Add Koji message-bus packages to SPECS-EXTENDED#17699
Open
aditjha-msft wants to merge 17 commits into
Open
Conversation
Add six pure-Python (noarch) packages to enable the Koji message-bus integration (hub-side AMQP publishing via fedora-messaging) for the Koji-on-AKS deployment: - python-pika 1.3.2 (AMQP 0.9.1 client) - python-crochet 2.1.1 (Twisted/threaded-app bridge) - python-service-identity 24.2.0 (TLS service-identity verification) - fedora-messaging 3.9.0 (messaging library; builds python3-fedora-messaging) - koji-fedoramessaging 1.1.2 (Koji hub plugin) - python-koji-fedoramessaging-messages 1.3.0 (message schemas) Specs are ported from Fedora dist-git (and the upstream fedora-infra/koji-fedoramessaging repo for the plugin) and adapted to Azure Linux conventions. The koji-fedoramessaging hub plugin installs to /usr/lib/koji-hub-plugins/koji_fedoramessaging.py and Requires python3-koji-hub, mirroring the koji package's own hub plugins. All transitive runtime dependencies and build backends (setuptools, hatchling, poetry-core, pyproject-rpm-macros) already exist in 3.0-dev. Each package ships a signatures.json with the real upstream source SHA-256, and cgmanifest.json / LICENSES-MAP.md / licenses.json are updated accordingly. Build order: python-pika, python-crochet, python-service-identity -> fedora-messaging -> python-koji-fedoramessaging-messages, koji-fedoramessaging. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
microsoft-github-policy-service
Bot
added
Packaging
specs-extended
Ship only the generic example config (config.toml), the fedora-messaging CLI, and the fm-consumer@.service unit. The Fedora-specific broker connection profiles (fedora.toml, fedora.stg.toml) and their bundled certificate/key files point at Fedora's public broker and are irrelevant to the Azure Linux Koji message bus, which uses its own in-cluster broker configured via site config. Dropping the world-readable *-key.pem files also avoids tripping enterprise security/compliance scanners. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The 'Spec files check' requires changelog source attribution to match a known pattern in spec_source_attributions.py. The initial 'from Fedora rawhide (license: <pkg-license>)' wording matched none of them. Use the standard '(license: MIT)' Fedora spec-file attribution with a release number for the five Fedora dist-git ports, and the 'source project' attribution for koji-fedoramessaging (imported from its upstream GitHub-shipped spec, not Fedora). Restore the 'License verified.' changelog note required by check_license_verification. Regenerate LICENSES-MAP.md and licenses.json with the official toolkit/scripts/license_map.py so each spec lands in the correct origin bucket (Fedora x5, Source project x1), fixing the 'Spec License Map Check'. Verified locally: check_spec_guidelines.py and license_map.py (check mode) both pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The %global _description was a bare single-line string, so
'%description %{_description}' expanded to the description text on the
same line as the %description directive, which rpmspec parses as section
arguments -> 'error: line 43: Too many names'. This aborted rpmspec
parsing of the spec, failing the CGManifests, Source Signature, and SRPM
duplicate checks (all of which rpmspec-parse the changed specs).
Wrap the description in %{expand: ...} with a leading newline (matching
the python-pika/python-crochet pattern in this PR) so the text becomes
the section body. Verified locally with rpmspec --parse and the
validate-cg-manifest.sh logic (name/version/Source0 resolve, cgmanifest
URL matches Source0, URL downloadable) for all six specs.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The maintainer publishes the exact sdist as a GitHub release asset, which is byte-identical to the PyPI sdist (same sha256, same fedora_messaging-3.9.0/ layout with PKG-INFO). Point Source0 (and the matching cgmanifest downloadUrl) at the GitHub release asset so the source is reachable from infrastructure that cannot reach files.pythonhosted.org. Signature is unchanged. python-crochet and python-service-identity are left on PyPI: they have no uploaded sdist asset on GitHub, and their auto-generated tag archives differ from the sdist (no PKG-INFO; hatch-vcs/versioneer version detection would break), so PyPI remains their correct canonical source. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Buddy build surfaced three issues in the network-isolated builders:
- python-service-identity: %generate_buildrequires failed with
'ModuleNotFoundError: No module named pathspec'. hatchling's runtime
deps are not pulled into the minimal build chroot, so add explicit
BuildRequires on python3-pathspec, python3-pluggy, and
python3-trove-classifiers (matches python-argcomplete, python-humanize,
and other Azure Linux hatchling-based packages).
- python-pika: %pyproject_check_import failed importing the optional
gevent connection adapter ('No module named gevent'). Exclude the
gevent/tornado/twisted adapter modules from the import check; those
third-party libraries are not build dependencies and pika's core only
needs the stdlib.
- python-crochet: 'unittest discover crochet.tests' failed
('Start directory is not importable') because the built wheel does not
install the crochet.tests subpackage. Replace with
%pyproject_check_import to verify the module imports cleanly with its
real dependencies (Twisted, wrapt).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…essaging Second buddy build round (pika now passes after the gevent exclude): - python-service-identity: hatch-vcs resolves the version via setuptools_scm (from the sdist PKG-INFO), which is not pulled into the minimal build chroot -> add BuildRequires: python3-setuptools_scm. Matches other Azure Linux hatch-vcs packages (conda, python-execnet, python-filelock). - python-crochet / fedora-messaging: their %check imports Twisted, which imports typing_extensions; python3-twisted declares manual Requires that omit it, so it is absent from the minimal %check chroot. Add BuildRequires: python3-typing-extensions to both. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Third buddy build round: - python-service-identity / python-koji-fedoramessaging-messages: Azure Linux's %pyproject_save_files passes all arguments (including option flags) straight to pyproject_save_files.py, which only accepts a module glob -> 'unrecognized arguments: -l/-L'. Drop the Fedora-only -l/-L flags; both specs already list their license file explicitly via %license. - python-crochet: %pyproject_check_import now gets past Twisted but fails importing crochet.mypy, an optional mypy type-checker plugin (imports mypy, not a runtime dependency). Exclude it with -e '*.mypy'. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Fourth buddy build round (crochet now passes):
- %pyproject_check_import failed with 'No module named cryptography'.
Azure Linux's %pyproject_buildrequires does not auto-install the
package's own runtime dependencies into the build chroot (it only
handles build-system.requires), so add the runtime deps explicitly as
BuildRequires: python3-attrs, python3-cryptography, python3-pyasn1,
python3-pyasn1-modules (needed to import service_identity in %check).
- The wheel installs its LICENSE under
site-packages/service_identity-<ver>.dist-info/licenses/, which was left
unpackaged ('Installed (but unpackaged) file(s) found'). Mark it via the
installed dist-info path, matching other Azure Linux packages built with
recent backends (python-filelock, python-execnet, python-platformdirs).
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Fifth buddy build round (pika, crochet, service-identity all pass): - %check failed collecting test_cli/test_example/test_testing with 'No module named automat'. Those tests import fedora_messaging.api/cli, which import the Twisted reactor and thus require Automat -- a Twisted runtime dependency that is not available as an RPM in the Azure Linux build environment (upstream Twisted pip-installs it in its own test venv). Restrict %check to the offline, reactor-free unit tests (test_config, test_message, test_schema_utils) covering config parsing and message schema/validation, and add defensive -e excludes for the api/cli modules in %pyproject_check_import. - The wheel installs its license under site-packages/fedora_messaging-<ver>.dist-info/LICENSES/, which was left unpackaged; mark it for the python3-fedora-messaging subpackage via the installed dist-info path. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ewer jsonschema; fix license Sixth buddy build round (fedora-messaging now passes; 27/30 message tests pass): - Three tests (test_build_state_change_livecd, test_rpm_sign_message, test_task_state_change_message) reference the koji task_info definition via JSON Schema 2019-09 $defs/$anchor keywords. Azure Linux ships python-jsonschema 2.6.0 (draft-07 era), which cannot resolve those and raises RefResolutionError. Deselect those three; the other 27 pass. - The wheel installs its license under site-packages/koji_fedoramessaging_messages-<ver>.dist-info/LICENSES/, left unpackaged; mark it via the installed dist-info path. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…n AzL3 python3-koji-fedoramessaging-messages provides JSON Schema draft-2019-09 schemas ($anchor references) that AzL 3.0's python-jsonschema 2.6.0 cannot resolve. Because fedora-messaging validates on publish and the hub plugin selects the rich schema class when the package is installed, force-installing it on the hub would cause RefResolutionError -- which the plugin's ValidationError fallback does not catch (different exception class) -- to be swallowed by @ignore_error, silently dropping task-tree-bearing events (real build.state.change with subtasks, task.state.change, etc.). Upgrading python-jsonschema 2.6 -> 4.x in AzL 3.0 is out of scope, so demote the dependency to Suggests. The plugin discovers schema classes via fedora.messages entry points and falls back to the generic permissive Message schema when the package is absent, so it degrades gracefully and all events publish. Consumers that want schema validation can install the package on a platform with python-jsonschema >= 4. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…gests) Replace the Suggests on python3-koji-fedoramessaging-messages with no dependency at all. Suggests is never auto-installed and rarely surfaced, so it added no practical value here -- the hub specifically must NOT have the schema package (AzL 3.0's jsonschema 2.6.0 cannot resolve its draft-2019-09 $anchor schemas), and the off-cluster consumers that do want it declare it as their own dependency. The explanatory comment documents the relationship; the plugin discovers schemas via fedora.messages entry points and falls back to the generic Message schema when the package is absent. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Resolve conflicts in the shared sorted-metadata files (LICENSES-MAP.md, licenses.json, cgmanifest.json) caused by other PRs merged into 3.0-dev. LICENSES-MAP.md + licenses.json regenerated with toolkit/scripts/license_map.py from the merged spec tree; cgmanifest.json auto-merged. All 6 message-bus components verified present and the license-map check passes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Drop the explanatory comment and changelog bullet about python3-koji-fedoramessaging-messages. The dependency is simply not declared; the rationale does not need to live in the spec file. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
anphel31
reviewed
Jun 15, 2026
gmileka
reviewed
Jun 15, 2026
anphel31
reviewed
Jun 15, 2026
… koji-fedoramessaging release bump - Reformat fedora-messaging and python-service-identity signatures.json to multi-line (matches repo convention; hashes unchanged). - Correct import attribution to Fedora 43 (the actual source release) across python-pika, python-crochet, python-service-identity, fedora-messaging, python-koji-fedoramessaging-messages. - koji-fedoramessaging: bump Release to 2 (1.1.2-2) per post-import convention; distinguishes the Azure Linux build from the upstream 1.1.2-1 changelog entry. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…e files Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
anphel31
approved these changes
Jun 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Buddy Build Run: https://dev.azure.com/mariner-org/mariner/_build/results?buildId=1139309&view=results
Adds six pure-Python noarch packages enabling the Koji message-bus integration (hub-side AMQP publishing via fedora-messaging) for the Koji-on-AKS deployment:
python-pika1.3.2 (AMQP 0.9.1 client)python-crochet2.1.1 (Twisted/threaded-app bridge)python-service-identity24.2.0 (TLS service-identity verification)fedora-messaging3.9.0 (messaging library; buildspython3-fedora-messaging)koji-fedoramessaging1.1.2 (Koji hub plugin)python-koji-fedoramessaging-messages1.3.0 (message schemas)Specs are ported from Fedora dist-git (and the upstream fedora-infra/koji-fedoramessaging repo for the plugin) and adapted to Azure Linux conventions. The
koji-fedoramessaginghub plugin installs to/usr/lib/koji-hub-plugins/koji_fedoramessaging.pyand Requirespython3-koji-hub, mirroring the koji package's own hub plugins.All transitive runtime dependencies and build backends (setuptools, hatchling, poetry-core, pyproject-rpm-macros) already exist in 3.0-dev. Each package ships a
signatures.jsonwith the real upstream source SHA-256, andcgmanifest.json/LICENSES-MAP.md/licenses.jsonare updated accordingly.Build order: python-pika, python-crochet, python-service-identity -> fedora-messaging -> python-koji-fedoramessaging-messages, koji-fedoramessaging.
Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com