Move fkinit user default check

Otherwise the check for .fedora.upn does not apply
fkinit: disable the timeouts for systemd-ask-password
2025-12-08 22:05:46 +00:00 · 2025-10-11 14:32:23 +08:00 · 2025-09-22 11:19:05 +03:00 · 2025-07-23 20:26:34 +00:00 · 2025-07-06 15:44:20 -07:00 · 2025-06-27 15:21:27 +08:00
5 changed files with 30 additions and 7 deletions
--- a/fedora-packager.spec
+++ b/fedora-packager.spec
@ -19,6 +19,7 @@ Source13:       fedoraproject_org
 Source14:       stg_fedoraproject_org
 Source15:       fedoraproject_ipa_ca.crt
 Source16:       stg_fedoraproject_ipa_ca.crt
+Source17:       riscv.conf

 BuildRequires:  python3-devel

@ -86,12 +87,12 @@ Requires:       krb5-pkinit
 install -D %{SOURCE0} %{buildroot}%{_licensedir}/%{name}/COPYING
 install -D %{SOURCE2} %{buildroot}%{_bindir}/pkgname
 install -D %{SOURCE3} %{buildroot}%{_bindir}/rpmbuild-md5
-install -D %{SOURCE4} %{buildroot}%{_bindir}/s390-koji
 install -D %{SOURCE4} %{buildroot}%{_bindir}/stg-koji
+install -D %{SOURCE4} %{buildroot}%{_bindir}/riscv-koji
 install -D %{SOURCE5} %{buildroot}%{_bindir}/fkinit

 install -m0644 -Dt %{buildroot}%{_sysconfdir}/koji.conf.d/ \
-  %{SOURCE10} %{SOURCE11} %{SOURCE12}
+  %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE17}
 install -m0644 -Dt %{buildroot}%{_sysconfdir}/krb5.conf.d/ \
  %{SOURCE13} %{SOURCE14}
 install -m0644 -Dt %{buildroot}%{_sysconfdir}/pki/ipa/ \
@ -101,7 +102,7 @@ install -m0644 -Dt %{buildroot}%{_sysconfdir}/pki/ipa/ \
 %license %{_licensedir}/%{name}/
 %{_bindir}/pkgname
 %{_bindir}/rpmbuild-md5
-%{_bindir}/s390-koji
+%{_bindir}/riscv-koji
 %{_bindir}/stg-koji
 %config(noreplace) %{_sysconfdir}/koji.conf.d/*

--- a/1
+++ b/1
@ -2,6 +2,7 @@
 FEDORAPROJECT.ORG = {
        kdc = https://id.fedoraproject.org/KdcProxy
        pkinit_anchors = FILE:/etc/pki/ipa/fedoraproject_ipa_ca.crt
+        auto_fast_armor = true
 }
 [domain_realm]
 .fedoraproject.org = FEDORAPROJECT.ORG
--- a/12
+++ b/12
@ -28,15 +28,19 @@ begins_with_short_option()
 }

 # THE DEFAULTS INITIALIZATION - OPTIONALS
-_arg_user="$USER"
 _arg_staging="off"
+if [ -f "$HOME/.fedora.upn" ]; then
+	_arg_user=$(<"$HOME/.fedora.upn")
+else
+	_arg_user="$USER"
+fi


 print_help()
 {
 	printf '%s\n' "Acquire a Kerberos ticket-granting ticket for Fedora"
 	printf 'Usage: %s [-u|--user <arg>] [--(no-)staging] [-h|--help]\n' "$0"
-	printf '\t%s\n' "-u, --user: Fedora account name (default: '$USER')"
+	printf '\t%s\n' "-u, --user: Fedora account name (default: value in ~/.fedora.upn if exists, otherwise '$USER')"
 	printf '\t%s\n' "--staging, --no-staging: Use the staging infrastructure (off by default)"
 	printf '\t%s\n' "-h, --help: Prints help"
 	printf '\n%s\n' "If the environment variable \$FKINIT_OTP is set, it will be read for the one-time password instead of prompting for it."
@ -105,8 +109,8 @@ fi

 kinit -n @$domain -c FILE:$armorcache

-F_PASSWORD=$(systemd-ask-password "FAS password:")
-F_OTP=${FKINIT_OTP:-$(systemd-ask-password "FAS OTP (leave blank if not configured):")}
+F_PASSWORD=$(systemd-ask-password --timeout=0 "FAS password:")
+F_OTP=${FKINIT_OTP:-$(systemd-ask-password --timeout=0 "FAS OTP (leave blank if not configured):")}

 kinit -T FILE:$armorcache $_arg_user@$domain <<< "${F_PASSWORD}${F_OTP}" >/dev/null
 unset F_PASSWORD
--- a/riscv.conf
+++ b/riscv.conf
@ -0,0 +1,16 @@
+[riscv]
+
+;configuration for koji cli tool
+
+;url of XMLRPC server
+server = https://riscv-koji.fedoraproject.org/kojihub
+
+;url of web interface
+weburl = https://riscv-koji.fedoraproject.org/koji
+
+;url of package download site
+topurl = https://riscv-kojipkgs.fedoraproject.org/
+
+authtype = kerberos
+
+use_fast_upload = yes
--- a/1
+++ b/1
@ -2,6 +2,7 @@
 STG.FEDORAPROJECT.ORG = {
        kdc = https://id.stg.fedoraproject.org/KdcProxy
        pkinit_anchors = FILE:/etc/pki/ipa/stg_fedoraproject_ipa_ca.crt
+        auto_fast_armor = true
 }
 [domain_realm]
 .stg.fedoraproject.org = STG.FEDORAPROJECT.ORG
Author	SHA1	Message	Date
Cristian Le	c6eed73137	Move fkinit user default check Otherwise the check for .fedora.upn does not apply	2025-12-08 22:05:46 +00:00
Jens Petersen	f16a03c604	fkinit: disable the timeouts for systemd-ask-password	2025-10-11 14:32:23 +08:00
Alexander Bokovoy	6cccdb3807	krb5 configurations: add auto_fast_armor = true MIT Kerberos build gained capability to obtain Anonymous PKINIT ticket automatically and use it to build a FAST channel armor during initial ticket acquisition. This allows automatic enablement of passwordless pre-authentication methods provided by FreeIPA. The option is ignored by the Kerberos builds which do not have such support. Once Kerberos packages upgraded, users will be able to see requests for their OTP tokens in bare kinit command: $ kinit user Enter OTP token value: instead of using $ kinit -c fast.ccache -n @FEDORAPROJECT.ORG $ kinit -T fast.ccache user Enter OTP token value: Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>	2025-09-22 11:19:05 +03:00
Fedora Release Engineering	8221f339a6	Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild	2025-07-23 20:26:34 +00:00
Kevin Fenzi	73574f51d5	Drop old s390 koji config and add a wrapper for riscv Signed-off-by: Kevin Fenzi <kevin@scrye.com>	2025-07-06 15:44:20 -07:00
Jens Petersen	6ee74af2e4	fixup riscv.conf to live in config dir not bindir	2025-06-27 15:21:27 +08:00
Neal Gompa	45ef3873ef	fkinit: Add support for ~/.fedora.upn This is the known file for setting the FAS user for Fedora infrastructure client tools to use when the local Unix user does not match the FAS user. Adding support for this with fkinit makes it easier to use in containerized environments.	2025-06-10 06:33:59 -04:00
Kashyap Chamarthy	0485438d22	Add a RISC-V Koji config file I named it "riscv" (instead of "risc-v", or "riscv64") because the Koji URLs begins with it: https://riscv-koji.fedoraproject.org/koji. Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>	2025-03-27 12:37:11 +01:00