How to use purchased certificate in koji?
by Viacheslav Dubrovskyi
Hi,
I have a wildcard certificate purchased in the certification center.
And I have koji with self-signed certificates and authentication by
certificates.
How can I use not self-signed certificate in web interface koji? So that
the browser does not complain that the certificate is self-signed.
If I set my wildcard certificate
SSLCertificateFile /etc/pki/koji/oro_cloud/wildcard.cloud.crt
SSLCertificateKeyFile /etc/pki/koji/oro_cloud/wildcard.cloud.key
I get the error:
Error
An error has occurred while processing your request.
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:579)
Traceback (most recent call last):
File "/usr/share/koji-web/scripts/wsgi_publisher.py", line 368, in
handle_request
result = func(environ, **data)
File "/usr/share/koji-web/scripts/index.py", line 241, in login
if not _sslLogin(environ, session, username):
File "/usr/share/koji-web/scripts/index.py", line 126, in _sslLogin
proxyuser=username)
File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2312,
in ssl_login
sinfo = self.callMethod('sslLogin', proxyuser)
File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2360,
in callMethod
return self._callMethod(name, args, opts)
File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2478,
in _callMethod
return self._sendCall(handler, headers, request)
File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2391,
in _sendCall
return self._sendOneCall(handler, headers, request)
File "/usr/lib/python2.7/site-packages/koji/__init__.py", line 2436,
in _sendOneCall
r = self.rsession.post(handler, **callopts)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line
507, in post
return self.request('POST', url, data=data, json=json, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line
464, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/site-packages/requests/sessions.py", line
576, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/site-packages/requests/adapters.py", line
431, in send
raise SSLError(e, request=request)
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:579)
Thank you!
--
WBD,
Viacheslav Dubrovskyi
5 years, 9 months
mock 1.4.9
by Miroslav Suchý
Hi,
I just released new version of mock. From the release notes:
https://github.com/rpm-software-management/mock/wiki/Release-Notes-1.4.9
Note:
In this release, there are several fixes to bootstrap feature. This is especially important for users who run Mock on
EL7. Rich dependencies are now allowed in Fedora and maintainers are starting to use them. So sooner or later, you will
be unable to build packages for Fedoras on EL7 host. Unless you start using bootstrap feature (`--bootstrap-chroot`),
which is still by default off.
Features:
* Stdout and stderr in build.log has been split. All stderr output lines are prefixed by `BUILDSTDERR:`
* There is a new config option `opstimeout`:
```
# Set timeout in seconds for common mock operations
# if 0 is set, then no time limit is used
# config_opts['opstimeout'] = 0
```
The default is 0, which means that Mock is waiting until command exit.
Bugfixes:
* Builds for EL5 are working again - EL5 is sensitive to order of params of adduser
[RHBZ#1535328](https://bugzilla.redhat.com/show_bug.cgi?id=1535328)
* Use correct builddep when bootstrap is used. Additionally, ccache is not installed into bootstrap chroot.
[RHBZ#1540813](https://bugzilla.redhat.com/show_bug.cgi?id=1540813).
* User defined mounts are not mounted in bootstrap chroot.
* Detect if essential mounts are already mounted - previously, mock assumed that essential mounts (procfs, sysfs) are
never mounted when mock starts up. That's not true, as multiple non-destructive mock processes are allowed (`--shell`,
`--install`, etc.) to run concurrently. So when you use `mock --shell` and do a `mock --install` in parallel, it breaks
your shell, because it unmounts its proc. This improves the situation by first asking whether the mounts aren't there
already.
* fix quoting in sign_opts example in site-defaults.cfg [RHBZ#1537797](https://bugzilla.redhat.com/show_bug.cgi?id=1537797).
* Honor the "cwd" flag when nspawn is being used and "chrootPath" is not set.
* Do not produce a warning when we are using different PM for a bootstrap container.
* Default for config_opts['dnf_warning'] in site-defaults.cfg according to docs.
Additionally, there are several major changes in mock-core-config. This package is independent now, and a new version
has been released two weeks ago and will be pushed to Fedora stable next week. I will repeat here changes in that package:
* Fedora 28 configs has been added.
* `failovermethod=priority` has been removed for repos which use DNF. This is the only method which DNF recognize and it
cannot be changed.
* Set `skip_if_unavailable=False` for all repos. If a repository is unreachable, then build fails.
Following contributors contributed to this release:
* Barak Korren
* Michael Simacek
* Mikhail Campos Guadamuz
* mprahl
* Pavel Raiskup
* Todd Zullinger
Thank you.
5 years, 9 months