[CentOS-devel] Community build system

Thu Jun 26 12:56:52 UTC 2014
Thomas Oulevey <thomas.oulevey at cern.ch>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi All,

The initial idea is to configure Koji and make it available to the
community.

Thanks to Karanbir/Fabian we already got the hardware and installation
is on going.

But first, we would like to ask for feedback:

1/ PKI setup, a proposal:
- - koji-web use a certificate signed by an external CA (and obviously
trusted)
- - the rest of the koji architecture (hub and kojid) will use a
self-signed CA that we'll use to also generate other certs. The
proposal is to gpg encrypt the CA within a non-public GIT repo.
Talking with Fabian, he already use this method for other
infrastructure project.
- - the clients (at the beginning git.c.o) will use self-signed CA.

This need to be discussed in the light of future integration of
different user facing tools (koji, git, etc...) and if we want to
provide koji client accesses, as Fedora project does.

2/ Hostnames to use:
- - After a round on #centos-devel, cbs.centos.org was the best we can
come up with. Comments ?
- - For the builders machine, we should decide on a decent naming as
this info appears in RPM metadata.
i.e : builder01.cbs.centos.org, builder02.cbs.centos.org, etc...
Do we want to deal with different "architecture family" within the
name (e.g ARM) ?
i.e : x86-builder01.cbs.centos.org, arm-builder01.cbs.centos.org

Your comments are very welcome!

cheers,
- -- 
Thomas 'alphacc' Oulevey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJTrBiUAAoJEH2Wn86OP8Ni5xYH/jYyRN+gr6r8v8zih/yF7fOi
INws9FC9+U+kP1r9Wsfg6Ge92uQJdX7t5G6Oom89ZcHoshVY685Cv647Es5ySkMP
ls5NBXQu92l5QcXFOSP6gcThOyd7bO7Kh5onziULmIkdDWkEdz12kBPI2bVPQqwI
JrZVTwvHSEN+5sVBccMKGYmiqFhs/qt12i/EaK2bvWCs/CRcrjyKJiHhlej3Zo+7
nSo8pwFCsq2T08FWfvnWYfjzFs8RmpFclBGakYRRyKk74TV63jKExqAL1zJGhaSF
yZxYt8XZeXrv5fdxXtKzA0WL8rf3tKN0rRC/mMcQUo28OaN53Wxuzw/YCRnN0po=
=2Hqy
-----END PGP SIGNATURE-----