On Wed, Jun 2, 2010 at 16:27, Troy Telford
On Friday, May 28, 2010 06:30:52 pm Robert Xu wrote:
On Fri, May 28, 2010 at 20:24, Marcus Hüwe
wrote: I'd be more than willing to help document the process on the build service wikis -- if only I knew how to set it up. I can't find any documentation on how to configure obssigner.
I've actually managed to get it working, after a few months >.>"
Ouch.
I know. Pretty painful of me.
When I try to create a key (from a project I've checked out), I get: ~/src/obs/myproject$ osc signkey --create Server returned an error: HTTP Error 404: Not Found don't know how to create a key
Did you restart the srcserver after modifying the BSConfig.pm? This message indicates that $sign isn't defined in BSConfig.pm.
It was defined. Srcserver wasn't restarted. After restarting it, I get: Server returned an error: HTTP Error 404: Not Found /usr/bin/sign: 256
What I did: in BSConfig.pm
our $gpg_standard_key = "/etc/alst.asc";
our $sign = '/usr/bin/sign';
#Extend sign call with project name as argument "--project $NAME" # ** Let's not, sign doesn't support it O_O
our $sign_project = 0;
#Global sign key our $keyfile = '/etc/alst.asc';
#Create a key by default for new projects, if top level have not one our $forceprojectkeys = 1;
OK, now a couple of questions: How was '/etc/alst.asc' generated? (is it a GPG private key, a GPG public key, etc.) I took a stab at it and created a GPG private key, and set it in place as '/etc/obskey.asc'. I'm still seeing:
$ osc signkey Server returned an error: HTTP Error 404: Not Found SOME_PROJECT: no pubkey available
$ osc signkey --create Server returned an error: HTTP Error 404: Not Found /usr/bin/sign: 256
This, I actually used a reference from the SUSE Build Keys to make them. Here: I have two keys: They are both named OBS Sign Key, and the email is software@lincomlinux.org. One of them is RSA 1024 that expires 2014-05-31 The other is DSA 1024 and Elgamal 2048, expiring 2014-05-31. /etc/alst.asc is the exported key from the DSA/Elgamal one.
Then in /etc/sign.conf
user: software@lincomlinux.org so "user" is the email address given to the GPG key?
Yes
allowuser: obsrun allow: 127.0.0.1 phrases: /root/.phrases
So what is in .phrases - is it a flat file with a passphrase:key id sort of mapping, a direcory with a specific filename, etc...
/root/.phrases is basically a directory with text files: so for example, I have a text file named "software@lincomlinux.org" with the content of the file being "password". For some reason, I had to *copy* the contents of .gnupg over to / I also copied .phrases to /, but I don't think that's necessary.
And finally, in /etc/permissions.d/sign
/usr/bin/sign root:root 4755
Whoever packaged obssignd needs to correct the permissions on it.
-- later, Robert Xu -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org