Re: Proposed setup for sigul bridge/server for review
On Sat, 2009-07-25 at 00:14 -0400, Ricky Zhou wrote: > Looks excellent to me, my only two comments are that you might want to > make the files: > > /var/lib/sigul/.fedora-server-ca.cert > /var/lib/sigul/.fedora.cert > > require => Package["sigul"], > > as well since they require the /var/lib/sigul directory (which I assume > is provided by the package). Good catch. I'll do that. I'm also going to squash the two commits into one since they are all related and the second one was an after thought. -- Jesse Keating Fedora -- FreedomĀ² is a feature! identi.ca: http://identi.ca/jkeating signature.asc Description: This is a digitally signed message part ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Proposed setup for sigul bridge/server for review
On 2009-07-25 03:53:23 AM, Jesse Keating wrote: > There is a bridge that clients communicate with (and I'm thinking > of forcing this through an ssh tunnel through bastion) and that > interacts with koji. There is also the server itself that has > the gpg keys on it and does the signing action. The server > initiates a connection to the bridge, so only the bridge has to > listen for connections. > > I think I have this mostly setup right, but I'd like some more eyes > on it before I commit. Thanks! Looks excellent to me, my only two comments are that you might want to make the files: /var/lib/sigul/.fedora-server-ca.cert /var/lib/sigul/.fedora.cert require => Package["sigul"], as well since they require the /var/lib/sigul directory (which I assume is provided by the package). Thanks, Ricky pgpX80DHexl3d.pgp Description: PGP signature ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Proposed setup for sigul bridge/server for review
Here is my initial stab at a class for the signing server(s). There is a bridge that clients communicate with (and I'm thinking of forcing this through an ssh tunnel through bastion) and that interacts with koji. There is also the server itself that has the gpg keys on it and does the signing action. The server initiates a connection to the bridge, so only the bridge has to listen for connections. I think I have this mostly setup right, but I'd like some more eyes on it before I commit. Thanks! -- Jes ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list