29 May
2010
29 May
'10
2:19 a.m.
I've noted a slightly old thread where somebody asked about how to use
obssigner or obssignd. However, the problem was that there wasn't any
documentation; and there wasn't any discussion on how to set up the signer.
I'd be more than willing to help document the process on the build service
wikis -- if only I knew how to set it up. I can't find any documentation on
how to configure obssigner.
I've uncommented:
our $sign = '/usr/bin/sign';
from BSConfig.pm
I've tried putting the following into my /etc/sign.conf:
### for build service host
server: <my_real_ip_address>
user: obsbuild(a)foo.com
allowuser: obsrun
#
### for sign server
#allow: <IP of your build service host>
allow: <my_real_ip_address>
#phrases: /root/.phrases
When I start /etc/init.d/obssignd, it starts without throwing an error.
After I start /etc/init.d/obssigner, there is a new logfile created in:
/srv/obs/log/signer.log
This logfile has the following contents:
Name "BSConfig::sign_project" used only once: possible typo at
/usr/lib/obs/server//bs_signer line 96.
starting build service signer
waiting for an event...
When I try to create a key (from a project I've checked out), I get:
~/src/obs/myproject$ osc signkey --create
Server returned an error: HTTP Error 404: Not Found
don't know how to create a key
I'm using the packages in OpenSUSE:Tools, for openSUSE 11.2.
The packages I have are:
obs-service-download_url-0.1-7.1.noarch
obs-utils-1.7.5-1.1.x86_64
obs-common-1.7.0-1.1.x86_64
obs-api-1.7.5-1.1.x86_64
obs-worker-1.7.5-1.1.x86_64
obs-server-1.7.2-18.8.x86_64
obs-signd-1.7.0-5.1.x86_64
obs-source_service-1.7.5-1.1.x86_64
obs-productconverter-1.7.5-1.1.x86_64
Any hints?
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
29 May
29 May
2:24 a.m.
On 2010-05-28 18:19:47 -0600, Troy Telford wrote:
I've noted a slightly old thread where somebody
asked about how to use
obssigner or obssignd. However, the problem was that there wasn't any
documentation; and there wasn't any discussion on how to set up the signer.
I'd be more than willing to help document the process on the build service
wikis -- if only I knew how to set it up. I can't find any documentation on
how to configure obssigner.
I've uncommented:
our $sign = '/usr/bin/sign';
from BSConfig.pm
I've tried putting the following into my /etc/sign.conf:
### for build service host
server: <my_real_ip_address>
user: obsbuild(a)foo.com
allowuser: obsrun
#
### for sign server
#allow: <IP of your build service host>
allow: <my_real_ip_address>
#phrases: /root/.phrases
When I start /etc/init.d/obssignd, it starts without throwing an error.
After I start /etc/init.d/obssigner, there is a new logfile created in:
/srv/obs/log/signer.log
This logfile has the following contents:
Name "BSConfig::sign_project" used only once: possible typo at
/usr/lib/obs/server//bs_signer line 96.
starting build service signer
waiting for an event...
When I try to create a key (from a project I've checked out), I get:
~/src/obs/myproject$ osc signkey --create
Server returned an error: HTTP Error 404: Not Found
don't know how to create a key
Did you restart the srcserver after modifying the BSConfig.pm? This
message indicates that $sign isn't defined in BSConfig.pm.
Marcus
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
2:30 a.m.
On Fri, May 28, 2010 at 20:24, Marcus Hüwe <suse-tux(a)gmx.de> wrote:
What I did:
in BSConfig.pm
our $gpg_standard_key = "/etc/alst.asc";
our $sign = '/usr/bin/sign';
#Extend sign call with project name as argument "--project $NAME"
# ** Let's not, sign doesn't support it O_O
our $sign_project = 0;
#Global sign key
our $keyfile = '/etc/alst.asc';
#Create a key by default for new projects, if top level have not one
our $forceprojectkeys = 1;
Then in /etc/sign.conf
user: software(a)lincomlinux.org
allowuser: obsrun
allow: 127.0.0.1
phrases: /root/.phrases
And finally, in /etc/permissions.d/sign
/usr/bin/sign root:root 4755
Whoever packaged obssignd needs to correct the permissions on it.
-- later, Robert Xu
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
On 2010-05-28 18:19:47 -0600, Troy Telford wrote:
> I've noted a slightly old thread where somebody asked about how to use
> obssigner or obssignd. However, the problem was that there wasn't any
> documentation; and there wasn't any discussion on how to set up the signer.
I was the one who asked that.
>
> I'd be more than willing to help document the process on the build service
> wikis -- if only I knew how to set it up. I can't find any documentation on
> how to configure obssigner.
I've actually managed to get it working, after a few months >.>"
I've uncommented:
our $sign = '/usr/bin/sign';
from BSConfig.pm
I've tried putting the following into my /etc/sign.conf:
### for build service host
server: <my_real_ip_address>
user: obsbuild(a)foo.com
allowuser: obsrun
#
### for sign server
#allow: <IP of your build service host>
allow: <my_real_ip_address>
#phrases: /root/.phrases
When I start /etc/init.d/obssignd, it starts without throwing an error.
After I start /etc/init.d/obssigner, there is a new logfile created in:
/srv/obs/log/signer.log
This logfile has the following contents:
Name "BSConfig::sign_project" used only once: possible typo at
/usr/lib/obs/server//bs_signer line 96.
starting build service signer
waiting for an event...
When I try to create a key (from a project I've checked out), I get:
~/src/obs/myproject$ osc signkey --create
Server returned an error: HTTP Error 404: Not Found
don't know how to create a key
Did you restart the srcserver after modifying the BSConfig.pm? This
message indicates that $sign isn't defined in BSConfig.pm.
2 Jun
2 Jun
10:27 p.m.
On Friday, May 28, 2010 06:30:52 pm Robert Xu wrote:
On Fri, May 28, 2010 at 20:24, Marcus Hüwe
<suse-tux(a)gmx.de> wrote:
Ouch.
> I'd be more than willing to help document
the process on the build
> service wikis -- if only I knew how to set it up. I can't find any
> documentation on how to configure obssigner.
I've actually managed to get it working, after a few months >.>" >>
>> When I try to create a key (from a project I've checked out), I get:
>> ~/src/obs/myproject$ osc signkey --create
>> Server returned an error: HTTP Error 404: Not Found
>> don't know how to create a key
>
> Did you restart the srcserver after modifying the BSConfig.pm? This
> message indicates that $sign isn't defined in BSConfig.pm.
It was defined. Srcserver wasn't restarted. After restarting it, I get:
Server returned an error: HTTP Error 404: Not Found
/usr/bin/sign: 256
What I did:
in BSConfig.pm
our $gpg_standard_key = "/etc/alst.asc";
our $sign = '/usr/bin/sign';
#Extend sign call with project name as argument "--project $NAME"
# ** Let's not, sign doesn't support it O_O
our $sign_project = 0;
#Global sign key
our $keyfile = '/etc/alst.asc';
#Create a key by default for new projects, if top level have not one
our $forceprojectkeys = 1;
OK, now a couple of questions: How was '/etc/alst.asc' generated? (is it a
GPG private key, a GPG public key, etc.) I took a stab at it and created a
GPG private key, and set it in place as '/etc/obskey.asc'. I'm still seeing:
$ osc signkey
Server returned an error: HTTP Error 404: Not Found
SOME_PROJECT: no pubkey available
$ osc signkey --create
Server returned an error: HTTP Error 404: Not Found
/usr/bin/sign: 256
Then in /etc/sign.conf
user: software(a)lincomlinux.org
so "user" is the email address given to
the GPG key?
allowuser: obsrun
allow: 127.0.0.1
phrases: /root/.phrases
So what is in .phrases - is it a flat file with a passphrase:key id sort of
mapping, a direcory with a specific filename, etc...
And finally, in /etc/permissions.d/sign
/usr/bin/sign root:root 4755
Whoever packaged obssignd needs to correct the permissions on it.
-- later, Robert Xu
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
11:21 p.m.
On Wed, Jun 2, 2010 at 16:27, Troy Telford <ttelford.groups(a)gmail.com> wrote:
This, I actually used a reference from the SUSE Build Keys to make them. Here:
I have two keys:
They are both named OBS Sign Key, and the email is software(a)lincomlinux.org.
One of them is RSA 1024 that expires 2014-05-31
The other is DSA 1024 and Elgamal 2048, expiring 2014-05-31.
/etc/alst.asc is the exported key from the DSA/Elgamal one.
Yes
/root/.phrases is basically a directory with text files:
so for example, I have a text file named "software(a)lincomlinux.org"
with the content of the file being "password".
For some reason, I had to *copy* the contents of .gnupg over to /
I also copied .phrases to /, but I don't think that's necessary.
On Friday, May 28, 2010 06:30:52 pm Robert Xu wrote:
I know. Pretty painful of me.
On Fri, May 28, 2010 at 20:24, Marcus Hüwe
<suse-tux(a)gmx.de> wrote:
Ouch. > I'd be more than willing to help document
the process on the build
> service wikis -- if only I knew how to set it up. I can't find any
> documentation on how to configure obssigner.
I've actually managed to get it working, after a few months >.>" >>
>> When I try to create a key (from a project I've checked out), I get:
>> ~/src/obs/myproject$ osc signkey --create
>> Server returned an error: HTTP Error 404: Not Found
>> don't know how to create a key
>
> Did you restart the srcserver after modifying the BSConfig.pm? This
> message indicates that $sign isn't defined in BSConfig.pm.
It was defined. Srcserver wasn't restarted. After restarting it, I get:
Server returned an error: HTTP Error 404: Not Found
/usr/bin/sign: 256
What I did:
in BSConfig.pm
our $gpg_standard_key = "/etc/alst.asc";
our $sign = '/usr/bin/sign';
#Extend sign call with project name as argument "--project $NAME"
# ** Let's not, sign doesn't support it O_O
our $sign_project = 0;
#Global sign key
our $keyfile = '/etc/alst.asc';
#Create a key by default for new projects, if top level have not one
our $forceprojectkeys = 1;
OK, now a couple of questions: How was '/etc/alst.asc' generated? (is it a
GPG private key, a GPG public key, etc.) I took a stab at it and created a
GPG private key, and set it in place as '/etc/obskey.asc'. I'm still
seeing:
$ osc signkey
Server returned an error: HTTP Error 404: Not Found
SOME_PROJECT: no pubkey available
$ osc signkey --create
Server returned an error: HTTP Error 404: Not Found
/usr/bin/sign: 256 Then in /etc/sign.conf
user: software(a)lincomlinux.org
so "user" is the email address given to
the GPG key? allowuser: obsrun
allow: 127.0.0.1
phrases: /root/.phrases
So what is in .phrases - is it a flat file with a passphrase:key id sort of
mapping, a direcory with a specific filename, etc...
> And finally, in /etc/permissions.d/sign
>
> /usr/bin/sign root:root 4755
>
>
> Whoever packaged obssignd needs to correct the permissions on it.
>
-- later, Robert Xu
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
4 Jun
4 Jun
8:53 p.m.
On Wed, Jun 2, 2010 at 17:21, Robert Xu <robxu9(a)gmail.com> wrote:
/root/.phrases is basically a directory with text files:
so for example, I have a text file named "software(a)lincomlinux.org"
with the content of the file being "password".
For some reason, I had to *copy* the contents of .gnupg over to /
I also copied .phrases to /, but I don't think that's necessary.
--
later, Robert Xu
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
On Wed, Jun 2, 2010 at 16:27, Troy Telford
<ttelford.groups(a)gmail.com> wrote:
This, I actually used a reference from the SUSE Build Keys to make them. Here:
I have two keys:
They are both named OBS Sign Key, and the email is software(a)lincomlinux.org.
One of them is RSA 1024 that expires 2014-05-31
The other is DSA 1024 and Elgamal 2048, expiring 2014-05-31.
/etc/alst.asc is the exported key from the DSA/Elgamal one.
Yes
I forgot to mention something:
You need to install the gpg2 package from openSUSE:Factory.
That one has the files-are-digests.patch needed for sign to run.
On Friday, May 28, 2010 06:30:52 pm Robert Xu
wrote:
I know. Pretty painful of me.
On Fri, May 28, 2010 at 20:24, Marcus Hüwe
<suse-tux(a)gmx.de> wrote:
Ouch. > I'd be more than willing to help document
the process on the build
> service wikis -- if only I knew how to set it up. I can't find any
> documentation on how to configure obssigner.
I've actually managed to get it working, after a few months >.>" >>
>> When I try to create a key (from a project I've checked out), I get:
>> ~/src/obs/myproject$ osc signkey --create
>> Server returned an error: HTTP Error 404: Not Found
>> don't know how to create a key
>
> Did you restart the srcserver after modifying the BSConfig.pm? This
> message indicates that $sign isn't defined in BSConfig.pm.
It was defined. Srcserver wasn't restarted. After restarting it, I get:
Server returned an error: HTTP Error 404: Not Found
/usr/bin/sign: 256
What I did:
in BSConfig.pm
our $gpg_standard_key = "/etc/alst.asc";
our $sign = '/usr/bin/sign';
#Extend sign call with project name as argument "--project $NAME"
# ** Let's not, sign doesn't support it O_O
our $sign_project = 0;
#Global sign key
our $keyfile = '/etc/alst.asc';
#Create a key by default for new projects, if top level have not one
our $forceprojectkeys = 1;
OK, now a couple of questions: How was '/etc/alst.asc' generated? (is it a
GPG private key, a GPG public key, etc.) I took a stab at it and created a
GPG private key, and set it in place as '/etc/obskey.asc'. I'm still
seeing:
$ osc signkey
Server returned an error: HTTP Error 404: Not Found
SOME_PROJECT: no pubkey available
$ osc signkey --create
Server returned an error: HTTP Error 404: Not Found
/usr/bin/sign: 256 Then in /etc/sign.conf
user: software(a)lincomlinux.org
so "user" is the email address given to
the GPG key? allowuser: obsrun
allow: 127.0.0.1
phrases: /root/.phrases
So what is in .phrases - is it a flat file with a passphrase:key id sort of
mapping, a direcory with a specific filename, etc...
> And finally, in /etc/permissions.d/sign
>
> /usr/bin/sign root:root 4755
>
>
> Whoever packaged obssignd needs to correct the permissions on it.
>
8:57 p.m.
New subject: [opensuse-buildservice] Re: obs and signing
On 2010-06-04 12:53:48 -0600, Robert Xu said:
I forgot to mention something:
You need to install the gpg2 package from openSUSE:Factory.
That one has the files-are-digests.patch needed for sign to run.
Thanks; I found out the hard way. Though what I did was take the
Base:System packages from build.opensuse.org (libassuan and gpg2), and
re-built them for my OBS host's distribution.
But I now have it working. Now to write a nice wiki-formatted document
and see if I can get it put into the OBS documenatation.
Thanks!
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
9 p.m.
New subject: [opensuse-buildservice] Re: obs and signing
On Fri, Jun 4, 2010 at 14:57, Troy Telford <ttelford.groups(a)gmail.com> wrote:
On 2010-06-04 12:53:48 -0600, Robert Xu said:
I forgot to mention something:
You need to install the gpg2 package from openSUSE:Factory.
That one has the files-are-digests.patch needed for sign to run.
Thanks; I found out the hard way. Though what I did was take the
Base:System packages from build.opensuse.org (libassuan and gpg2), and
re-built them for my OBS host's distribution.
But I now have it working. Now to write a nice wiki-formatted document and
see if I can get it put into the OBS documenatation.
Thanks!
glad to have helped, even though it was a little late :)
heh, I tried writing documentation for it, but I got mixed up in the end :P
have fun!
--
later, Robert Xu
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
5 Jun
5 Jun
12:39 a.m.
I forgot to mention something:
You need to install the gpg2 package from openSUSE:Factory.
That one has the files-are-digests.patch needed for sign to run.
No. You can now use gpg2 from openSUSE.Tools.
It is working just fine :)
Regards
Chris
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
12:41 a.m.
On Fri, Jun 4, 2010 at 18:39, Christian <chris(a)computersalat.de> wrote:
Really?
Was gpg2 just added today or something?
Because it never showed up on my Software Manager (set to show all)
Either that or the openSUSE 11.2 one took higher precedence.
--
later, Robert Xu
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
I forgot to mention something:
You need to install the gpg2 package from openSUSE:Factory.
That one has the files-are-digests.patch needed for sign to run.
No. You can now use gpg2 from openSUSE.Tools.
It is working just fine :)
11 Jun
11 Jun
7:57 p.m.
On Fri, Jun 4, 2010 at 18:41, Robert Xu <robxu9(a)gmail.com> wrote:
On Fri, Jun 4, 2010 at 18:39, Christian
<chris(a)computersalat.de> wrote:
Really?
Was gpg2 just added today or something?
Because it never showed up on my Software Manager (set to show all)
Either that or the openSUSE 11.2 one took higher precedence.
This is a really old conversation, but I want to let you guys know
that I wrote a tutorial on how to configure the signer:
http://wiki.opensuse.org/openSUSE:Build_Service_Signer
--
later, Robert Xu
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
I forgot to mention something:
You need to install the gpg2 package from openSUSE:Factory.
That one has the files-are-digests.patch needed for sign to run.
No. You can now use gpg2 from openSUSE.Tools.
It is working just fine :)
10:20 p.m.
This is a great writeup, thanks. Will be attempting to set this up myself quite soon.
--
Michael
________________________________________
From: Robert Xu [robxu9(a)gmail.com]
Sent: Friday, June 11, 2010 12:57 PM
To: Christian
Cc: opensuse-buildservice(a)opensuse.org
Subject: Re: [opensuse-buildservice] obs and signing
On Fri, Jun 4, 2010 at 18:41, Robert Xu <robxu9(a)gmail.com> wrote:
On Fri, Jun 4, 2010 at 18:39, Christian
<chris(a)computersalat.de> wrote:
Really?
Was gpg2 just added today or something?
Because it never showed up on my Software Manager (set to show all)
Either that or the openSUSE 11.2 one took higher precedence.
This is a really old conversation, but I want to let you guys know
that I wrote a tutorial on how to configure the signer:
http://wiki.opensuse.org/openSUSE:Build_Service_Signer
--
later, Robert Xu
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org
I forgot to mention something:
You need to install the gpg2 package from openSUSE:Factory.
That one has the files-are-digests.patch needed for sign to run.
No. You can now use gpg2 from openSUSE.Tools.
It is working just fine :)
3875
days inactive
3888
days old
buildservice@lists.opensuse.org
11 comments
5 participants
participants (5)
-
Christian -
Marcus Hüwe -
Michael_E_Brown@Dell.com -
Robert Xu -
Troy Telford