Koji running on RHEL / CentOS 7
Sérgio Basto
sergio at serjux.com
Mon Mar 9 22:51:36 UTC 2015
On Sex, 2015-01-30 at 18:29 +0000, Allen Hewes wrote:
> >
> > el7 have md5 disable and if you have your ssl certificates with
> > 'default_md=md5' parameter, you must recreate your pki with this
> > parameter to
> > sha1 or better sha256 in your ssl.cnf
> > (http://fedoraproject.org/wiki/Koji/ServerHowTo).
> >
> > to be sure that's the problem:
> > OPENSSL_ENABLE_MD5_VERIFY=1 koji regen-repo el5-decisiv
> >
> > if this command run successfully, you know what to do ...
>
> Hi Didier,
>
> Yep, I knew this. I remembered the e-mail on the list. Also, I didn't move/use any of my current Koji configuration files from my running instance. I made a new Koji instance from scratch. I made sure to use the SHA256 crypto. It's also the crypto specified the example ssl.cnf on the Fedora documentation link you sent.
>
> Also, koji commands work. It's just the polling watching function doesn't unless I rescue the OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF'). From what I can find out, this is a NO-OP situation that isn't currently handled in Koji's code. The koji client *is* authenticating via SSL but then the polling (watching the task/request) doesn't work.
>
> I see the same "Unexpected EOF" (unless I rescue it) in /var/log/kojid.log:
> 2015-01-29 03:12:50,257 [INFO] koji: Try #1 for call 362 (listBuildroots) failed: (-1, 'Unexpected EOF')
>
> I will double check the SSL certs but I am confident that I would get a different error message.
yeap koji server now needs to be build in a sha256 certs and I'm getting
same problem on Fedora 21 with all updates-testing available for this
area
your patch mention in first message of this thread works great and I
could bootstrap one koji server ( with self signed certificates )
it also looks like this bug
https://bugzilla.redhat.com/show_bug.cgi?id=1186994
Thanks,
--
Sérgio M. B.
More information about the buildsys
mailing list