57 lines
1.5 KiB
Text
57 lines
1.5 KiB
Text
== Sigul Client Setup
|
|
|
|
This document describes how to configure a sigul client. For more
|
|
information on sigul, please see link:User-Mitr[User:Mitr]
|
|
|
|
=== Prerequisites
|
|
|
|
. Install `sigul` and its dependencies. It is available in both Fedora
|
|
and EPEL:
|
|
+
|
|
On Fedora:
|
|
+
|
|
....
|
|
dnf install sigul
|
|
....
|
|
+
|
|
On RHEL/CentOS (Using EPEL):
|
|
+
|
|
....
|
|
yum install sigul
|
|
....
|
|
. Ensure that your koji certificate and the link:Fedora-Cert[Fedora CA
|
|
certificates] are present on the system you're running the sigul client
|
|
from at the following locations:
|
|
* `~/.fedora.cert`
|
|
* `~/.fedora-server-ca.cert`
|
|
* `~/.fedora-upload-ca.cert`
|
|
. Admin privileges on koji are required to write signatures.
|
|
|
|
=== Configuration
|
|
|
|
. Run `sigul_setup_client`
|
|
. Choose a password for your NSS database. By default this will be
|
|
stored on-disk in `~/.sigul/client.conf`.
|
|
. Choose an export password. You will only need to remember it until
|
|
finishing `sigul_setup_client`.
|
|
. Enter the DB password you chose earlier, then the export password. You
|
|
should see the message `pk12util: PKCS12 IMPORT SUCCESSFUL`
|
|
. Enter the DB password again. You should see the message `Done`.
|
|
. Assuming that you are running the sigul client within phx2, edit
|
|
`~/.sigul/client.conf` to include the following lines:
|
|
|
|
....
|
|
[client]
|
|
bridge-hostname: sign-bridge.phx2.fedoraproject.org
|
|
server-hostname: sign-vault.phx2.fedoraproject.org
|
|
....
|
|
|
|
=== Updating your Fedora certificate
|
|
|
|
When your Fedora certificate expires, after updating it run the
|
|
following commands:
|
|
|
|
....
|
|
$ certutil -d ~/.sigul -D -n sigul-client-cert
|
|
$ sigul_setup_client
|
|
....
|