Fedora User Certificates
Dmitry Butskoy
buc at odusz.so-cdu.ru
Mon Aug 25 14:21:15 UTC 2008
Dennis Gilmore wrote:
> Effective immediately we have replaced the CA that is in use for
> cvs.fedoraproject.org and koji.fedoraproject.org This effects uploading to
> lookaside cache and building packages.
>
> There are some manual steps that everyone needs to do to be able to use the
> systems again.
>
> they are
> login to https://admin.fedoraproject.org/accounts/ and click on the "Download
> a client-side certificate" link at the bottom of the home page. save the
> output to ~/.fedora.cert
>
> rm ~/.fedora-server-ca.cert ~/.fedora-upload-ca.cert
> fedora-packager-setup
>
According to the "fedora-packager-setup" script, the sources for these
two certificates are:
https://admin.fedoraproject.org/accounts/fedora-server-ca.cert
and
https://admin.fedoraproject.org/accounts/fedora-upload-ca.cert
respectively.
Does anybody else see the horizontal scrollbar when opening these
certificates' links in a browser? IOW, several first lines in both
certificates are too long, because of extra spaces at the end-of-line.
Try, fe.:
sed 's/$/<NL>/' .fedora-server-ca.cert
My result is:
> -----BEGIN
> CERTIFICATE-----
> <NL>
> MIIK6zCCBt+gAwIBAgIJAMXcvWMyB9ZeMA0GCSqGSIb3DQEBBQUAMIGxMQswCQYD
> <NL>
> VQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcTB1JhbGVp
> <NL>
> Z2gxFzAVBgNVBAoTDkZlZG9yYSBQcm9qZWN0MRowGAYDVQQLExFGZWRvcmEgUHJv
> <NL>
> amVjdCBDQTEaMBgGA1UEAxMRRmVkb3JhIFByb2plY3QgQ0ExJjAkBgkqhkiG9w0B
> <NL>
> CQEWF2FkbWluQGZlZG9yYXByb2plY3Qub3JnMB4XDTA4MDgyMDE0NDkxNloXDTE4
> <NL>
> MDgxODE0NDkxNlowgbExCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJv
> <NL>
> bGluYTEQMA4GA1UEBxMHUmFsZWlnaDEXMBUGA1UEChMORmVkb3JhIFByb2plY3Qx
> <NL>
> GjAYBgNVBAsTEUZlZG9yYSBQcm9qZWN0IENBMRowGAYDVQQDExFGZWRvcmEgUHJv
> <NL>
> amVjdCBDQTEmMCQGCSqGSIb3DQEJARYXYWRtaW5AZmVkb3JhcHJvamVjdC5vcmcw
> <NL>
> ggQWMA0GCSqGSIb3DQEBAQUAA4IEAwAwggP+AoID9QDIH2F1s0y5V7xBc2tHlXOA
> <NL>
> H7999QZ76BU1qtDg4g4k2KyYTG7Gk5eNnJntbpYtRNPL0bQymJIhcfkMCER+UOfv
> <NL>
> mum6hrwYSrb0ehsIP1mY9QXdJnlvA1ViXMpZy74byaue9Rn+9GOaOtRWv9dZ5/j4
> <NL>
> Wf9JDOt7TzgFfTPZrtasqlSaOicWJuAKyp2SkQup3I0fTtM4/LpR6BY+dDr7ud9d
> <NL>
> LTukkGuOPnNx1pxKkuN0jKYwZjwUcQHlRUNF5xrARU5youYSD7ReWdJsZkirJ0W2
> <NL>
> dZkUQaIUm55v3p4soMYnbPeJFoAbSJkqSCPI4c/ex/Xr1xp3dXvd0vi9K+w8tvw1
> <NL>
> Q3XUvQxum97dbcM7Sw3gRfpFy6K3Up+xXaEnMDGhX31zQAHFTP/P7N+CWNwLg57r
> <NL>
> EmuYVfP31b6qsyvuLnpMqe0fYRNWOiJYMALPyRT15RSFGaLyKevqqzR5DFmHQI2C
> <NL>
> wl5UFsmBK4LJWqaxE/shuNWEx70BzRYOnPgPr3ohXKBLLxZZtVSlEh+N5FW07Y7T
> <NL>
> LkzFGxc0uArsi6EsA9AS0rGJ7FOqMNctvQoR3UFPh5bkXMHgz7aunrB1n5x5rmHk
> <NL>
> g/ni5RoxUZgKDuRu1injapnSDC+C3npyk/18g9L7KI810mI/mGFxAtqUcfzG8LP6
> <NL>
> kk7F4ZvwZJaB/rXBhpYqD6nVvybGP1SEiuSUmj9g6iqkL8dtdrLa8arJHJLvuSE3
> <NL>
> VciBR+QNAUE3vyvuifXK4il4QNuvUEqFJOqehkejKbPDkAkQoyIUdr09XBNK1G9O
> <NL>
> NbnfJIh+ufiOLpLHr5ya+IM/2DOQTz9WboT74I1dPaI3nxs2iTRrL5Di2xRQlscq
> <NL>
> e3RrLlvZF8O5a4VwHy59TY86YLOnRa4+DbcFv+hBdduOMFfTu3kTxJVSJ8UNRPCL<NL>
> MMh+jpwBrPLcezA/2S2fRsjn0xrVNkZhfVTkKX3IJif6AwRvAKauSzEMj5rFRxaa<NL>
> 9sJwGV6kDwlmsmVaqXHS1mloJ5eOw07ch7iQQAsHxojneXU6clAKII2lM7AWwoW6<NL>
> WZIiGb/BCpRL23YbXcq89Aq/Rb6TCekAhBybbodlkYThZmSrUfVbntzj7489vP0k<NL>
> ClSfVk6j4DNbSdwC89xfnKaOV2d4oVNWUvnQeXy+XZNfgVEpQraJlsN4Nf/hVrUI<NL>
> aog7qBaZDYxjiiXg2TFcxNrONQruGngCgDBC9kpdaph+irt5Ddb6j8cgsquRG9/j<NL>
> +CM+gzw3fjKGkijMMyBDsyvlOuNgy+VAahSJvI95P8LLsw4WLub3H3lI4/o+gp0s<NL>
> VLPMo+j/SypJw/IxDeCV2UvspqhWRDqUj6CUKWHu3jveW327AgMBAAGjggEaMIIB<NL>
> FjAdBgNVHQ4EFgQUwNk/0QSeuc4HfmzLbSSZrErtu3owgeYGA1UdIwSB3jCB24AU<NL>
> wNk/0QSeuc4HfmzLbSSZrErtu3qhgbekgbQwgbExCzAJBgNVBAYTAlVTMRcwFQYD<NL>
> VQQIEw5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBxMHUmFsZWlnaDEXMBUGA1UEChMO<NL>
> RmVkb3JhIFByb2plY3QxGjAYBgNVBAsTEUZlZG9yYSBQcm9qZWN0IENBMRowGAYD<NL>
> VQQDExFGZWRvcmEgUHJvamVjdCBDQTEmMCQGCSqGSIb3DQEJARYXYWRtaW5AZmVk<NL>
> b3JhcHJvamVjdC5vcmeCCQDF3L1jMgfWXjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3<NL>
> DQEBBQUAA4ID9QClrBcpX7Ml41iNEKr/b+Dwa0963DQOBl0mgCyNrm2Wvh1WJ2NJ<NL>
> HCP24A1jRe/AGR3/ORlvynZWfj7toJYpp0Ao21oXkHr4/8yYJfZ+eD+5R/ZmqbMS<NL>
> fhsmxsHpFFLfMa3iQsyM/ys/A61Y0f16w77TM0IwaVA3+f23V4xvfirKIMkP+8My<NL>
> r7TSX9mN7VZd3X4zHBgRBefufOic24SWNKD7zBooh9r+yV63HbmlWRoa6xoJlS/M<NL>
> OYGO80/AdqQ1iVe+F2zgDHQrQWWARHn3p3oE5JSI4m7UBaLpf1ei2HjeG0tUntVW<NL>
> 32RGHalofN++bvVBqppKo1ijNQbTBMX9WcCMd3nE80X9LW7ZfqNDGJigl8WBPVNN<NL>
> 278fMWj/XsCYS4XwojJLzzeBmilEnD6SYwkmgEtcLnY91hsJzvbbglFeSAVUvfyA<NL>
> iCbnHmZbNugH6HiiTrXlXDI85XUEB3kn3orKhNaeerPfo/GnBXoNFw3tSs3QrWSm<NL>
> b8KQbPDgErvNP9thug/4xg+rPxo3oh5lbqQJ5HvDne+V/6tvW7TeHqzJ4k+OJguZ<NL>
> x4GAD87I+cLfPICRGwUFQ4EuA5vhQ4FVAfjKgXSyzqpNuCt8JTotyjIh3t6vk7YQ<NL>
> udtkBCixVxtM5U7i78SME+h+QhrNj5DsxB4K3BLpqWnqOigLVkxRxeBVXjDL2+hn<NL>
> izx4eJvkNiIVKtB9tgKjSy7led3Wc/k1Ut0NjZ/iFB8WCo7me0jnVHSebxD9olA7<NL>
> n606/L5gfAN+Ln4hjbVJL+tEgdWezP5pJHwEDBWyQLtQmsxEKQPeDVgi5BTQNRNi<NL>
> X0xnfgTShhDKN4mEq+Y1C8IMqbi0vb01P4CA9IU2cHcrH26Apq/xKBSnnfDAh1yy<NL>
> LHBF738arlYVBeaqoUrKhroXxr4wQprIGu/AdPKEXz2c29TE5H7yjRSvIy7ui7EN<NL>
> NujCosP/IO7YBFhkpDYPq2fByQO5jiZAF58eVX2TlbjM4N+SDG/bpP0WeWlq0JHK<NL>
> FmxcI5N+s7mR0uK3h0WF5fl1vK/d53YzFO6dI/I5Kh8LVtq0diyYmw6LHXPlTJiJ<NL>
> nk7ILFds81Ii6EvMmOPD+MX/BQ/YJRaCclixFLk/KaTap8/fZLBotG/5SjBdwFOd<NL>
> UwVntskUTnai3Vjw0XuBUuKhotenjH/aPbewm/VN9TDjGq9pxaCI8rHX02CIU64U<NL>
> QuJak6mhyUyB/km02afEYBDDh+lPljKOnmfQhVJXvtBUSbtY/cWP4gJZ901u27fG<NL>
> Xs6hMQbMUn3fYy43Z3VX/BCS+P2UhorNQB6p17xTs0kTM9pI8aDy/uCwk3F+K/uW<NL>
> YPF6KxAYMs2ema7PGl2D<NL>
> -----END CERTIFICATE-----<NL>
Perhaps the binary data (incapsulated in the base64 form) is OK, but the
fact that there are such strange "in general" and strange "invisible"
garbage in the security-sensitive data causes people at least to ask
about it...
~buc
More information about the fedora-devel-list
mailing list