After last year's kernel.org break-in, the new regime for access to kernel.org resources changed, and everyone had to reestablish access under the new system. I've only recently finished all the required steps so that I can both host the man-pages Git repository on kernel.org and upload release tarballs to the download directory.
To remind myself, and perhaps help others who may in the future need to do some of these steps, here's what I needed to do (corrections and comments welcome):
- As per H. Peter Anvin's instructions, create a (new) PGP key.
- Upload the PGP public key to the keyserver system (I used pgp.mit.edu, but any of the interconnected keyserver systems will do).
- Get my PGP key signed by others in the kernel.org ecosystem, so that my key can be considered trustworthy. Luckily, I was at LinuxCon in Prague last year when a lot other people, including many of the kernel developers at the collocated Kernel Summit, were trying to do exactly the same thing, so I managed to get a healthy set of signatures on my key. One way or another, you need to get such signatures on your key. (If you don't come into regular contact with some core kernel developers, or see them at conferences, this map may help.)
- Send the key ID and fingerprint to [email protected].
- Since my key was well signed, I soon afterward received an email from the kernel.org admins. That mail was encrypted using my public PGP key, and after decrypting, decompressing, and untarring, it contained three files:
- mtk: A private ssh key generated for me by the kernel.org admins. (The file has the same name as my kernel.org username.) The public key is stored on kernel.org. The private key is needed for gitolite and kup access.
- welcome.readme: Various information, including
- The name of the host providing gitolite access (ra.kernel.org)
- My username on that host (mtk)
- The password for my SSH key
- Some basic information on working with gitolite
- ssh_keygen.output: Information on the generation of my RSA key pair.
- Configure SSH to know about my new key:
- copy (and rename) the file mtk to ~/.ssh/mtk.kernel.org.
- add the new key to my SSH config, by adding the following lines to ~/.ssh/config:
Host ra.kernel.org IdentityFile ~/.ssh/mtk.kernel.org
- Use ssh-keygen to change the password on my SSH key to something more memorable.
- Create a new empty man-pages Git repo on kernel.org:
$ git clone [email protected]:/pub/scm/docs/man-pages/man-pages
- Set up my local man-pages Git repo to use gitolite. No software installation is required on the client side to use gitolite, but the local Git repo must be configured to use the gitolite protocol. Now, I have the following in my .git/config:
[remote "origin"] url = [email protected]:/pub/scm/docs/man-pages/man-pages.git fetch = +refs/heads/*:refs/remotes/origin/* [branch "master"] remote = [email protected]:/pub/scm/docs/man-pages/man-pages.git merge = refs/heads/master [remote "kernel.org"] url = [email protected]:/pub/scm/docs/man-pages/man-pages.git push = +refs/heads/master:refs/heads/master
- Push my Git repo to kernel.org:
$ git push kernel.org $ git push --tags kernel.org
- Set a description for the kernel.org repo:
- Install kup, by cloning the kup Git repo, which provides a perl script that is the kup client.
$ git clone git://git.kernel.org/pub/scm/utils/kup/kup.git
Along the way, I installed gnupg-agent and libconfig-simple-perl. This was a recently rebuilt system, so some pieces like this were still missing; the libconfig-simple-perl package was essential to run the kup perl script. (There are kup packages or kup-client packages available for RPM-based systems, and a kup-client package for Debian-based systems.) - Set up a kup config file, ~/.kuprc, containing:
host = [email protected] rsh = /usr/bin/ssh -a -x -k -T
As noted in a Nov 2011 message to the kernel.org users mailing list, geb.kernel.org is the domain used for kup uploads on kernel.org. - Configure SSH to use my SSH key on geb.kernel.org, by adding the following lines to ~/.ssh/config:
Host geb.kernel.org IdentityFile ~/.ssh/mtk.kernel.org
- Sign and upload a man-pages tarball to the directory to which the kernel.org admins had already given me access:
$ gpg --detach-sig man-pages-3.35.tar $ ls man-pages-3.35.tar* man-pages-3.35.tar man-pages-3.35.tar.sig $ kup put man-pages-3.35.tar man-pages-3.35.tar.sig \ /pub/linux/docs/man-pages/man-pages-3.35.tar.gz Enter passphrase for key '/home/mtk/.ssh/mtk.kernel.org': 7813120 [==================================================] 100% Compressing: .bz2:100% .gz:100% .xz:100%
And then allow a moment before checking that the upload is visible at http://www.kernel.org/pub/linux/docs/man-pages/.
$ echo "Linux man pages Sections 2, 3, 4, 5, and 7" | \ ssh [email protected] setdesc /pub/scm/docs/man-pages/man-pages.git Enter passphrase for key '/home/mtk/.ssh/mtk.kernel.org': $ ssh [email protected] getdesc /pub/scm/docs/man-pages/man-pages.git Enter passphrase for key '/home/mtk/.ssh/mtk.kernel.org': Linux man pages Sections 2, 3, 4, 5, and 7
Update, August 2013: The way to do this nowadays is something like:
$ ssh [email protected] desc pub/scm/docs/man-pages/man-pages "Linux man pages Sections 2, 3, 4, 5, and 7"