From 77edc71aac2d8c44c1f507aca5ce28f44a446abd Mon Sep 17 00:00:00 2001 From: Tomas Kopecek Date: Mar 12 2020 11:36:07 +0000 Subject: prune old docs about interaction with Fedora's koji Fixes: https://pagure.io/koji/issue/2062 --- diff --git a/docs/source/using_the_koji_build_system.rst b/docs/source/using_the_koji_build_system.rst index 7517307..bdd1b01 100644 --- a/docs/source/using_the_koji_build_system.rst +++ b/docs/source/using_the_koji_build_system.rst @@ -37,6 +37,10 @@ available. You will need to have a valid authentication token to use many features. However, many of the read-only commands will work without authentication. +If you run into any problems with Fedora's instance of koji, `here +`__ +is actual documentation for installing and using developer client tools. + Alternatively, koji CLI is now also available via: * `Project releases tarballs `__ @@ -50,71 +54,6 @@ Alternatively, koji CLI is now also available via: * Actual development version via Pagure's git: ``git clone https://pagure.io/koji.git`` -Fedora Account System (FAS2) Setup -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -In order to interface with the koji server, maintainers will need to run - -:: - - /usr/bin/fedora-packager-setup - -Each user on a system will need to run fedora-packager-setup if they -wish to use Koji to build Fedora packages. Each user has their own -certificates that authenticate them. - -.. raw:: mediawiki - - {{admon/tip|Plague users rejoice!|For existing users of plague (the old build system that preceded Koji), fedora-packager-setup will use your existing certificates. If you did not have plague before, it will get the server CA certs and tell you where to get your user cert.}} - -Fedora Certificates -''''''''''''''''''' - -Koji uses three certificates: - -``~/.fedora.cert`` (specific to the Fedora Maintainer) : This cert is -generated from running ``fedora-cert -n``. It should have been generated -when you became maintainer. You may need to refresh it when it expires -by running ``fedora-cert -n`` again. You can check if it has expired -with ``fedora-cert -v``. - -the following are downloaded automatically by fedora-packager-setup and -don't need to be manually setup - -``~/.fedora-upload-ca.cert`` (The certificate for the Certificate -Authority used to sign the user keys.) : It can be manually downloaded -from -`here `__ -or ``fedora-packager-setup or fedora-cert -n`` should fetch it. using -the CLI is preferred. -``~/.fedora-server-ca.cert`` (The certificate for the Certificate -Authority used to sign the build system's server keys.) : It can be -downloaded manually from -`here `__ -or ``fedora-packager-setup`` should fetch it. This certificate may also -be needed to let `https koji `__ URLs -resolve without untrusted-CA warnings. - -.. warning:: - - If you're using RHEL6, an incompatibility - between RHEL6's openssl and nss causes certificates downloaded from fas to - fail to work with some fedpkg tools. - `Bug 631000 rhel6 - openssl creates PKCS#8 encoded PEM RSA private key files, nss can't read - them `_. The cert can be made compatible using this command: - `openssl x509 -in ~/.fedora.cert -text; echo; openssl rsa -in - ~/.fedora.cert) > fedora.cert.new` - -.. warning:: - - You can also have problem in Fedora/RHEL if you are going to use GSSAPI - authentication. These distributions have changed default `rdns=false` in - /etc/krb5.conf. If you encounter - `requests_kerberos.exceptions.MutualAuthenticationError: Unable to - authenticate ` error, maybe you are hitting this problem. - `More info in pagure issue `_. - Koji Config ^^^^^^^^^^^