Re: reprepro using a gpg certificate
Andreas Ronnquist writes: On Mon, 28 Sep 2020 15:01:25 +0200, Philipp Ewald wrote: >afaik: > >you dont need a password on a gpg-key so if its not required you can >remove the password and script That is right of course - but how is this security-wise? I guess in my case it doesn't matter much though. Whether you store the password on the same computer as the keyfile or just a keyfile without password should not matter that much? What kind of adversary are you trying to protect against? I run a reprepro here with an "unprotected" keyfile and it works quite nicely. In case you are interested in how it is implemented here, see https://masysma.lima-city.de/32/masysmaci_pkgsync.xhtml Follow the links to Github or further documentation as interested :) HTH Linux-Fan [...] pgpXpvfgbYx4w.pgp Description: PGP signature
Re: reprepro using a gpg certificate
On Mon, 28 Sep 2020 15:01:25 +0200, Philipp Ewald wrote: >afaik: > >you dont need a password on a gpg-key so if its not required you can >remove the password and script > That is right of course - but how is this security-wise? I guess in my case it doesn't matter much though. Thanks for your input! best -- Andreas Rönnquist mailingli...@gusnan.se andr...@ronnquist.net
Re: reprepro using a gpg certificate
On Mon, 28 Sep 2020 08:23:54 -0400, Roberto C. Sánchez wrote: >On Mon, Sep 28, 2020 at 01:59:52PM +0200, Andreas Rönnquist wrote: >> Hi! >> >> I have managed to setup a personal repository for backports from >> unstable to stable only for personal usage. Everything works just >> fine, with one small exception: >> >> After I dput a package I must login to the repository server, and run >> a shell script containing the reprepro command, which I cannot >> automate, since it requests entry of a password for a gpg key. >> >> Does anyone have some simple instructions to setup reprepro so I >> don't have to enter this password by hand - I understand that I can >> use some kind of gpg certificate to get around this, but I haven't >> managed to set it up properly. >> >> I want to do the reprepro command in a crontab so that eventual >> uploaded packages get processed automatically every X minutes, but >> then it (of course) cannot require someone to fill in a gpg password. >> >Have you looked at the keychain package? It allows you to cache SSH >and GPG keys. I have used it to automate tasks that require both. >Essentially, you will need to log in once after the system boots and >load the key(s) you want to use for automation. Your scripts will need >to source a shell script snippet with environment variables that let it >connect to the running agent(s) and they can just operate like normal. >The agent(s) handle all of the interactions with ssh and/or gpg >regarding the unlocking of keys and such. > keychain indeed looks exactly like what I need. Thank you! best regards -- Andreas Rönnquist mailingli...@gusnan.se andr...@ronnquist.net
Re: reprepro using a gpg certificate
afaik: you dont need a password on a gpg-key so if its not required you can remove the password and script Am 28.09.20 um 13:59 schrieb Andreas Rönnquist: Hi! I have managed to setup a personal repository for backports from unstable to stable only for personal usage. Everything works just fine, with one small exception: After I dput a package I must login to the repository server, and run a shell script containing the reprepro command, which I cannot automate, since it requests entry of a password for a gpg key. Does anyone have some simple instructions to setup reprepro so I don't have to enter this password by hand - I understand that I can use some kind of gpg certificate to get around this, but I haven't managed to set it up properly. I want to do the reprepro command in a crontab so that eventual uploaded packages get processed automatically every X minutes, but then it (of course) cannot require someone to fill in a gpg password. Is there any simple tutorial somewhere that I haven't found? thanks in advance -- Andreas Rönnquist mailingli...@gusnan.se andr...@ronnquist.net [Please don't CC me, if I mail to a mailinglist, I am subscribed to it.] -- Philipp Ewald Administrator DigiOnline GmbH, Probsteigasse 15 - 19, 50670 Köln Telefon: +49 221 6500-532, Fax: +49 221 6500-690, E-Mail: philipp.ew...@digionline.de AG Köln HRB 27711, St.-Nr. 5215 5811 0640 Geschäftsführer: Werner Grafenhain Informationen zum Datenschutz: www.digionline.de/ds
Re: reprepro using a gpg certificate
On Mon, Sep 28, 2020 at 01:59:52PM +0200, Andreas Rönnquist wrote: > Hi! > > I have managed to setup a personal repository for backports from > unstable to stable only for personal usage. Everything works just > fine, with one small exception: > > After I dput a package I must login to the repository server, and run > a shell script containing the reprepro command, which I cannot > automate, since it requests entry of a password for a gpg key. > > Does anyone have some simple instructions to setup reprepro so I don't > have to enter this password by hand - I understand that I can use some > kind of gpg certificate to get around this, but I haven't managed to set > it up properly. > > I want to do the reprepro command in a crontab so that eventual > uploaded packages get processed automatically every X minutes, but then > it (of course) cannot require someone to fill in a gpg password. > Have you looked at the keychain package? It allows you to cache SSH and GPG keys. I have used it to automate tasks that require both. Essentially, you will need to log in once after the system boots and load the key(s) you want to use for automation. Your scripts will need to source a shell script snippet with environment variables that let it connect to the running agent(s) and they can just operate like normal. The agent(s) handle all of the interactions with ssh and/or gpg regarding the unlocking of keys and such. Regards, -Roberto -- Roberto C. Sánchez
reprepro using a gpg certificate
Hi! I have managed to setup a personal repository for backports from unstable to stable only for personal usage. Everything works just fine, with one small exception: After I dput a package I must login to the repository server, and run a shell script containing the reprepro command, which I cannot automate, since it requests entry of a password for a gpg key. Does anyone have some simple instructions to setup reprepro so I don't have to enter this password by hand - I understand that I can use some kind of gpg certificate to get around this, but I haven't managed to set it up properly. I want to do the reprepro command in a crontab so that eventual uploaded packages get processed automatically every X minutes, but then it (of course) cannot require someone to fill in a gpg password. Is there any simple tutorial somewhere that I haven't found? thanks in advance -- Andreas Rönnquist mailingli...@gusnan.se andr...@ronnquist.net [Please don't CC me, if I mail to a mailinglist, I am subscribed to it.]