On Sat, Aug 08, 2015 at 05:47:14PM +0000, Robin H. Johnson wrote: > On Thu, Jul 02, 2015 at 09:39:52PM +0000, Robin H. Johnson wrote: > > 2015/08/08 15:00 UTC - Freeze > > 2015/08/08 19:00 UTC - Git commits open for developers This is going live in a few minutes. There was a lot of delays and snags that were hit. QA has a lot of reviewing to do of in-tree patches with long-standing CVS keyword damage. gkeys is also not sufficiently baked, so we're using some scripting for now instead [1].
The new setup DOES enforce that commits AND pushes are signed. I'm only 90% sure that everything works, but I've spent almost the entire day on it, and there's more to go tomorrow. Other old CVS repos are still closed for the moment, they will re-open tomorrow. > > 2015/08/09 01:00 UTC - Rsync live again (with lagged changelog) > > 2015/08/11 - History repo available to graft > > 2015/08/12 - rsync mirrors carry up-to-date changelogs again These parts are still pending. Quick instructions: Set PORTAGE_GPG_KEY="0xLONG-GPG-KEY" in your make.conf $ git config user.signingkey 0xLONG-GPG-KEY $ git clone git+ssh://g...@git.gentoo.org/repo/gentoo.git $ vim ... $ repoman commit -m '...' [2] $ git push --signed (some time later, when you have local unpushed commits you want to rebase instead of merging) $ git pull --rebase -S $ vim ... $ repoman commit -m '...' $ git push --signed (some time later, when you have a local branch you want to merge) $ git merge -S some-branch $ git push --signed [1] The keys as they are in LDAP right now have been used. If you need to change your key, please ping infra as well, so I can update the temporary setup. $ ldapsearch 'gentooStatus=active' gpgfingerprint -Z -LLL \ |grep gpgfingerprint |cut -d: -f2- |tr -d ' ' \ |grep -v 'undefined' | xargs gpg --recv [2] If you commit directly with "git commit" you MUST pass -S (and ideally -s). -- Robin Hugh Johnson Gentoo Linux: Developer, Infrastructure Lead E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85