COPR Repository for CentOS

From Dogtag
Revision as of 04:52, 21 September 2016 by Mharmsen (talk | contribs) (Fetching External COPR Builds of CentOS 7.2 PKI EPEL Packages)

Jump to: navigation, search

External COPR Builds of CentOS 7.2 PKI EPEL Packages

Creation of External COPR Builds of CentOS 7.2 PKI EPEL Packages

  • [FIRST TIME ONLY] (e. g. - the '@pki/epel-7.2' project does not exist!)
  • Download the official RHEL packages planned for inclusion in the CentOS 7.2 PKI EPEL packages:
    • mkdir -p ~/COPR/EPEL-7.2
    • Use 'wget' or 'curl' to fetch the desired Brew packages into the '~/COPR/EPEL-7.2' directory; for example:
      • tomcat-7.0.54-2.el7_1.src.rpm
      • jss-4.2.6-37.el7.src.rpm
      • tomcatjss-7.1.2-1.el7.src.rpm
      • idm-console-framework-1.1.14-1.el7dsrv.src.rpm
      • pki-core-10.2.6-8.el7pki.src.rpm
      • pki-console-10.2.6-1.el7pki.src.rpm
      • redhat-pki-theme-10.2.6-1.el7pki.src.rpm
      • redhat-pki-10.2.6-1.el7pki.src.rpm
  • Launch a browser and type the following URL:
    • https://copr.fedorainfracloud.org/
    • Authenticate using an FAS password
    • https://copr.fedorainfracloud.org/groups/g/pki/coprs/
      • Create the '@pki/epel-7.2' group project by pressing the New Group Project button
        • A form will be launched entitled Create a New Project in the group @pki; fill in the following fields
          • 1. Project information
          • 2. Build Options
            • Chroots: check the check box entitled epel-7-x86-64
            • Other Options check the check box entitled Enable internet access during builds
          • Press the 'Create' button
    • https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.2/
      • The project will consist of six tabs amongst some other information:
        • Overview
        • Packages
        • Builds
        • Modules
        • Monitor
        • Settings
          • This tab will contain the completed form; the name of the project is 'greyed-out' and is therefore NOT changeable!
    • https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.2/builds
      • Press the 'New Build' button
        • 1. Select the source type
          • Select Upload SRPM
        • 2. Provide the source
          • Browse to '~/COPR/EPEL-7.2/tomcat-7.0.54-2.el7_1.src.rpm'
        • 3. Select chroots and other options
          • Chroots check box should be checked for 'epel-7-x86_64'
          • Other Options check box should be checked for 'Enable internet access during this build'
        • Press the Build button
        • Presuming that the builds are created successfully, repeat this for the other builds substituting the value for '2. Provide the source' in this order:
          • Browse to '~/COPR/EPEL-7.2/jss-4.2.6-37.el7.src.rpm'
          • Browse to '~/COPR/EPEL-7.2/tomcatjss-7.1.2-1.el7.src.rpm'
          • Browse to '~/COPR/EPEL-7.2/idm-console-framework-1.1.14-1.el7dsrv.src.rpm'
          • Browse to '~/COPR/EPEL-7.2/pki-core-10.2.6-8.el7pki.src.rpm'
          • Browse to '~/COPR/EPEL-7.2/pki-console-10.2.6-1.el7pki.src.rpm'
          • Browse to '~/COPR/EPEL-7.2/redhat-pki-theme-10.2.6-1.el7pki.src.rpm'
          • Browse to '~/COPR/EPEL-7.2/redhat-pki-10.2.6-1.el7pki.src.rpm'

Fetching External COPR Builds of CentOS 7.2 PKI EPEL Packages

  [group_pki-epel-7.2]
  name=Copr repo for epel-7.2 owned by @pki
  baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.2/epel-7-$basearch/
  type=rpm-md
  skip_if_unavailable=True
  gpgcheck=1
  gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.2/pubkey.gpg
  repo_gpgcheck=0
  enabled=1
  enabled_metadata=1

External COPR Builds of CentOS 7.3 PKI EPEL Packages

Creation of External COPR Builds of CentOS 7.3 PKI EPEL Packages

  • [FIRST TIME ONLY] (e. g. - the '@pki/epel-7.3' project does not exist!)
  • Download the official RHEL packages planned for inclusion in the CentOS 7.3 PKI EPEL packages:
    • mkdir -p ~/COPR/EPEL-7.3
    • Use 'wget' or 'curl' to fetch the desired Brew packages into the '~/COPR/EPEL-7.3' directory; for example:
      • tomcat-7.0.69-10.el7.src.rpm
      • jss-4.2.6-42.el7.src.rpm
      • tomcatjss-7.1.2-3.el7.src.rpm
      • idm-console-framework-1.1.16-2.el7dsrv.src.rpm
      • pki-core-10.3.3-10.el7.src.rpm
      • pki-core-10.3.3-10.el7pki.src.rpm
      • pki-console-10.3.3-1.el7pki.src.rpm
      • redhat-pki-theme-10.3.3-1.el7pki.src.rpm
      • redhat-pki-10.3.3-1.el7pki.src.rpm
  • Launch a browser and type the following URL:
    • https://copr.fedorainfracloud.org/
    • Authenticate using an FAS password
    • https://copr.fedorainfracloud.org/groups/g/pki/coprs/
      • Create the '@pki/epel-7.3' group project by pressing the New Group Project button
        • A form will be launched entitled Create a New Project in the group @pki; fill in the following fields
          • 1. Project information
          • 2. Build Options
            • Chroots: check the check box entitled epel-7-x86-64
            • Other Options check the check box entitled Enable internet access during builds
          • Press the 'Create' button
    • https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.3/
      • The project will consist of six tabs amongst some other information:
        • Overview
        • Packages
        • Builds
        • Modules
        • Monitor
        • Settings
          • This tab will contain the completed form; the name of the project is 'greyed-out' and is therefore NOT changeable!
    • https://copr.fedorainfracloud.org/coprs/g/pki/epel-7.3/builds
      • Press the 'New Build' button
        • 1. Select the source type
          • Select Upload SRPM
        • 2. Provide the source
          • Browse to '~/COPR/EPEL-7.3/tomcat-7.0.69-10.el7.src.rpm'
        • 3. Select chroots and other options
          • Chroots check box should be checked for 'epel-7-x86_64'
          • Other Options check box should be checked for 'Enable internet access during this build'
        • Press the Build button
        • Presuming that the builds are created successfully, repeat this for the other builds substituting the value for '2. Provide the source' in this order:
          • Browse to '~/COPR/EPEL-7.3/jss-4.2.6-42.el7.src.rpm'
          • Browse to '~/COPR/EPEL-7.3/tomcatjss-7.1.2-3.el7.src.rpm'
          • Browse to '~/COPR/EPEL-7.3/idm-console-framework-1.1.16-2.el7dsrv.src.rpm'
          • Browse to '~/COPR/EPEL-7.3/pki-core-10.3.3-10.el7.src.rpm'
          • Browse to '~/COPR/EPEL-7.3/pki-core-10.3.3-10.el7pki.src.rpm'
          • Browse to '~/COPR/EPEL-7.3/pki-console-10.3.3-1.el7pki.src.rpm'
          • Browse to '~/COPR/EPEL-7.3/redhat-pki-theme-10.3.3-1.el7pki.src.rpm'
          • Browse to '~/COPR/EPEL-7.3/redhat-pki-10.3.3-1.el7pki.src.rpm'

Fetching External COPR Builds of CentOS 7.3 PKI EPEL Packages

  [group_pki-epel-7.3]
  name=Copr repo for epel-7.3 owned by @pki
  baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/epel-7-$basearch/
  type=rpm-md
  skip_if_unavailable=True
  gpgcheck=1
  gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/pubkey.gpg
  repo_gpgcheck=0
  enabled=1
  enabled_metadata=1

Testing External COPR Builds of PKI EPEL Packages on CentOS 7

Create a CentOS 7 VM

  • sudo yum update
  • sync; sync; sync; reboot

Download and Install 389 Packages to the CentOS 7 VM

  • Download and install a 389 Directory Server:
    • sudo yum install 389-ds-base
    • sudo /usr/sbin/setup-ds.pl

Download and Install PKI Packages to the CentOS 7 VM

  • Create a yum repo for PKI EPEL 7.2 or PKI EPEL 7.3:
    • (e. g. - setting up the CentOS 7 VM to test PKI EPEL 7.3 packages)
    • sudo vi /etc/yum.repos.d/pki-epel-7.3.repo
  [group_pki-epel-7.3]
  name=Copr repo for epel-7.3 owned by @pki
  baseurl=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/epel-7-$basearch/
  type=rpm-md
  skip_if_unavailable=True
  gpgcheck=1
  gpgkey=https://copr-be.cloud.fedoraproject.org/results/@pki/epel-7.3/pubkey.gpg
  repo_gpgcheck=0
  enabled=1
  enabled_metadata=1
  • Download and install PKI packages using the Meta package:
    • sudo yum install redhat-pki

Install a PKI CA Server Instance on the CentOS 7 VM

  • Create an installation configuration file for a new PKI instance of a CA:
    • sudo mkdir -p /root/pki
    • sudo vi /root/pki/ca.cfg
  [DEFAULT]
  pki_admin_password=<password>
  pki_client_pkcs12_password=<password>
  pki_ds_password=<password>
  • Create a new PKI instance of a CA:
    • sudo script -c 'pkispawn -s CA -f /root/pki/ca.cfg -vvv'

Install a Fresh PKI CA Client Browser Profile on the CentOS 7 VM

  • Create a new Firefox browser profile and test out the CA server:
    • Fetch '/root/.dogtag/pki-tomcat/ca_admin_cert.p12' from the CA Server and place a world readable copy of this under '/tmp'
    • Launch a new Firefox browser profile
      • https://<hostname fqdn>:8443/ca/services/
      • https://<hostname fqdn>:8443/ca/ee/ca/
        • Select the Retrieval Tab
          • Select Import CA Certificate Chain
            • Select Import the CA certificate chain into your browser radio button and press Submit
              • Mark all three trust check boxes in the pop-up dialog
        • Select the Enrollment / Renewal Tab
        • Select the Browser Menu
          • Select the Preferences Icon
            • Select Advanced | Certificates | View Certificates | Your Certificates | Import..., load /tmp/ca_admin_cert.p12, and authenticate it to load it into the browser
      • https://<hostname fqdn>:8443/ca/ee/ca/
        • Select the Enrollment / Renewal Tab
          • Select the Manual User Dual-Use Certificate Enrollment profile
            • In the UID field type CentOS 7.3 test and press the Submit button
      • https://<hostname fqdn>:8443/ca/agent/ca/ and select the newly imported Administration Certificate
        • Select List Requests and press Find
          • Select the newly submitted request id and press the submit button
        • Select List Certificates and press Find
          • Click on the certificate with the Subject Name of UID=CentOS 7.3 test
    • Remove '/tmp/ca_admin_cert.p12'