Re: Generate SSL certificate in %pre section

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le mercredi 06 avril 2011 Ã 17:26 +0200, RaphaÃl De GIUSTI a Ãcrit :
> Hello everyone,
> 
> 
> I have secured a yum repository with SSL. The client has to be
> authenticated to access that repository (client cert must be signed by
> my CA).
> I have packages in the %packages section of my kickstart that are in
> that protected repo.
> 
> 
> Of course, I could set this up in the %post section, but I need the
> packages to be available in the %package section.
> 
> 
> So, my idea was, in the %pre section of my kickstart, to :
> - generate a SSL certificate, 
> - send it to the "repo server",
> - make it signed by the CA, 
> - get it back,
> - setup the .repo file with appropriate parameters

Hi RaphaÃl,

What is your aim here ?

For RPM distribution using SSL, you should consider Red Hat Network
Satellite.

If for simple "security" reasons (please define those), you should be
done solely using GPG signing, to check the origin of the packages
against known keys.

Regards,

J.

-- 
JÃrÃme Fenal, RHCE                                     Tel.: +33 1 41 91 23 37
Solutions Architect                                    Mob.: +33 6 88 06 51 15
Architecte Solutions                                   Fax.: +33 1 41 91 23 32
http://www.fr.redhat.com/                                    jfenal@xxxxxxxxxx
Red Hat France SARL                                 Siret n 421 199 464 00064
Le Linea, 1 rue du GÃnÃral Leclerc                92047 Paris La DÃfense Cedex
Red Hat Summit, JBoss World 2011                 http://www.redhat.com/summit/
Red Hat Partner Summit   http://www.europe.redhat.com/mktg/partnersummit/2011/

_______________________________________________
Kickstart-list mailing list
Kickstart-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/kickstart-list



[Index of Archives]     [Red Hat General]     [CentOS Users]     [Fedora Users]     [Fedora Maintainers]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux