Ticket #106 (new defect)

Opened 6 years ago

Last modified 15 months ago

koji download-build does not work via SSL

Reported by: till Owned by: mikeb
Priority: minor Milestone:
Component: client Version: 1.2.2
Keywords: Cc: matt@…, mcepl
Blocked By: Blocking:

Description

When I want to download packages from koji, it would be nice to make sure that they are not tampered. Therefore it would be nice to be able to download them via SSL. It works using wget and the getfile URLs, but it does not work using "koji download-build".

Example wget commandline:

wget --ca-certificate=.fedora-server-ca.cert --certificate .fedora.cert --private-key .fedora.cert "https://koji.fedoraproject.org/koji/getfile?taskID=800631&name=xorg-x11-server-Xdmx-1.4.99.906-10.fc10.jx.i386.rpm"

Change History

comment:1 Changed 5 years ago by mattmccutchen

  • Cc mattmccutchen added

comment:2 Changed 4 years ago by mattmccutchen

  • Cc matt@… added; mattmccutchen removed

I want integrity-protected Koji downloads too. Unfortunately, "getfile" does not seem to work for "old" builds, e.g., your link above does not work now. My current technique is to download the package insecurely and then check the output of rpm -q --qf '%{SIGMD5}\n' -p foo.rpm against the "Payload Hash" value on the RPM info page on Koji. Note also a proposal to sign Koji packages.

comment:3 Changed 15 months ago by mcepl

  • Cc mcepl added
Note: See TracTickets for help on using tickets.