1 |
On Sat, Aug 08, 2015 at 05:47:14PM +0000, Robin H. Johnson wrote: |
2 |
> On Thu, Jul 02, 2015 at 09:39:52PM +0000, Robin H. Johnson wrote: |
3 |
> > 2015/08/08 15:00 UTC - Freeze |
4 |
> > 2015/08/08 19:00 UTC - Git commits open for developers |
5 |
This is going live in a few minutes. There was a lot of delays and snags |
6 |
that were hit. QA has a lot of reviewing to do of in-tree patches with |
7 |
long-standing CVS keyword damage. gkeys is also not sufficiently baked, |
8 |
so we're using some scripting for now instead [1]. |
9 |
|
10 |
The new setup DOES enforce that commits AND pushes are signed. |
11 |
|
12 |
I'm only 90% sure that everything works, but I've spent almost the |
13 |
entire day on it, and there's more to go tomorrow. |
14 |
|
15 |
Other old CVS repos are still closed for the moment, they will re-open |
16 |
tomorrow. |
17 |
|
18 |
> > 2015/08/09 01:00 UTC - Rsync live again (with lagged changelog) |
19 |
> > 2015/08/11 - History repo available to graft |
20 |
> > 2015/08/12 - rsync mirrors carry up-to-date changelogs again |
21 |
These parts are still pending. |
22 |
|
23 |
Quick instructions: |
24 |
Set PORTAGE_GPG_KEY="0xLONG-GPG-KEY" in your make.conf |
25 |
$ git config user.signingkey 0xLONG-GPG-KEY |
26 |
$ git clone git+ssh://git@××××××××××.org/repo/gentoo.git |
27 |
$ vim ... |
28 |
$ repoman commit -m '...' [2] |
29 |
$ git push --signed |
30 |
|
31 |
(some time later, when you have local unpushed commits you want to |
32 |
rebase instead of merging) |
33 |
$ git pull --rebase -S |
34 |
$ vim ... |
35 |
$ repoman commit -m '...' |
36 |
$ git push --signed |
37 |
|
38 |
(some time later, when you have a local branch you want to merge) |
39 |
$ git merge -S some-branch |
40 |
$ git push --signed |
41 |
|
42 |
[1] |
43 |
The keys as they are in LDAP right now have been used. If you need to |
44 |
change your key, please ping infra as well, so I can update the |
45 |
temporary setup. |
46 |
$ ldapsearch 'gentooStatus=active' gpgfingerprint -Z -LLL \ |
47 |
|grep gpgfingerprint |cut -d: -f2- |tr -d ' ' \ |
48 |
|grep -v 'undefined' | xargs gpg --recv |
49 |
|
50 |
[2] |
51 |
If you commit directly with "git commit" you MUST pass -S (and ideally |
52 |
-s). |
53 |
|
54 |
-- |
55 |
Robin Hugh Johnson |
56 |
Gentoo Linux: Developer, Infrastructure Lead |
57 |
E-Mail : robbat2@g.o |
58 |
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 |