I've noted a slightly old thread where somebody asked about how to use obssigner or obssignd. However, the problem was that there wasn't any documentation; and there wasn't any discussion on how to set up the signer.
I'd be more than willing to help document the process on the build service wikis -- if only I knew how to set it up. I can't find any documentation on how to configure obssigner.
I've uncommented: our $sign = '/usr/bin/sign'; from BSConfig.pm
I've tried putting the following into my /etc/sign.conf: ### for build service host server: <my_real_ip_address> user: obsbuild@foo.com allowuser: obsrun # ### for sign server #allow: <IP of your build service host> allow: <my_real_ip_address> #phrases: /root/.phrases
When I start /etc/init.d/obssignd, it starts without throwing an error. After I start /etc/init.d/obssigner, there is a new logfile created in: /srv/obs/log/signer.log
This logfile has the following contents: Name "BSConfig::sign_project" used only once: possible typo at /usr/lib/obs/server//bs_signer line 96. starting build service signer waiting for an event...
When I try to create a key (from a project I've checked out), I get: ~/src/obs/myproject$ osc signkey --create Server returned an error: HTTP Error 404: Not Found don't know how to create a key
I'm using the packages in OpenSUSE:Tools, for openSUSE 11.2.
The packages I have are: obs-service-download_url-0.1-7.1.noarch obs-utils-1.7.5-1.1.x86_64 obs-common-1.7.0-1.1.x86_64 obs-api-1.7.5-1.1.x86_64 obs-worker-1.7.5-1.1.x86_64 obs-server-1.7.2-18.8.x86_64 obs-signd-1.7.0-5.1.x86_64 obs-source_service-1.7.5-1.1.x86_64 obs-productconverter-1.7.5-1.1.x86_64
Any hints?
On 2010-05-28 18:19:47 -0600, Troy Telford wrote:
I've noted a slightly old thread where somebody asked about how to use obssigner or obssignd. However, the problem was that there wasn't any documentation; and there wasn't any discussion on how to set up the signer.
I'd be more than willing to help document the process on the build service wikis -- if only I knew how to set it up. I can't find any documentation on how to configure obssigner.
I've uncommented: our $sign = '/usr/bin/sign'; from BSConfig.pm
I've tried putting the following into my /etc/sign.conf: ### for build service host server: <my_real_ip_address> user: obsbuild@foo.com allowuser: obsrun # ### for sign server #allow: <IP of your build service host> allow: <my_real_ip_address> #phrases: /root/.phrases
When I start /etc/init.d/obssignd, it starts without throwing an error. After I start /etc/init.d/obssigner, there is a new logfile created in: /srv/obs/log/signer.log
This logfile has the following contents: Name "BSConfig::sign_project" used only once: possible typo at /usr/lib/obs/server//bs_signer line 96. starting build service signer waiting for an event...
When I try to create a key (from a project I've checked out), I get: ~/src/obs/myproject$ osc signkey --create Server returned an error: HTTP Error 404: Not Found don't know how to create a key
Did you restart the srcserver after modifying the BSConfig.pm? This message indicates that $sign isn't defined in BSConfig.pm.
Marcus
On Fri, May 28, 2010 at 20:24, Marcus Hüwe suse-tux@gmx.de wrote:
On 2010-05-28 18:19:47 -0600, Troy Telford wrote:
I've noted a slightly old thread where somebody asked about how to use obssigner or obssignd. However, the problem was that there wasn't any documentation; and there wasn't any discussion on how to set up the signer.
I was the one who asked that.
I'd be more than willing to help document the process on the build service wikis -- if only I knew how to set it up. I can't find any documentation on how to configure obssigner.
I've actually managed to get it working, after a few months >.>"
I've uncommented: our $sign = '/usr/bin/sign'; from BSConfig.pm
I've tried putting the following into my /etc/sign.conf: ### for build service host server: <my_real_ip_address> user: obsbuild@foo.com allowuser: obsrun # ### for sign server #allow: <IP of your build service host> allow: <my_real_ip_address> #phrases: /root/.phrases
When I start /etc/init.d/obssignd, it starts without throwing an error. After I start /etc/init.d/obssigner, there is a new logfile created in: /srv/obs/log/signer.log
This logfile has the following contents: Name "BSConfig::sign_project" used only once: possible typo at /usr/lib/obs/server//bs_signer line 96. starting build service signer waiting for an event...
When I try to create a key (from a project I've checked out), I get: ~/src/obs/myproject$ osc signkey --create Server returned an error: HTTP Error 404: Not Found don't know how to create a key
Did you restart the srcserver after modifying the BSConfig.pm? This message indicates that $sign isn't defined in BSConfig.pm.
What I did: in BSConfig.pm
our $gpg_standard_key = "/etc/alst.asc";
our $sign = '/usr/bin/sign';
#Extend sign call with project name as argument "--project $NAME" # ** Let's not, sign doesn't support it O_O
our $sign_project = 0;
#Global sign key our $keyfile = '/etc/alst.asc';
#Create a key by default for new projects, if top level have not one our $forceprojectkeys = 1;
Then in /etc/sign.conf
user: software@lincomlinux.org allowuser: obsrun allow: 127.0.0.1 phrases: /root/.phrases
And finally, in /etc/permissions.d/sign
/usr/bin/sign root:root 4755
Whoever packaged obssignd needs to correct the permissions on it.
-- later, Robert Xu
On Friday, May 28, 2010 06:30:52 pm Robert Xu wrote:
On Fri, May 28, 2010 at 20:24, Marcus Hüwe suse-tux@gmx.de wrote:
I'd be more than willing to help document the process on the build service wikis -- if only I knew how to set it up. I can't find any documentation on how to configure obssigner.
I've actually managed to get it working, after a few months >.>"
Ouch.
When I try to create a key (from a project I've checked out), I get: ~/src/obs/myproject$ osc signkey --create Server returned an error: HTTP Error 404: Not Found don't know how to create a key
Did you restart the srcserver after modifying the BSConfig.pm? This message indicates that $sign isn't defined in BSConfig.pm.
It was defined. Srcserver wasn't restarted. After restarting it, I get: Server returned an error: HTTP Error 404: Not Found /usr/bin/sign: 256
What I did: in BSConfig.pm
our $gpg_standard_key = "/etc/alst.asc";
our $sign = '/usr/bin/sign';
#Extend sign call with project name as argument "--project $NAME" # ** Let's not, sign doesn't support it O_O
our $sign_project = 0;
#Global sign key our $keyfile = '/etc/alst.asc';
#Create a key by default for new projects, if top level have not one our $forceprojectkeys = 1;
OK, now a couple of questions: How was '/etc/alst.asc' generated? (is it a GPG private key, a GPG public key, etc.) I took a stab at it and created a GPG private key, and set it in place as '/etc/obskey.asc'. I'm still seeing:
$ osc signkey Server returned an error: HTTP Error 404: Not Found SOME_PROJECT: no pubkey available
$ osc signkey --create Server returned an error: HTTP Error 404: Not Found /usr/bin/sign: 256
Then in /etc/sign.conf
user: software@lincomlinux.org
so "user" is the email address given to the GPG key?
allowuser: obsrun allow: 127.0.0.1 phrases: /root/.phrases
So what is in .phrases - is it a flat file with a passphrase:key id sort of mapping, a direcory with a specific filename, etc...
And finally, in /etc/permissions.d/sign
/usr/bin/sign root:root 4755
Whoever packaged obssignd needs to correct the permissions on it.
-- later, Robert Xu
On Wed, Jun 2, 2010 at 16:27, Troy Telford ttelford.groups@gmail.com wrote:
On Friday, May 28, 2010 06:30:52 pm Robert Xu wrote:
On Fri, May 28, 2010 at 20:24, Marcus Hüwe suse-tux@gmx.de wrote:
I'd be more than willing to help document the process on the build service wikis -- if only I knew how to set it up. I can't find any documentation on how to configure obssigner.
I've actually managed to get it working, after a few months >.>"
Ouch.
I know. Pretty painful of me.
When I try to create a key (from a project I've checked out), I get: ~/src/obs/myproject$ osc signkey --create Server returned an error: HTTP Error 404: Not Found don't know how to create a key
Did you restart the srcserver after modifying the BSConfig.pm? This message indicates that $sign isn't defined in BSConfig.pm.
It was defined. Srcserver wasn't restarted. After restarting it, I get: Server returned an error: HTTP Error 404: Not Found /usr/bin/sign: 256
What I did: in BSConfig.pm
our $gpg_standard_key = "/etc/alst.asc";
our $sign = '/usr/bin/sign';
#Extend sign call with project name as argument "--project $NAME" # ** Let's not, sign doesn't support it O_O
our $sign_project = 0;
#Global sign key our $keyfile = '/etc/alst.asc';
#Create a key by default for new projects, if top level have not one our $forceprojectkeys = 1;
OK, now a couple of questions: How was '/etc/alst.asc' generated? (is it a GPG private key, a GPG public key, etc.) I took a stab at it and created a GPG private key, and set it in place as '/etc/obskey.asc'. I'm still seeing:
$ osc signkey Server returned an error: HTTP Error 404: Not Found SOME_PROJECT: no pubkey available
$ osc signkey --create Server returned an error: HTTP Error 404: Not Found /usr/bin/sign: 256
This, I actually used a reference from the SUSE Build Keys to make them. Here:
I have two keys: They are both named OBS Sign Key, and the email is software@lincomlinux.org.
One of them is RSA 1024 that expires 2014-05-31 The other is DSA 1024 and Elgamal 2048, expiring 2014-05-31.
/etc/alst.asc is the exported key from the DSA/Elgamal one.
Then in /etc/sign.conf
user: software@lincomlinux.org
so "user" is the email address given to the GPG key?
Yes
allowuser: obsrun allow: 127.0.0.1 phrases: /root/.phrases
So what is in .phrases - is it a flat file with a passphrase:key id sort of mapping, a direcory with a specific filename, etc...
/root/.phrases is basically a directory with text files: so for example, I have a text file named "software@lincomlinux.org" with the content of the file being "password".
For some reason, I had to *copy* the contents of .gnupg over to / I also copied .phrases to /, but I don't think that's necessary.
And finally, in /etc/permissions.d/sign
/usr/bin/sign root:root 4755
Whoever packaged obssignd needs to correct the permissions on it.
-- later, Robert Xu
On Wed, Jun 2, 2010 at 17:21, Robert Xu robxu9@gmail.com wrote:
On Wed, Jun 2, 2010 at 16:27, Troy Telford ttelford.groups@gmail.com wrote:
On Friday, May 28, 2010 06:30:52 pm Robert Xu wrote:
On Fri, May 28, 2010 at 20:24, Marcus Hüwe suse-tux@gmx.de wrote:
I'd be more than willing to help document the process on the build service wikis -- if only I knew how to set it up. I can't find any documentation on how to configure obssigner.
I've actually managed to get it working, after a few months >.>"
Ouch.
I know. Pretty painful of me.
When I try to create a key (from a project I've checked out), I get: ~/src/obs/myproject$ osc signkey --create Server returned an error: HTTP Error 404: Not Found don't know how to create a key
Did you restart the srcserver after modifying the BSConfig.pm? This message indicates that $sign isn't defined in BSConfig.pm.
It was defined. Srcserver wasn't restarted. After restarting it, I get: Server returned an error: HTTP Error 404: Not Found /usr/bin/sign: 256
What I did: in BSConfig.pm
our $gpg_standard_key = "/etc/alst.asc";
our $sign = '/usr/bin/sign';
#Extend sign call with project name as argument "--project $NAME" # ** Let's not, sign doesn't support it O_O
our $sign_project = 0;
#Global sign key our $keyfile = '/etc/alst.asc';
#Create a key by default for new projects, if top level have not one our $forceprojectkeys = 1;
OK, now a couple of questions: How was '/etc/alst.asc' generated? (is it a GPG private key, a GPG public key, etc.) I took a stab at it and created a GPG private key, and set it in place as '/etc/obskey.asc'. I'm still seeing:
$ osc signkey Server returned an error: HTTP Error 404: Not Found SOME_PROJECT: no pubkey available
$ osc signkey --create Server returned an error: HTTP Error 404: Not Found /usr/bin/sign: 256
This, I actually used a reference from the SUSE Build Keys to make them. Here:
I have two keys: They are both named OBS Sign Key, and the email is software@lincomlinux.org.
One of them is RSA 1024 that expires 2014-05-31 The other is DSA 1024 and Elgamal 2048, expiring 2014-05-31.
/etc/alst.asc is the exported key from the DSA/Elgamal one.
Then in /etc/sign.conf
user: software@lincomlinux.org
so "user" is the email address given to the GPG key?
Yes
I forgot to mention something: You need to install the gpg2 package from openSUSE:Factory. That one has the files-are-digests.patch needed for sign to run.
allowuser: obsrun allow: 127.0.0.1 phrases: /root/.phrases
So what is in .phrases - is it a flat file with a passphrase:key id sort of mapping, a direcory with a specific filename, etc...
/root/.phrases is basically a directory with text files: so for example, I have a text file named "software@lincomlinux.org" with the content of the file being "password".
For some reason, I had to *copy* the contents of .gnupg over to / I also copied .phrases to /, but I don't think that's necessary.
And finally, in /etc/permissions.d/sign
/usr/bin/sign root:root 4755
Whoever packaged obssignd needs to correct the permissions on it.
On 2010-06-04 12:53:48 -0600, Robert Xu said:
I forgot to mention something: You need to install the gpg2 package from openSUSE:Factory. That one has the files-are-digests.patch needed for sign to run.
Thanks; I found out the hard way. Though what I did was take the Base:System packages from build.opensuse.org (libassuan and gpg2), and re-built them for my OBS host's distribution.
But I now have it working. Now to write a nice wiki-formatted document and see if I can get it put into the OBS documenatation.
Thanks!
On Fri, Jun 4, 2010 at 14:57, Troy Telford ttelford.groups@gmail.com wrote:
On 2010-06-04 12:53:48 -0600, Robert Xu said:
I forgot to mention something: You need to install the gpg2 package from openSUSE:Factory. That one has the files-are-digests.patch needed for sign to run.
Thanks; I found out the hard way. Though what I did was take the Base:System packages from build.opensuse.org (libassuan and gpg2), and re-built them for my OBS host's distribution.
But I now have it working. Now to write a nice wiki-formatted document and see if I can get it put into the OBS documenatation.
Thanks!
glad to have helped, even though it was a little late :) heh, I tried writing documentation for it, but I got mixed up in the end :P have fun!
I forgot to mention something: You need to install the gpg2 package from openSUSE:Factory. That one has the files-are-digests.patch needed for sign to run.
No. You can now use gpg2 from openSUSE.Tools. It is working just fine :)
Regards Chris
On Fri, Jun 4, 2010 at 18:39, Christian chris@computersalat.de wrote:
I forgot to mention something: You need to install the gpg2 package from openSUSE:Factory. That one has the files-are-digests.patch needed for sign to run.
No. You can now use gpg2 from openSUSE.Tools. It is working just fine :)
Really? Was gpg2 just added today or something? Because it never showed up on my Software Manager (set to show all) Either that or the openSUSE 11.2 one took higher precedence.
On Fri, Jun 4, 2010 at 18:41, Robert Xu robxu9@gmail.com wrote:
On Fri, Jun 4, 2010 at 18:39, Christian chris@computersalat.de wrote:
I forgot to mention something: You need to install the gpg2 package from openSUSE:Factory. That one has the files-are-digests.patch needed for sign to run.
No. You can now use gpg2 from openSUSE.Tools. It is working just fine :)
Really? Was gpg2 just added today or something? Because it never showed up on my Software Manager (set to show all) Either that or the openSUSE 11.2 one took higher precedence.
This is a really old conversation, but I want to let you guys know that I wrote a tutorial on how to configure the signer:
http://wiki.opensuse.org/openSUSE:Build_Service_Signer
This is a great writeup, thanks. Will be attempting to set this up myself quite soon. -- Michael ________________________________________ From: Robert Xu [robxu9@gmail.com] Sent: Friday, June 11, 2010 12:57 PM To: Christian Cc: opensuse-buildservice@opensuse.org Subject: Re: [opensuse-buildservice] obs and signing
On Fri, Jun 4, 2010 at 18:41, Robert Xu robxu9@gmail.com wrote:
On Fri, Jun 4, 2010 at 18:39, Christian chris@computersalat.de wrote:
I forgot to mention something: You need to install the gpg2 package from openSUSE:Factory. That one has the files-are-digests.patch needed for sign to run.
No. You can now use gpg2 from openSUSE.Tools. It is working just fine :)
Really? Was gpg2 just added today or something? Because it never showed up on my Software Manager (set to show all) Either that or the openSUSE 11.2 one took higher precedence.
This is a really old conversation, but I want to let you guys know that I wrote a tutorial on how to configure the signer:
http://wiki.opensuse.org/openSUSE:Build_Service_Signer
-- later, Robert Xu -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org
buildservice@lists.opensuse.org
-
Christian -
Marcus Hüwe -
Michael_E_Brown@Dell.com -
Robert Xu -
Troy Telford