[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-release-team
Subject:    Re: tarball signing
From:       Ben Cooksley <bcooksley () kde ! org>
Date:       2016-07-03 9:26:08
Message-ID: CA+XidOG8JkA9+BPLxWW=7vya=k2xQR24EOOzJUWuoDzZ=jB+Eg () mail ! gmail ! com
[Download RAW message or body]

On Sun, Jul 3, 2016 at 12:20 AM, David Faure <faure@kde.org> wrote:
> On lundi 13 juin 2016 15:33:51 CEST David Faure wrote:
>> On lundi 6 juin 2016 11:39:25 CEST Sandro Knauß wrote:
>> > you don't need to have the privatekey on the server - We have gpg-agent
>> > and
>> > ssh - so you can forward the gpg-agent to the server when doing a release.
>> > That way the private keymatierial stays safe at your place:
>> >
>> > https://www.isi.edu/~calvin/gpgagent.htm
>>
>> OK.... this requires OpenSSH >= 6.7, and that's not packaged even for
>> OpenSuSE Tumbleweed. I grabbed an OpenSSH-7.2 RPM from someone's repo at
>> http://software.opensuse.org/package/openssh and then I couldn't ssh
>> anywhere anymore (permission denied) :-). Reverted to OpenSSH_6.6.1p1.
>
> OK that was because DSA is disabled by default in OpenSSH 6.7.
>
> So now locally I have openssh-7.2p2 and gpg 2.1.12.
>
> The server only has gpg 2.0.19 though, is that a problem?
>
> When running the attached script, I get this error:
> Warning: remote port forwarding failed for listen path /home/scripty/.gnupg/S.gpg-agent
>
> (and then gpg2 on the server fails)
>
> I don't understand. Is gpg-agent supposed to be running already on the server?
> Or is the script supposed to create the S.gpg-agent file? Why does it fail then?
>
> I didn't expect so much trouble with this :(

I suspect this requires a similarly new enough sshd on the server to
handle this.
KDE Infrastructure runs a mixture of Debian and Ubuntu depending on
the system - thus requiring either Ubuntu 16.04 (Xenial) or Debian
Jessie for support for this.

>
> --
> David Faure, faure@kde.org, http://www.davidfaure.fr
> Working on KDE Frameworks 5

Regards,
Ben

>
> _______________________________________________
> release-team mailing list
> release-team@kde.org
> https://mail.kde.org/mailman/listinfo/release-team
>
_______________________________________________
release-team mailing list
release-team@kde.org
https://mail.kde.org/mailman/listinfo/release-team

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic