#2079 prune old docs about interaction with Fedora's koji
Merged 2 years ago by tkopecek. Opened 2 years ago by tkopecek.
tkopecek/koji issue2062  into  master

@@ -37,6 +37,10 @@ 

  many features. However, many of the read-only commands will work without



+ If you run into any problems with Fedora's instance of koji, `here

+ <https://fedoraproject.org/wiki/Join_the_package_collection_maintainers#Install_the_developer_client_tools>`__

+ is actual documentation for installing and using developer client tools.


  Alternatively, koji CLI is now also available via:


    * `Project releases tarballs <https://pagure.io/koji/releases>`__
@@ -50,71 +54,6 @@ 

    * Actual development version via Pagure's git: ``git clone



- Fedora Account System (FAS2) Setup

- ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^


- In order to interface with the koji server, maintainers will need to run


- ::


-     /usr/bin/fedora-packager-setup


- Each user on a system will need to run fedora-packager-setup if they

- wish to use Koji to build Fedora packages. Each user has their own

- certificates that authenticate them.


- .. raw:: mediawiki


-    {{admon/tip|Plague users rejoice!|For existing users of plague (the old build system that preceded Koji), <code>fedora-packager-setup</code> will use your existing certificates.  If you did not have plague before, it will get the server CA certs and tell you where to get your user cert.}}


- Fedora Certificates

- '''''''''''''''''''


- Koji uses three certificates:


- ``~/.fedora.cert`` (specific to the Fedora Maintainer) : This cert is

- generated from running ``fedora-cert -n``. It should have been generated

- when you became maintainer. You may need to refresh it when it expires

- by running ``fedora-cert -n`` again. You can check if it has expired

- with ``fedora-cert -v``.


- the following are downloaded automatically by fedora-packager-setup and

- don't need to be manually setup


- ``~/.fedora-upload-ca.cert`` (The certificate for the Certificate

- Authority used to sign the user keys.) : It can be manually downloaded

- from

- `here <https://admin.fedoraproject.org/accounts/fedora-upload-ca.cert>`__

- or ``fedora-packager-setup or fedora-cert -n`` should fetch it. using

- the CLI is preferred.

- ``~/.fedora-server-ca.cert`` (The certificate for the Certificate

- Authority used to sign the build system's server keys.) : It can be

- downloaded manually from

- `here <https://admin.fedoraproject.org/accounts/fedora-server-ca.cert>`__

- or ``fedora-packager-setup`` should fetch it. This certificate may also

- be needed to let `https koji <https://koji.fedroraproject.org>`__ URLs

- resolve without untrusted-CA warnings.


- .. warning::


-    If you're using RHEL6, an incompatibility

-    between RHEL6's openssl and nss causes certificates downloaded from fas to

-    fail to work with some fedpkg tools.

-    `Bug 631000 rhel6

-    openssl creates PKCS#8 encoded PEM RSA private key files, nss can't read

-    them <https://bugzilla.redhat.com/show_bug.cgi?id=631000>`_.  The cert can be made compatible using this command:

-    `openssl x509 -in ~/.fedora.cert -text; echo; openssl rsa -in

-    ~/.fedora.cert) > fedora.cert.new`


- .. warning::


-    You can also have problem in Fedora/RHEL if you are going to use GSSAPI

-    authentication. These distributions have changed default `rdns=false` in

-    /etc/krb5.conf. If you encounter

-    `requests_kerberos.exceptions.MutualAuthenticationError: Unable to

-    authenticate <Response [200]>` error, maybe you are hitting this problem.

-    `More info in pagure issue <https://pagure.io/koji/issue/288>`_.


  Koji Config



Fixes: https://pagure.io/koji/issue/2062

Documentation is outdated. Just installing fedora-packager package is ok today. It works out of the box.

Metadata Update from @tkopecek:
- Pull-request tagged with: doc, no_qe

2 years ago

Commit d9db047 fixes this pull-request

Pull-Request has been merged by tkopecek

2 years ago