[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-release-team
Subject:    Re: tarball signing
From:       Andre Heinecke <aheinecke () intevation ! de>
Date:       2016-06-15 10:53:23
Message-ID: 1646949.YWuGxI2cWd () esus
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Hi,

On Monday 13 June 2016 15:33:51 David Faure wrote:
> On lundi 6 juin 2016 11:39:25 CEST Sandro Knauß wrote:
> > you don't need to have the privatekey on the server - We have gpg-agent
> > and
> > ssh - so you can forward the gpg-agent to the server when doing a release.
> > That way the private keymatierial stays safe at your place:
> > 
> > https://www.isi.edu/~calvin/gpgagent.htm
> 
> OK.... this requires OpenSSH >= 6.7, and that's not packaged even for
> OpenSuSE Tumbleweed. I grabbed an OpenSSH-7.2 RPM from someone's repo at
> http://software.opensuse.org/package/openssh and then I couldn't ssh
> anywhere anymore (permission denied) :-). Reverted to OpenSSH_6.6.1p1.

I'm using agent-forwarding through socat for that reason:

Here is an example how I connect to <myserver>. The last command is
executed after ssh on the server.

(while true; do socat TCP-LISTEN:16668,bind=127.0.0.1 \
UNIX-CONNECT:/home/aheinecke/.gnupg/S.gpg-agent.extra; done) & ssh \
-R16668:localhost:16668 <myserver> (while true; do  socat \
UNIX-LISTEN:$HOME/.gnupg/S.gpg-agent,unlink-close,unlink-early TCP4:localhost:16668; \
done) &

See also:
http://superuser.com/questions/161973/how-can-i-forward-a-gpg-key-via-ssh-agent

Where I took this from :-)

Regards,
Andre


-- 
Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner


["signature.asc" (application/pgp-signature)]
[Attachment #6 (text/plain)]

_______________________________________________
release-team mailing list
release-team@kde.org
https://mail.kde.org/mailman/listinfo/release-team


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic