2:14 a.m.
Hi,
Finally though in make rfpkg just fedpkg with new configuration , so
rfpkg could be an alias like this:
alias rfpkg='fedpkg --config /etc/rpkg/rfpkg.conf'
so we got two new files
/etc/rpkg/rfpkg.conf and
/etc/koji.rf.conf (configuration of koji) in attach .
Now, we need the equivalent of fedora-cert [1] and we already
have rpmfusion-packager ( the equivalent of fedora-packager ) which
have the old command /usr/bin/rpmfusion-packager-setup. This rpmfusion-
packager-setup give me clues about where is rpmfusion-upload-ca.cert
and rpmfusion-server-ca.cert, this are the correct certificates ?
Downloading certificates manually, I end up with
pyrpkg.errors.UploadError: (60, "Peer's Certificate issuer is not
recognized.") because
https://fas.rpmfusion.org/accounts/rpmfusion-upload-ca.cert is not a
secure cert ...
Tomorrow I hope to continue devel this tools tomorrow.
[1]
rpm -ql fedora-cert
Best regards,
--
Sérgio M. B.
8:36 a.m.
2016-06-11 4:14 GMT+02:00 Sérgio Basto <sergio(a)serjux.com>:
Hi,
Finally though in make rfpkg just fedpkg with new configuration , so
rfpkg could be an alias like this:
alias rfpkg='fedpkg --config /etc/rpkg/rfpkg.conf'
so we got two new files
/etc/rpkg/rfpkg.conf and
/etc/koji.rf.conf (configuration of koji) in attach .
You can have a look at what is already available in
github.com/rpmfusion-infra/rfpkg
Your version is interesting, why do you need the clone options on the
client side ?
For example the sendemail foo-owner(a)rf.o is setup on the server side,
not something can be changed from clients clones.
koji client configuration should be located in
/etc/koji/rpmfusion-config I've pushed a version in
rpmfusion-packager.
Now, we need the equivalent of fedora-cert [1] and we already
have rpmfusion-packager ( the equivalent of fedora-packager ) which
have the old command /usr/bin/rpmfusion-packager-setup. This rpmfusion-
packager-setup give me clues about where is rpmfusion-upload-ca.cert
and rpmfusion-server-ca.cert, this are the correct certificates ?
Yes
Downloading certificates manually, I end up with
pyrpkg.errors.UploadError: (60, "Peer's Certificate issuer is not
recognized.") because
https://fas.rpmfusion.org/accounts/rpmfusion-upload-ca.cert is not a
secure cert ...
This is a self signed cert, (so not even a cacert file)
We should migrate the fas to the new infra with the new reverse proxy
setup so we can use a letsencrypt certificate easily. Please try to
use the certificate fingerprint if possible unil the fas is migrated
to a well trusted CA.
Tomorrow I hope to continue devel this tools tomorrow.
Thx, you are on the right path
3:49 p.m.
On Sáb, 2016-06-11 at 10:36 +0200, Nicolas Chauvet wrote:
2016-06-11 4:14 GMT+02:00 Sérgio Basto <sergio(a)serjux.com>:
>
> Hi,
> Finally though in make rfpkg just fedpkg with new configuration ,
> so
> rfpkg could be an alias like this:
>
> alias rfpkg='fedpkg --config /etc/rpkg/rfpkg.conf'
>
> so we got two new files
> /etc/rpkg/rfpkg.conf and
> /etc/koji.rf.conf (configuration of koji) in attach .
You can have a look at what is already available in
github.com/rpmfusion-infra/rfpkg
Your version is interesting, why do you need the clone options on the
client side ?
Of course I know that, TBH, I'd like have the diff to fedpkg , now I
see there , that you already though in rfpkg-free.conf and rfpkg-
nonfree.conf which is a good idea , instead have :
alias rfpkg='fedpkg --config /etc/rpkg/rfpkg.conf'
we may have :
alias rfpkg-free='fedpkg --config /etc/rpkg/rfpkg-free.conf'
and
alias rfpkg-nonfree='fedpkg --config /etc/rpkg/rfpkg-nonfree.conf'
I have to study a bit more this , but my thoughts was not change the
core code of fedpkg, if possible of course and just add some new
configurations, in the same way for example of mock-rpmfusion
For example the sendemail foo-owner(a)rf.o is setup on the server
side,
not something can be changed from clients clones.
you mean clone_config in /etc/rpkg/rfpkg.conf ? , just keep something
not really know if we need it ...
koji client configuration should be located in
/etc/koji/rpmfusion-config I've pushed a version in
rpmfusion-packager.
Excellent ! , we need build and update the rpmfusion-packager package
:) , I will build it now in my box and send you a pull request or
something like that .
>
> Now, we need the equivalent of fedora-cert [1] and we already
> have rpmfusion-packager ( the equivalent of fedora-packager ) which
> have the old command /usr/bin/rpmfusion-packager-setup. This
> rpmfusion-
> packager-setup give me clues about where is rpmfusion-upload-
> ca.cert
> and rpmfusion-server-ca.cert, this are the correct certificates ?
Yes
>
>
> Downloading certificates manually, I end up with
> pyrpkg.errors.UploadError: (60, "Peer's Certificate issuer is not
> recognized.") because
> https://fas.rpmfusion.org/accounts/rpmfusion-upload-ca.cert is not
> a
> secure cert ...
This is a self signed cert, (so not even a cacert file)
We should migrate the fas to the new infra with the new reverse proxy
setup so we can use a letsencrypt certificate easily. Please try to
use the certificate fingerprint if possible unil the fas is migrated
to a well trusted CA.
Have lookaside_cgi working seems to me important ... ( or have you some
workaround ? ) to start sending and building packages to koji .
But looks like we need a bunch of certificates , here is my resume :
pkgs:
Let'sEncryptAuthorityX3.crt
pkgs.rpmfusion.org.crt
DSTRootCAX3.crt
koji:
rpmfusion.org.crt
koji.rpmfusion.org.crt
fas:
rpmfusion-server-ca.cert
rpmfusion-upload-ca.cert
Honestly, what we need ? we need fas generate user certificate that are
sign with ? rpmfusion CA ? Let'sEncrypt CA ? koji also need a server
certificate from the same CA isn't it ? to allow a user upload sources
to pkgs.rpmfusion.org and request builds on koji , right ?
Like I mention I need study a lit more, I will try study it tonight. I
just wrote my first impressions .
>
> Tomorrow I hope to continue devel this tools tomorrow.
Thx, you are on the right path
Thanks,
--
Sérgio M. B.
3085
days inactive
3085
days old
rpmfusion-developers@lists.rpmfusion.org
2 comments
2 participants
participants (2)
-
Nicolas Chauvet -
Sérgio Basto