[CentOS-devel] Community build system
Bojtos Péter
ptr at ulx.hu
Thu Jun 26 13:04:30 UTC 2014
Hi all,
just be careful with the self signed certs to use at least SHA256, not MD5, since openssl in Red Hat 7 does not support MD5 any more.
For example if you want to run RHEL7/Centos7 as koji builder, you will have a problem with MD5 certs. I had the same problem with an existing koji and RHEL7 builders. :)
Cheers,
Peter Bojtos
ULX Ltd.
----- Eredeti üzenet -----
> Feladó: "Thomas Oulevey" <thomas.oulevey at cern.ch>
> Címzett: centos-devel at centos.org
> Elküldött üzenetek: Csütörtök, 2014. Június 26. 14:56:52
> Tárgy: [CentOS-devel] Community build system
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hi All,
> The initial idea is to configure Koji and make it available to the
> community.
> Thanks to Karanbir/Fabian we already got the hardware and installation
> is on going.
> But first, we would like to ask for feedback:
> 1/ PKI setup, a proposal:
> - - koji-web use a certificate signed by an external CA (and obviously
> trusted)
> - - the rest of the koji architecture (hub and kojid) will use a
> self-signed CA that we'll use to also generate other certs. The
> proposal is to gpg encrypt the CA within a non-public GIT repo.
> Talking with Fabian, he already use this method for other
> infrastructure project.
> - - the clients (at the beginning git.c.o) will use self-signed CA.
> This need to be discussed in the light of future integration of
> different user facing tools (koji, git, etc...) and if we want to
> provide koji client accesses, as Fedora project does.
> 2/ Hostnames to use:
> - - After a round on #centos-devel, cbs.centos.org was the best we can
> come up with. Comments ?
> - - For the builders machine, we should decide on a decent naming as
> this info appears in RPM metadata.
> i.e : builder01.cbs.centos.org, builder02.cbs.centos.org, etc...
> Do we want to deal with different "architecture family" within the
> name (e.g ARM) ?
> i.e : x86-builder01.cbs.centos.org, arm-builder01.cbs.centos.org
> Your comments are very welcome!
> cheers,
> - --
> Thomas 'alphacc' Oulevey
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> iQEcBAEBAgAGBQJTrBiUAAoJEH2Wn86OP8Ni5xYH/jYyRN+gr6r8v8zih/yF7fOi
> INws9FC9+U+kP1r9Wsfg6Ge92uQJdX7t5G6Oom89ZcHoshVY685Cv647Es5ySkMP
> ls5NBXQu92l5QcXFOSP6gcThOyd7bO7Kh5onziULmIkdDWkEdz12kBPI2bVPQqwI
> JrZVTwvHSEN+5sVBccMKGYmiqFhs/qt12i/EaK2bvWCs/CRcrjyKJiHhlej3Zo+7
> nSo8pwFCsq2T08FWfvnWYfjzFs8RmpFclBGakYRRyKk74TV63jKExqAL1zJGhaSF
> yZxYt8XZeXrv5fdxXtKzA0WL8rf3tKN0rRC/mMcQUo28OaN53Wxuzw/YCRnN0po=
> =2Hqy
> -----END PGP SIGNATURE-----
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> http://lists.centos.org/mailman/listinfo/centos-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140626/9b7e4f89/attachment.html>
More information about the CentOS-devel
mailing list