Plan of work for Copr signing
FYI - this is my schedule of work needed to sign packages in Copr: Hardware: = Next visit in PHX is planned on June/July. Next one is January of 2015. Ideal (and most paranoid) setup would require one physical machine for Signing server and one for copr-backend and one wire between them. With no remote access to signing server. But we have not HW for this. What we can have is have signing machine in VM with restrictive SW defined network. If that VM can be only one VM on host, then it would be great. To set up VM and networking and create ansible manifest, can take up to one week. Software: = I would go the obs-sign way. It would require to get one patch into GPG2. Patch is made by SuSe, but does not live in upstream. TMraz (RH packager) preliminary approved this patch, but have few comments, which would need to be address (name of cmd option, no man page...). Then I will try to get it in upstream, but there is risc of rejecting. But TMraz is willing to accept it as patch into Fedora and RH package. This is backup plan. (1.5 week to work on patch, 1 w for communitation with upstream or tmraz) JStribrny promised to re-package obs-sign. (0.5w) We should enhance documentation of obs-sign and likely write HOWTO for deployment. (0.75w) We need to deploy and configure obs-sign on VM. (0.75w) Mutatis mutandis of Copr (1w). Sum it up (5.5 week) Total = 6.5 weeks -- Miroslav Suchy, RHCE, RHCDS Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: rsync modules on dl.fp.org
On Fri, May 16, 2014 at 12:05:31PM -0600, Kevin Fenzi wrote: > On Thu, 15 May 2014 17:22:28 +0200 > Adrian Reber wrote: > > > It seems in modules/rsync/files/rsyncd.conf.download-phx > > the second fedora-buffet rsync module should be named fedora-buffet0. > > I have problems from my mirror (rhlx01.hs-esslingen.de) to connect to > > fedora-buffet0. > ...snip... > > This was a typo in the puppet config. ;) > > I've fixed it in puppet and it should go out in the next 30min or so. It worked for a few days. Now the rsync module is gone. Adrian pgpahsp1bKx3G.pgp Description: PGP signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Re: rsync modules on dl.fp.org
On Thu, 22 May 2014 17:44:33 +0200 Adrian Reber wrote: > On Fri, May 16, 2014 at 12:05:31PM -0600, Kevin Fenzi wrote: > > On Thu, 15 May 2014 17:22:28 +0200 > > Adrian Reber wrote: > > > > > It seems in modules/rsync/files/rsyncd.conf.download-phx > > > the second fedora-buffet rsync module should be named > > > fedora-buffet0. I have problems from my mirror > > > (rhlx01.hs-esslingen.de) to connect to fedora-buffet0. > > ...snip... > > > > This was a typo in the puppet config. ;) > > > > I've fixed it in puppet and it should go out in the next 30min or > > so. > > It worked for a few days. Now the rsync module is gone. Ha. We moved download servers to new hardware and set them up with ansible. The typo got added to ansible instead of the fixed version. ;( Correcting now, should be back in a few minutes. kevin signature.asc Description: PGP signature ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Summary/Minutes from today's Fedora Infrastructure meeting (2014-05-22)
#fedora-meeting: Infrastructure (2014-05-22) Meeting started by nirik at 18:00:11 UTC. The full logs are available at http://meetbot.fedoraproject.org/fedora-meeting/2014-05-22/infrastructure.2014-05-22-18.00.log.html . Meeting summary --- * aloha (nirik, 18:00:11) * New folks introductions and Apprentice tasks. (nirik, 18:01:37) * LINK: https://github.com/kushaldas/bugspad the project I would be working on! (mapyth, 18:04:44) * LINK: https://github.com/hammadhaleem/fedora-college Fedora College. (hammad, 18:04:55) * LINK: https://github.com/fedora-infra/shumgrepper for Shumgrepper (charul, 18:05:24) * Applications status / discussion (nirik, 18:14:02) * process-epel-requests script being worked on to work with pkgdb2 (nirik, 18:14:46) * bugzilla component sync is also not working right, still need to investigate. (nirik, 18:15:04) * Sysadmin status / discussion (nirik, 18:16:51) * mass reboot last tuesday, went fine. (nirik, 18:21:36) * buildsys is 100% up and operational. All arm, buildvm, buildhw boxes working (nirik, 18:21:51) * smooge and relrod got all the new download servers in place and working (nirik, 18:22:09) * nagios/alerts recap (nirik, 18:28:53) * LINK: https://admin.fedoraproject.org/nagios/cgi-bin//summary.cgi?report=1&displaytype=3&timeperiod=last7days&smon=5&sday=1&syear=2014&shour=0&smin=0&ssec=0&emon=5&eday=15&eyear=2014&ehour=24&emin=0&esec=0&hostgroup=all&servicegroup=all&host=all&alerttypes=3&statetypes=2&hoststates=3&servicestates=56&limit=25 (nirik, 18:29:01) * Upcoming Tasks/Items (nirik, 18:35:38) * LINK: https://apps.fedoraproject.org/calendar/list/infrastructure/ (nirik, 18:35:38) * LINK: https://fedoraproject.org/wiki/FAD_Bodhi2_Taskotron_2014 (nirik, 18:36:36) * Open Floor (nirik, 18:38:04) Meeting ended at 18:40:44 UTC. Action Items Action Items, by person --- * **UNASSIGNED** * (none) People Present (lines said) --- * nirik (83) * ootbro (16) * henderbj (11) * mapyth (9) * smooge (9) * abadger1999 (7) * threebean (6) * zodbot (5) * brnzi (4) * charul (4) * hammad (3) * relrod (3) * lorddemon (3) * danofsatx-work (2) * oddshocks (2) * janeznemanic (1) * mpduty (1) * mhaynes (1) * bwood09 (1) * dgilmore (1) * mdomsch (0) * puiterwijk (0) * lmacken (0) * pingou (0) -- 18:00:11 #startmeeting Infrastructure (2014-05-22) 18:00:11 Meeting started Thu May 22 18:00:11 2014 UTC. The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot. 18:00:11 Useful Commands: #action #agreed #halp #info #idea #link #topic. 18:00:11 #meetingname infrastructure 18:00:11 #topic aloha 18:00:11 #chair smooge relrod nirik abadger1999 lmacken dgilmore mdomsch threebean pingou puiterwijk 18:00:11 The meeting name has been set to 'infrastructure' 18:00:11 Current chairs: abadger1999 dgilmore lmacken mdomsch nirik pingou puiterwijk relrod smooge threebean 18:00:45 hola 18:01:01 hi 18:01:08 Buenas tardes 18:01:10 Hello ! 18:01:16 Hi :) 18:01:19 * bwood09 is here 18:01:23 Good afternoon. 18:01:29 Hello everybody! :) 18:01:29 hllo 18:01:31 hello everyone. 18:01:32 hi all 18:01:37 #topic New folks introductions and Apprentice tasks. 18:01:49 any new folks like to introduce themselves in a line or two? 18:02:00 or apprentices with questions or comments? 18:02:11 (waiting for new folks first) 18:02:17 Hello everyone, I am Mayank from India, would be hacking on bugspad this summer! 18:02:24 Hi everyone. I am Charul and have started working on Shumgrepper project. 18:02:27 * relrod here 18:02:40 * danofsatx-work is here 18:02:45 Hello, This is Hammad, Working on fedora-college, that inherently comes under infra. 18:03:00 Hizo everyone i am Gonzalo from Bolivia 18:03:20 great! welcome everyone. 18:03:51 Those of you doing summer coding, would you have links to your projects for us to read up on? 18:04:04 Hello guys, My name is Bruno! I am from Brazil, but living in Los Angeles,Ca! 18:04:44 https://github.com/kushaldas/bugspad the project I would be working on! 18:04:51 making a UI for it. 18:04:55 https://github.com/hammadhaleem/fedora-collegeFedora College. 18:05:24 https://github.com/fedora-infra/shumgrepper for Shumgrepper 18:05:47 great. :) 18:06:10 hello everyone 18:06:34 good luck in your coding. ;) 18:06:51 ready for the apprentices ? 18:06:56 I and my mentor kushal, were discussing about some revisions in the timeline of the project, to include the suggestions received from the infra team, for 18:06:57 thanks nirik :) 18:07:14 ootbro: sure, fire away... 18:07:20 following up from the map/landscape/overview "new project" item last week (and the e-mail I sent to the mailing list). I haven't gotten any additional source material, so I'll start with what I listed
Re: Plan of work for Copr signing
On Thu, May 22, 2014 at 09:58:47AM +0200, Miroslav Suchý wrote: > FYI - this is my schedule of work needed to sign packages in Copr: > > Hardware: > = > Next visit in PHX is planned on June/July. Next one is January of 2015. > > Ideal (and most paranoid) setup would require one physical machine for > Signing server and one for copr-backend and one wire between them. With no > remote access to signing server. > > But we have not HW for this. > > What we can have is have signing machine in VM with restrictive SW defined > network. If that VM can be only one VM on host, then it would be great. > > To set up VM and networking and create ansible manifest, can take up to one > week. > > > Software: > = > I would go the obs-sign way. > It would require to get one patch into GPG2. Patch is made by SuSe, but does > not live in upstream. > TMraz (RH packager) preliminary approved this patch, but have few comments, > which would need to be address (name of cmd option, no man page...). Then I > will try to get it in upstream, but there is risc of rejecting. But TMraz is > willing to accept it as patch into Fedora and RH package. This is backup > plan. (1.5 week to work on patch, 1 w for communitation with upstream or > tmraz) > JStribrny promised to re-package obs-sign. (0.5w) > We should enhance documentation of obs-sign and likely write HOWTO for > deployment. (0.75w) > We need to deploy and configure obs-sign on VM. (0.75w) > Mutatis mutandis of Copr (1w). > Sum it up (5.5 week) > > Total = 6.5 weeks Has there been any review of the package signing process by security guys? Since this is presumably different from the standard Fedora package signing process, it might make sense to have someone advise, if not done already. -- Paul W. Frieldshttp://paul.frields.org/ gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717 http://redhat.com/ - - - - http://pfrields.fedorapeople.org/ The open source story continues to grow: http://opensource.com ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
Meeting Agenda Item: Introduction Bruno Sa
Hello There, My name is Bruno (IRC: Brnzi) and I am from Brazil, Sao Paulo-SP, currently living in Los Angeles, CA. I've been using computers for around 19 years with 7 of them being in a professional capacity. Over the years I have worked with Help-Desk Support, Network Support and Manufacturing Support. I am currently moving towards Senior System Administration and Security. I am MCP and I attended the official Red Hat Linux Essentials (RH033),Red Hat Linux System Administrator (RH133). I am also studying for the Red Hat Enterprise and Offensive Security(Pen Testing using Kali Linux) Certification Exams. I would like to apply my current skill set and experience to the Fedora Project in any way I can while getting more experience and knowledge with system administration and security. Contributing with my technical skills and my language skills: (English, Portuguese and Italian). There are several goals I hope to achieve here. First and foremost is the opportunity to be part of the community by sharing my skills and learning from you all, while hopefully contributing to the community to make the world a better place where free thinking and free technology is accessible to everyone. And on a personal level making good friends and building the necessary skills to improve myself as a person and as a professional while helping the community to continue this awesome project! For the following weeks: I will try to get more familiar with the project, teams, best practises and work-flow, find something interesting to work with and then find a sponsor. I would like thank you all for the opportunity. Please feel free to contact me at: icapob...@gmail.com. If you would like to know a little bit more about my professional experience and achievements I would like to invite you to visit my Linked-in profile: www.linkedin.com/in/brunosa/ PS: Today was my first meeting - It was really great! - Thanks @nirik for the tip! :-) Kind Regards, Bruno Sa E-mail : icapob...@gmail.com www.linkedin.com/in/brunosa/ It's kind of fun to do the impossible. Walt Disney ___ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
