Re: [aur-general] Build packages without Arch on pkgbuild.com

2018-04-09 Thread Morten Linderud via aur-general
On Sun, Apr 08, 2018 at 07:09:06PM +0530, Pierre Neidhardt wrote: > > Morten Linderud writes: > > > What i have done now is to launch a second gpg-agent that only > > provides an -extra socket with no caching what so ever. > > I thought of something along those lines.

Re: [aur-general] Build packages without Arch on pkgbuild.com

2018-04-08 Thread Levente Polyak via aur-general
On 04/08/2018 05:51 PM, Eli Schwartz via aur-general wrote: > On 04/08/2018 07:49 AM, Florian Pritz via aur-general wrote: >> On 08.04.2018 05:01, Eli Schwartz via aur-general wrote: >>> If you're really afraid of someone running as either your user, or some >>> user with the power to hijack your

Re: [aur-general] Build packages without Arch on pkgbuild.com

2018-04-08 Thread Eli Schwartz via aur-general
On 04/08/2018 07:49 AM, Florian Pritz via aur-general wrote: > On 08.04.2018 05:01, Eli Schwartz via aur-general wrote: >> If you're really afraid of someone running as either your user, or some >> user with the power to hijack your SSH session, while you're trying to >> sign something, then they

Re: [aur-general] Build packages without Arch on pkgbuild.com

2018-04-08 Thread Pierre Neidhardt via aur-general
Morten Linderud writes: > What i have done now is to launch a second gpg-agent that only > provides an -extra socket with no caching what so ever. I thought of something along those lines. Can you detail the commands so that we can put that on the wiki? -- Pierre

Re: [aur-general] Build packages without Arch on pkgbuild.com

2018-04-08 Thread Morten Linderud via aur-general
On Sun, Apr 08, 2018 at 06:09:27PM +0530, Pierre Neidhardt wrote: > > > Use the `ignore-cache-for-signing` option in gpg-agent. Unsure if you can > > enable > > this only for connections to soyuz. > > But that's only for signing, so that won't do if I have subkeys used for > other purposes

Re: [aur-general] Build packages without Arch on pkgbuild.com

2018-04-08 Thread Pierre Neidhardt via aur-general
> Use the `ignore-cache-for-signing` option in gpg-agent. Unsure if you can > enable > this only for connections to soyuz. But that's only for signing, so that won't do if I have subkeys used for other purposes under the same master key, right? -- Pierre Neidhardt signature.asc Description:

Re: [aur-general] Build packages without Arch on pkgbuild.com

2018-04-08 Thread Morten Linderud via aur-general
On Sun, Apr 08, 2018 at 05:58:11PM +0530, Pierre Neidhardt via aur-general wrote: > > What's the best practice to disable password caching? Set the timeout > to zero? > > Does anyone know if it's possible to have have a zero-timeout when on > soyuz while having another timeout time locally?

Re: [aur-general] Build packages without Arch on pkgbuild.com

2018-04-08 Thread Pierre Neidhardt via aur-general
What's the best practice to disable password caching? Set the timeout to zero? Does anyone know if it's possible to have have a zero-timeout when on soyuz while having another timeout time locally? -- Pierre Neidhardt signature.asc Description: PGP signature

Re: [aur-general] Build packages without Arch on pkgbuild.com

2018-04-08 Thread Florian Pritz via aur-general
On 08.04.2018 05:01, Eli Schwartz via aur-general wrote: > If you're really afraid of someone running as either your user, or some > user with the power to hijack your SSH session, while you're trying to > sign something, then they could just switch out your built files anyway. > There's literally

Re: [aur-general] Build packages without Arch on pkgbuild.com

2018-04-07 Thread Eli Schwartz via aur-general
On 04/07/2018 07:55 AM, Levente Polyak via aur-general wrote: > On April 7, 2018 8:23:08 AM GMT+02:00, Pierre Neidhardt via aur-general > wrote: >> >> To perform the complete operation on soyuz, we need to forward the >> gpg-socket (and the SSH socket if different) to

Re: [aur-general] Build packages without Arch on pkgbuild.com

2018-04-07 Thread Morten Linderud via aur-general
On Sat, Apr 07, 2018 at 11:53:08AM +0530, Pierre Neidhardt via aur-general wrote: > To perform the complete operation on soyuz, we need to forward the > gpg-socket (and the SSH socket if different) to soyuz, which defeats the PGP > / Web of Trust security model: for a person with root access to

Re: [aur-general] Build packages without Arch on pkgbuild.com

2018-04-07 Thread Levente Polyak via aur-general
On April 7, 2018 8:23:08 AM GMT+02:00, Pierre Neidhardt via aur-general wrote: > >To perform the complete operation on soyuz, we need to forward the >gpg-socket (and the SSH socket if different) to soyuz, which defeats >the PGP >/ Web of Trust security model: for a

[aur-general] Build packages without Arch on pkgbuild.com

2018-04-07 Thread Pierre Neidhardt via aur-general
I've recently written a paragraph on how to build Arch Linux packages on pkgbuild.com (a.k.a. soyuz): https://wiki.archlinux.org/index.php/AUR_Trusted_User_Guidelines#Remote_build_on_PKGBUILD.com To perform the complete operation on soyuz, we need to forward the gpg-socket (and the SSH