|
|
| (7 intermediate revisions by 4 users not shown) |
| Line 1: |
Line 1: |
| This document describes how to configure a sigul client. For more information on sigul, please see [[User:Mitr]]. | | {{admon/important|This page has moved [https://docs.pagure.org/releng/sop_sigul_client_setup.html here]| All Fedora Release Engineering Documentation has moved [https://docs.pagure.org/releng/ here] with source hosted along side the code in the [https://pagure.io/releng releng pagure repository]}} |
| | |
| = Prerequisites =
| |
| | |
| <ul>
| |
| <li> Install '''sigul''' and its dependencies. It is available in both Fedora and EPEL:
| |
| <pre>
| |
| # yum install sigul
| |
| </pre></li>
| |
| <li>Ensure that your koji certificates are present on the system that you're running the sigul client from.
| |
| <li>admin privileges on koji are required to write signatures.
| |
| <li>If you are running RHEL 6, add 'export NSS_HASH_ALG_SUPPORT=+MD5' to your ~/.bashrc.</li>
| |
| </ul>
| |
| | |
| = Configuration =
| |
| | |
| <ol>
| |
| <li> Run '''sigul_setup_client'''
| |
| <li> Choose a password for your NSS database. '''By default this will be stored on-disk in ''~/.sigul/client.conf''.'''
| |
| <li> Choose an export password. You will only need to remember it until finishing sigul_setup_client.
| |
| <li> Enter the DB password you chose earlier, then the export password. You should see the message "pk12util: PKCS12 IMPORT SUCCESSFUL"
| |
| <li> Enter the DB password again. You should see the message "Done".
| |
| <li> Assuming that you are running the sigul client within phx2, edit ~/.sigul/client.conf to include the following lines:
| |
| <pre>
| |
| [client] | |
| bridge-hostname: sign-bridge1
| |
| server-hostname: sign-vault1
| |
| </pre></li></ol>
| |
| | |
| == Configuration for Secondary Architectures ==
| |
| | |
| All steps remain the same, however you will need admin privileges on your secondary koji instance (not primary's). When editing ~/sigul/client.conf, use:
| |
| <pre>
| |
| [client]
| |
| bridge-hostname: secondary-signer
| |
| server-hostname: secondary-signer-server
| |
| </pre>
| |
| = Updating your Fedora certificate =
| |
| | |
| When your Fedora certificate expires, after updating it run the following commands:
| |
| | |
| <pre>
| |
| $ certutil -d ~/.sigul -D -n sigul-client-cert
| |
| $ sigul_setup_client
| |
| </pre>
| |
|
| |
|
| [[Category:Release Engineering SOPs]] | | [[Category:Release Engineering SOPs]] |
