Mailinglist Archive: opensuse-buildservice (306 mails)

< Previous Next >
Re: [opensuse-buildservice] obs and signing
  • From: Troy Telford <ttelford.groups@xxxxxxxxx>
  • Date: Wed, 2 Jun 2010 14:27:40 -0600
  • Message-id: <201006021427.41058.ttelford.groups@xxxxxxxxx>
On Friday, May 28, 2010 06:30:52 pm Robert Xu wrote:
On Fri, May 28, 2010 at 20:24, Marcus Hüwe <suse-tux@xxxxxx> wrote:
I'd be more than willing to help document the process on the build
service wikis -- if only I knew how to set it up. I can't find any
documentation on how to configure obssigner.

I've actually managed to get it working, after a few months >.>"

Ouch.


When I try to create a key (from a project I've checked out), I get:
~/src/obs/myproject$ osc signkey --create
Server returned an error: HTTP Error 404: Not Found
don't know how to create a key

Did you restart the srcserver after modifying the BSConfig.pm? This
message indicates that $sign isn't defined in BSConfig.pm.

It was defined. Srcserver wasn't restarted. After restarting it, I get:
Server returned an error: HTTP Error 404: Not Found
/usr/bin/sign: 256

What I did:
in BSConfig.pm

our $gpg_standard_key = "/etc/alst.asc";

our $sign = '/usr/bin/sign';

#Extend sign call with project name as argument "--project $NAME"
# ** Let's not, sign doesn't support it O_O

our $sign_project = 0;

#Global sign key
our $keyfile = '/etc/alst.asc';

#Create a key by default for new projects, if top level have not one
our $forceprojectkeys = 1;

OK, now a couple of questions: How was '/etc/alst.asc' generated? (is it a
GPG private key, a GPG public key, etc.) I took a stab at it and created a
GPG private key, and set it in place as '/etc/obskey.asc'. I'm still seeing:

$ osc signkey
Server returned an error: HTTP Error 404: Not Found
SOME_PROJECT: no pubkey available

$ osc signkey --create
Server returned an error: HTTP Error 404: Not Found
/usr/bin/sign: 256

Then in /etc/sign.conf

user: software@xxxxxxxxxxxxxxx
so "user" is the email address given to the GPG key?

allowuser: obsrun
allow: 127.0.0.1
phrases: /root/.phrases

So what is in .phrases - is it a flat file with a passphrase:key id sort of
mapping, a direcory with a specific filename, etc...

And finally, in /etc/permissions.d/sign

/usr/bin/sign root:root 4755


Whoever packaged obssignd needs to correct the permissions on it.


-- later, Robert Xu
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups