Mailinglist Archive: opensuse-buildservice (306 mails)

< Previous Next >
Re: [opensuse-buildservice] obs and signing
  • From: Robert Xu <robxu9@xxxxxxxxx>
  • Date: Fri, 4 Jun 2010 14:53:48 -0400
  • Message-id: <AANLkTikKvhdTrhWxwcwrLair9GmkJbuJXCn5lxRynpDK@xxxxxxxxxxxxxx>
On Wed, Jun 2, 2010 at 17:21, Robert Xu <robxu9@xxxxxxxxx> wrote:
On Wed, Jun 2, 2010 at 16:27, Troy Telford <ttelford.groups@xxxxxxxxx> wrote:
On Friday, May 28, 2010 06:30:52 pm Robert Xu wrote:
On Fri, May 28, 2010 at 20:24, Marcus Hüwe <suse-tux@xxxxxx> wrote:
I'd be more than willing to help document the process on the build
service wikis -- if only I knew how to set it up.  I can't find any
documentation on how to configure obssigner.

I've actually managed to get it working, after a few months >.>"


I know. Pretty painful of me.

When I try to create a key (from a project I've checked out), I get:
~/src/obs/myproject$ osc signkey --create
Server returned an error: HTTP Error 404: Not Found
don't know how to create a key

Did you restart the srcserver after modifying the This
message indicates that $sign isn't defined in

It was defined.  Srcserver wasn't restarted.  After restarting it, I get:
Server returned an error: HTTP Error 404: Not Found
/usr/bin/sign: 256

What I did:

our $gpg_standard_key = "/etc/alst.asc";

our $sign = '/usr/bin/sign';

#Extend sign call with project name as argument "--project $NAME"
# ** Let's not, sign doesn't support it O_O

our $sign_project = 0;

#Global sign key
our $keyfile = '/etc/alst.asc';

#Create a key by default for new projects, if top level have not one
our $forceprojectkeys = 1;

OK, now a couple of questions:  How was '/etc/alst.asc' generated?  (is it a
GPG private key, a GPG public key, etc.)  I took a stab at it and created a
GPG private key, and set it in place as '/etc/obskey.asc'.  I'm still seeing:

$ osc signkey
Server returned an error: HTTP Error 404: Not Found
SOME_PROJECT: no pubkey available

$ osc signkey --create
Server returned an error: HTTP Error 404: Not Found
/usr/bin/sign: 256

This, I actually used a reference from the SUSE Build Keys to make them. Here:

I have two keys:
They are both named OBS Sign Key, and the email is software@xxxxxxxxxxxxxxxx

One of them is RSA 1024 that expires 2014-05-31
The other is DSA 1024 and Elgamal 2048, expiring 2014-05-31.

/etc/alst.asc is the exported key from the DSA/Elgamal one.

Then in /etc/sign.conf

user: software@xxxxxxxxxxxxxxx
so "user" is the email address given to the GPG key?


I forgot to mention something:
You need to install the gpg2 package from openSUSE:Factory.
That one has the files-are-digests.patch needed for sign to run.

allowuser: obsrun
phrases: /root/.phrases

So what is in .phrases - is it a flat file with a passphrase:key id sort of
mapping, a direcory with a specific filename, etc...

/root/.phrases is basically a directory with text files:
so for example, I have a text file named "software@xxxxxxxxxxxxxxx"
with the content of the file being "password".

For some reason, I had to *copy* the contents of .gnupg over to /
I also copied .phrases to /, but I don't think that's necessary.

And finally, in /etc/permissions.d/sign

/usr/bin/sign         root:root       4755

Whoever packaged obssignd needs to correct the permissions on it.

later, Robert Xu
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups