Re: Not a bug (was: Re: Can't log into Koji)

2020-01-18 Thread Ken Dreyer 
On Sat, Jan 18, 2020 at 5:09 AM Richard W.M. Jones  wrote:
>
> On Sat, Jan 18, 2020 at 12:02:08PM +, Richard W.M. Jones wrote:
> >
> > $ KRB5_TRACE=/dev/stderr koji -d hello
> > 2020-01-18 12:00:47,323 [DEBUG] koji: Opening new requests session
> > 2020-01-18 12:00:47,323 [DEBUG] koji: Opening new requests session
> > 2020-01-18 12:00:47,619 [DEBUG] koji: Opening new requests session
> > 2020-01-18 12:00:47,619 [DEBUG] koji: gssapi auth failed: 
> > requests.exceptions.SSLError: 
> > HTTPSConnectionPool(host='koji.fedoraproject.org', port=443): Max retries 
> > exceeded with url: /kojihub/ssllogin (Caused by 
> > SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] 
> > certificate verify failed: unable to get local issuer certificate 
> > (_ssl.c:1108)')))
> >
> > Traceback (most recent call last):
> >   File "/usr/bin/koji", line 336, in 
> > rv = locals()[command].__call__(options, session, args)
> >   File "/usr/lib/python3.8/site-packages/koji_cli/commands.py", line 7372, 
> > in handle_moshimoshi
> > activate_session(session, options)
> >   File "/usr/lib/python3.8/site-packages/koji_cli/lib.py", line 571, in 
> > activate_session
> > session.krb_login(proxyuser=runas)
> >   File "/usr/lib/python3.8/site-packages/koji/__init__.py", line 2258, in 
> > krb_login
> > if self.gssapi_login(principal, keytab, ccache, proxyuser=proxyuser):
> >   File "/usr/lib/python3.8/site-packages/koji/__init__.py", line 2415, in 
> > gssapi_login
> > raise AuthError('unable to obtain a session')
> > koji.AuthError: unable to obtain a session
>
> Sorry, not a bug.  I remembered that I had put some alternate
> certificates into ~/.koji to access another Koji instance.

I think there is a usability RFE here. If we get an SSLError *and* the
Koji client is configured to use one specific CA bundle file on disk,
then we should log that path to the CA file we used.

- Ken
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org

Not a bug (was: Re: Can't log into Koji)

2020-01-18 Thread Richard W.M. Jones 
On Sat, Jan 18, 2020 at 12:02:08PM +, Richard W.M. Jones wrote:
> 
> $ KRB5_TRACE=/dev/stderr koji -d hello
> 2020-01-18 12:00:47,323 [DEBUG] koji: Opening new requests session
> 2020-01-18 12:00:47,323 [DEBUG] koji: Opening new requests session
> 2020-01-18 12:00:47,619 [DEBUG] koji: Opening new requests session
> 2020-01-18 12:00:47,619 [DEBUG] koji: gssapi auth failed: 
> requests.exceptions.SSLError: 
> HTTPSConnectionPool(host='koji.fedoraproject.org', port=443): Max retries 
> exceeded with url: /kojihub/ssllogin (Caused by 
> SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] 
> certificate verify failed: unable to get local issuer certificate 
> (_ssl.c:1108)')))
> 
> Traceback (most recent call last):
>   File "/usr/bin/koji", line 336, in 
> rv = locals()[command].__call__(options, session, args)
>   File "/usr/lib/python3.8/site-packages/koji_cli/commands.py", line 7372, in 
> handle_moshimoshi
> activate_session(session, options)
>   File "/usr/lib/python3.8/site-packages/koji_cli/lib.py", line 571, in 
> activate_session
> session.krb_login(proxyuser=runas)
>   File "/usr/lib/python3.8/site-packages/koji/__init__.py", line 2258, in 
> krb_login
> if self.gssapi_login(principal, keytab, ccache, proxyuser=proxyuser):
>   File "/usr/lib/python3.8/site-packages/koji/__init__.py", line 2415, in 
> gssapi_login
> raise AuthError('unable to obtain a session')
> koji.AuthError: unable to obtain a session

Sorry, not a bug.  I remembered that I had put some alternate
certificates into ~/.koji to access another Koji instance.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org