Sigul setup instructions form Open Source @ Seneca Centre for Development of Open Technology
Fedora Project pages on how to use Sigul
Sigul uses a CA to generate SSL certs for the server, bridge, and clients to authenticate and encrypt communications. The server itself provides GPG keys for signing packages. In this case, I am going to setup a separate CA for sigul with respect to the CA we use for koji. The reasoning here is that koji's CA is used often, to create end user certs for access into koji. That means it's exposed often to an admin, either directly via the cli or indirectly via a webapp or other utility, when user certs are created.
The sigul CA should be kept fairly isolated in my opinion, since it's only used to add new server, bridge, and client instances. These additions should be fairly rare. Exposing the sigul CA often, as when a new end user cert is being created, opens up opportunities to create new certs that could be used to get rogue sigul clients the ability to get unauthorized rpms signed with our keys.
The bridge setup is pretty much spot on from the Seneca Sigul Setup link above. One thing you may have to do is change the sigul user's default shell in order to create the db as the sigul user using the defaults from the Fedora install of the packages.
usermod -s /bin/bash sigulNext for the server setup. First problem I need to resolve is that the server we're using for the sigul is an EL5 system. Python's sqlalchemy module that ships with EL5 is 0.3.11. There is an updated version in EPEL that also has a slightly different name - python-sqlalchemy0.5-0.5.8. Not sure if this is what's causing this error, I suspect so:
# sigul_server_create_db Traceback (most recent call last): File "/usr/share/sigul/server_create_db.py", line 21, in ? import server_common File "/usr/share/sigul/server_common.py", line 107, in ? sa.Column('name', sa.Text, nullable=False, AttributeError: 'module' object has no attribute 'Text'I've installed the EPEL python-sqlalchemy and just doing that did not solve the issue. I also cannot un-install the python-sqlalchemy provided with the OS. I am pretty sure that the issue here is that version of sqlalchemy on the OS is missing the functionality that we need for sigul tools.
To be continued...
3 comments:
Seems the error you are getting is because sqlalchemy (aliased to 'sa' on line 107 and beyond) doesn't have a Text member in its class. However, the TEXT member seems to work.
I think it might be a bug in sigul.
For the RHEL5 versions (<= 0.97) you need python-sqlachemy 0.4; Fedora has a separate "infrastructure repo" that contains packages necessary on their servers but not available in RHEL, see http://infrastructure.fedoraproject.org/5/ .
RHEL6 (>= 0.98) requires gnupg 1.x; this is available at http://people.redhat.com/mitr/rpmsigner/rhel6/ .
BTW, feel free to contact me at [email protected] . I realize the setup can be difficult.
Post a Comment