osc.conf

This module handles configuration of osc.

Configuring osc from oscrc

To configure osc from oscrc, do following:

import osc.conf

# see ``get_config()`` documentation for available function arguments
# see ``oscrc(5)`` man page for oscrc configuration options
osc.conf.get_config()

Configuring osc from API

To configure osc purely from the API (without reading oscrc), do following:

import osc.conf

# initialize the main config object
config = osc.conf.Options()

# configure host options for an apiurl
apiurl = osc.conf.sanitize_apiurl(apiurl)
host_options = HostOptions(apiurl=apiurl, username=..., _parent=config)
config.api_host_options[apiurl] = host_options

# set the default ``apiurl``
config.apiurl = ...

# place the config object in `osc.conf`
osc.conf.config = config

# optional: enable http debugging according to the ``http_debug`` and ``http_full_debug`` options
from osc.connection import enable_http_debug
enable_http_debug(osc.conf.config)

osc.conf.get_config(override_conffile=None, override_apiurl=None, override_debug=None, override_http_debug=None, override_http_full_debug=None, override_traceback=None, override_post_mortem=None, override_quiet=None, override_no_keyring=None, override_verbose=None, overrides=None)

Configure osc.

The configuration options are loaded with the following priority:

environment variables: OSC_<uppercase_option>
override arguments provided to get_config()
oscrc config file

class osc.conf.Options(*args, **kwargs)

Main configuration options.

property api_host_options: Dict[str, HostOptions]

A dictionary that maps apiurl to HostOptions.

Default: {}

property apiurl_aliases: Compute and return a dictionary that maps alias to apiurl.

property apiurl: str

Default URL to the API server. Credentials and other apiurl specific settings must be configured in a [$apiurl] config section or via API in an api_host_options entry.

Default: https://api.opensuse.org

property sshkey: str | None

A pointer to public SSH key that corresponds with a private SSH used for authentication:

keep empty for auto detection

path to the public SSH key

public SSH key filename (must be placed in ~/.ssh)

fingerprint of a SSH key (2nd column of ssh-add -l)

NOTE: The private key may not be available on disk because it could be in a GPG keyring, on YubiKey or forwarded through SSH agent.

TIP: To give osc a hint which ssh key from the agent to use during auto detection, append obs=<apiurl-hostname> to the private key’s comment. This will also work nicely during SSH agent forwarding, because the comments get forwarded too.

To edit the key, run: ssh-keygen -c -f ~/.ssh/<private-key>

To query the key, run: ssh-keygen -y -f ~/.ssh/<private-key>

Example comment: <username@host> obs=api.example.com obs=api-test.example.com

Default: None

property use_keyring: bool

Enable keyring as an option for storing passwords.

Default: False

property quiet: bool

Reduce amount of printed information to bare minimum. If enabled, automatically sets verbose to False.

Default: False

property verbose: bool

Increase amount of printed information to stdout. Automatically set to False when quiet is enabled.

Default: False

property debug: bool

Print debug information to stderr.

Default: False

property http_debug: bool

Print HTTP traffic to stderr. Automatically set to True when``http_full_debug`` is enabled.

Default: False

property http_full_debug: bool

[CAUTION!] Print HTTP traffic incl. authentication data to stderr. If enabled, automatically sets http_debug to True.

Default: False

property post_mortem: bool

Jump into a debugger when an unandled exception occurs.

Default: False

property traceback: bool

Print full traceback to stderr when an unandled exception occurs.

Default: False

property show_download_progress: bool

Show download progressbar.

Default: True

property http_retries: int

Number of retries on HTTP error.

Default: 3

property cookiejar: str

Path to a cookie jar that stores session cookies.

Default: ~/.local/state/osc/cookiejar

property realname: str | None

Name of the user passed to the vc tool via VC_REALNAME env variable.

Default: None

property email: str | None

Email of the user passed to the vc tool via VC_MAILADDR env variable.

Default: None

property local_service_run: bool

Run local services during commit.

Default: True

property getpac_default_project: str

The default project for osc getpac and osc bco. The value is a space separated list of strings.

Default: openSUSE:Factory

property exclude_glob: List[str]

Space separated list of files ignored by SCM. The files can contain globs.

Default: ['.osc', 'CVS', '.svn', '.*', '_linkerror', '*~', '#*#', '*.orig', '*.bak', '*.changes.vctmp.*']

property exclude_files: List[str]

Files that match the listed glob patterns get skipped during checkout.

Default: []

property include_files: List[str]

Files that do not match the listed glob patterns get skipped during checkout. The exclude_files option takes priority over include_files.

Default: []

property checkout_no_colon: bool

Use ‘/’ as project separator instead the default ‘:’ and create corresponding subdirs. If enabled, it takes priority over the project_separator option.

Default: False

property project_separator: str

Use the specified string to separate projects.

Default: :

property check_filelist: bool

Check for untracked files and removed files before commit.

Default: True

property do_package_tracking: bool

Track packages in parent project’s .osc/_packages.

Default: True

property checkout_rooted: bool

Prevent checking out projects inside other projects or packages.

Default: False

property status_mtime_heuristic: bool

Consider a file with a modified mtime as modified.

Default: False

property linkcontrol: bool: Default: False

property build_repository: str

The default repository used when the repository argument is omitted from osc build.

Default: openSUSE_Factory

property buildlog_strip_time: bool

Strip the build time from the build logs.

Default: False

property package_cache_dir: str

The directory where downloaded packages are stored. Must be writable by you.

Default: /var/tmp/osbuild-packagecache

property no_verify: bool

Disable signature verification of packages used for build.

Default: False

property builtin_signature_check: bool

Use the RPM’s built-in package signature verification.

Default: True

property disable_hdrmd5_check: bool

Disable hdrmd5 checks of downloaded and cached packages in osc build. It is recommended to keep the check enabled.

OBS builds the noarch packages once per binary arch. Such noarch packages are supposed to be nearly identical across all build arches, any discrepancy in the payload and dependencies is considered a packaging bug. But to guarantee that the local builds work identically to builds in OBS, using the arch-specific copy of the noarch package is required. Unfortunatelly only one of the noarch packages gets distributed and can be downloaded from a local mirror. All other noarch packages are available through the OBS API only. Since there is currently no information about hdrmd5 checksums of published noarch packages, we download them, verify hdrmd5 and re-download the package from OBS API on mismatch.

The same can also happen for architecture depend packages when someone is messing around with the source history or the release number handling in a way that it is not increasing.

If you want to save some bandwidth and don’t care about the exact rebuilds you can turn this option on to disable hdrmd5 checks completely.

Default: False

property include_request_from_project: bool

When querying requests, show also those that originate in the specified projects.

Default: True

property request_list_days: int

Limit the age of requests shown with osc req list to the given number of days.

This is only the default that can be overridden with osc request list -D <VALUE>. Use 0 for unlimited.

Default: 0

property check_for_request_on_action: bool

Check for pending requests after executing an action (e.g. checkout, update, commit).

Default: True

property request_show_interactive: bool

Show requests in the interactive mode by default.

Default: False

property print_web_links: bool

Print links to Web UI that can be directly pasted to a web browser where possible.

Default: False

property request_show_source_buildstatus: bool

Print the buildstatus of the source package. Works only with osc request show and the interactive review.

Default: False

property submitrequest_accepted_template: str | None

Template message for accepting a request.

Supported substitutions: %(reqid)s, %(type)s, %(who)s, %(src_project)s, %(src_package)s, %(src_rev)s, %(tgt_project)s, %(tgt_package)s

Example:

Hi %(who)s, your request %(reqid)s (type: %(type)s) for %(tgt_project)s/%(tgt_package)s has been accepted. Thank you for your contribution.

Default: None

property submitrequest_declined_template: str | None

Template message for declining a request.

Supported substitutions: %(reqid)s, %(type)s, %(who)s, %(src_project)s, %(src_package)s, %(src_rev)s, %(tgt_project)s, %(tgt_package)s

Example:

Hi %(who)s, your request %(reqid)s (type: %(type)s) for %(tgt_project)s/%(tgt_package)s has been declined because ...

Default: None

property request_show_review: bool

Review requests interactively.

Default: False

property review_inherit_group: bool

If a review was accepted in interactive mode and a group was specified, the review will be accepted for this group.

Default: False

property submitrequest_on_accept_action: str | None

What to do with the source package if the request has been accepted. If nothing is specified the API default is used.

Choices: cleanup, update, noupdate

Default: None

property build_jobs: int | None

The number of parallel processes during the build. Defaults to the number of available CPU threads.

Passed as --jobs to the build tool.

Default: <built-in function cpu_count>

property vm_type: str | None

Type of the build environment passed the build tool as the --vm-type option:

<empty> chroot build

kvm KVM VM build (rootless, needs build-device, build-swap, build-memory)

xen XEN VM build (needs build-device, build-swap, build-memory)

qemu [EXPERIMENTAL] QEMU VM build

lxc [EXPERIMENTAL] LXC build

uml

zvm

openstack

ec2

docker

podman (rootless)

pvm

nspawn

See build --help for more details about supported options.

Default: None

property build_memory: int | None

The amount of RAM (in MiB) assigned to a build VM.

Default: None

property build_root: str

Path to the build root directory.

Supported substitutions: %(repo)s, %(arch)s, %(project)s, %(package)s, %(apihost)s, %(user)s, %(dash_user)s where:

- ``apihost`` is the hostname extracted from the currently used ``apiurl``.
- ``dash_user`` is the username prefixed with a dash. If ``user`` is empty, ``dash_user`` is also empty.

NOTE: The configuration holds the original unexpanded string. Call osc.build.get_build_root() with proper arguments to retrieve an actual path.

Passed as --root <VALUE> to the build tool.

Default: /var/tmp/build-root%(dash_user)s/%(repo)s-%(arch)s

property build_shell_after_fail: bool

Start a shell prompt in the build environment if a build fails.

Passed as --shell-after-fail to the build tool.

Default: False

property build_uid: str | None

Numeric uid:gid to use for the abuild user. Neither of the values should be 0. This is useful if you are hacking in the buildroot. This must be set to the same value if the buildroot is re-used.

Passed as --uid <VALUE> to the build tool.

Default: None

property build_vm_kernel: str | None

The kernel used in a VM build.

Default: None

property build_vm_initrd: str | None

The initrd used in a VM build.

Default: None

property build_vm_disk: str | None

The disk image used as rootfs in a VM build.

Passed as --vm-disk <VALUE> to the build tool.

Default: None

property build_vm_disk_filesystem: str | None

The file system type of the disk image used as rootfs in a VM build. Supported values: ext3 (default), ext4, xfs, reiserfs, btrfs.

Passed as --vm-disk-filesystem <VALUE> to the build tool.

Default: None

property build_vm_disk_size: int | None

The size of the disk image (in MiB) used as rootfs in a VM build.

Passed as --vm-disk-size to the build tool.

Default: None

property build_vm_swap: str | None

Path to the disk image used as a swap for VM builds.

Passed as --swap to the build tool.

Default: None

property build_vm_swap_size: int | None

The size of the disk image (in MiB) used as swap in a VM build.

Passed as --vm-swap-size to the build tool.

Default: None

property build_vm_user: str | None

The username of a user used to run QEMU/KVM process.

Default: None

property icecream: int

Use Icecream distributed compiler. The value represents the number of parallel build jobs.

Passed as --icecream <VALUE> to the build tool.

Default: 0

property ccache: bool

Enable compiler cache (ccache) in build roots.

Passed as --ccache to the build tool.

Default: False

property sccache: bool

Enable shared compilation cache (sccache) in build roots. Conflicts with ccache.

Passed as --sccache to the build tool.

Default: False

property sccache_uri: str | None

Optional URI for sccache storage.

Supported URIs depend on the sccache configuration. The URI allows the following substitutions:

{pkgname}: name of the package to be build

Examples:

file:///var/tmp/osbuild-sccache-{pkgname}.tar.lzop

file:///var/tmp/osbuild-sccache-{pkgname}.tar

redis://127.0.0.1:6379

Passed as --sccache-uri <VALUE> to the build tool.

Default: None

property no_preinstallimage: bool

Do not use preinstall images to initialize build roots.

Default: False

property extra_pkgs: List[str]

Extra packages to install into the build root when building packages locally with osc build.

This corresponds to osc build -x pkg1 -x pkg2 .... The configured values can be overriden from the command-line with -x ''.

This global setting may leads to dependency problems when the base distro is not providing the package. Therefore using server-side cli_debug_packages option instead is recommended.

Passed as --extra-packs <VALUE> to the build tool.

Default: []

property build_cmd: str

Path to the ‘build’ tool.

Default: /usr/bin/build

property download_assets_cmd: str

Path to the ‘download_assets’ tool used for downloading assets in SCM/Git based builds.

Default: /usr/lib/build/download_assets

property vc_cmd: str

Path to the ‘vc’ tool.

Default: /usr/lib/build/vc

property su_wrapper: str

The wrapper to call build tool as root (sudo, su -, …). If empty, the build tool runs under the current user wich works only with KVM at this moment.

Default: sudo

class osc.conf.HostOptions(_parent, **kwargs)

Configuration options for individual apiurls.

property apiurl: str

URL to the API server.

Default: None

property aliases: List[str]

Aliases of the apiurl.

Default: []

property username: str

Username for the apiurl.

Default: None

property credentials_mgr_class: str | None

Fully qualified name of a class used to fetch a password.

Default: None

property password: Password | None

Password for the apiurl. May be empty if the credentials manager fetches the password from a keyring or sshkey is used.

Default: None

property sshkey: str | None

A pointer to public SSH key that corresponds with a private SSH used for authentication:

keep empty for auto detection

path to the public SSH key

public SSH key filename (must be placed in ~/.ssh)

fingerprint of a SSH key (2nd column of ssh-add -l)

NOTE: The private key may not be available on disk because it could be in a GPG keyring, on YubiKey or forwarded through SSH agent.

TIP: To give osc a hint which ssh key from the agent to use during auto detection, append obs=<apiurl-hostname> to the private key’s comment. This will also work nicely during SSH agent forwarding, because the comments get forwarded too.

To edit the key, run: ssh-keygen -c -f ~/.ssh/<private-key>

To query the key, run: ssh-keygen -y -f ~/.ssh/<private-key>

Example comment: <username@host> obs=api.example.com obs=api-test.example.com

Default: inherited from parent config’s field sshkey

property downloadurl: str | None

Redirect downloads of packages used during build to an alternative location. This allows specifying a local mirror or a proxy, which can greatly improve download performance, latency and more.

Default: None

property cafile: str | None

The path to a file of concatenated CA certificates in PEM format. If specified, the CA certificates from the path will be used to validate other peers’ certificates instead of the system-wide certificates.

Default: None

property capath: str | None

The path to a directory containing several CA certificates in PEM format. If specified, the CA certificates from the path will be used to validate other peers’ certificates instead of the system-wide certificates.

Default: None

property sslcertck: bool

Whether to validate SSL certificate of the server. It is highly recommended to keep this option enabled.

Default: True

property allow_http: bool

Whether to allow plain HTTP connections. Using HTTP is insecure because it sends passwords and session cookies in plain text. It is highly recommended to keep this option disabled.

Default: False

property http_headers: List[HttpHeader]

Additional HTTP headers attached to each HTTP or HTTPS request. The format is [(header-name, header-value)].

Default: []

property trusted_prj: List[str]

List of names of the trusted projects. The names can contain globs. Please note that some repos may contain malicious packages that can compromise the build result or even your system!

Default: []

property disable_hdrmd5_check: bool

Disable hdrmd5 checks of downloaded and cached packages in osc build. It is recommended to keep the check enabled.

OBS builds the noarch packages once per binary arch. Such noarch packages are supposed to be nearly identical across all build arches, any discrepancy in the payload and dependencies is considered a packaging bug. But to guarantee that the local builds work identically to builds in OBS, using the arch-specific copy of the noarch package is required. Unfortunatelly only one of the noarch packages gets distributed and can be downloaded from a local mirror. All other noarch packages are available through the OBS API only. Since there is currently no information about hdrmd5 checksums of published noarch packages, we download them, verify hdrmd5 and re-download the package from OBS API on mismatch.

The same can also happen for architecture depend packages when someone is messing around with the source history or the release number handling in a way that it is not increasing.

If you want to save some bandwidth and don’t care about the exact rebuilds you can turn this option on to disable hdrmd5 checks completely.

Default: inherited from parent config’s field disable_hdrmd5_check

property realname: str | None

Name of the user passed to the vc tool via VC_REALNAME env variable.

Default: inherited from parent config’s field realname

property email: str | None

Email of the user passed to the vc tool via VC_MAILADDR env variable.

Default: inherited from parent config’s field email

class osc.conf.Password(data): Lazy password that wraps either a string or a function. The result of the function gets returned any time the object is used as a string.