dgilmore changed the topic of #fedora-riscv to: Fedora on RISC-V https://fedoraproject.org/wiki/Architectures/RISC-V || Logs: https://libera.irclog.whitequark.org/fedora-riscv || Alt Arch discussions are welcome in #fedora-alt-arches
unlord has quit [Ping timeout: 264 seconds]
unlord has joined #fedora-riscv
jednorozec has quit [Read error: Connection reset by peer]
jednorozec has joined #fedora-riscv
unlord has quit [*.net *.split]
fuwei has quit [*.net *.split]
ChanServ has quit [*.net *.split]
tg has quit [*.net *.split]
aurel32 has quit [*.net *.split]
rwmjones has quit [*.net *.split]
djdelorie has quit [*.net *.split]
guerby has quit [*.net *.split]
palmer has quit [*.net *.split]
Kevinsadminaccou has quit [*.net *.split]
drewfustini has quit [*.net *.split]
ahs3 has quit [*.net *.split]
davidlt[m] has quit [*.net *.split]
hiredman[m] has quit [*.net *.split]
nirik99 has quit [*.net *.split]
iooi has quit [*.net *.split]
lorbus has quit [*.net *.split]
jeffgus[m] has quit [*.net *.split]
nirik has quit [*.net *.split]
Eighth_Doctor has quit [*.net *.split]
JeffGustafson[m] has quit [*.net *.split]
sxa[m] has quit [*.net *.split]
Entei[m] has quit [*.net *.split]
davide has quit [*.net *.split]
cwt[m] has quit [*.net *.split]
mhroncok has quit [*.net *.split]
mochaaP[m] has quit [*.net *.split]
zbyszek[m] has quit [*.net *.split]
somlo[m] has quit [*.net *.split]
alexsaezm has quit [*.net *.split]
defolos has quit [*.net *.split]
kito-cheng has quit [*.net *.split]
pjw_ has quit [*.net *.split]
pbrobinson has quit [*.net *.split]
moto-timo has quit [*.net *.split]
alexfanqi has quit [*.net *.split]
tibbs has quit [*.net *.split]
jonmasters has quit [*.net *.split]
diagprov has quit [*.net *.split]
kwizart has quit [*.net *.split]
kalev-guadec has quit [*.net *.split]
xen0n has quit [*.net *.split]
Ferix_afk has quit [*.net *.split]
NishanthMenon has quit [*.net *.split]
conchuod has quit [*.net *.split]
brianmcarey[m] has quit [*.net *.split]
AutiBoyRobotics[ has quit [*.net *.split]
acharles has quit [*.net *.split]
dtometzki__ has quit [*.net *.split]
thefossguy has quit [*.net *.split]
ol has quit [*.net *.split]
gotmax23 has quit [*.net *.split]
skip77 has quit [*.net *.split]
javierm has quit [*.net *.split]
sorear has quit [*.net *.split]
aurel32 has joined #fedora-riscv
ahs3 has joined #fedora-riscv
palmer has joined #fedora-riscv
davidlt[m] has joined #fedora-riscv
sorear has joined #fedora-riscv
drewfustini has joined #fedora-riscv
guerby has joined #fedora-riscv
tg has joined #fedora-riscv
djdelorie has joined #fedora-riscv
iooi has joined #fedora-riscv
nirik99 has joined #fedora-riscv
rwmjones has joined #fedora-riscv
xen0n has joined #fedora-riscv
kalev-guadec has joined #fedora-riscv
javierm has joined #fedora-riscv
skip77 has joined #fedora-riscv
conchuod has joined #fedora-riscv
NishanthMenon has joined #fedora-riscv
unlord has joined #fedora-riscv
Ferix_afk has joined #fedora-riscv
fuwei has joined #fedora-riscv
diagprov has joined #fedora-riscv
pbrobinson has joined #fedora-riscv
kwizart has joined #fedora-riscv
alexfanqi has joined #fedora-riscv
ChanServ has joined #fedora-riscv
jonmasters has joined #fedora-riscv
moto-timo has joined #fedora-riscv
kito-cheng has joined #fedora-riscv
tibbs has joined #fedora-riscv
pjw_ has joined #fedora-riscv
acharles has joined #fedora-riscv
jeffgus[m] has joined #fedora-riscv
<davidlt[m]> GUADEC Day 2: https://www.youtube.com/@GNOMEDesktop
<conchuod> davidlt[m]: Are you coming to Cork
Kevinsadminaccou has joined #fedora-riscv
nirik has joined #fedora-riscv
defolos has joined #fedora-riscv
Entei[m] has joined #fedora-riscv
<Entei[m]> davidlt: the authorisation system doesn't seem to take into account anything but the SSL certificate. I created added a user named riscv through koji cli, and then created a user account named riscv on the PC.
<Entei[m]> Created the certificate for the riscv user, and I can ping the server. Even nicely says I don't have permissions to create tag.
<Entei[m]> But for experimental purposes, I just copied the kojiadmin certificate into riscv user account as client.crt. Now my riscv user has admin privileges even without granting it any permission whatsoever.
<davidlt[m]> As I said before certificate is all you need to access the Koji system.
<davidlt[m]> What user is mapped to that certificate is based on Common Name entry in it.
<davidlt[m]> The account name on the "PC" has no relevance here.
<davidlt[m]> It's what listed in CN=<name> matters.
<Entei[m]> <davidlt[m]> "What user is mapped to that..." <- Oh so the mapping is just for authorisation, not authentication. I can authorise as long as the name in database and the certificate are same, but what role I have in infra depends on what I certificate I received.
<davidlt[m]> No
<davidlt[m]> Permissions are stored in the database for that user.
<davidlt[m]> The certificate is just basically: hey, I am user XYZ to Koji.
<davidlt[m]> As long as Koji can validate the certificate it will says: yes, you are CN=XYZ user.
<Entei[m]> Oh right. I am dumb. You just said the username on computer doesn;t matter. I am making the same mistake.
<Entei[m]> So the only way to isolate roles would be to tell users don't share your SSL certificate with others.
<davidlt[m]> Yes, which is a common sense in general :)
<davidlt[m]> I mean, I hope folks don't share their password around, or YubiKeys or something :)
<davidlt[m]> Or even key cards to enter buildings.
<davidlt[m]> If you want multi-factor auth, place a password on the certificate when creating it.
<davidlt[m]> In that case certificate alone is not enough.
<Entei[m]> davidlt[m]: Yep, was thinking the same. I created certificates with `--nodes`
<davidlt[m]> Or just don't user TLS certificates and setup Kerberos infra (which tends to be annoying).
somlo has joined #fedora-riscv
davidlt has joined #fedora-riscv
<davidlt[m]> FYI if you have Fedora/RISCV Koji account don't use rawhide or/and f39 targets yet. Branching is still WIP.
davidlt has quit [Quit: Leaving]
dtometzki__ has joined #fedora-riscv
<dtometzki__> hello together anyone know a way to delver the new licheepi to germany ?
<Entei[m]> davidlt: Hey, I am doing a trial. Created another account, generated certificates for it and gave it admin permission through koji cli.
<Entei[m]> I have selinux disabled btw.
<Entei[m]> The account is able to ping server and create tags, but when I add a package to a tag, with `koji add-pkg`, it seemingly gets stuck.
<davidlt[m]> It? Stuck? Define both.
<leah2> dtometzki__: ordering on aliexpress should work, no?
lorbus has joined #fedora-riscv
AutiBoyRobotics[ has joined #fedora-riscv
somlo[m] has joined #fedora-riscv
sxa[m] has joined #fedora-riscv
hiredman[m] has joined #fedora-riscv
brianmcarey[m] has joined #fedora-riscv
mhroncok has joined #fedora-riscv
ol has joined #fedora-riscv
Eighth_Doctor has joined #fedora-riscv
thefossguy has joined #fedora-riscv
mochaaP[m] has joined #fedora-riscv
gotmax23 has joined #fedora-riscv
zbyszek[m] has joined #fedora-riscv
cwt[m] has joined #fedora-riscv
alexsaezm has joined #fedora-riscv
davide has joined #fedora-riscv
JeffGustafson[m] has joined #fedora-riscv
<davidlt[m]> kernel v6.4.7 was tagged.
<davidlt[m]> I don't think there is anything riscv specific in it.
<davidlt[m]> GCC 13.2 also got released.
jednorozec has quit [Ping timeout: 260 seconds]
masami has joined #fedora-riscv
masami has quit [Quit: Leaving]
<Entei[m]> <davidlt[m]> "It? Stuck? Define both." <- My shell is hung up
<davidlt[m]> Check the logs?
jednorozec has joined #fedora-riscv
zsun has joined #fedora-riscv
sajcho has joined #fedora-riscv
<sajcho> davidlt[m]: Please review the build result of gcc-13.2.0 https://dpaste.com/8GM5AGDWQ. I'm sorry it's not riscv64 but I'm talking about basic configuration.
sajcho has quit [Ping timeout: 246 seconds]
zsun has quit [Quit: Leaving.]
mochaaP[m] has quit [Quit: You have been kicked for being idle]
esv has quit [Remote host closed the connection]
esv has joined #fedora-riscv
droidrage has joined #fedora-riscv
zsun has joined #fedora-riscv