More fixes to setup script

18 years ago · 88e72c1dac
parent 6789f3dae4
commit 88e72c1dac
2 changed files with 54 additions and 36 deletions
--- a/fedora-packager-setup.sh
+++ b/fedora-packager-setup.sh
@ -1,38 +1,40 @@
 #!/bin/bash

-echo Creating User Koji environment 
-if [ ! -d ~/.koji ]; then
-mkdir  ~/.koji
-fi
-if [ -f ~/.fedora.cert ] && [ -f ~/.koji/client.crt ]; then
-    if [ ~/.fedora.cert -nt ~/.koji/client.crt ]; then 
-        rm ~/.koji/client.crt
+set -e
+
+function check_wget() {
+    if [ ! -f /usr/bin/wget ]; then
+        echo "You must have wget installed to download the required CA certificates"
+        echo "Please run \"yum install wget\" as root, and re-run this script"
+        exit 1
    fi
+}
+
+echo "Setting up Koji client..."
+
+if [ ! -f ~/.fedora.cert ]; then
+    echo "You need a client certificate from the Fedora Account System"
+    echo "Please download one from https://admin.fedoraproject.org/accounts/gen-cert.cgi"
+    echo "Save it to ~/.fedora.cert and re-run this script"
+    exit 1
 fi

-if [ ! -f ~/.koji/client.crt ]; then
-    if [ -f ~/.fedora.cert ]; then
-        cp -l ~/.fedora.cert  ~/.koji/client.crt
-    else
-        echo "you need a client cert please download one from https://admin.fedoraproject.org/accounts/gen-cert.cgi"
-        echo "Save it to ~/.koji/client.crt"
-        echo "Then run this script again"
-        exit
-    fi
+if [ ! -f ~/.fedora-upload-ca.cert ]; then
+    check_wget
+    /usr/bin/wget -q "http://fedoraproject.org/wiki/PackageMaintainers/BuildSystemClientSetup?action=AttachFile&do=get&target=fedora-upload-ca.cert" -O ~/.fedora-upload-ca.cert
 fi

-if [ -f ~/.fedora-upload-ca.cert ]; then
-    cp -l ~/.fedora-upload-ca.cert ~/.koji/clientca.crt
-else
-    wget "http://fedoraproject.org/wiki/PackageMaintainers/BuildSystemClientSetup?action=AttachFile&do=get&target=fedora-upload-ca.cert" -O ~/.koji/clientca.crt
+if [ ! -f ~/.fedora-server-ca.cert ]; then
+    check_wget
+    /usr/bin/wget -q "http://fedoraproject.org/wiki/PackageMaintainers/BuildSystemClientSetup?action=AttachFile&do=get&target=fedora-server-ca.cert" -O ~/.fedora-server-ca.cert
 fi

-if [ -f ~/.fedora-server-ca.cert ]; then
-    cp -l ~/.fedora-server-ca.cert ~/.koji/serverca.crt
-else
-    wget "http://fedoraproject.org/wiki/PackageMaintainers/BuildSystemClientSetup?action=AttachFile&do=get&target=fedora-server-ca.cert" -O ~/.koji/serverca.crt
+if [ ! -d ~/.koji ]; then
+    mkdir  ~/.koji
 fi

+# remove existing contents of ~/.koji to avoid confusion
+rm -f ~/.koji/*

 cat > ~/.koji/config <<EOF
 [koji]
@ -51,29 +53,42 @@ weburl = http://koji.fedoraproject.org/koji
 ;configuration for SSL athentication

 ;client certificate
-cert = ~/.koji/client.crt
+cert = ~/.fedora.cert

 ;certificate of the CA that issued the client certificate
-ca = ~/.koji/clientca.crt
+ca = ~/.fedora-upload-ca.cert

 ;certificate of the CA that issued the HTTP server certificate
-serverca = ~/.koji/serverca.crt
+serverca = ~/.fedora-server-ca.cert

 EOF

-echo "Creating an SSL Certificate to import into your browser to allow user authentication on at http://koji.fedoraproject.org/koji.
-Choose your own passphrase,  you will be prompted for this when using the certificate.
+cat <<EOF
+Creating an SSL certificate to import into your browser, to enable
+user authentication at http://koji.fedoraproject.org/koji/
+Choose your own passphrase, you will be prompted for this when importing the certificate.

- To import the Certificate into Firefox:
+EOF
+
+if [ -f ~/fedora-browser-cert.p12 ]; then
+    rm ~/fedora-browser-cert.p12
+fi
+
+/usr/bin/openssl pkcs12 -export -in ~/.fedora.cert -CAfile ~/.fedora-upload-ca.cert -out ~/fedora-browser-cert.p12
+
+cat <<EOF
+
+Browser certificate exported to ~/fedora-browser-cert.p12
+To import the certificate into Firefox:

 Edit -> Preferences -> Advanced
 Click "View Certificates"
 On "Your Certificates" tab, click "Import"
-Select fedora-client-cert.p12 (from the directory you ran this script in)
-Type the export passphrase (if you specified one)
+Select ~/fedora-browser-cert.p12
+Type the export passphrase you chose earlier

-Once imported, you should see a certificate named "Fedora Project"
+Once imported, you should see a certificate named "Fedora Project".
 Your username should appear underneath this.
 
- You should now be able to click the "login" link at http://koji.fedoraproject.org/koji successfully"
-openssl pkcs12 -export -in ~/.koji/client.crt -CAfile ~/.koji/clientca.crt -out fedora-client-cert.p12
+You should now be able to click the "login" link at http://koji.fedoraproject.org/koji/ successfully.
+EOF
--- a/koji.spec
+++ b/koji.spec
@ -1,6 +1,6 @@
 %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}

-%define baserelease 2
+%define baserelease 3
 #build with --define 'testbuild 1' to have a timestamp appended to release
 %if x%{?testbuild} == x1
 %define release %{baserelease}.%(date +%%Y%%m%%d.%%H%%M.%%S)
@ -151,6 +151,9 @@ if [ $1 = 0 ]; then
 fi

 %changelog
+* Tue May 15 2007 Jesse Keating <jkeating@redhat.com> - 1.2.0-3
+- More fixes to fedora-packager-setup.sh from mbonnet
+
 * Tue May 15 2007 Jesse Keating <jkeating@redhat.com> - 1.2.0-2
 - overwrite and hardlink ssl cert for fedora packagers (dgilmore)