On 2009-07-25 03:53:23 AM, Jesse Keating wrote:
There is a bridge that clients communicate with (and I'm
thinking
of forcing this through an ssh tunnel through bastion) and that
interacts with koji. There is also the server itself that has
the gpg keys on it and does the signing action. The server
initiates a connection to the bridge, so only the bridge has to
listen for connections.
I think I have this mostly setup right, but I'd like some more eyes
on it before I commit. Thanks!
Looks excellent to me, my only two comments are
that you might want to
make the files:
/var/lib/sigul/.fedora-server-ca.cert
/var/lib/sigul/.fedora.cert
require => Package["sigul"],
as well since they require the /var/lib/sigul directory (which I assume
is provided by the package).
Thanks,
Ricky