Generate SSL certificate in %pre section

[Jerome Fenal]

Le mercredi 06 avril 2011 à 17:26 +0200, Raphaël De GIUSTI a écrit :
> Hello everyone,
> 
> 
> I have secured a yum repository with SSL. The client has to be
> authenticated to access that repository (client cert must be signed by
> my CA).
> I have packages in the %packages section of my kickstart that are in
> that protected repo.
> 
> 
> Of course, I could set this up in the %post section, but I need the
> packages to be available in the %package section.
> 
> 
> So, my idea was, in the %pre section of my kickstart, to :
> - generate a SSL certificate, 
> - send it to the "repo server",
> - make it signed by the CA, 
> - get it back,
> - setup the .repo file with appropriate parameters

Hi Raphaël,

What is your aim here ?

For RPM distribution using SSL, you should consider Red Hat Network
Satellite.

If for simple "security" reasons (please define those), you should be
done solely using GPG signing, to check the origin of the packages
against known keys.

Regards,

J.

-- 
Jérôme Fenal, RHCE                                     Tel.: +33 1 41 91 23 37
Solutions Architect                                    Mob.: +33 6 88 06 51 15
Architecte Solutions                                   Fax.: +33 1 41 91 23 32
http://www.fr.redhat.com/                                    jfenal at redhat.com
Red Hat France SARL                                 Siret n° 421 199 464 00064
Le Linea, 1 rue du Général Leclerc                92047 Paris La Défense Cedex
Red Hat Summit, JBoss World 2011                 http://www.redhat.com/summit/
Red Hat Partner Summit   http://www.europe.redhat.com/mktg/partnersummit/2011/