how to setup the koji build system?
John Florian
john.florian at dart.biz
Tue Apr 28 12:40:38 UTC 2015
I’m sure your troubles all reside within your SSL certificates. They’re crucial for the authentication both of client and of server. Unless I’m mistaken, the only values in the certificates that you absolutely must get correct are the CN in each of the certificates. Be sure to stop and think about what the certificate is going to authenticate. If it’s to authenticate a server to a client, the CN must have the FQDN of the host providing that service. If it’s to authenticate a client, be it you or a kojid instance or kojira, the CN must match the user name Koji has in its database for that user.
I don’t want to make the problem harder for you by having to make other things work too, but you might get some insight into what’s going on by eliminating the koji client for a bit and focus on the just the SSL in your current sticking point. The koji hub is telling you it doesn’t know you or believe you to be who you purport to be – i.e., it’s failing client authentication. So you might try something like:
openssl s_client -CAfile ~/.koji/clientca.crt -cert ~/.koji/client.crt -connect koji.example.com:443
(I’m no openssl expert by any stretch of the imagination and the above is based loosely on this[1] but it works for me, albeit with my hostname, of course.)
[1] http://stackoverflow.com/questions/17203562/openssl-s-client-cert-proving-a-client-certificate-was-sent-to-the-server
PS. I can tell you that whatever expertise you gain with testing SSL authentication here will be well earned because you have much more of the same ahead of you.
--
John Florian
From: buildsys-bounces at lists.fedoraproject.org [mailto:buildsys-bounces at lists.fedoraproject.org] On Behalf Of gssxd at qq.com
Sent: Monday, April 27, 2015 19:37
To: buildsys
Subject: how to setup the koji build system?
hi, John Florian
Thanks for your information. I am using rhel7, so I have to change the default_md to sha256.
However, I still can't setup the koji build now. The new error show me is that:
[kojiadmin at koji ~]$ koji call getLoggedInUser
ProtocolError: <ProtocolError for koji.example.com/kojihub/ssllogin: 403 Forbidden>
Some additional info:
[kojiadmin at koji ~]$ hostname -f
koji.example.com
[kojiadmin at koji ~]$ ping koji.example.com
PING koji.example.com (10.9.2.35) 56(84) bytes of data.
64 bytes from koji.example.com (10.9.2.35): icmp_seq=1 ttl=64 time=0.034 ms
64 bytes from koji.example.com (10.9.2.35): icmp_seq=2 ttl=64 time=0.050 ms
The setting in /etc/koji.conf:
;configuration for koji cli tool
;url of XMLRPC server
server = http://koji.example.com/kojihub
Could you please give me any suggestions ?
Thanks very much.
________________________________
谢谢
郭双拴
From: buildsys-request<mailto:buildsys-request at lists.fedoraproject.org>
Date: 2015-04-27 21:47
To: buildsys<mailto:buildsys at lists.fedoraproject.org>
Subject: buildsys Digest, Vol 122, Issue 21
Send buildsys mailing list submissions to
buildsys at lists.fedoraproject.org<mailto:buildsys at lists.fedoraproject.org>
To subscribe or unsubscribe via the World Wide Web, visit
https://admin.fedoraproject.org/mailman/listinfo/buildsys
or, via email, send a message with subject or body 'help' to
buildsys-request at lists.fedoraproject.org<mailto:buildsys-request at lists.fedoraproject.org>
You can reach the person managing the list at
buildsys-owner at lists.fedoraproject.org<mailto:buildsys-owner at lists.fedoraproject.org>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of buildsys digest..."
Today's Topics:
1. RE: how to setup the koji build system? (John Florian)
2. RE: how to setup the koji build system? (John Florian)
----------------------------------------------------------------------
Message: 1
Date: Mon, 27 Apr 2015 13:42:09 +0000
From: John Florian <john.florian at dart.biz<mailto:john.florian at dart.biz>>
To: Discussion of Fedora build system
<buildsys at lists.fedoraproject.org<mailto:buildsys at lists.fedoraproject.org>>
Subject: RE: how to setup the koji build system?
Message-ID:
<D83E0BFAF05CE549BA2A87BB89D443CAA59878DC at USILCHEXMBX02.solo.com<mailto:D83E0BFAF05CE549BA2A87BB89D443CAA59878DC at USILCHEXMBX02.solo.com>>
Content-Type: text/plain; charset="utf-8"
> -----Original Message-----
> From: buildsys-bounces at lists.fedoraproject.org<mailto:buildsys-bounces at lists.fedoraproject.org> [mailto:buildsys-
> bounces at lists.fedoraproject.org<mailto:bounces at lists.fedoraproject.org>] On Behalf Of Sérgio Basto
> Sent: Thursday, April 23, 2015 10:41
> To: buildsys at lists.fedoraproject.org<mailto:buildsys at lists.fedoraproject.org>
> Subject: Re: how to setup the koji build system?
>
> On Qui, 2015-04-23 at 09:39 +0800, gssxd at qq.com<mailto:gssxd at qq.com> wrote:
> > Hello,
> > I want to build my own linux based on the koji build system . However
> > the koji wiki page seems to be a little bit out-of date. I followed
> > the instructions to go through all of the steps, but it alway show me
> > some failures.
> > I am using the koji-1.9.0, and I saw the wiki page was refering to the
> > version 1.3.1.
> > Is there anybody has any suggestion about the setup information? or
> > anyone can provide me the latest document about how to build the koji
> > system?
>
> I follow this page:
> http://www.devops-blog.net/koji/koji-rpm-build-system-installation-part-1
>
> also a little bit out-of date, but on comments we have good tips, to
> solve the not updated things .
>
I too have just gone through a Koji setup -- my 2nd time actually, I didn't adopt it after all the work the 1st time. Those pages are helpful, but I found I really needed a combination of the following to get going:
https://fedoraproject.org/wiki/Koji/ServerHowTo
https://wiki.nikhef.nl/grid/Koji_Testbed
and for Sigul:
http://zenit.senecac.on.ca/wiki/index.php/Sigul_Signing_Server_Setup
I did lean on the devops-blog pages too that you already mentioned.
I also found it impossible to get going without adding numerous debug messages of my own into the koji code. I encountered too many exceptions that failed to print any useful details about the current state, especially when I was trying to decode the magic of the proper setup for building from SCM. I don't fault the code or its authors though, it was created to serve a purpose for the Fedora Project and that it does. But, it's far from having the polish and documentation of the more popular FOSS packages that get so much more attention.
--
John Florian
------------------------------
Message: 2
Date: Mon, 27 Apr 2015 13:47:19 +0000
From: John Florian <john.florian at dart.biz<mailto:john.florian at dart.biz>>
To: Discussion of Fedora build system
<buildsys at lists.fedoraproject.org<mailto:buildsys at lists.fedoraproject.org>>
Subject: RE: how to setup the koji build system?
Message-ID:
<D83E0BFAF05CE549BA2A87BB89D443CAA59878F6 at USILCHEXMBX02.solo.com<mailto:D83E0BFAF05CE549BA2A87BB89D443CAA59878F6 at USILCHEXMBX02.solo.com>>
Content-Type: text/plain; charset="utf-8"
I’d bet you have the wrong value for the CN (CommonName) in one of your certificates and given what you’ve shown it’s likely your user certificate. Make sure the CN there matches the user ID you created in the Koji DB.
--
John Florian
From: buildsys-bounces at lists.fedoraproject.org<mailto:buildsys-bounces at lists.fedoraproject.org> [mailto:buildsys-bounces at lists.fedoraproject.org] On Behalf Of gssxd at qq.com<mailto:gssxd at qq.com>
Sent: Monday, April 27, 2015 01:12
To: buildsys
Subject: how to setup the koji build system?
hi,
I followed the wiki page:
https://fedoraproject.org/wiki/Koji/ServerHowTo
also, the page that Sérgio M. B. pointed out
http://www.devops-blog.net/koji/koji-rpm-build-system-installation-part-1
but, so far I still can't get it installed.
The failure I am seeing as following:
[root at www koji]# su kojiadmin
[kojiadmin at www koji]$ koji call getLoggedInUser
Error: [('asn1 encoding routines', 'ASN1_item_verify', 'unknown message digest algorithm'), ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
[kojiadmin at www koji]$
Could you please give any idea? how to fix it?
________________________________
Thanks
Suney
From: buildsys-request<mailto:buildsys-request at lists.fedoraproject.org>
Date: 2015-04-24 20:00
To: buildsys<mailto:buildsys at lists.fedoraproject.org>
Subject: buildsys Digest, Vol 122, Issue 18
Send buildsys mailing list submissions to
buildsys at lists.fedoraproject.org<mailto:buildsys at lists.fedoraproject.org<mailto:buildsys at lists.fedoraproject.org%3cmailto:buildsys at lists.fedoraproject.org>>
To subscribe or unsubscribe via the World Wide Web, visit
https://admin.fedoraproject.org/mailman/listinfo/buildsys
or, via email, send a message with subject or body 'help' to
buildsys-request at lists.fedoraproject.org<mailto:buildsys-request at lists.fedoraproject.org<mailto:buildsys-request at lists.fedoraproject.org%3cmailto:buildsys-request at lists.fedoraproject.org>>
You can reach the person managing the list at
buildsys-owner at lists.fedoraproject.org<mailto:buildsys-owner at lists.fedoraproject.org<mailto:buildsys-owner at lists.fedoraproject.org%3cmailto:buildsys-owner at lists.fedoraproject.org>>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of buildsys digest..."
Today's Topics:
1. Re: how to setup the koji build system? (Didier Fabert)
2. Re: how to setup the koji build system? (Sérgio Basto)
----------------------------------------------------------------------
Message: 1
Date: Thu, 23 Apr 2015 15:42:01 +0200
From: Didier Fabert <didier.fabert at gmail.com<mailto:didier.fabert at gmail.com<mailto:didier.fabert at gmail.com%3cmailto:didier.fabert at gmail.com>>>
To: Discussion of Fedora build system
<buildsys at lists.fedoraproject.org<mailto:buildsys at lists.fedoraproject.org<mailto:buildsys at lists.fedoraproject.org%3cmailto:buildsys at lists.fedoraproject.org>>>
Subject: Re: how to setup the koji build system?
Message-ID: <2589606.sBjckj0VDC at didier.b2pweb.com<mailto:2589606.sBjckj0VDC at didier.b2pweb.com<mailto:2589606.sBjckj0VDC at didier.b2pweb.com%3cmailto:2589606.sBjckj0VDC at didier.b2pweb.com>>>
Content-Type: text/plain; charset="us-ascii"
Hi,
Do you talking about this wiki page:
https://fedoraproject.org/wiki/Koji/ServerHowTo ?
I recently upgrade my personnal koji from el6 to el7 and all rock's without
any problem (excepting sigul but it's a another story).
What are your failures exactly ? During install, bootstrap or first use ?
On Thursday 23 April 2015 09:39:38 gssxd at qq.com<mailto:gssxd at qq.com<mailto:gssxd at qq.com%3cmailto:gssxd at qq.com>> wrote:
> Hello,
> I want to build my own linux based on the koji build system . However the
> koji wiki page seems to be a little bit out-of date. I followed the
> instructions to go through all of the steps, but it alway show me some
> failures.
> I am using the koji-1.9.0, and I saw the wiki page was refering
> to the version 1.3.1. Is there anybody has any suggestion about the setup
> information? or anyone can provide me the latest document about how to
> build the koji system?
> Thanks very much.
>
> Thanks
> Suney
------------------------------
Message: 2
Date: Thu, 23 Apr 2015 15:40:52 +0100
From: Sérgio Basto <sergio at serjux.com<mailto:sergio at serjux.com<mailto:sergio at serjux.com%3cmailto:sergio at serjux.com>>>
To: buildsys at lists.fedoraproject.org<mailto:buildsys at lists.fedoraproject.org<mailto:buildsys at lists.fedoraproject.org%3cmailto:buildsys at lists.fedoraproject.org>>
Subject: Re: how to setup the koji build system?
Message-ID: <1429800052.29728.14.camel at serjux.com<mailto:1429800052.29728.14.camel at serjux.com<mailto:1429800052.29728.14.camel at serjux.com%3cmailto:1429800052.29728.14.camel at serjux.com>>>
Content-Type: text/plain; charset="ISO-8859-15"
On Qui, 2015-04-23 at 09:39 +0800, gssxd at qq.com<mailto:gssxd at qq.com<mailto:gssxd at qq.com%3cmailto:gssxd at qq.com>> wrote:
> Hello,
> I want to build my own linux based on the koji build system . However
> the koji wiki page seems to be a little bit out-of date. I followed
> the instructions to go through all of the steps, but it alway show me
> some failures.
> I am using the koji-1.9.0, and I saw the wiki page was refering to the
> version 1.3.1.
> Is there anybody has any suggestion about the setup information? or
> anyone can provide me the latest document about how to build the koji
> system?
I follow this page:
http://www.devops-blog.net/koji/koji-rpm-build-system-installation-part-1
also a little bit out-of date, but on comments we have good tips, to
solve the not updated things .
Best regards,
--
Sérgio M. B.
------------------------------
--
buildsys mailing list
buildsys at lists.fedoraproject.org<mailto:buildsys at lists.fedoraproject.org<mailto:buildsys at lists.fedoraproject.org%3cmailto:buildsys at lists.fedoraproject.org>>
https://admin.fedoraproject.org/mailman/listinfo/buildsys
End of buildsys Digest, Vol 122, Issue 18
*****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/buildsys/attachments/20150427/00d1b2f9/attachment.html>
------------------------------
--
buildsys mailing list
buildsys at lists.fedoraproject.org<mailto:buildsys at lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/buildsys
End of buildsys Digest, Vol 122, Issue 21
*****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/buildsys/attachments/20150428/86a2ee03/attachment-0001.html>
More information about the buildsys
mailing list