osc.conf
This module handles configuration of osc.
Configuring osc from oscrc
To configure osc from oscrc, do following:
import osc.conf
# see ``get_config()`` documentation for available function arguments
# see ``oscrc(5)`` man page for oscrc configuration options
osc.conf.get_config()
Configuring osc from API
To configure osc purely from the API (without reading oscrc), do following:
import osc.conf
# initialize the main config object
config = osc.conf.Options()
# configure host options for an apiurl
apiurl = osc.conf.sanitize_apiurl(apiurl)
host_options = HostOptions(apiurl=apiurl, username=..., _parent=config)
config.api_host_options[apiurl] = host_options
# set the default ``apiurl``
config.apiurl = ...
# place the config object in `osc.conf`
osc.conf.config = config
# optional: enable http debugging according to the ``http_debug`` and ``http_full_debug`` options
from osc.connection import enable_http_debug
enable_http_debug(osc.conf.config)
- osc.conf.get_config(override_conffile=None, override_apiurl=None, override_debug=None, override_http_debug=None, override_http_full_debug=None, override_traceback=None, override_post_mortem=None, override_quiet=None, override_no_keyring=None, override_verbose=None, overrides=None)
Configure osc.
- The configuration options are loaded with the following priority:
environment variables: OSC_<uppercase_option>
override arguments provided to get_config()
oscrc config file
- class osc.conf.Options(*args, **kwargs)
Main configuration options.
- property api_host_options: Dict[str, HostOptions]
A dictionary that maps
apiurl
toHostOptions
.Default:
{}
- property apiurl_aliases
Compute and return a dictionary that maps
alias
toapiurl
.
- property apiurl: str
Default URL to the API server. Credentials and other
apiurl
specific settings must be configured in a[$apiurl]
config section or via API in anapi_host_options
entry.Default:
https://api.opensuse.org
- property sshkey: str | None
A pointer to public SSH key that corresponds with a private SSH used for authentication:
keep empty for auto detection
path to the public SSH key
public SSH key filename (must be placed in ~/.ssh)
fingerprint of a SSH key (2nd column of
ssh-add -l
)
NOTE: The private key may not be available on disk because it could be in a GPG keyring, on YubiKey or forwarded through SSH agent.
TIP: To give osc a hint which ssh key from the agent to use during auto detection, append
obs=<apiurl-hostname>
to the private key’s comment. This will also work nicely during SSH agent forwarding, because the comments get forwarded too.To edit the key, run:
ssh-keygen -c -f ~/.ssh/<private-key>
To query the key, run:
ssh-keygen -y -f ~/.ssh/<private-key>
Example comment:
<username@host> obs=api.example.com obs=api-test.example.com
Default:
None
- property use_keyring: bool
Enable keyring as an option for storing passwords.
Default:
False
- property quiet: bool
Reduce amount of printed information to bare minimum. If enabled, automatically sets
verbose
toFalse
.Default:
False
- property verbose: bool
Increase amount of printed information to stdout. Automatically set to
False
whenquiet
is enabled.Default:
False
- property debug: bool
Print debug information to stderr.
Default:
False
- property http_debug: bool
Print HTTP traffic to stderr. Automatically set to
True
when``http_full_debug`` is enabled.Default:
False
- property http_full_debug: bool
[CAUTION!] Print HTTP traffic incl. authentication data to stderr. If enabled, automatically sets
http_debug
toTrue
.Default:
False
- property post_mortem: bool
Jump into a debugger when an unandled exception occurs.
Default:
False
- property traceback: bool
Print full traceback to stderr when an unandled exception occurs.
Default:
False
- property show_download_progress: bool
Show download progressbar.
Default:
True
- property http_retries: int
Number of retries on HTTP error.
Default:
3
- property cookiejar: str
Path to a cookie jar that stores session cookies.
Default:
~/.local/state/osc/cookiejar
- property realname: str | None
Name of the user passed to the
vc
tool viaVC_REALNAME
env variable.Default:
None
- property email: str | None
Email of the user passed to the
vc
tool viaVC_MAILADDR
env variable.Default:
None
- property local_service_run: bool
Run local services during commit.
Default:
True
- property getpac_default_project: str
The default project for
osc getpac
andosc bco
. The value is a space separated list of strings.Default:
openSUSE:Factory
- property exclude_glob: List[str]
Space separated list of files ignored by SCM. The files can contain globs.
Default:
['.osc', 'CVS', '.svn', '.*', '_linkerror', '*~', '#*#', '*.orig', '*.bak', '*.changes.vctmp.*']
- property exclude_files: List[str]
Files that match the listed glob patterns get skipped during checkout.
Default:
[]
- property include_files: List[str]
Files that do not match the listed glob patterns get skipped during checkout. The
exclude_files
option takes priority overinclude_files
.Default:
[]
- property checkout_no_colon: bool
Use ‘/’ as project separator instead the default ‘:’ and create corresponding subdirs. If enabled, it takes priority over the
project_separator
option.Default:
False
- property project_separator: str
Use the specified string to separate projects.
Default:
:
- property check_filelist: bool
Check for untracked files and removed files before commit.
Default:
True
- property do_package_tracking: bool
Track packages in parent project’s .osc/_packages.
Default:
True
- property checkout_rooted: bool
Prevent checking out projects inside other projects or packages.
Default:
False
- property status_mtime_heuristic: bool
Consider a file with a modified mtime as modified.
Default:
False
- property linkcontrol: bool
Default:
False
- property build_repository: str
The default repository used when the
repository
argument is omitted fromosc build
.Default:
openSUSE_Factory
- property buildlog_strip_time: bool
Strip the build time from the build logs.
Default:
False
- property package_cache_dir: str
The directory where downloaded packages are stored. Must be writable by you.
Default:
/var/tmp/osbuild-packagecache
- property no_verify: bool
Disable signature verification of packages used for build.
Default:
False
- property builtin_signature_check: bool
Use the RPM’s built-in package signature verification.
Default:
True
- property disable_hdrmd5_check: bool
Disable hdrmd5 checks of downloaded and cached packages in
osc build
. It is recommended to keep the check enabled.OBS builds the noarch packages once per binary arch. Such noarch packages are supposed to be nearly identical across all build arches, any discrepancy in the payload and dependencies is considered a packaging bug. But to guarantee that the local builds work identically to builds in OBS, using the arch-specific copy of the noarch package is required. Unfortunatelly only one of the noarch packages gets distributed and can be downloaded from a local mirror. All other noarch packages are available through the OBS API only. Since there is currently no information about hdrmd5 checksums of published noarch packages, we download them, verify hdrmd5 and re-download the package from OBS API on mismatch.
The same can also happen for architecture depend packages when someone is messing around with the source history or the release number handling in a way that it is not increasing.
If you want to save some bandwidth and don’t care about the exact rebuilds you can turn this option on to disable hdrmd5 checks completely.
Default:
False
- property include_request_from_project: bool
When querying requests, show also those that originate in the specified projects.
Default:
True
- property request_list_days: int
Limit the age of requests shown with
osc req list
to the given number of days.This is only the default that can be overridden with
osc request list -D <VALUE>
. Use0
for unlimited.Default:
0
- property check_for_request_on_action: bool
Check for pending requests after executing an action (e.g. checkout, update, commit).
Default:
True
- property request_show_interactive: bool
Show requests in the interactive mode by default.
Default:
False
- property print_web_links: bool
Print links to Web UI that can be directly pasted to a web browser where possible.
Default:
False
- property request_show_source_buildstatus: bool
Print the buildstatus of the source package. Works only with
osc request show
and the interactive review.Default:
False
- property submitrequest_accepted_template: str | None
Template message for accepting a request.
Supported substitutions:
%(reqid)s
,%(type)s
,%(who)s
,%(src_project)s
,%(src_package)s
,%(src_rev)s
,%(tgt_project)s
,%(tgt_package)s
Example:
Hi %(who)s, your request %(reqid)s (type: %(type)s) for %(tgt_project)s/%(tgt_package)s has been accepted. Thank you for your contribution.
Default:
None
- property submitrequest_declined_template: str | None
Template message for declining a request.
Supported substitutions:
%(reqid)s
,%(type)s
,%(who)s
,%(src_project)s
,%(src_package)s
,%(src_rev)s
,%(tgt_project)s
,%(tgt_package)s
Example:
Hi %(who)s, your request %(reqid)s (type: %(type)s) for %(tgt_project)s/%(tgt_package)s has been declined because ...
Default:
None
- property request_show_review: bool
Review requests interactively.
Default:
False
- property review_inherit_group: bool
If a review was accepted in interactive mode and a group was specified, the review will be accepted for this group.
Default:
False
- property submitrequest_on_accept_action: str | None
What to do with the source package if the request has been accepted. If nothing is specified the API default is used.
Choices: cleanup, update, noupdate
Default:
None
- property build_jobs: int | None
The number of parallel processes during the build. Defaults to the number of available CPU threads.
Passed as
--jobs
to the build tool.Default:
<built-in function cpu_count>
- property vm_type: str | None
Type of the build environment passed the build tool as the
--vm-type
option:<empty> chroot build
kvm KVM VM build (rootless, needs build-device, build-swap, build-memory)
xen XEN VM build (needs build-device, build-swap, build-memory)
qemu [EXPERIMENTAL] QEMU VM build
lxc [EXPERIMENTAL] LXC build
uml
zvm
openstack
ec2
docker
podman (rootless)
pvm
nspawn
See
build --help
for more details about supported options.Default:
None
- property build_memory: int | None
The amount of RAM (in MiB) assigned to a build VM.
Default:
None
- property build_root: str
Path to the build root directory.
Supported substitutions:
%(repo)s
,%(arch)s
,%(project)s
,%(package)s
,%(apihost)s
,%(user)s
,%(dash_user)s
where:- ``apihost`` is the hostname extracted from the currently used ``apiurl``. - ``dash_user`` is the username prefixed with a dash. If ``user`` is empty, ``dash_user`` is also empty.
NOTE: The configuration holds the original unexpanded string. Call
osc.build.get_build_root()
with proper arguments to retrieve an actual path.Passed as
--root <VALUE>
to the build tool.Default:
/var/tmp/build-root%(dash_user)s/%(repo)s-%(arch)s
- property build_shell_after_fail: bool
Start a shell prompt in the build environment if a build fails.
Passed as
--shell-after-fail
to the build tool.Default:
False
- property build_uid: str | None
Numeric uid:gid to use for the abuild user. Neither of the values should be 0. This is useful if you are hacking in the buildroot. This must be set to the same value if the buildroot is re-used.
Passed as
--uid <VALUE>
to the build tool.Default:
None
- property build_vm_kernel: str | None
The kernel used in a VM build.
Default:
None
- property build_vm_initrd: str | None
The initrd used in a VM build.
Default:
None
- property build_vm_disk: str | None
The disk image used as rootfs in a VM build.
Passed as
--vm-disk <VALUE>
to the build tool.Default:
None
- property build_vm_disk_filesystem: str | None
The file system type of the disk image used as rootfs in a VM build. Supported values: ext3 (default), ext4, xfs, reiserfs, btrfs.
Passed as
--vm-disk-filesystem <VALUE>
to the build tool.Default:
None
- property build_vm_disk_size: int | None
The size of the disk image (in MiB) used as rootfs in a VM build.
Passed as
--vm-disk-size
to the build tool.Default:
None
- property build_vm_swap: str | None
Path to the disk image used as a swap for VM builds.
Passed as
--swap
to the build tool.Default:
None
- property build_vm_swap_size: int | None
The size of the disk image (in MiB) used as swap in a VM build.
Passed as
--vm-swap-size
to the build tool.Default:
None
- property build_vm_user: str | None
The username of a user used to run QEMU/KVM process.
Default:
None
- property icecream: int
Use Icecream distributed compiler. The value represents the number of parallel build jobs.
Passed as
--icecream <VALUE>
to the build tool.Default:
0
- property ccache: bool
Enable compiler cache (ccache) in build roots.
Passed as
--ccache
to the build tool.Default:
False
- property sccache: bool
Enable shared compilation cache (sccache) in build roots. Conflicts with
ccache
.Passed as
--sccache
to the build tool.Default:
False
- property sccache_uri: str | None
Optional URI for sccache storage.
Supported URIs depend on the sccache configuration. The URI allows the following substitutions:
{pkgname}
: name of the package to be build
Examples:
file:///var/tmp/osbuild-sccache-{pkgname}.tar.lzop
file:///var/tmp/osbuild-sccache-{pkgname}.tar
redis://127.0.0.1:6379
Passed as
--sccache-uri <VALUE>
to the build tool.Default:
None
- property no_preinstallimage: bool
Do not use preinstall images to initialize build roots.
Default:
False
- property extra_pkgs: List[str]
Extra packages to install into the build root when building packages locally with
osc build
.This corresponds to
osc build -x pkg1 -x pkg2 ...
. The configured values can be overriden from the command-line with-x ''
.This global setting may leads to dependency problems when the base distro is not providing the package. Therefore using server-side
cli_debug_packages
option instead is recommended.Passed as
--extra-packs <VALUE>
to the build tool.Default:
[]
- property build_cmd: str
Path to the ‘build’ tool.
Default:
/usr/bin/build
- property download_assets_cmd: str
Path to the ‘download_assets’ tool used for downloading assets in SCM/Git based builds.
Default:
/usr/lib/build/download_assets
- property vc_cmd: str
Path to the ‘vc’ tool.
Default:
/usr/lib/build/vc
- property su_wrapper: str
The wrapper to call build tool as root (sudo, su -, …). If empty, the build tool runs under the current user wich works only with KVM at this moment.
Default:
sudo
- class osc.conf.HostOptions(_parent, **kwargs)
Configuration options for individual apiurls.
- property apiurl: str
URL to the API server.
Default:
None
- property aliases: List[str]
Aliases of the apiurl.
Default:
[]
- property username: str
Username for the apiurl.
Default:
None
- property credentials_mgr_class: str | None
Fully qualified name of a class used to fetch a password.
Default:
None
- property password: Password | None
Password for the apiurl. May be empty if the credentials manager fetches the password from a keyring or
sshkey
is used.Default:
None
- property sshkey: str | None
A pointer to public SSH key that corresponds with a private SSH used for authentication:
keep empty for auto detection
path to the public SSH key
public SSH key filename (must be placed in ~/.ssh)
fingerprint of a SSH key (2nd column of
ssh-add -l
)
NOTE: The private key may not be available on disk because it could be in a GPG keyring, on YubiKey or forwarded through SSH agent.
TIP: To give osc a hint which ssh key from the agent to use during auto detection, append
obs=<apiurl-hostname>
to the private key’s comment. This will also work nicely during SSH agent forwarding, because the comments get forwarded too.To edit the key, run:
ssh-keygen -c -f ~/.ssh/<private-key>
To query the key, run:
ssh-keygen -y -f ~/.ssh/<private-key>
Example comment:
<username@host> obs=api.example.com obs=api-test.example.com
Default: inherited from parent config’s field
sshkey
- property downloadurl: str | None
Redirect downloads of packages used during build to an alternative location. This allows specifying a local mirror or a proxy, which can greatly improve download performance, latency and more.
Default:
None
- property cafile: str | None
The path to a file of concatenated CA certificates in PEM format. If specified, the CA certificates from the path will be used to validate other peers’ certificates instead of the system-wide certificates.
Default:
None
- property capath: str | None
The path to a directory containing several CA certificates in PEM format. If specified, the CA certificates from the path will be used to validate other peers’ certificates instead of the system-wide certificates.
Default:
None
- property sslcertck: bool
Whether to validate SSL certificate of the server. It is highly recommended to keep this option enabled.
Default:
True
- property allow_http: bool
Whether to allow plain HTTP connections. Using HTTP is insecure because it sends passwords and session cookies in plain text. It is highly recommended to keep this option disabled.
Default:
False
- property http_headers: List[HttpHeader]
Additional HTTP headers attached to each HTTP or HTTPS request. The format is [(header-name, header-value)].
Default:
[]
- property trusted_prj: List[str]
List of names of the trusted projects. The names can contain globs. Please note that some repos may contain malicious packages that can compromise the build result or even your system!
Default:
[]
- property disable_hdrmd5_check: bool
Disable hdrmd5 checks of downloaded and cached packages in
osc build
. It is recommended to keep the check enabled.OBS builds the noarch packages once per binary arch. Such noarch packages are supposed to be nearly identical across all build arches, any discrepancy in the payload and dependencies is considered a packaging bug. But to guarantee that the local builds work identically to builds in OBS, using the arch-specific copy of the noarch package is required. Unfortunatelly only one of the noarch packages gets distributed and can be downloaded from a local mirror. All other noarch packages are available through the OBS API only. Since there is currently no information about hdrmd5 checksums of published noarch packages, we download them, verify hdrmd5 and re-download the package from OBS API on mismatch.
The same can also happen for architecture depend packages when someone is messing around with the source history or the release number handling in a way that it is not increasing.
If you want to save some bandwidth and don’t care about the exact rebuilds you can turn this option on to disable hdrmd5 checks completely.
Default: inherited from parent config’s field
disable_hdrmd5_check
- property realname: str | None
Name of the user passed to the
vc
tool viaVC_REALNAME
env variable.Default: inherited from parent config’s field
realname
- property email: str | None
Email of the user passed to the
vc
tool viaVC_MAILADDR
env variable.Default: inherited from parent config’s field
email
- class osc.conf.Password(data)
Lazy password that wraps either a string or a function. The result of the function gets returned any time the object is used as a string.