Changes

Jump to: navigation, search

Winter 2010 Posters/Certs

355 bytes added, 20:24, 17 April 2010
The Koji Certification Process
Before understanding the koji certification process, one must first understand the koji process. Koji utilizes various machines (virtual or physical) to build software packages for different architectures. We decided to create a koji builder scenario for our ARM based physical machines (openrd, sheeva plug) and our virtual machine (arm emulators). In order for these machines to perform these tasks we need a central monitoring system that can track progress accordingly, this is the kojihub. Before these builders can communicate with the hub they need to be authenticated and verified as authorized builders, and that is where koji certifications come in.
= The Koji Certification ProcessCert Components=
As you may or may not know, Koji certs allow a koji builder to communicate with the Koji build processkoji hub. The various necessary components are as follows.
So after reading and tweaking sample openssl code and config here:
'''Koji Certificate Authority'''  '''Koji Server Cert'''  '''Koji Builder Cert'''  Together, these certs allow the builders to communicate with the koji hub and visa versa. After researching and a bit of tweaking, I managed to utilize a concept from Fedora Projects website (http://fedoraproject.org/wiki/Koji/ServerHowTo) and created a script which would make minimal effort for anyone making multiple certs.
I managed to break the code down into 2 separate peices. One for making the CA and one for making the certs for the different users. Now the way my script differs from the original is that it uses the variables passed to it as the default commonName in the ssl.cnf file.
1
edit

Navigation menu