On Sat, Aug 08, 2015 at 05:47:14PM +0000, Robin H. Johnson wrote:
> On Thu, Jul 02, 2015 at 09:39:52PM +0000, Robin H. Johnson wrote:
> > 2015/08/08 15:00 UTC - Freeze
> > 2015/08/08 19:00 UTC - Git commits open for developers
This is going live in a few minutes. There was a lot of delays and snags
that were hit. QA has a lot of reviewing to do of in-tree patches with
long-standing CVS keyword damage. gkeys is also not sufficiently baked,
so we're using some scripting for now instead [1].
The new setup DOES enforce that commits AND pushes are signed.
I'm only 90% sure that everything works, but I've spent almost the
entire day on it, and there's more to go tomorrow.
Other old CVS repos are still closed for the moment, they will re-open
tomorrow.
> > 2015/08/09 01:00 UTC - Rsync live again (with lagged changelog)
> > 2015/08/11 - History repo available to graft
> > 2015/08/12 - rsync mirrors carry up-to-date changelogs again
These parts are still pending.
Quick instructions:
Set PORTAGE_GPG_KEY="0xLONG-GPG-KEY" in your make.conf
$ git config user.signingkey 0xLONG-GPG-KEY
$ git clone git+ssh://g...@git.gentoo.org/repo/gentoo.git
$ vim ...
$ repoman commit -m '...' [2]
$ git push --signed
(some time later, when you have local unpushed commits you want to
rebase instead of merging)
$ git pull --rebase -S
$ vim ...
$ repoman commit -m '...'
$ git push --signed
(some time later, when you have a local branch you want to merge)
$ git merge -S some-branch
$ git push --signed
[1]
The keys as they are in LDAP right now have been used. If you need to
change your key, please ping infra as well, so I can update the
temporary setup.
$ ldapsearch 'gentooStatus=active' gpgfingerprint -Z -LLL \
|grep gpgfingerprint |cut -d: -f2- |tr -d ' ' \
|grep -v 'undefined' | xargs gpg --recv
[2]
If you commit directly with "git commit" you MUST pass -S (and ideally
-s).
--
Robin Hugh Johnson
Gentoo Linux: Developer, Infrastructure Lead
E-Mail : robb...@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
