Mailinglist Archive: opensuse-buildservice (306 mails)

[Robert Xu <robxu9@xxxxxxxxx>]

On Wed, Jun 2, 2010 at 17:21, Robert Xu <robxu9@xxxxxxxxx> wrote:
> On Wed, Jun 2, 2010 at 16:27, Troy Telford <ttelford.groups@xxxxxxxxx> wrote:
> > On Friday, May 28, 2010 06:30:52 pm Robert Xu wrote:
> > > On Fri, May 28, 2010 at 20:24, Marcus Hüwe <suse-tux@xxxxxx> wrote:
> > > > > I'd be more than willing to help document the process on the build
> > > > > service wikis -- if only I knew how to set it up.  I can't find any
> > > > > documentation on how to configure obssigner.
> > >
> > > I've actually managed to get it working, after a few months >.>"
> >
> > Ouch.
>
> I know. Pretty painful of me.
> > > > > When I try to create a key (from a project I've checked out), I get:
> > > > > ~/src/obs/myproject$ osc signkey --create
> > > > > Server returned an error: HTTP Error 404: Not Found
> > > > > don't know how to create a key
> > > >
> > > > Did you restart the srcserver after modifying the BSConfig.pm? This
> > > > message indicates that $sign isn't defined in BSConfig.pm.
> >
> > It was defined.  Srcserver wasn't restarted.  After restarting it, I get:
> > Server returned an error: HTTP Error 404: Not Found
> > /usr/bin/sign: 256
> >
> > > What I did:
> > > in BSConfig.pm
> > >
> > > our $gpg_standard_key = "/etc/alst.asc";
> > >
> > > our $sign = '/usr/bin/sign';
> > >
> > > #Extend sign call with project name as argument "--project $NAME"
> > > # ** Let's not, sign doesn't support it O_O
> > >
> > > our $sign_project = 0;
> > >
> > > #Global sign key
> > > our $keyfile = '/etc/alst.asc';
> > >
> > > #Create a key by default for new projects, if top level have not one
> > > our $forceprojectkeys = 1;
> >
> > OK, now a couple of questions:  How was '/etc/alst.asc' generated?  (is it a
> > GPG private key, a GPG public key, etc.)  I took a stab at it and created a
> > GPG private key, and set it in place as '/etc/obskey.asc'.  I'm still seeing:
> >
> > $ osc signkey
> > Server returned an error: HTTP Error 404: Not Found
> > SOME_PROJECT: no pubkey available
> >
> > $ osc signkey --create
> > Server returned an error: HTTP Error 404: Not Found
> > /usr/bin/sign: 256
>
> This, I actually used a reference from the SUSE Build Keys to make them. Here:
>
> I have two keys:
> They are both named OBS Sign Key, and the email is software@xxxxxxxxxxxxxxxx
>
> One of them is RSA 1024 that expires 2014-05-31
> The other is DSA 1024 and Elgamal 2048, expiring 2014-05-31.
>
> /etc/alst.asc is the exported key from the DSA/Elgamal one.
>
> > > Then in /etc/sign.conf
> > >
> > > user: software@xxxxxxxxxxxxxxx
> > so "user" is the email address given to the GPG key?
>
> Yes

I forgot to mention something:
You need to install the gpg2 package from openSUSE:Factory.
That one has the files-are-digests.patch needed for sign to run.

> > > allowuser: obsrun
> > > allow: 127.0.0.1
> > > phrases: /root/.phrases
> >
> > So what is in .phrases - is it a flat file with a passphrase:key id sort of
> > mapping, a direcory with a specific filename, etc...
>
> /root/.phrases is basically a directory with text files:
> so for example, I have a text file named "software@xxxxxxxxxxxxxxx"
> with the content of the file being "password".
>
> For some reason, I had to *copy* the contents of .gnupg over to /
> I also copied .phrases to /, but I don't think that's necessary.
>
>
> > > And finally, in /etc/permissions.d/sign
> > >
> > > /usr/bin/sign         root:root       4755
> > >
> > >
> > > Whoever packaged obssignd needs to correct the permissions on it.




-- 
later, Robert Xu
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx