builder: use --with-rpmlist for ibcli (HMS-10051)

[avitova]

Adds a flag --with-rpmlist to show rpmlist in the output of the image-builder build in koji.

I added tests for load_rpmlist_from_output but can we test the output of the whole handler or not?

[supakeen]

Adds a flag --with-rpmlist to show rpmlist in the output of the image-builder build in koji.

I added tests for load_rpmlist_from_output but can we test the output of the whole handler or not?

Only in the integration test but it's currently broken, see #21

[supakeen]

I've rebased this PR on top of #24 which fixes the integration test. This then shows that we're encountering an actual error when adding the RPM list:

koji.GenericError: No such rpm: {'name': 'abattis-cantarell-vf-fonts', 'version': '0.301', 'release': '17.fc44', 'epoch': 0, 'arch': 'noarch', 'buildtime': 1768549987, 'size': 123255, 'payloadhash': '720fbca1cdaf0e5e4cc388402f5de012c9e26eff129d13dd89560d2eea96585c'}

I assume this means that Koji will actually verify that the RPMs in the RPM list are present as builds in Koji. Unsure how we can pre-create all of these for the integration test (could we import them)?

---

Aside from this I fixed up the commit to use lists instead of a dictionary since rpmlist expects a list.

[supakeen]

Ok; so the implementation for --with-rpmlist in image-builder will need to change. Previously it was indeed correct but with recent changes to Koji it needs to use a different set of header fields for the payloadhash:

https://forge.fedoraproject.org/koji/koji/commit/f9c2e21c898962d45946c5f51907af37245e440a#diff-afcee6620b4d876d4e6bd910f937669857b3c4ec

This is why we're seeing: koji.GenericError: hash changed for external rpm: diffutils-3.12-5.fc44.x86_64@fedora-44-released (2e87ead1c0232125dcacc37e9a3b823d -> 45001ec4ea4d2c56a879ad55dc94c426525100bfa421f2ed41224ed08adb9cc3)

[supakeen]

This might all lie a bit deeper since we use the checksum we get from DNF through Package.get_checksum/Package.get_hdr_checksum: https://dnf5.readthedocs.io/en/latest/api/python/libdnf5_rpm.html#libdnf5.rpm.Package.get_checksum and then we take that as the payloadhash.

[supakeen]

Since the linked commit mentions:

    The rpminfo arg MUST contain the following fields:
	        - name, version, release, epoch, arch, size, buildtime
	    The rpminfo SHOULD contain all non-null rpm header values for the following
	    digest fields:
	        - sigmd5, sha1header, sha256header, sha3_256header
	    But it MUST contain either at least one of the above or the legacy
	    payloadhash field.

Perhaps we can do this by dropping the payloadhash field and including the appropriate field for whatever the Checksum was in images. Though I think for compatibility with Koji <= 1.36.0 we should keep writing payloadhash though if we do it must be the sigmd5, not anything else?

[supakeen]

Filed an issue to see if we can get some guidance: https://forge.fedoraproject.org/koji/koji/issues/4582

[supakeen]

Just thought of another option; we could drop the usage of --with-rpmlist entirely. Get the RPM sources directly from the manifest (in the plugin) and then directly inspect those (in the plugin). This is similar to what Kiwi does where it goes through DNF cache inside the buildroot to figure out what RPMs were used.

I'd prefer not to do this; but if we really want to do something on a short timeline it's a possibility.

[supakeen]

Another option is to output it as metadata from the RPM stage in osbuild and capture that (mentioned by @achilleas-k).