From 969dc63c91f449034dd80883c7f849f5a2fb7ab3 Mon Sep 17 00:00:00 2001 From: Mohan Boddu Date: Dec 21 2016 16:15:10 +0000 Subject: [PATCH 1/2] Adding kerberos authentication Signed-off-by: Mohan Boddu --- diff --git a/scripts/block_retired.py b/scripts/block_retired.py index 2a9d2f6..1ca6d8e 100755 --- a/scripts/block_retired.py +++ b/scripts/block_retired.py @@ -26,11 +26,6 @@ STAGING_PKGDB = "https://admin.stg.fedoraproject.org/pkgdb" PRODUCTION_KOJI = "https://koji.fedoraproject.org/kojihub" STAGING_KOJI = "https://koji.stg.fedoraproject.org/kojihub" -# Should probably set these from a koji config file -SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert') -CLIENTCA = os.path.expanduser('~/.fedora-upload-ca.cert') -CLIENTCERT = os.path.expanduser('~/.fedora.cert') - class ReleaseMapper(object): BRANCHNAME = 0 @@ -84,8 +79,8 @@ def get_packages(tag, staging=False): Get a list of all blocked and unblocked packages in a branch. """ url = PRODUCTION_KOJI if not staging else STAGING_KOJI - kojisession = koji.ClientSession(url) - kojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA) + kojisession = koji.ClientSession(url, {'krb_rdns': False}) + kojisession.krb_login() pkglist = kojisession.listPackages(tagID=tag, inherited=True) blocked = [] unblocked = [] diff --git a/scripts/build-current.py b/scripts/build-current.py index f0699ae..e7f92b8 100755 --- a/scripts/build-current.py +++ b/scripts/build-current.py @@ -19,11 +19,6 @@ LOCALKOJIHUB = 'http://arm.koji.fedoraproject.org/kojihub' REMOTEKOJIHUB = 'http://koji.fedoraproject.org/kojihub' PACKAGEURL = 'http://kojipkgs.fedoraproject.org/' -# Should probably set these from a koji config file -SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert') -CLIENTCA = os.path.expanduser('~/.fedora-server-ca.cert') -CLIENTCERT = os.path.expanduser('~/.fedora.cert') - workpath = '/tmp/build-recent' loglevel = logging.DEBUG @@ -139,9 +134,9 @@ def importBuild(build, rpms, buildinfo, tag=None): # setup the koji session logging.info('Setting up koji session') -localkojisession = koji.ClientSession(LOCALKOJIHUB) -remotekojisession = koji.ClientSession(REMOTEKOJIHUB) -localkojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA) +localkojisession = koji.ClientSession(LOCALKOJIHUB, {'krb_rdns': False}) +remotekojisession = koji.ClientSession(REMOTEKOJIHUB, {'krb_rdns': False}) +localkojisession.krb_login() tag = 'f18-rebuild' diff --git a/scripts/build-previous.py b/scripts/build-previous.py index 316e128..9822ac4 100644 --- a/scripts/build-previous.py +++ b/scripts/build-previous.py @@ -20,11 +20,6 @@ LOCALKOJIHUB = 'http://sparc.koji.fedoraproject.org/kojihub' REMOTEKOJIHUB = 'http://koji.fedoraproject.org/kojihub' PACKAGEURL = 'http://kojipkgs.fedoraproject.org/' -# Should probably set these from a koji config file -SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert') -CLIENTCA = os.path.expanduser('~/.fedora-server-ca.cert') -CLIENTCERT = os.path.expanduser('~/.fedora.cert') - workpath = '/tmp/build-recent' loglevel = logging.DEBUG @@ -130,9 +125,9 @@ def importBuild(build, rpms, buildinfo, tag=None): # setup the koji session logging.info('Setting up koji session') -localkojisession = koji.ClientSession(LOCALKOJIHUB) -remotekojisession = koji.ClientSession(REMOTEKOJIHUB) -localkojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA) +localkojisession = koji.ClientSession(LOCALKOJIHUB, {'krb_rdns': False}) +remotekojisession = koji.ClientSession(REMOTEKOJIHUB, {'krb_rdns': False}) +localkojisession.krb_login() tag = 'dist-f16' diff --git a/scripts/check-latest-build.py b/scripts/check-latest-build.py index 77d6ad1..d55d2cb 100755 --- a/scripts/check-latest-build.py +++ b/scripts/check-latest-build.py @@ -39,10 +39,6 @@ if args.arch is None: else: KOJIHUB = 'http://%s.koji.fedoraproject.org/kojihub' % (args.arch) -# Should probably set these from a koji config file -SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert') -CLIENTCA = os.path.expanduser('~/.fedora-upload-ca.cert') -CLIENTCERT = os.path.expanduser('~/.fedora.cert') def _rpmvercmp((e1, v1, r1), (e2, v2, r2)): """find out which build is newer""" @@ -62,8 +58,8 @@ def _rpmvercmp((e1, v1, r1), (e2, v2, r2)): return -1 -kojisession = koji.ClientSession(KOJIHUB) -kojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA) +kojisession = koji.ClientSession(KOJIHUB, {'krb_rdns': False}) +kojisession.krb_login() if args.package == []: latest_builds = sorted(kojisession.listTagged(args.tag, latest=True), diff --git a/scripts/isolate-tag.py b/scripts/isolate-tag.py index 7d3a093..03704dc 100755 --- a/scripts/isolate-tag.py +++ b/scripts/isolate-tag.py @@ -16,13 +16,10 @@ import os tag = 'f25' oldtag = 'f24' # Create a koji session -kojisession = koji.ClientSession('http://ppc.koji.fedoraproject.org/kojihub') +kojisession = koji.ClientSession('http://ppc.koji.fedoraproject.org/kojihub', {'krb_rdns': False}) # Log into koji -clientcert = os.path.expanduser('~/.fedora.cert') -clientca = os.path.expanduser('~/.fedora-upload-ca.cert') -serverca = os.path.expanduser('~/.fedora-server-ca.cert') -kojisession.ssl_login(clientcert, clientca, serverca) +kojisession.krb_login() # Get all builds tagged into the tag w/o inherited builds builds = kojisession.listTagged(tag, latest=True) diff --git a/scripts/koji-build-srpm.py b/scripts/koji-build-srpm.py index 3ce86f3..3fb4bc9 100755 --- a/scripts/koji-build-srpm.py +++ b/scripts/koji-build-srpm.py @@ -35,10 +35,6 @@ LOCALKOJIHUB = 'https://%s.koji.fedoraproject.org/kojihub' % (args.arch) REMOTEKOJIHUB = 'https://koji.fedoraproject.org/kojihub' PACKAGEURL = 'http://kojipkgs.fedoraproject.org/' -# Should probably set these from a koji config file -SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert') -CLIENTCA = os.path.expanduser('~/.fedora-upload-ca.cert') -CLIENTCERT = os.path.expanduser('~/.fedora.cert') session_opts = {} session_opts['krbservice'] = 'host' @@ -69,14 +65,11 @@ def _unique_path(prefix): # setup the koji session logging.info('Setting up koji session') localkojisession = koji.ClientSession(LOCALKOJIHUB, session_opts) -remotekojisession = koji.ClientSession(REMOTEKOJIHUB) -if os.path.isfile(CLIENTCERT): - localckojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA) +remotekojisession = koji.ClientSession(REMOTEKOJIHUB, {'krb_rdns': False}) +if args.keytab and args.principal: + localkojisession.krb_login(principal=args.principal, keytab=args.keytab) else: - if args.keytab and args.principal: - localkojisession.krb_login(principal=args.principal, keytab=args.keytab) - else: - localkojisession.krb_login() + localkojisession.krb_login() pg = progress.TextMeter() diff --git a/scripts/koji-import.py b/scripts/koji-import.py index fa3f4d5..7c12ea4 100755 --- a/scripts/koji-import.py +++ b/scripts/koji-import.py @@ -33,11 +33,6 @@ LOCALKOJIHUB = 'https://%s.koji.fedoraproject.org/kojihub' % (args.arch) REMOTEKOJIHUB = 'https://koji.fedoraproject.org/kojihub' PACKAGEURL = 'http://kojipkgs.fedoraproject.org/' -# Should probably set these from a koji config file -SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert') -CLIENTCA = os.path.expanduser('~/.fedora-upload-ca.cert') -CLIENTCERT = os.path.expanduser('~/.fedora.cert') - session_opts = {} session_opts['krbservice'] = 'host' session_opts['krb_rdns'] = False @@ -148,14 +143,11 @@ def importBuild(rpms, buildinfo, tag=None): # setup the koji session logging.info('Setting up koji session') localkojisession = koji.ClientSession(LOCALKOJIHUB, session_opts) -remotekojisession = koji.ClientSession(REMOTEKOJIHUB) -if os.path.isfile(CLIENTCERT): - localckojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA) +remotekojisession = koji.ClientSession(REMOTEKOJIHUB, {'krb_rdns': False}) +if args.keytab and args.principal: + localkojisession.krb_login(principal=args.principal, keytab=args.keytab) else: - if args.keytab and args.principal: - localkojisession.krb_login(principal=args.principal, keytab=args.keytab) - else: - localkojisession.krb_login() + localkojisession.krb_login() for build in args.build: buildinfo = remotekojisession.getBuild(build) diff --git a/scripts/koji-reimport.py b/scripts/koji-reimport.py index 477f105..b9550d1 100755 --- a/scripts/koji-reimport.py +++ b/scripts/koji-reimport.py @@ -23,14 +23,11 @@ pkgs = [''] tag = '' # setup koji sessions: -serverca = os.path.expanduser('~/.fedora-server-ca.cert') -clientca = os.path.expanduser('~/.fedora-upload-ca.cert') -clientcrt = os.path.expanduser('~/.fedora.cert') primarykoji = 'https://koji.fedoraproject.org/kojihub' secondarykoji = 'https://ppc.koji.fedoraproject.org/kojihub' -primary = koji.ClientSession(primarykoji) -secondary = koji.ClientSession(secondarykoji) -secondary.ssl_login(clientcrt, clientca, serverca) +primary = koji.ClientSession(primarykoji, {'krb_rdns': False}) +secondary = koji.ClientSession(secondarykoji, {'krb_rdns': False}) +secondary.krb_login() # do the thing: diff --git a/scripts/koji-stalk.py b/scripts/koji-stalk.py index f404477..c0f47d8 100755 --- a/scripts/koji-stalk.py +++ b/scripts/koji-stalk.py @@ -45,10 +45,7 @@ distronames = ['f20', 'f21', 'f22', 'f23'] rawhide = 'f23' # koji setup -auth_cert = os.path.expanduser('~/.fedora.cert') -auth_ca = os.path.expanduser('~/.fedora-server-ca.cert') -serverca = os.path.expanduser('~/.fedora-server-ca.cert') -remote = koji.ClientSession('http://koji.fedoraproject.org/kojihub') +remote = koji.ClientSession('http://koji.fedoraproject.org/kojihub', {'krb_rdns': False}) # Configuration options below have been converted to use options. # If you want to hard-code values for yourself, do it here: @@ -95,8 +92,8 @@ if testonly: # parse the koji-shadow config file, login to our koji: ks_config = ConfigParser.ConfigParser() ks_config.read(shadowconfig) -local = koji.ClientSession(ks_config.get("main", "server")) -local.ssl_login(auth_cert, auth_ca, serverca) +local = koji.ClientSession(ks_config.get("main", "server"), {'krb_rdns': False}) +local.krb_login() # set up the queues buildqueue = deque() diff --git a/scripts/mass-tag.py b/scripts/mass-tag.py index ddfdeb3..66cfbff 100755 --- a/scripts/mass-tag.py +++ b/scripts/mass-tag.py @@ -21,13 +21,10 @@ newbuilds = {} # dict of packages that have a newer build attempt tasks = {} # dict of new build task info # Create a koji session -kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub') +kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub', {'krb_rdns': False}) # Log into koji -clientcert = os.path.expanduser('~/.fedora.cert') -clientca = os.path.expanduser('~/.fedora-upload-ca.cert') -serverca = os.path.expanduser('~/.fedora-server-ca.cert') -kojisession.ssl_login(clientcert, clientca, serverca) +kojisession.krb_login() # Generate a list of builds to iterate over, sorted by package name builds = sorted(kojisession.listTagged(holdingtag, latest=True), diff --git a/scripts/prune-tag.py b/scripts/prune-tag.py index a9119b4..a02e6b2 100755 --- a/scripts/prune-tag.py +++ b/scripts/prune-tag.py @@ -21,10 +21,6 @@ builds = {} untag = [] loglevel = '' KOJIHUB = 'https://koji.fedoraproject.org/kojihub' -# Should probably set these from a koji config file -SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert') -CLIENTCA = os.path.expanduser('~/.fedora-upload-ca.cert') -CLIENTCERT = os.path.expanduser('~/.fedora.cert') # Setup a dict of our key names as sigul knows them to the actual key ID # that koji would use. We should get this from sigul somehow. @@ -60,8 +56,8 @@ tag = args[0] # setup the koji session logging.info('Setting up koji session') -kojisession = koji.ClientSession(KOJIHUB) -if not kojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA): +kojisession = koji.ClientSession(KOJIHUB, {'krb_rdns': False}) +if not kojisession.krb_login(): logging.error('Unable to log into koji') sys.exit(1) diff --git a/scripts/sign_unsigned.py b/scripts/sign_unsigned.py index a6fabf6..7268734 100755 --- a/scripts/sign_unsigned.py +++ b/scripts/sign_unsigned.py @@ -315,6 +315,7 @@ class KojiTool(AbstractTool): self.options.kojihub = 'http://koji.fedoraproject.org/kojihub' self.options.regex = False self.options.ignore = [] + self.options.krb_rdns = False def create_koji_session(self): # used options: debug, debug_xmlrpc, user, password @@ -742,10 +743,7 @@ class SignUnsigned(CliTool, KojiTool): def cmd_default(self): self.tweak_options() - clientcert = '/etc/pki/pkgsigner/pkgsigner.pem' - clientca = '/etc/pki/pkgsigner/fedora-upload-ca.cert' - serverca = '/etc/pki/pkgsigner/fedora-server-ca.cert' - self.koji_session.ssl_login(clientcert, clientca, serverca) # NEEDSWORK + self.koji_session.krb_login() self.print_msg("Getting rpm list from koji") if self.options.builds: rpms = self.get_build_rpms(self.options.builds) diff --git a/scripts/sigulsign_unsigned.py b/scripts/sigulsign_unsigned.py index ccc9c46..ed5be55 100755 --- a/scripts/sigulsign_unsigned.py +++ b/scripts/sigulsign_unsigned.py @@ -184,9 +184,6 @@ class KojiHelper(object): arch=arch) else: self.kojihub = 'https://koji.fedoraproject.org/kojihub' - self.serverca = os.path.expanduser('~/.fedora-server-ca.cert') - self.clientca = os.path.expanduser('~/.fedora-upload-ca.cert') - self.clientcert = os.path.expanduser('~/.fedora.cert') self.kojisession = koji.ClientSession(self.kojihub, {'krb_rdns': False}) self.kojisession.krb_login() diff --git a/scripts/sync-blocked-primary.py b/scripts/sync-blocked-primary.py index 5854b9b..9d5c958 100755 --- a/scripts/sync-blocked-primary.py +++ b/scripts/sync-blocked-primary.py @@ -21,12 +21,7 @@ tags = ['f26', 'f25', 'f24', 'f23'] # tag to check in koji arches = ['arm', 'ppc', 's390'] -# Should probably set these from a koji config file -SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert') -CLIENTCA = os.path.expanduser('~/.fedora-upload-ca.cert') -CLIENTCERT = os.path.expanduser('~/.fedora.cert') - -kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub') +kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub', {'krb_rdns': False}) def getBlocked(kojisession, tag): blocked = [] # holding for blocked pkgs @@ -51,8 +46,8 @@ def getUnBlocked(kojisession, tag): for arch in arches: print "== Working on Arch: %s" % arch # Create a koji session - seckojisession = koji.ClientSession('https://%s.koji.fedoraproject.org/kojihub' % arch ) - seckojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA) + seckojisession = koji.ClientSession('https://%s.koji.fedoraproject.org/kojihub' % arch , {'krb_rdns': False}) + seckojisession.krb_login() for tag in tags: print "=== Working on tag: %s" % tag diff --git a/scripts/sync-tagged-primary.py b/scripts/sync-tagged-primary.py index f49639b..3c7c1cb 100755 --- a/scripts/sync-tagged-primary.py +++ b/scripts/sync-tagged-primary.py @@ -28,10 +28,6 @@ parser.add_argument("arch", help="secondary arch to sync") parser.add_argument("tag", nargs="+", help="tag to sync") args = parser.parse_args() -# Should probably set these from a koji config file -SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert') -CLIENTCA = os.path.expanduser('~/.fedora-upload-ca.cert') -CLIENTCERT = os.path.expanduser('~/.fedora.cert') session_opts = {} session_opts['krbservice'] = 'host' @@ -63,15 +59,12 @@ def rpmvercmp ((e1, v1, r1), (e2, v2, r2)): print "=== Working on arch: %s ====" % args.arch # Create a koji session -kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub') +kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub', {'krb_rdns': False}) seckojisession = koji.ClientSession('https://%s.koji.fedoraproject.org/kojihub' % args.arch, session_opts) -if os.path.isfile(CLIENTCERT): - seckojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA) +if args.keytab and args.principal: + seckojisession.krb_login(principal=args.principal, keytab=args.keytab) else: - if args.keytab and args.principal: - seckojisession.krb_login(principal=args.principal, keytab=args.keytab) - else: - seckojisession.krb_login() + seckojisession.krb_login() for tag in args.tag: print "=== Working on tag: %s ====" % tag From fedc096a2367b2ebd475f9ff74d800df92c6e805 Mon Sep 17 00:00:00 2001 From: Mohan Boddu Date: Jan 10 2017 21:36:21 +0000 Subject: [PATCH 2/2] Fixing kerberos authentication mistakes Signed-off-by: Mohan Boddu --- diff --git a/scripts/build-current.py b/scripts/build-current.py index e7f92b8..016d3f5 100755 --- a/scripts/build-current.py +++ b/scripts/build-current.py @@ -135,7 +135,7 @@ def importBuild(build, rpms, buildinfo, tag=None): # setup the koji session logging.info('Setting up koji session') localkojisession = koji.ClientSession(LOCALKOJIHUB, {'krb_rdns': False}) -remotekojisession = koji.ClientSession(REMOTEKOJIHUB, {'krb_rdns': False}) +remotekojisession = koji.ClientSession(REMOTEKOJIHUB) localkojisession.krb_login() tag = 'f18-rebuild' diff --git a/scripts/build-previous.py b/scripts/build-previous.py index 9822ac4..3525425 100644 --- a/scripts/build-previous.py +++ b/scripts/build-previous.py @@ -126,7 +126,7 @@ def importBuild(build, rpms, buildinfo, tag=None): # setup the koji session logging.info('Setting up koji session') localkojisession = koji.ClientSession(LOCALKOJIHUB, {'krb_rdns': False}) -remotekojisession = koji.ClientSession(REMOTEKOJIHUB, {'krb_rdns': False}) +remotekojisession = koji.ClientSession(REMOTEKOJIHUB) localkojisession.krb_login() tag = 'dist-f16' diff --git a/scripts/koji-build-srpm.py b/scripts/koji-build-srpm.py index 3fb4bc9..794b76f 100755 --- a/scripts/koji-build-srpm.py +++ b/scripts/koji-build-srpm.py @@ -35,6 +35,10 @@ LOCALKOJIHUB = 'https://%s.koji.fedoraproject.org/kojihub' % (args.arch) REMOTEKOJIHUB = 'https://koji.fedoraproject.org/kojihub' PACKAGEURL = 'http://kojipkgs.fedoraproject.org/' +# Should only be used for ssl login +SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert') +CLIENTCA = os.path.expanduser('~/.fedora-upload-ca.cert') +CLIENTCERT = os.path.expanduser('~/.fedora.cert') session_opts = {} session_opts['krbservice'] = 'host' @@ -65,11 +69,14 @@ def _unique_path(prefix): # setup the koji session logging.info('Setting up koji session') localkojisession = koji.ClientSession(LOCALKOJIHUB, session_opts) -remotekojisession = koji.ClientSession(REMOTEKOJIHUB, {'krb_rdns': False}) -if args.keytab and args.principal: - localkojisession.krb_login(principal=args.principal, keytab=args.keytab) +remotekojisession = koji.ClientSession(REMOTEKOJIHUB) +if os.path.isfile(CLIENTCERT): + localkojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA) else: - localkojisession.krb_login() + if args.keytab and args.principal: + localkojisession.krb_login(principal=args.principal, keytab=args.keytab) + else: + localkojisession.krb_login() pg = progress.TextMeter() diff --git a/scripts/koji-import.py b/scripts/koji-import.py index 7c12ea4..cbf8901 100755 --- a/scripts/koji-import.py +++ b/scripts/koji-import.py @@ -33,6 +33,11 @@ LOCALKOJIHUB = 'https://%s.koji.fedoraproject.org/kojihub' % (args.arch) REMOTEKOJIHUB = 'https://koji.fedoraproject.org/kojihub' PACKAGEURL = 'http://kojipkgs.fedoraproject.org/' +# Should only be used for ssl login +SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert') +CLIENTCA = os.path.expanduser('~/.fedora-upload-ca.cert') +CLIENTCERT = os.path.expanduser('~/.fedora.cert') + session_opts = {} session_opts['krbservice'] = 'host' session_opts['krb_rdns'] = False @@ -143,11 +148,14 @@ def importBuild(rpms, buildinfo, tag=None): # setup the koji session logging.info('Setting up koji session') localkojisession = koji.ClientSession(LOCALKOJIHUB, session_opts) -remotekojisession = koji.ClientSession(REMOTEKOJIHUB, {'krb_rdns': False}) -if args.keytab and args.principal: - localkojisession.krb_login(principal=args.principal, keytab=args.keytab) +remotekojisession = koji.ClientSession(REMOTEKOJIHUB) +if os.path.isfile(CLIENTCERT): + localkojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA) else: - localkojisession.krb_login() + if args.keytab and args.principal: + localkojisession.krb_login(principal=args.principal, keytab=args.keytab) + else: + localkojisession.krb_login() for build in args.build: buildinfo = remotekojisession.getBuild(build) diff --git a/scripts/koji-reimport.py b/scripts/koji-reimport.py index b9550d1..df90f77 100755 --- a/scripts/koji-reimport.py +++ b/scripts/koji-reimport.py @@ -25,7 +25,7 @@ tag = '' # setup koji sessions: primarykoji = 'https://koji.fedoraproject.org/kojihub' secondarykoji = 'https://ppc.koji.fedoraproject.org/kojihub' -primary = koji.ClientSession(primarykoji, {'krb_rdns': False}) +primary = koji.ClientSession(primarykoji) secondary = koji.ClientSession(secondarykoji, {'krb_rdns': False}) secondary.krb_login() diff --git a/scripts/koji-stalk.py b/scripts/koji-stalk.py index c0f47d8..df17a6d 100755 --- a/scripts/koji-stalk.py +++ b/scripts/koji-stalk.py @@ -45,7 +45,7 @@ distronames = ['f20', 'f21', 'f22', 'f23'] rawhide = 'f23' # koji setup -remote = koji.ClientSession('http://koji.fedoraproject.org/kojihub', {'krb_rdns': False}) +remote = koji.ClientSession('http://koji.fedoraproject.org/kojihub') # Configuration options below have been converted to use options. # If you want to hard-code values for yourself, do it here: diff --git a/scripts/sync-blocked-primary.py b/scripts/sync-blocked-primary.py index 9d5c958..f3892c0 100755 --- a/scripts/sync-blocked-primary.py +++ b/scripts/sync-blocked-primary.py @@ -21,7 +21,7 @@ tags = ['f26', 'f25', 'f24', 'f23'] # tag to check in koji arches = ['arm', 'ppc', 's390'] -kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub', {'krb_rdns': False}) +kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub') def getBlocked(kojisession, tag): blocked = [] # holding for blocked pkgs diff --git a/scripts/sync-tagged-primary.py b/scripts/sync-tagged-primary.py index 3c7c1cb..52333a2 100755 --- a/scripts/sync-tagged-primary.py +++ b/scripts/sync-tagged-primary.py @@ -28,6 +28,10 @@ parser.add_argument("arch", help="secondary arch to sync") parser.add_argument("tag", nargs="+", help="tag to sync") args = parser.parse_args() +# Should only be used for ssl login +SERVERCA = os.path.expanduser('~/.fedora-server-ca.cert') +CLIENTCA = os.path.expanduser('~/.fedora-upload-ca.cert') +CLIENTCERT = os.path.expanduser('~/.fedora.cert') session_opts = {} session_opts['krbservice'] = 'host' @@ -59,12 +63,15 @@ def rpmvercmp ((e1, v1, r1), (e2, v2, r2)): print "=== Working on arch: %s ====" % args.arch # Create a koji session -kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub', {'krb_rdns': False}) +kojisession = koji.ClientSession('https://koji.fedoraproject.org/kojihub') seckojisession = koji.ClientSession('https://%s.koji.fedoraproject.org/kojihub' % args.arch, session_opts) -if args.keytab and args.principal: - seckojisession.krb_login(principal=args.principal, keytab=args.keytab) +if os.path.isfile(CLIENTCERT): + seckojisession.ssl_login(CLIENTCERT, CLIENTCA, SERVERCA) else: - seckojisession.krb_login() + if args.keytab and args.principal: + seckojisession.krb_login(principal=args.principal, keytab=args.keytab) + else: + seckojisession.krb_login() for tag in args.tag: print "=== Working on tag: %s ====" % tag