From 4369deaf1022c44b2efba2d87fc738bf79b1fd7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian@suse.de>
Date: Fri, 20 Feb 2009 12:49:17 +0000
Subject: [PATCH] * add support for VM (kvm or xen) builds * update NEWS file

---
 NEWS         |  4 ++++
 osc/build.py | 19 ++++++++++++++++++-
 osc/conf.py  |  6 ++++++
 osc/fetch.py |  4 +++-
 4 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 3ca89735..49088edf 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,10 @@
 0.114:
 - osc jobhistory command added to browse the build job history of
   a project or a package
+- support VM builds (solves the problem of untrusted packages on your system)
+- add parameter to show old build results in "rresults" call
+- obsolete the need to configure download server, get it from the build
+  service instance instead.
 
 0.113:
 - osc diff -rX:Y: the default is to return an unified diff (to get a pretty
diff --git a/osc/build.py b/osc/build.py
index 79c14687..962e3cc6 100644
--- a/osc/build.py
+++ b/osc/build.py
@@ -408,6 +408,8 @@ def main(opts, argv):
         anyway, I assume... verifying package now saves time though, since we don't
         even try to set up the buildroot if it wouldn't work."""
 
+        if config['build-type'] == "xen" or config['build-type'] == "kvm":
+            print 'Skipping verification of package signatures due to secure VM build'
         if opts.no_verify:
             print 'Skipping verification of package signatures'
         else:
@@ -434,13 +436,28 @@ def main(opts, argv):
     bc_file.write(get_buildconfig(apiurl, prj, pac, repo, arch))
     bc_file.flush()
 
+    vm_options=""
+    if config['build-device'] and config['build-memory'] and config['build-type']:
+       if config['build-type'] == "kvm":
+          vm_options="--kvm " + config['build-device']
+       elif config['build-type'] == "xen":
+          vm_options="--xen " + config['build-device']
+       else:
+          print "ERROR: unknown VM is set ! (" + config['build-type'] + ")"
+          sys.exit(1)
+       if config['build-swap']:
+          vm_options+=" --swap " + config['build-swap']
+       if config['build-memory']:
+          vm_options+=" --memory " + config['build-memory']
+    
     print 'Running build'
-    cmd = '%s --root=%s --rpmlist=%s --dist=%s --arch=%s %s %s' \
+    cmd = '%s --root=%s --rpmlist=%s --dist=%s --arch=%s %s %s %s' \
                  % (config['build-cmd'],
                     config['build-root'],
                     rpmlist_file.name, 
                     bc_file.name, 
                     bi.buildarch,
+                    vm_options,
                     build_descr, 
                     buildargs)
 
diff --git a/osc/conf.py b/osc/conf.py
index edc6a45b..95ab59e7 100644
--- a/osc/conf.py
+++ b/osc/conf.py
@@ -45,8 +45,14 @@ DEFAULTS = { 'apisrv': 'https://api.opensuse.org/',
              'pass': 'your_password',
              'packagecachedir': '/var/tmp/osbuild-packagecache',
              'su-wrapper': 'su -c',
+
+             # build type settings
              'build-cmd': '/usr/bin/build',
+             'build-type' : '', # may be empty for chroot, kvm or xen
              'build-root': '/var/tmp/build-root',
+             'build-device': '', # required for VM builds
+             'build-memory' : '',# required for VM builds
+             'build-swap' : '',  # optional for VM builds
 
              'debug': '0',
              'http_debug': '0',
diff --git a/osc/fetch.py b/osc/fetch.py
index 0937aede..b7019243 100644
--- a/osc/fetch.py
+++ b/osc/fetch.py
@@ -179,7 +179,9 @@ def verify_pacs(pac_list):
 
   Then, just start the build again.
 
-- If the key is unavailable, you may use --no-verify (which may pose a risk).
+- If you do not trust the packages, you should configure osc build for XEN or KVM
+
+- You may use --no-verify to skip the verification (which is a risk for your system).
 """ % {'name': missing_key, 
        'dir': os.path.expanduser('~')}