tarball signing
David Faure
faure at kde.org
Sat Jul 2 12:20:20 UTC 2016
On lundi 13 juin 2016 15:33:51 CEST David Faure wrote:
> On lundi 6 juin 2016 11:39:25 CEST Sandro Knauß wrote:
> > you don't need to have the privatekey on the server - We have gpg-agent
> > and
> > ssh - so you can forward the gpg-agent to the server when doing a release.
> > That way the private keymatierial stays safe at your place:
> >
> > https://www.isi.edu/~calvin/gpgagent.htm
>
> OK.... this requires OpenSSH >= 6.7, and that's not packaged even for
> OpenSuSE Tumbleweed. I grabbed an OpenSSH-7.2 RPM from someone's repo at
> http://software.opensuse.org/package/openssh and then I couldn't ssh
> anywhere anymore (permission denied) :-). Reverted to OpenSSH_6.6.1p1.
OK that was because DSA is disabled by default in OpenSSH 6.7.
So now locally I have openssh-7.2p2 and gpg 2.1.12.
The server only has gpg 2.0.19 though, is that a problem?
When running the attached script, I get this error:
Warning: remote port forwarding failed for listen path /home/scripty/.gnupg/S.gpg-agent
(and then gpg2 on the server fails)
I don't understand. Is gpg-agent supposed to be running already on the server?
Or is the script supposed to create the S.gpg-agent file? Why does it fail then?
I didn't expect so much trouble with this :(
--
David Faure, faure at kde.org, http://www.davidfaure.fr
Working on KDE Frameworks 5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: remote-gpg
Type: application/x-shellscript
Size: 1036 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/release-team/attachments/20160702/6633ba0a/attachment.bin>
More information about the release-team
mailing list