tarball signing

David Faure faure at kde.org
Sat Jul 2 12:20:20 UTC 2016


On lundi 13 juin 2016 15:33:51 CEST David Faure wrote:
> On lundi 6 juin 2016 11:39:25 CEST Sandro Knauß wrote:
> > you don't need to have the privatekey on the server - We have gpg-agent
> > and
> > ssh - so you can forward the gpg-agent to the server when doing a release.
> > That way the private keymatierial stays safe at your place:
> > 
> > https://www.isi.edu/~calvin/gpgagent.htm
> 
> OK.... this requires OpenSSH >= 6.7, and that's not packaged even for
> OpenSuSE Tumbleweed. I grabbed an OpenSSH-7.2 RPM from someone's repo at
> http://software.opensuse.org/package/openssh and then I couldn't ssh
> anywhere anymore (permission denied) :-). Reverted to OpenSSH_6.6.1p1.

OK that was because DSA is disabled by default in OpenSSH 6.7.

So now locally I have openssh-7.2p2 and gpg 2.1.12.

The server only has gpg 2.0.19 though, is that a problem?

When running the attached script, I get this error:
Warning: remote port forwarding failed for listen path /home/scripty/.gnupg/S.gpg-agent

(and then gpg2 on the server fails)

I don't understand. Is gpg-agent supposed to be running already on the server?
Or is the script supposed to create the S.gpg-agent file? Why does it fail then?

I didn't expect so much trouble with this :(

-- 
David Faure, faure at kde.org, http://www.davidfaure.fr
Working on KDE Frameworks 5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: remote-gpg
Type: application/x-shellscript
Size: 1036 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/release-team/attachments/20160702/6633ba0a/attachment.bin>


More information about the release-team mailing list