Koji RPM Build System Installation Part 3

If you followed my previous articles you should by now have a rudimentary Koji system running.

Lets now proceed and add more components.


As the name suggests, Koji-Web is a webinterface to Koji. It lets you view all your builds, packages, rpms, tasks and other useful info. However you cannot control everything about Koji with it. Its nonetheless good to have. So lets go:

yum install koji-web mod_ssl

Edit /etc/kojiweb/web.conf to the following content. (You should have already created the kojiweb SSL certificates in the previous article)

SiteName = foobar-koji
#KojiTheme = mytheme

# Key urls
KojiHubURL = http://koji.example.com/kojihub
KojiPackagesURL = http://koji.example.com/kojifiles
KojiWebURL = http://koji.example.com/koji

# SSL authentication options
WebCert = /etc/pki/koji/kojiweb.pem
ClientCA = /etc/pki/koji/koji_ca_cert.crt
KojiHubCA = /etc/pki/koji/koji_ca_cert.crt

LoginTimeout = 72

# This must be changed and uncommented before deployment
Secret = superS3cret#

LibPath = /usr/share/koji-web/lib

Now open up /etc/httpd/conf.d/kojiweb.conf and uncomment the whole block of <Location /koji/login>.

Run service httpd restart and you should now have Koji-Web running on your specified URL.

However you wont be able to login. You first have to create a PKCS12 user certificate for the kojiadmin user.
Therefore create the file /etc/pki/koji/webcertgen.sh and chmod+x it.

#if you change your certificate authority name to something else you will need to change the caname value to reflect the change.

# user is equal to parameter one or the first argument when you actually run the script

openssl pkcs12 -export -inkey certs/${user}.key -in certs/${user}.crt -CAfile ${caname}_ca_cert.crt -out certs/${user}_browser_cert.p12

Now you can create the SSL browser login certificates for all users with ease like so:

cd /etc/pki/koji

./webcertgen.sh kojiadmin

You will need to import the personal certificate /etc/pki/koji/certs/kojiadmin_browser_cert.p12 into your browser aswell as /etc/pki/koji/koji_ca_cert.crt  so all your self-signed certificates are trusted.

If you now click on login in Koji-Web, you should be logged in. If you get an error you most certainly have a SSL problem. Check your logs then in /var/log/httpd/

Making Koji-Web look nice (optional)

As you may have noticed, the web interface looks a bit oldschool. I prefer the theme Fedora uses here http://koji.fedoraproject.org/koji/ . Fortunately this is easy to achieve.

Create the file /etc/httpd/conf.d/kojitheme.conf with the following content:

#Override a few static items with our theme
Alias /koji-static/images/koji.png "/usr/share/koji-themes/fedora-koji/images/fedora-koji.png"
Alias /koji-static/images/powered-by-koji.png "/usr/share/koji-themes/fedora-koji/images/Powered-by-koji_button.png"
Alias /koji-static/images/koji.ico "/usr/share/koji-themes/fedora-koji/images/fedora-koji.ico"
Alias /koji-static/koji.css "/usr/share/koji-themes/fedora-koji/koji.css"
Alias /koji-static/errors/unauthorized.html "/usr/share/koji-themes/fedora-koji/errors/unauthorized.html"
Alias /koji-static/images/header-bg.png "/usr/share/koji-themes/fedora-koji/images/header-bg.png"
Alias /koji-static/images/complete.png "/usr/share/koji-themes/fedora-koji/images/tick.png"
Alias /koji-static/images/yes.png "/usr/share/koji-themes/fedora-koji/images/tick.png"
Alias /koji-static/images/closed.png "/usr/share/koji-themes/fedora-koji/images/tick.png"
Alias /koji-static/images/ready.png "/usr/share/koji-themes/fedora-koji/images/tick.png"
Alias /koji-static/images/no.png "/usr/share/koji-themes/fedora-koji/images/minus.png"
Alias /koji-static/images/failed.png "/usr/share/koji-themes/fedora-koji/images/minus.png"
Alias /koji-static/images/building.png "/usr/share/koji-themes/fedora-koji/images/spanner.png"
Alias /koji-static/images/deleted.png "/usr/share/koji-themes/fedora-koji/images/rubbishbin.png"
Alias /koji-static/images/free.png "/usr/share/koji-themes/fedora-koji/images/clock.png"
Alias /koji-static/images/waiting.png "/usr/share/koji-themes/fedora-koji/images/clock.png"
Alias /koji-static/images/open.png "/usr/share/koji-themes/fedora-koji/images/arrowcircle.png"

<Directory "/usr/share/koji-themes/fedora-koji">
Options None
AllowOverride None
Order allow,deny
Allow from all

And then

cd /usr/local/src
git clone http://fedorapeople.org/cgit/ausil/public_git/koji-theme-fedora.git
mkdir -p /usr/share/koji-themes/fedora-koji
cd /usr/local/src/koji-theme-fedora/www/
# mind the missing trailing / on the folder static
cp -r static /usr/share/koji-themes/fedora-koji
service httpd restart

Now your Koji should look much nicer.

In the next article we will be covering Kojid and Kojira. Which will make the installation complete.

    • Bryce
    • May 2nd, 2014 7:24pm

    I believe your cp -r command should be:

    cp -r static /usr/share/koji-themes/fedora-koji

    Thanks for the very useful guide!

      • phil
      • May 2nd, 2014 8:10pm

      of course ! updated 🙂

    • Leo Ding
    • April 1st, 2019 8:25am

    when I request https://kojiserver.com.cn/koji/login by broswer,i got some err in page:

    An error has occurred on the main server. This could be a software bug, a server configuration issue, or possibly something else.
    AuthError: emailAddress=leo.dingwl@gmail.com,CN=kojiserver.com.cn,OU=kojiweb,O=Company,ST=BeiJing,C=CN is not authorized to login other users

  1. March 15th, 2013