I’m sure your troubles all reside within your SSL certificates. They’re crucial for the authentication both of client and of server. Unless I’m mistaken, the only values in the certificates that you absolutely must get correct are the CN in each of the certificates. Be sure to stop and think about what the certificate is going to authenticate. If it’s to authenticate a server to a client, the CN must have the FQDN of the host providing that service. If it’s to authenticate a client, be it you or a kojid instance or kojira, the CN must match the user name Koji has in its database for that user.
I don’t want to make the problem harder for you by having to make other things work too, but you might get some insight into what’s going on by eliminating the koji client for a bit and focus on the just the SSL in your current sticking point. The koji hub is telling you it doesn’t know you or believe you to be who you purport to be – i.e., it’s failing client authentication. So you might try something like: openssl s_client -CAfile ~/.koji/clientca.crt -cert ~/.koji/client.crt -connect koji.example.com:443 (I’m no openssl expert by any stretch of the imagination and the above is based loosely on this[1] but it works for me, albeit with my hostname, of course.) [1] http://stackoverflow.com/questions/17203562/openssl-s-client-cert-proving-a-client-certificate-was-sent-to-the-server PS. I can tell you that whatever expertise you gain with testing SSL authentication here will be well earned because you have much more of the same ahead of you. -- John Florian From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Monday, April 27, 2015 19:37 To: buildsys Subject: how to setup the koji build system? hi, John Florian Thanks for your information. I am using rhel7, so I have to change the default_md to sha256. However, I still can't setup the koji build now. The new error show me is that: [kojiadmin@koji ~]$ koji call getLoggedInUser ProtocolError: <ProtocolError for koji.example.com/kojihub/ssllogin: 403 Forbidden> Some additional info: [kojiadmin@koji ~]$ hostname -f koji.example.com [kojiadmin@koji ~]$ ping koji.example.com PING koji.example.com (10.9.2.35) 56(84) bytes of data. 64 bytes from koji.example.com (10.9.2.35): icmp_seq=1 ttl=64 time=0.034 ms 64 bytes from koji.example.com (10.9.2.35): icmp_seq=2 ttl=64 time=0.050 ms The setting in /etc/koji.conf: ;configuration for koji cli tool ;url of XMLRPC server server = http://koji.example.com/kojihub Could you please give me any suggestions ? Thanks very much. ________________________________ 谢谢 郭双拴 From: buildsys-request<mailto:[email protected]> Date: 2015-04-27 21:47 To: buildsys<mailto:[email protected]> Subject: buildsys Digest, Vol 122, Issue 21 Send buildsys mailing list submissions to [email protected]<mailto:[email protected]> To subscribe or unsubscribe via the World Wide Web, visit https://admin.fedoraproject.org/mailman/listinfo/buildsys or, via email, send a message with subject or body 'help' to [email protected]<mailto:[email protected]> You can reach the person managing the list at [email protected]<mailto:[email protected]> When replying, please edit your Subject line so it is more specific than "Re: Contents of buildsys digest..." Today's Topics: 1. RE: how to setup the koji build system? (John Florian) 2. RE: how to setup the koji build system? (John Florian) ---------------------------------------------------------------------- Message: 1 Date: Mon, 27 Apr 2015 13:42:09 +0000 From: John Florian <[email protected]<mailto:[email protected]>> To: Discussion of Fedora build system <[email protected]<mailto:[email protected]>> Subject: RE: how to setup the koji build system? Message-ID: <[email protected]<mailto:[email protected]>> Content-Type: text/plain; charset="utf-8" > -----Original Message----- > From: > [email protected]<mailto:[email protected]> > [mailto:buildsys- > [email protected]<mailto:[email protected]>] On > Behalf Of Sérgio Basto > Sent: Thursday, April 23, 2015 10:41 > To: [email protected]<mailto:[email protected]> > Subject: Re: how to setup the koji build system? > > On Qui, 2015-04-23 at 09:39 +0800, [email protected]<mailto:[email protected]> wrote: > > Hello, > > I want to build my own linux based on the koji build system . However > > the koji wiki page seems to be a little bit out-of date. I followed > > the instructions to go through all of the steps, but it alway show me > > some failures. > > I am using the koji-1.9.0, and I saw the wiki page was refering to the > > version 1.3.1. > > Is there anybody has any suggestion about the setup information? or > > anyone can provide me the latest document about how to build the koji > > system? > > I follow this page: > http://www.devops-blog.net/koji/koji-rpm-build-system-installation-part-1 > > also a little bit out-of date, but on comments we have good tips, to > solve the not updated things . > I too have just gone through a Koji setup -- my 2nd time actually, I didn't adopt it after all the work the 1st time. Those pages are helpful, but I found I really needed a combination of the following to get going: https://fedoraproject.org/wiki/Koji/ServerHowTo https://wiki.nikhef.nl/grid/Koji_Testbed and for Sigul: http://zenit.senecac.on.ca/wiki/index.php/Sigul_Signing_Server_Setup I did lean on the devops-blog pages too that you already mentioned. I also found it impossible to get going without adding numerous debug messages of my own into the koji code. I encountered too many exceptions that failed to print any useful details about the current state, especially when I was trying to decode the magic of the proper setup for building from SCM. I don't fault the code or its authors though, it was created to serve a purpose for the Fedora Project and that it does. But, it's far from having the polish and documentation of the more popular FOSS packages that get so much more attention. -- John Florian ------------------------------ Message: 2 Date: Mon, 27 Apr 2015 13:47:19 +0000 From: John Florian <[email protected]<mailto:[email protected]>> To: Discussion of Fedora build system <[email protected]<mailto:[email protected]>> Subject: RE: how to setup the koji build system? Message-ID: <[email protected]<mailto:[email protected]>> Content-Type: text/plain; charset="utf-8" I’d bet you have the wrong value for the CN (CommonName) in one of your certificates and given what you’ve shown it’s likely your user certificate. Make sure the CN there matches the user ID you created in the Koji DB. -- John Florian From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of [email protected]<mailto:[email protected]> Sent: Monday, April 27, 2015 01:12 To: buildsys Subject: how to setup the koji build system? hi, I followed the wiki page: https://fedoraproject.org/wiki/Koji/ServerHowTo also, the page that Sérgio M. B. pointed out http://www.devops-blog.net/koji/koji-rpm-build-system-installation-part-1 but, so far I still can't get it installed. The failure I am seeing as following: [root@www koji]# su kojiadmin [kojiadmin@www koji]$ koji call getLoggedInUser Error: [('asn1 encoding routines', 'ASN1_item_verify', 'unknown message digest algorithm'), ('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')] [kojiadmin@www koji]$ Could you please give any idea? how to fix it? ________________________________ Thanks Suney From: buildsys-request<mailto:[email protected]> Date: 2015-04-24 20:00 To: buildsys<mailto:[email protected]> Subject: buildsys Digest, Vol 122, Issue 18 Send buildsys mailing list submissions to [email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>> To subscribe or unsubscribe via the World Wide Web, visit https://admin.fedoraproject.org/mailman/listinfo/buildsys or, via email, send a message with subject or body 'help' to [email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>> You can reach the person managing the list at [email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>> When replying, please edit your Subject line so it is more specific than "Re: Contents of buildsys digest..." Today's Topics: 1. Re: how to setup the koji build system? (Didier Fabert) 2. Re: how to setup the koji build system? (Sérgio Basto) ---------------------------------------------------------------------- Message: 1 Date: Thu, 23 Apr 2015 15:42:01 +0200 From: Didier Fabert <[email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>>> To: Discussion of Fedora build system <[email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>>> Subject: Re: how to setup the koji build system? Message-ID: <[email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>>> Content-Type: text/plain; charset="us-ascii" Hi, Do you talking about this wiki page: https://fedoraproject.org/wiki/Koji/ServerHowTo ? I recently upgrade my personnal koji from el6 to el7 and all rock's without any problem (excepting sigul but it's a another story). What are your failures exactly ? During install, bootstrap or first use ? On Thursday 23 April 2015 09:39:38 [email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>> wrote: > Hello, > I want to build my own linux based on the koji build system . However the > koji wiki page seems to be a little bit out-of date. I followed the > instructions to go through all of the steps, but it alway show me some > failures. > I am using the koji-1.9.0, and I saw the wiki page was refering > to the version 1.3.1. Is there anybody has any suggestion about the setup > information? or anyone can provide me the latest document about how to > build the koji system? > Thanks very much. > > Thanks > Suney ------------------------------ Message: 2 Date: Thu, 23 Apr 2015 15:40:52 +0100 From: Sérgio Basto <[email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>>> To: [email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>> Subject: Re: how to setup the koji build system? Message-ID: <[email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>>> Content-Type: text/plain; charset="ISO-8859-15" On Qui, 2015-04-23 at 09:39 +0800, [email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>> wrote: > Hello, > I want to build my own linux based on the koji build system . However > the koji wiki page seems to be a little bit out-of date. I followed > the instructions to go through all of the steps, but it alway show me > some failures. > I am using the koji-1.9.0, and I saw the wiki page was refering to the > version 1.3.1. > Is there anybody has any suggestion about the setup information? or > anyone can provide me the latest document about how to build the koji > system? I follow this page: http://www.devops-blog.net/koji/koji-rpm-build-system-installation-part-1 also a little bit out-of date, but on comments we have good tips, to solve the not updated things . Best regards, -- Sérgio M. B. ------------------------------ -- buildsys mailing list [email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:[email protected]>> https://admin.fedoraproject.org/mailman/listinfo/buildsys End of buildsys Digest, Vol 122, Issue 18 ***************************************** -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.fedoraproject.org/pipermail/buildsys/attachments/20150427/00d1b2f9/attachment.html> ------------------------------ -- buildsys mailing list [email protected]<mailto:[email protected]> https://admin.fedoraproject.org/mailman/listinfo/buildsys End of buildsys Digest, Vol 122, Issue 21 *****************************************
-- buildsys mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/buildsys
