From 30dd97569ccdaabfeb61a7bf2a84e5dab7fe6942 Mon Sep 17 00:00:00 2001 From: Andrei Stepanov Date: Jan 18 2019 13:02:35 +0000 Subject: Add paragraph about OIDC auth from VM/remote host. Signed-off-by: Andrei Stepanov --- diff --git a/modules/ROOT/pages/making-modules/building-modules.adoc b/modules/ROOT/pages/making-modules/building-modules.adoc index 592e3c8..d75681f 100644 --- a/modules/ROOT/pages/making-modules/building-modules.adoc +++ b/modules/ROOT/pages/making-modules/building-modules.adoc @@ -28,6 +28,40 @@ You can also watch the build(s) on Fedora Module build service: https://release-engineering.github.io/mbs-ui/modules +== Submitting module build from VM or remote host + ++fedpkg module-build+ requires authorization to MBS. +Fedora infra uses +OpenID Connect (OIDC)+ authorization for web applications. ++fedpkg+ authorizes to MBS with next steps: + +.+fedpkg+ prints to terminal URL, something like: + +--- +Please visit https://id.fedoraproject.org/openidc/Authorization?scope=openid+https%3A%2F%2Fid.fedoraproject.org%2Fscope%2Fgroups+https%3A%2F%2Fmbs.fedoraproject.org%2Foidc%2Fsubmit-build&response_type=code&client_id=mbs-authorizer&redirect_uri=http%3A%2F%2Flocalhost%3A12345%2F&response_mode=query to grant authorization +--- + +.You must open it in your Firefox/Chrome/etc.. +.After auth step your browser will complain with: + +--- +This site can’t be reached localhost refused to connect. +Search Google for localhost 12345 +ERR_CONNECTION_REFUSED +--- + +.Your browser at this point in address-line will have URL: + +--- +http://localhost:12345/?code=7c35ded4-054b-4df0-9151-7ef12c7fb838_xe3JWkvf_sL1UyLOzftHJZ3uIlfOo00N +--- + +.At this point +fedpkg+ waits on port 12345 of your VM for incoming connection from OpenID IdP (identity provider). +.While +fedpkg+ waits for incoming OIDC answer from IdP, imitate it with curl in parallel terminal: + +--- +$ curl 'http://localhost:12345/?code=7c35ded4-054b-4df0-9151-7ef12c7fb838_xe3JWkvf_sL1UyLOzftHJZ3uIlfOo00N' +--- + == Rebuild strategies In case you want to control which packages get rebuilt and which get reused, you can enforce a specific rebuild strategy while submitting a build.