Generate SSL certificate in %pre section
Jerome Fenal
jfenal at redhat.com
Wed Apr 6 15:53:40 UTC 2011
Le mercredi 06 avril 2011 à 17:26 +0200, Raphaël De GIUSTI a écrit :
> Hello everyone,
>
>
> I have secured a yum repository with SSL. The client has to be
> authenticated to access that repository (client cert must be signed by
> my CA).
> I have packages in the %packages section of my kickstart that are in
> that protected repo.
>
>
> Of course, I could set this up in the %post section, but I need the
> packages to be available in the %package section.
>
>
> So, my idea was, in the %pre section of my kickstart, to :
> - generate a SSL certificate,
> - send it to the "repo server",
> - make it signed by the CA,
> - get it back,
> - setup the .repo file with appropriate parameters
Hi Raphaël,
What is your aim here ?
For RPM distribution using SSL, you should consider Red Hat Network
Satellite.
If for simple "security" reasons (please define those), you should be
done solely using GPG signing, to check the origin of the packages
against known keys.
Regards,
J.
--
Jérôme Fenal, RHCE Tel.: +33 1 41 91 23 37
Solutions Architect Mob.: +33 6 88 06 51 15
Architecte Solutions Fax.: +33 1 41 91 23 32
http://www.fr.redhat.com/ jfenal at redhat.com
Red Hat France SARL Siret n° 421 199 464 00064
Le Linea, 1 rue du Général Leclerc 92047 Paris La Défense Cedex
Red Hat Summit, JBoss World 2011 http://www.redhat.com/summit/
Red Hat Partner Summit http://www.europe.redhat.com/mktg/partnersummit/2011/
More information about the Kickstart-list
mailing list