Difference between revisions of "COPR Repository for CentOS"
From Dogtag
m (→External PKI COPR EPEL Builds for CentOS 7.2) |
m (→Fetch External COPR Builds of CentOS 7.3 PKI EPEL Packages) |
||
| Line 60: | Line 60: | ||
***** Browse to '~/COPR/EPEL-7.3/redhat-pki-10.3.3-1.el7pki.src.rpm' | ***** Browse to '~/COPR/EPEL-7.3/redhat-pki-10.3.3-1.el7pki.src.rpm' | ||
| − | == | + | == Fetching External COPR Builds of CentOS 7.3 PKI EPEL Packages == |
* External COPR builds of CentOS 7.3 PKI EPEL packages are maintained via [https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.3/ @pki/epel-7.3]: | * External COPR builds of CentOS 7.3 PKI EPEL packages are maintained via [https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.3/ @pki/epel-7.3]: | ||
** https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.3/repo/epel-7/group_pki-epel-7.3-epel-7.repo | ** https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.3/repo/epel-7/group_pki-epel-7.3-epel-7.repo | ||
Revision as of 23:44, 20 September 2016
Contents
- 1 External COPR Builds of CentOS 7.2 PKI EPEL Packages
- 2 External COPR Builds of CentOS 7.3 PKI EPEL Packages
- 2.1 Creation of External COPR Builds of CentOS 7.3 PKI EPEL Packages
- 2.2 Fetching External COPR Builds of CentOS 7.3 PKI EPEL Packages
- 2.3 Create a CentOS 7 VM
- 2.4 Download and Install 389 / PKI Packages to the CentOS 7 VM
- 2.5 Install a PKI CA Server Instance on the CentOS 7 VM
- 2.6 Install a Fresh PKI CA Client Browser Profile on the CentOS 7 VM
External COPR Builds of CentOS 7.2 PKI EPEL Packages
External COPR Builds of CentOS 7.3 PKI EPEL Packages
Creation of External COPR Builds of CentOS 7.3 PKI EPEL Packages
- [FIRST TIME ONLY] (e. g. - the '@pki/epel-7.3' project does not exist!)
- Download the official RHEL packages planned for inclusion in the CentOS 7.3 PKI EPEL packages:
- mkdir -p ~/COPR/EPEL-7.3
- Use 'wget' or 'curl' to fetch the desired Brew packages into the '~/COPR/EPEL-7.3' directory; for example:
- tomcat-7.0.69-10.el7.src.rpm
- jss-4.2.6-42.el7.src.rpm
- tomcatjss-7.1.2-3.el7.src.rpm
- idm-console-framework-1.1.16-2.el7dsrv.src.rpm
- pki-core-10.3.3-10.el7.src.rpm
- pki-core-10.3.3-10.el7pki.src.rpm
- pki-console-10.3.3-1.el7pki.src.rpm
- redhat-pki-theme-10.3.3-1.el7pki.src.rpm
- redhat-pki-10.3.3-1.el7pki.src.rpm
- Launch a browser and type the following URL:
- https://copr.fedorainfracloud.org/
- Authenticate using an FAS password
- https://copr.fedorainfracloud.org/groups/g/pki/coprs/
- Create the '@pki/epel-7.3' group project by pressing the New Group Project button
- A form will be launched entitled Create a New Project in the group @pki; fill in the following fields
- 1. Project information
- Project Name: epel-7.3
- Description: Dogtag Certificate System
- Homepage: http://pki.fedoraproject.org/wiki/PKI_Main_Page
- Contact: pki-devel@redhat.com
- 2. Build Options
- Chroots: check the check box entitled epel-7-x86-64
- Other Options check the check box entitled Enable internet access during builds
- Press the 'Create' button
- 1. Project information
- A form will be launched entitled Create a New Project in the group @pki; fill in the following fields
- Create the '@pki/epel-7.3' group project by pressing the New Group Project button
- https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.3/
- The project will consist of six tabs amongst some other information:
- Overview
- Packages
- Builds
- Modules
- Monitor
- Settings
- This tab will contain the completed form; the name of the project is 'greyed-out' and is therefore NOT changeable!
- The project will consist of six tabs amongst some other information:
- https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.3/builds
- Press the 'New Build' button
- 1. Select the source type
- Select Upload SRPM
- 2. Provide the source
- Browse to '~/COPR/EPEL-7.3/tomcat-7.0.69-10.el7.src.rpm'
- 3. Select chroots and other options
- Chroots check box should be checked for 'epel-7-x86_64'
- Other Options check box should be checked for 'Enable internet access during this build'
- Press the Build button
- Presuming that the builds are created successfully, repeat this for the other builds substituting the value for '2. Provide the source' in this order:
- Browse to '~/COPR/EPEL-7.3/jss-4.2.6-42.el7.src.rpm'
- Browse to '~/COPR/EPEL-7.3/tomcatjss-7.1.2-3.el7.src.rpm'
- Browse to '~/COPR/EPEL-7.3/idm-console-framework-1.1.16-2.el7dsrv.src.rpm'
- Browse to '~/COPR/EPEL-7.3/pki-core-10.3.3-10.el7.src.rpm'
- Browse to '~/COPR/EPEL-7.3/pki-core-10.3.3-10.el7pki.src.rpm'
- Browse to '~/COPR/EPEL-7.3/pki-console-10.3.3-1.el7pki.src.rpm'
- Browse to '~/COPR/EPEL-7.3/redhat-pki-theme-10.3.3-1.el7pki.src.rpm'
- Browse to '~/COPR/EPEL-7.3/redhat-pki-10.3.3-1.el7pki.src.rpm'
- 1. Select the source type
- Press the 'New Build' button
Fetching External COPR Builds of CentOS 7.3 PKI EPEL Packages
- External COPR builds of CentOS 7.3 PKI EPEL packages are maintained via @pki/epel-7.3:
[group_pki-epel-7.3] name=Copr repo for epel-7.3 owned by @pki baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/epel-7-$basearch/ type=rpm-md skip_if_unavailable=True gpgcheck=1 gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/pubkey.gpg repo_gpgcheck=0 enabled=1 enabled_metadata=1
Create a CentOS 7 VM
- sudo yum update
- sync; sync; sync; reboot
Download and Install 389 / PKI Packages to the CentOS 7 VM
- Download and install a 389 Directory Server:
- sudo yum install 389-ds-base
- sudo /usr/sbin/setup-ds.pl
- Create a yum repo for PKI EPEL 7.3:
- sudo vi /etc/yum.repos.d/pki-epel-7.3.repo
[group_pki-epel-7.3] name=Copr repo for epel-7.3 owned by @pki baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/epel-7-$basearch/ type=rpm-md skip_if_unavailable=True gpgcheck=1 gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/pubkey.gpg repo_gpgcheck=0 enabled=1 enabled_metadata=1
- Download and install PKI packages using the Meta package:
- sudo yum install redhat-pki
Install a PKI CA Server Instance on the CentOS 7 VM
- Create an installation configuration file for a new PKI instance of a CA:
- sudo mkdir -p /root/pki
- sudo vi /root/pki/ca.cfg
[DEFAULT] pki_admin_password=<password> pki_client_pkcs12_password=<password> pki_ds_password=<password>
- Create a new PKI instance of a CA:
- sudo script -c 'pkispawn -s CA -f /root/pki/ca.cfg -vvv'
Install a Fresh PKI CA Client Browser Profile on the CentOS 7 VM
- Create a new Firefox browser profile and test out the CA server:
- Fetch '/root/.dogtag/pki-tomcat/ca_admin_cert.p12' from the CA Server and place a world readable copy of this under '/tmp'
- Launch a new Firefox browser profile
- https://<hostname fqdn>:8443/ca/services/
- https://<hostname fqdn>:8443/ca/ee/ca/
- Select the Retrieval Tab
- Select Import CA Certificate Chain
- Select Import the CA certificate chain into your browser radio button and press Submit
- Mark all three trust check boxes in the pop-up dialog
- Select Import the CA certificate chain into your browser radio button and press Submit
- Select Import CA Certificate Chain
- Select the Enrollment / Renewal Tab
- Select the Browser Menu
- Select the Preferences Icon
- Select Advanced | Certificates | View Certificates | Your Certificates | Import..., load /tmp/ca_admin_cert.p12, and authenticate it to load it into the browser
- Select the Preferences Icon
- Select the Retrieval Tab
- https://<hostname fqdn>:8443/ca/ee/ca/
- Select the Enrollment / Renewal Tab
- Select the Manual User Dual-Use Certificate Enrollment profile
- In the UID field type CentOS 7.3 test and press the Submit button
- Select the Manual User Dual-Use Certificate Enrollment profile
- Select the Enrollment / Renewal Tab
- https://<hostname fqdn>:8443/ca/agent/ca/ and select the newly imported Administration Certificate
- Select List Requests and press Find
- Select the newly submitted request id and press the submit button
- Select List Certificates and press Find
- Click on the certificate with the Subject Name of UID=CentOS 7.3 test
- Select List Requests and press Find
- Remove '/tmp/ca_admin_cert.p12'
