particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-forge-composer/.github/koji.conf
Ondřej Budai 05fd221bd4 upload/koji: add support for GSSAPI/Kerberos auth 
Prior this commit we only had support for username/password authentication
in the koji integration. This wasn't particularly useful because this
auth type isn't used in any production instance.

This commit adds the support for GSSAPI/Kerberos authentication.
The implementation uses kerby library which is very lightweight wrapper
around C gssapi library.

Also, the koji unit test and the run-koji-container script were modified
so the GSSAPI auth is fully tested.
2020-08-27 17:29:57 +01:00

70 lines
1.9 KiB
Text
Raw Blame History

; Koji installed from pip is missing the default config.
; This one is taken from Fedora 32 and installed in Github Actions.
[koji]
;configuration for koji cli tool
;url of XMLRPC server
;server = http://hub.example.com/kojihub
server = https://koji.fedoraproject.org/kojihub
;url of web interface
;weburl = http://www.example.com/koji
weburl = https://koji.fedoraproject.org/koji
;url of package download site
;pkgurl = http://www.example.com/packages
;path to the koji top directory
;topdir = /mnt/koji
topurl = https://kojipkgs.fedoraproject.org/
;configuration for Kerberos authentication
authtype = kerberos
krb_rdns = false
;the service name of the principal being used by the hub
;krbservice = host
;the principal to auth as for automated clients
;principal = client@EXAMPLE.COM
;the keytab to auth as for automated clients
;keytab = /etc/krb5.keytab
;enable to lookup dns canonical hostname for krb auth
;krb_canon_host = no
;The realm of server principal. Using client's realm if not set
;krb_server_realm = EXAMPLE.COM
;configuration for SSL authentication
;client certificate
;cert = ~/.koji/client.crt
;certificate of the CA that issued the HTTP server certificate
;serverca = ~/.koji/serverca.crt
;plugin paths, separated by ':' as the same as the shell's PATH
;koji_cli_plugins module and ~/.koji/plugins are always loaded in advance,
;and then be overridden by this option
;plugin_paths = ~/.koji/plugins
;[not_implemented_yet]
;enabled plugins for CLI, runroot and save_failed_tree are available
;plugins =
; runroot plugin is enabled by default in fedora
plugins = runroot
;timeout of XMLRPC requests by seconds, default: 60 * 60 * 12 = 43200
;timeout = 43200
;timeout of GSSAPI/SSL authentication by seconds, default: 60
;auth_timeout = 60
; use the fast upload feature of koji by default
use_fast_upload = yes
serverca = /tmp/osbuild-composer-koji-test/ca-crt.pem
Reference in a new issue View git blame Copy permalink