tarball signing

Ben Cooksley bcooksley at kde.org
Sun Jul 3 09:26:08 UTC 2016


On Sun, Jul 3, 2016 at 12:20 AM, David Faure <faure at kde.org> wrote:
> On lundi 13 juin 2016 15:33:51 CEST David Faure wrote:
>> On lundi 6 juin 2016 11:39:25 CEST Sandro Knauß wrote:
>> > you don't need to have the privatekey on the server - We have gpg-agent
>> > and
>> > ssh - so you can forward the gpg-agent to the server when doing a release.
>> > That way the private keymatierial stays safe at your place:
>> >
>> > https://www.isi.edu/~calvin/gpgagent.htm
>>
>> OK.... this requires OpenSSH >= 6.7, and that's not packaged even for
>> OpenSuSE Tumbleweed. I grabbed an OpenSSH-7.2 RPM from someone's repo at
>> http://software.opensuse.org/package/openssh and then I couldn't ssh
>> anywhere anymore (permission denied) :-). Reverted to OpenSSH_6.6.1p1.
>
> OK that was because DSA is disabled by default in OpenSSH 6.7.
>
> So now locally I have openssh-7.2p2 and gpg 2.1.12.
>
> The server only has gpg 2.0.19 though, is that a problem?
>
> When running the attached script, I get this error:
> Warning: remote port forwarding failed for listen path /home/scripty/.gnupg/S.gpg-agent
>
> (and then gpg2 on the server fails)
>
> I don't understand. Is gpg-agent supposed to be running already on the server?
> Or is the script supposed to create the S.gpg-agent file? Why does it fail then?
>
> I didn't expect so much trouble with this :(

I suspect this requires a similarly new enough sshd on the server to
handle this.
KDE Infrastructure runs a mixture of Debian and Ubuntu depending on
the system - thus requiring either Ubuntu 16.04 (Xenial) or Debian
Jessie for support for this.

>
> --
> David Faure, faure at kde.org, http://www.davidfaure.fr
> Working on KDE Frameworks 5

Regards,
Ben

>
> _______________________________________________
> release-team mailing list
> release-team at kde.org
> https://mail.kde.org/mailman/listinfo/release-team
>


More information about the release-team mailing list