rfpkg: rpmfusion-packager-setup and rpmfusion-cert packages

Sérgio Basto sergio at serjux.com
Sat Jun 11 17:49:08 CEST 2016


On Sáb, 2016-06-11 at 10:36 +0200, Nicolas Chauvet wrote:
> 2016-06-11 4:14 GMT+02:00 Sérgio Basto <sergio at serjux.com>:
> > 
> > Hi,
> > Finally though in make rfpkg just fedpkg with new configuration ,
> > so
> > rfpkg could be an alias like this:
> > 
> > alias rfpkg='fedpkg  --config /etc/rpkg/rfpkg.conf'
> > 
> > so we got two new files
> > /etc/rpkg/rfpkg.conf and
> > /etc/koji.rf.conf (configuration of koji) in attach .
> You can have a look at what is already available in
> github.com/rpmfusion-infra/rfpkg
> Your version is interesting, why do you need the clone options on the
> client side ?

Of course I know that, TBH, I'd like have the diff to fedpkg , now I
see there , that you already though in rfpkg-free.conf and rfpkg-
nonfree.conf which is a good idea , instead have :
alias rfpkg='fedpkg  --config /etc/rpkg/rfpkg.conf' 
we may have :  
alias rfpkg-free='fedpkg  --config /etc/rpkg/rfpkg-free.conf'
and
alias rfpkg-nonfree='fedpkg  --config /etc/rpkg/rfpkg-nonfree.conf'

I have to study a bit more this , but my thoughts was not change the
core code of fedpkg, if possible of course and just add some new
configurations, in the same way for example of mock-rpmfusion 

> For example the sendemail foo-owner at rf.o is setup on the server side,
> not something can be changed from clients clones.

you mean clone_config in /etc/rpkg/rfpkg.conf ? , just keep something
not really know if we need it ...

> koji client configuration should be located in
> /etc/koji/rpmfusion-config I've pushed a version in
> rpmfusion-packager.

Excellent ! , we need build and update the rpmfusion-packager package
:) , I will build it now in my box and send you a pull request or
something like that .

> > 
> > Now, we need the equivalent of fedora-cert [1] and we already
> > have rpmfusion-packager ( the equivalent of fedora-packager ) which
> > have the old command /usr/bin/rpmfusion-packager-setup. This
> > rpmfusion-
> > packager-setup give me clues about where is rpmfusion-upload-
> > ca.cert
> > and rpmfusion-server-ca.cert, this are the correct certificates ?
> Yes
> > 
> > 
> > Downloading certificates manually, I end up with
> >  pyrpkg.errors.UploadError: (60, "Peer's Certificate issuer is not
> > recognized.") because
> > https://fas.rpmfusion.org/accounts/rpmfusion-upload-ca.cert is not
> > a
> > secure cert ...
> This is a self signed cert, (so not even a cacert file)
> We should migrate the fas to the new infra with the new reverse proxy
> setup so we can use a letsencrypt certificate easily. Please try to
> use the certificate fingerprint if possible unil the fas is migrated
> to a well trusted CA.

Have lookaside_cgi working seems to me important ... ( or have you some
workaround ? ) to start sending and building packages to koji .

But looks like we need a bunch of certificates , here is my resume : 
pkgs:
Let'sEncryptAuthorityX3.crt
pkgs.rpmfusion.org.crt
DSTRootCAX3.crt
koji:
rpmfusion.org.crt
koji.rpmfusion.org.crt
fas:
rpmfusion-server-ca.cert
rpmfusion-upload-ca.cert

Honestly, what we need ? we need fas generate user certificate that are
sign with ? rpmfusion CA ? Let'sEncrypt CA ? koji also need a server
certificate from the same CA isn't it ? to allow a user upload sources
to pkgs.rpmfusion.org and request builds on koji , right ? 

Like I mention I need study a lit more, I will try study it tonight. I
just wrote my first impressions . 

> > 
> > Tomorrow I hope to continue devel this tools tomorrow.
> Thx, you are on the right path

Thanks,
-- 
Sérgio M. B.


More information about the rpmfusion-developers mailing list