[CentOS-devel] Community build system

Jeff Sheltren

jeff at tag1consulting.com
Thu Jun 26 13:22:52 UTC 2014


On Thu, Jun 26, 2014 at 5:56 AM, Thomas Oulevey <thomas.oulevey at cern.ch>
wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi All,
>
> The initial idea is to configure Koji and make it available to the
> community.
>
> Thanks to Karanbir/Fabian we already got the hardware and installation
> is on going.
>
> But first, we would like to ask for feedback:
>
> 1/ PKI setup, a proposal:
> - - koji-web use a certificate signed by an external CA (and obviously
> trusted)
> - - the rest of the koji architecture (hub and kojid) will use a
> self-signed CA that we'll use to also generate other certs. The
> proposal is to gpg encrypt the CA within a non-public GIT repo.
> Talking with Fabian, he already use this method for other
> infrastructure project.
> - - the clients (at the beginning git.c.o) will use self-signed CA.
>
> This need to be discussed in the light of future integration of
> different user facing tools (koji, git, etc...) and if we want to
> provide koji client accesses, as Fedora project does.
>
> 2/ Hostnames to use:
> - - After a round on #centos-devel, cbs.centos.org was the best we can
> come up with. Comments ?
> - - For the builders machine, we should decide on a decent naming as
> this info appears in RPM metadata.
> i.e : builder01.cbs.centos.org, builder02.cbs.centos.org, etc...
> Do we want to deal with different "architecture family" within the
> name (e.g ARM) ?
> i.e : x86-builder01.cbs.centos.org, arm-builder01.cbs.centos.org
>
> Your comments are very welcome!
>
> cheers,
>
>
+1 on the PKI setup.

For the hostnames, I don't see a reason the architecture is needed in the
hostname.

-Jeff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140626/2398e19b/attachment-0003.html>


More information about the CentOS-devel mailing list