After last year's kernel.org break-in, the new regime for access to kernel.org resources changed, and everyone had to reestablish access under the new system. I've only recently finished all the required steps so that I can both host the man-pages Git repository on kernel.org and upload release tarballs to the download directory.
To remind myself, and perhaps help others who may in the future need to do some of these steps, here's what I needed to do (corrections and comments welcome):
- As per H. Peter Anvin's instructions, create a (new) PGP key.
- Upload the PGP public key to the keyserver system (I used pgp.mit.edu, but any of the interconnected keyserver systems will do).
- Get my PGP key signed by others in the kernel.org ecosystem, so that my key can be considered trustworthy. Luckily, I was at LinuxCon in Prague last year when a lot other people, including many of the kernel developers at the collocated Kernel Summit, were trying to do exactly the same thing, so I managed to get a healthy set of signatures on my key. One way or another, you need to get such signatures on your key. (If you don't come into regular contact with some core kernel developers, or see them at conferences, this map may help.)
- Send the key ID and fingerprint to email@example.com.
- Since my key was well signed, I soon afterward received an email from the kernel.org admins. That mail was encrypted using my public PGP key, and after decrypting, decompressing, and untarring, it contained three files:
- mtk: A private ssh key generated for me by the kernel.org admins. (The file has the same name as my kernel.org username.) The public key is stored on kernel.org. The private key is needed for gitolite and kup access.
- welcome.readme: Various information, including
- The name of the host providing gitolite access (ra.kernel.org)
- My username on that host (mtk)
- The password for my SSH key
- Some basic information on working with gitolite
- ssh_keygen.output: Information on the generation of my RSA key pair.
- Configure SSH to know about my new key:
- copy (and rename) the file mtk to ~/.ssh/mtk.kernel.org.
- add the new key to my SSH config, by adding the following lines to ~/.ssh/config:
Host ra.kernel.org IdentityFile ~/.ssh/mtk.kernel.org
$ git clone firstname.lastname@example.org:/pub/scm/docs/man-pages/man-pages
[remote "origin"] url = email@example.com:/pub/scm/docs/man-pages/man-pages.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = firstname.lastname@example.org:/pub/scm/docs/man-pages/man-pages.git merge = refs/heads/master [remote "kernel.org"] url = email@example.com:/pub/scm/docs/man-pages/man-pages.git push = +refs/heads/master:refs/heads/master
$ git push kernel.org $ git push --tags kernel.org
$ echo "Linux man pages Sections 2, 3, 4, 5, and 7" | \ ssh firstname.lastname@example.org setdesc /pub/scm/docs/man-pages/man-pages.git Enter passphrase for key '/home/mtk/.ssh/mtk.kernel.org': $ ssh email@example.com getdesc /pub/scm/docs/man-pages/man-pages.git Enter passphrase for key '/home/mtk/.ssh/mtk.kernel.org': Linux man pages Sections 2, 3, 4, 5, and 7
$ git clone git://git.kernel.org/pub/scm/utils/kup/kup.gitAlong the way, I installed gnupg-agent and libconfig-simple-perl. This was a recently rebuilt system, so some pieces like this were still missing; the libconfig-simple-perl package was essential to run the kup perl script. (There are kup packages or kup-client packages available for RPM-based systems, and a kup-client package for Debian-based systems.)
host = firstname.lastname@example.org rsh = /usr/bin/ssh -a -x -k -TAs noted in a Nov 2011 message to the kernel.org users mailing list, geb.kernel.org is the domain used for kup uploads on kernel.org.
Host geb.kernel.org IdentityFile ~/.ssh/mtk.kernel.org
$ gpg --detach-sig man-pages-3.35.tar $ ls man-pages-3.35.tar* man-pages-3.35.tar man-pages-3.35.tar.sig $ kup put man-pages-3.35.tar man-pages-3.35.tar.sig \ /pub/linux/docs/man-pages/man-pages-3.35.tar.gz Enter passphrase for key '/home/mtk/.ssh/mtk.kernel.org': 7813120 [==================================================] 100% Compressing: .bz2:100% .gz:100% .xz:100%And then allow a moment before checking that the upload is visible at http://www.kernel.org/pub/linux/docs/man-pages/.