|
|
|
|
@ -1,38 +1,40 @@
|
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
echo Creating User Koji environment
|
|
|
|
|
if [ ! -d ~/.koji ]; then
|
|
|
|
|
mkdir ~/.koji
|
|
|
|
|
fi
|
|
|
|
|
if [ -f ~/.fedora.cert ] && [ -f ~/.koji/client.crt ]; then
|
|
|
|
|
if [ ~/.fedora.cert -nt ~/.koji/client.crt ]; then
|
|
|
|
|
rm ~/.koji/client.crt
|
|
|
|
|
fi
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
function check_wget() {
|
|
|
|
|
if [ ! -f /usr/bin/wget ]; then
|
|
|
|
|
echo "You must have wget installed to download the required CA certificates"
|
|
|
|
|
echo "Please run \"yum install wget\" as root, and re-run this script"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
echo "Setting up Koji client..."
|
|
|
|
|
|
|
|
|
|
if [ ! -f ~/.koji/client.crt ]; then
|
|
|
|
|
if [ -f ~/.fedora.cert ]; then
|
|
|
|
|
cp -l ~/.fedora.cert ~/.koji/client.crt
|
|
|
|
|
else
|
|
|
|
|
echo "you need a client cert please download one from https://admin.fedoraproject.org/accounts/gen-cert.cgi"
|
|
|
|
|
echo "Save it to ~/.koji/client.crt"
|
|
|
|
|
echo "Then run this script again"
|
|
|
|
|
exit
|
|
|
|
|
if [ ! -f ~/.fedora.cert ]; then
|
|
|
|
|
echo "You need a client certificate from the Fedora Account System"
|
|
|
|
|
echo "Please download one from https://admin.fedoraproject.org/accounts/gen-cert.cgi"
|
|
|
|
|
echo "Save it to ~/.fedora.cert and re-run this script"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ ! -f ~/.fedora-upload-ca.cert ]; then
|
|
|
|
|
check_wget
|
|
|
|
|
/usr/bin/wget -q "http://fedoraproject.org/wiki/PackageMaintainers/BuildSystemClientSetup?action=AttachFile&do=get&target=fedora-upload-ca.cert" -O ~/.fedora-upload-ca.cert
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -f ~/.fedora-upload-ca.cert ]; then
|
|
|
|
|
cp -l ~/.fedora-upload-ca.cert ~/.koji/clientca.crt
|
|
|
|
|
else
|
|
|
|
|
wget "http://fedoraproject.org/wiki/PackageMaintainers/BuildSystemClientSetup?action=AttachFile&do=get&target=fedora-upload-ca.cert" -O ~/.koji/clientca.crt
|
|
|
|
|
if [ ! -f ~/.fedora-server-ca.cert ]; then
|
|
|
|
|
check_wget
|
|
|
|
|
/usr/bin/wget -q "http://fedoraproject.org/wiki/PackageMaintainers/BuildSystemClientSetup?action=AttachFile&do=get&target=fedora-server-ca.cert" -O ~/.fedora-server-ca.cert
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -f ~/.fedora-server-ca.cert ]; then
|
|
|
|
|
cp -l ~/.fedora-server-ca.cert ~/.koji/serverca.crt
|
|
|
|
|
else
|
|
|
|
|
wget "http://fedoraproject.org/wiki/PackageMaintainers/BuildSystemClientSetup?action=AttachFile&do=get&target=fedora-server-ca.cert" -O ~/.koji/serverca.crt
|
|
|
|
|
if [ ! -d ~/.koji ]; then
|
|
|
|
|
mkdir ~/.koji
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# remove existing contents of ~/.koji to avoid confusion
|
|
|
|
|
rm -f ~/.koji/*
|
|
|
|
|
|
|
|
|
|
cat > ~/.koji/config <<EOF
|
|
|
|
|
[koji]
|
|
|
|
|
@ -51,29 +53,42 @@ weburl = http://koji.fedoraproject.org/koji
|
|
|
|
|
;configuration for SSL athentication
|
|
|
|
|
|
|
|
|
|
;client certificate
|
|
|
|
|
cert = ~/.koji/client.crt
|
|
|
|
|
cert = ~/.fedora.cert
|
|
|
|
|
|
|
|
|
|
;certificate of the CA that issued the client certificate
|
|
|
|
|
ca = ~/.koji/clientca.crt
|
|
|
|
|
ca = ~/.fedora-upload-ca.cert
|
|
|
|
|
|
|
|
|
|
;certificate of the CA that issued the HTTP server certificate
|
|
|
|
|
serverca = ~/.koji/serverca.crt
|
|
|
|
|
serverca = ~/.fedora-server-ca.cert
|
|
|
|
|
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
cat <<EOF
|
|
|
|
|
Creating an SSL certificate to import into your browser, to enable
|
|
|
|
|
user authentication at http://koji.fedoraproject.org/koji/
|
|
|
|
|
Choose your own passphrase, you will be prompted for this when importing the certificate.
|
|
|
|
|
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
echo "Creating an SSL Certificate to import into your browser to allow user authentication on at http://koji.fedoraproject.org/koji.
|
|
|
|
|
Choose your own passphrase, you will be prompted for this when using the certificate.
|
|
|
|
|
if [ -f ~/fedora-browser-cert.p12 ]; then
|
|
|
|
|
rm ~/fedora-browser-cert.p12
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
/usr/bin/openssl pkcs12 -export -in ~/.fedora.cert -CAfile ~/.fedora-upload-ca.cert -out ~/fedora-browser-cert.p12
|
|
|
|
|
|
|
|
|
|
- To import the Certificate into Firefox:
|
|
|
|
|
cat <<EOF
|
|
|
|
|
|
|
|
|
|
Browser certificate exported to ~/fedora-browser-cert.p12
|
|
|
|
|
To import the certificate into Firefox:
|
|
|
|
|
|
|
|
|
|
Edit -> Preferences -> Advanced
|
|
|
|
|
Click "View Certificates"
|
|
|
|
|
On "Your Certificates" tab, click "Import"
|
|
|
|
|
Select fedora-client-cert.p12 (from the directory you ran this script in)
|
|
|
|
|
Type the export passphrase (if you specified one)
|
|
|
|
|
Select ~/fedora-browser-cert.p12
|
|
|
|
|
Type the export passphrase you chose earlier
|
|
|
|
|
|
|
|
|
|
Once imported, you should see a certificate named "Fedora Project"
|
|
|
|
|
Once imported, you should see a certificate named "Fedora Project".
|
|
|
|
|
Your username should appear underneath this.
|
|
|
|
|
|
|
|
|
|
- You should now be able to click the "login" link at http://koji.fedoraproject.org/koji successfully"
|
|
|
|
|
openssl pkcs12 -export -in ~/.koji/client.crt -CAfile ~/.koji/clientca.crt -out fedora-client-cert.p12
|
|
|
|
|
You should now be able to click the "login" link at http://koji.fedoraproject.org/koji/ successfully.
|
|
|
|
|
EOF
|
|
|
|
|
|
Jesse Keating
18 years ago