotAllowed: policy violation - but why?
On Fri, May 8, 2009 at 4:04 PM, Mike Bonnet wrote: > Steve Traylen wrote: >> >> On Fri, May 8, 2009 at 11:52 AM, Steve Traylen wrote: >>> >>> Hi, >>> >>> I was reliably building on a tag before but now receive >>> ActionNotAllowed: policy violation >> >> A little bit more. >> >> ActionNotAllowed: policy violation -- all :: deny > > What version of Koji are you running? I believe there was a bug in earlier > versions that caused a missing "policy" entry in /etc/koji-hub/hub.conf to > result in denials of everything. That should be fixed in 1.3.1. > Alternately you could add a policy entry to allow building from srpm into > the dist-centos4 tag: > > [policy] > build_from_srpm = > tag dist-centos4 :: allow > has_perm admin :: allow > all :: deny > Hi Mike, I'm running stock FC10. koji-hub-1.3.1-1.fc10.noarch koji-1.3.1-1.fc10.noarch koji-web-1.3.1-1.fc10.noarch koji-utils-1.3.1-1.fc10.noarch koji-builder-1.3.1-1.fc10.noarch I've not had had any [policy] in the hub.conf file up to now and things have been okay, i.e I could build from cvs and svn for instance which I did yesterday. It's just building from srpm that has been blocked but I have not tried that in a while so that may have been the before the recent upgrade. Certainly making a very open policy [policy] build_from_srpm = tag dist-centos4 :: allow has_perm admin :: allow all :: all and then things proceed, I'll tune that now. More generally now about policies. Do you have some description on these and what can be set? If nothing exists if you can give me something brief then I'll try and write something up for the wiki. As it happens I'm giving a presentation in a weeks time to my colleagues on mock, koji and mash and certainly any content (e.g diagrams) I produce I'll write up in a generic way for inclusion in documentation. Thanks again Steve >> Steve >> >>> and can't seem shake it or understand why for a particular package >>> Is is possible >>> to get an explanation? >>> >>> http://skoji.cern.ch/koji/taskinfo?taskID=2918 >>> >>> This is following a build as CN=straylen >>> >>> koji build --nowait dist-centos4 ../SRPMS/mpich-1.2.7p1-2.el4.src.rpm >>> >>> My permissions. >>> >>> id | name | password | status | usertype | krb_principal >>> +--+--++--+--- >>> 1 | straylen | | 0 | 0 | >>> >>> and user_id=1 does not appear in user_perms . i.e I am >>> a boring user. >>> >>> The package has been added. >>> >>> koji list-pkgs --tag=dist-centos4 --package=mpich >>> Package Tag Extra Arches Owner >>> --- --- >>> --- >>> mpich dist-centos4 straylen >>> >>> >>> Thanks again for the help. > > -- > Fedora-buildsys-list mailing list > Fedora-buildsys-list@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-buildsys-list > -- Steve Traylen -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: ActionNotAllowed: policy violation - but why?
Steve Traylen wrote: On Fri, May 8, 2009 at 11:52 AM, Steve Traylen wrote: Hi, I was reliably building on a tag before but now receive ActionNotAllowed: policy violation A little bit more. ActionNotAllowed: policy violation -- all :: deny What version of Koji are you running? I believe there was a bug in earlier versions that caused a missing "policy" entry in /etc/koji-hub/hub.conf to result in denials of everything. That should be fixed in 1.3.1. Alternately you could add a policy entry to allow building from srpm into the dist-centos4 tag: [policy] build_from_srpm = tag dist-centos4 :: allow has_perm admin :: allow all :: deny Steve and can't seem shake it or understand why for a particular package Is is possible to get an explanation? http://skoji.cern.ch/koji/taskinfo?taskID=2918 This is following a build as CN=straylen koji build --nowait dist-centos4 ../SRPMS/mpich-1.2.7p1-2.el4.src.rpm My permissions. id | name | password | status | usertype | krb_principal +--+--++--+--- 1 | straylen | | 0 |0 | and user_id=1 does not appear in user_perms . i.e I am a boring user. The package has been added. koji list-pkgs --tag=dist-centos4 --package=mpich Package Tag Extra Arches Owner --- --- --- mpich dist-centos4 straylen Thanks again for the help. -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
Re: ActionNotAllowed: policy violation - but why?
On Fri, May 8, 2009 at 11:52 AM, Steve Traylen wrote: > Hi, > > I was reliably building on a tag before but now receive > ActionNotAllowed: policy violation A little bit more. ActionNotAllowed: policy violation -- all :: deny Steve > and can't seem shake it or understand why for a particular package > Is is possible > to get an explanation? > > http://skoji.cern.ch/koji/taskinfo?taskID=2918 > > This is following a build as CN=straylen > > koji build --nowait dist-centos4 ../SRPMS/mpich-1.2.7p1-2.el4.src.rpm > > My permissions. > > id | name | password | status | usertype | krb_principal > +--+--++--+--- > 1 | straylen | | 0 | 0 | > > and user_id=1 does not appear in user_perms . i.e I am > a boring user. > > The package has been added. > > koji list-pkgs --tag=dist-centos4 --package=mpich > Package Tag Extra Arches Owner > --- --- > --- > mpich dist-centos4 straylen > > > Thanks again for the help. > > Steve > > > > > > > > > > -- > Steve Traylen > -- Steve Traylen -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
ActionNotAllowed: policy violation - but why?
Hi, I was reliably building on a tag before but now receive ActionNotAllowed: policy violation and can't seem shake it or understand why for a particular package Is is possible to get an explanation? http://skoji.cern.ch/koji/taskinfo?taskID=2918 This is following a build as CN=straylen koji build --nowait dist-centos4 ../SRPMS/mpich-1.2.7p1-2.el4.src.rpm My permissions. id | name | password | status | usertype | krb_principal +--+--++--+--- 1 | straylen | | 0 |0 | and user_id=1 does not appear in user_perms . i.e I am a boring user. The package has been added. koji list-pkgs --tag=dist-centos4 --package=mpich Package Tag Extra Arches Owner --- --- --- mpich dist-centos4 straylen Thanks again for the help. Steve -- Steve Traylen -- Fedora-buildsys-list mailing list Fedora-buildsys-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-buildsys-list
