[CentOS-devel] Community build system

Thu Jun 26 13:04:30 UTC 2014
Bojtos Péter <ptr at ulx.hu>

Hi all, 

just be careful with the self signed certs to use at least SHA256, not MD5, since openssl in Red Hat 7 does not support MD5 any more. 
For example if you want to run RHEL7/Centos7 as koji builder, you will have a problem with MD5 certs. I had the same problem with an existing koji and RHEL7 builders. :) 

Cheers, 
Peter Bojtos 
ULX Ltd. 

----- Eredeti üzenet -----

> Feladó: "Thomas Oulevey" <thomas.oulevey at cern.ch>
> Címzett: centos-devel at centos.org
> Elküldött üzenetek: Csütörtök, 2014. Június 26. 14:56:52
> Tárgy: [CentOS-devel] Community build system

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

> Hi All,

> The initial idea is to configure Koji and make it available to the
> community.

> Thanks to Karanbir/Fabian we already got the hardware and installation
> is on going.

> But first, we would like to ask for feedback:

> 1/ PKI setup, a proposal:
> - - koji-web use a certificate signed by an external CA (and obviously
> trusted)
> - - the rest of the koji architecture (hub and kojid) will use a
> self-signed CA that we'll use to also generate other certs. The
> proposal is to gpg encrypt the CA within a non-public GIT repo.
> Talking with Fabian, he already use this method for other
> infrastructure project.
> - - the clients (at the beginning git.c.o) will use self-signed CA.

> This need to be discussed in the light of future integration of
> different user facing tools (koji, git, etc...) and if we want to
> provide koji client accesses, as Fedora project does.

> 2/ Hostnames to use:
> - - After a round on #centos-devel, cbs.centos.org was the best we can
> come up with. Comments ?
> - - For the builders machine, we should decide on a decent naming as
> this info appears in RPM metadata.
> i.e : builder01.cbs.centos.org, builder02.cbs.centos.org, etc...
> Do we want to deal with different "architecture family" within the
> name (e.g ARM) ?
> i.e : x86-builder01.cbs.centos.org, arm-builder01.cbs.centos.org

> Your comments are very welcome!

> cheers,
> - --
> Thomas 'alphacc' Oulevey
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

> iQEcBAEBAgAGBQJTrBiUAAoJEH2Wn86OP8Ni5xYH/jYyRN+gr6r8v8zih/yF7fOi
> INws9FC9+U+kP1r9Wsfg6Ge92uQJdX7t5G6Oom89ZcHoshVY685Cv647Es5ySkMP
> ls5NBXQu92l5QcXFOSP6gcThOyd7bO7Kh5onziULmIkdDWkEdz12kBPI2bVPQqwI
> JrZVTwvHSEN+5sVBccMKGYmiqFhs/qt12i/EaK2bvWCs/CRcrjyKJiHhlej3Zo+7
> nSo8pwFCsq2T08FWfvnWYfjzFs8RmpFclBGakYRRyKk74TV63jKExqAL1zJGhaSF
> yZxYt8XZeXrv5fdxXtKzA0WL8rf3tKN0rRC/mMcQUo28OaN53Wxuzw/YCRnN0po=
> =2Hqy
> -----END PGP SIGNATURE-----
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> http://lists.centos.org/mailman/listinfo/centos-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140626/9b7e4f89/attachment-0007.html>