On Sun, Jul 3, 2016 at 12:20 AM, David Faure <[email protected]> wrote: > On lundi 13 juin 2016 15:33:51 CEST David Faure wrote: >> On lundi 6 juin 2016 11:39:25 CEST Sandro Knauß wrote: >> > you don't need to have the privatekey on the server - We have gpg-agent >> > and >> > ssh - so you can forward the gpg-agent to the server when doing a release. >> > That way the private keymatierial stays safe at your place: >> > >> > https://www.isi.edu/~calvin/gpgagent.htm >> >> OK.... this requires OpenSSH >= 6.7, and that's not packaged even for >> OpenSuSE Tumbleweed. I grabbed an OpenSSH-7.2 RPM from someone's repo at >> http://software.opensuse.org/package/openssh and then I couldn't ssh >> anywhere anymore (permission denied) :-). Reverted to OpenSSH_6.6.1p1. > > OK that was because DSA is disabled by default in OpenSSH 6.7. > > So now locally I have openssh-7.2p2 and gpg 2.1.12. > > The server only has gpg 2.0.19 though, is that a problem? > > When running the attached script, I get this error: > Warning: remote port forwarding failed for listen path > /home/scripty/.gnupg/S.gpg-agent > > (and then gpg2 on the server fails) > > I don't understand. Is gpg-agent supposed to be running already on the server? > Or is the script supposed to create the S.gpg-agent file? Why does it fail > then? > > I didn't expect so much trouble with this :(
I suspect this requires a similarly new enough sshd on the server to handle this. KDE Infrastructure runs a mixture of Debian and Ubuntu depending on the system - thus requiring either Ubuntu 16.04 (Xenial) or Debian Jessie for support for this. > > -- > David Faure, [email protected], http://www.davidfaure.fr > Working on KDE Frameworks 5 Regards, Ben > > _______________________________________________ > release-team mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/release-team > _______________________________________________ release-team mailing list [email protected] https://mail.kde.org/mailman/listinfo/release-team
