Infrastructure/Subversion/2020 Changes: Difference between revisions

From KDE Community Wiki
(rewording)
m (Replace CGit URL)
 
(3 intermediate revisions by 2 users not shown)
Line 12: Line 12:
even if you only intend to use Subversion.
even if you only intend to use Subversion.


In addition, only users in the [https://cgit.kde.org/repo-management.git/tree/svn-ssh-keys/users-list permitted list]
In addition, only users in the [https://invent.kde.org/sysadmin/repo-management/-/blob/master/svn-ssh-keys/users-list permitted list]
will be able to login to SVN.
will be able to login to SVN.
If you're not in this list and you need to use SVN,
If you're not in this list and you need to use SVN,
Line 19: Line 19:
Finally, the SSH host keys of the server will necessarily change,
Finally, the SSH host keys of the server will necessarily change,
and you will get a nasty security warning about it.
and you will get a nasty security warning about it.
You should add the new host keys to your ~/.ssh/known_hosts file:
You should add the new host keys to your <tt>~/.ssh/known_hosts</tt> file:
<pre>
<pre>
svn.kde.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvvywZ0SNVmhy2MRC4v0iTPjxRxaY1NATlUNoluJZ8K6DIiO3hQN99QaqyduIwCvI3EfdFqqw/QzyWAuAZdUC5eZrzhYO09NcgHkK9PsCjutIZHzeE+8WXLQNBNKA41r6JLliRpCe5aCPGl5KWuCdP+T8caA6GHPImPXcwziFaYk7l6NPa8M7raDxBlcRqqYvfyeSQAkefN/PVw5boeqXDBTzU/x9DG0BdawrSg0jBqIjmznkaSOIWNNDxFryfXiVIfegeqXanJM194wrSD3wWs6gPGDXGa36/1F+12KjzZp3XieOMxHoxyqznaK7NjOxca4N20NFfDritYrqjM+bP
svn.kde.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvvywZ0SNVmhy2MRC4v0iTPjxRxaY1NATlUNoluJZ8K6DIiO3hQN99QaqyduIwCvI3EfdFqqw/QzyWAuAZdUC5eZrzhYO09NcgHkK9PsCjutIZHzeE+8WXLQNBNKA41r6JLliRpCe5aCPGl5KWuCdP+T8caA6GHPImPXcwziFaYk7l6NPa8M7raDxBlcRqqYvfyeSQAkefN/PVw5boeqXDBTzU/x9DG0BdawrSg0jBqIjmznkaSOIWNNDxFryfXiVIfegeqXanJM194wrSD3wWs6gPGDXGa36/1F+12KjzZp3XieOMxHoxyqznaK7NjOxca4N20NFfDritYrqjM+bP
Line 27: Line 27:


You can do this even before the server changes, keeping the old key too,
You can do this even before the server changes, keeping the old key too,
so that when the server changes, everything already works for you.
so that when the change happens, everything already works for you.
 
 
{{Note|<p>We recommend adding the new keys to <tt>known_hosts</tt> directly as explained above, because then you don't need to visually compare fingerprints. But for completeness, these are the host key fingerprints of the new server:
<pre>
2048 SHA256:rgF+nO+jdBEKOdowaOZBnaeWtAV6vquW4EjFafO1aaM (RSA)
256 SHA256:UutSIkXdSGgyxQxL35dDEEAD2Owel+zEdKZ5I/JMqrA (ECDSA)
256 SHA256:tPgR57xn3BJVri4ncIMAtj/3Dxc9SB/ijOxORUTCQFk (ED25519)
2048 MD5:32:c9:78:b1:1f:7c:2e:1c:12:26:62:1c:67:d0:6c:28 (RSA)
256 MD5:cb:56:a3:74:a8:69:5c:f3:93:b0:dc:f9:05:1c:3f:9a (ECDSA)
256 MD5:c8:99:54:39:84:9b:e5:39:1a:de:c6:6d:fa:4d:a4:e8 (ED25519)
</pre>
}}

Latest revision as of 11:23, 29 June 2020

April 2020 changes to Subversion server

As part of KDE's migration to GitLab, we will be moving our Subversion repository to a new server. To simplify our systems, we will also move the management of SSH keys to GitLab, and we will begin limiting access to the Subversion repository only to those actively using it.

If you have commit access, to continue having access to the SVN repository, you will need to add your SSH keys on KDE's GitLab at invent.kde.org, even if you only intend to use Subversion.

In addition, only users in the permitted list will be able to login to SVN. If you're not in this list and you need to use SVN, please file a sysadmin ticket and we'll add you.

Finally, the SSH host keys of the server will necessarily change, and you will get a nasty security warning about it. You should add the new host keys to your ~/.ssh/known_hosts file:

svn.kde.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvvywZ0SNVmhy2MRC4v0iTPjxRxaY1NATlUNoluJZ8K6DIiO3hQN99QaqyduIwCvI3EfdFqqw/QzyWAuAZdUC5eZrzhYO09NcgHkK9PsCjutIZHzeE+8WXLQNBNKA41r6JLliRpCe5aCPGl5KWuCdP+T8caA6GHPImPXcwziFaYk7l6NPa8M7raDxBlcRqqYvfyeSQAkefN/PVw5boeqXDBTzU/x9DG0BdawrSg0jBqIjmznkaSOIWNNDxFryfXiVIfegeqXanJM194wrSD3wWs6gPGDXGa36/1F+12KjzZp3XieOMxHoxyqznaK7NjOxca4N20NFfDritYrqjM+bP
svn.kde.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNjuHOU2kseETX55MtRO3dzY+NZ+BAenpn1ghiDZF9s6903tF4ZQaUoKnlXDnvRXqOzBFf2lSmAjKD+z+S9t2ws=
svn.kde.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINACoE8znFN7FaS2CMK74trAPOehGoftawOjathkZFf6

You can do this even before the server changes, keeping the old key too, so that when the change happens, everything already works for you.


Note

We recommend adding the new keys to known_hosts directly as explained above, because then you don't need to visually compare fingerprints. But for completeness, these are the host key fingerprints of the new server:

2048 SHA256:rgF+nO+jdBEKOdowaOZBnaeWtAV6vquW4EjFafO1aaM (RSA)
256 SHA256:UutSIkXdSGgyxQxL35dDEEAD2Owel+zEdKZ5I/JMqrA (ECDSA)
256 SHA256:tPgR57xn3BJVri4ncIMAtj/3Dxc9SB/ijOxORUTCQFk (ED25519)
2048 MD5:32:c9:78:b1:1f:7c:2e:1c:12:26:62:1c:67:d0:6c:28 (RSA)
256 MD5:cb:56:a3:74:a8:69:5c:f3:93:b0:dc:f9:05:1c:3f:9a (ECDSA)
256 MD5:c8:99:54:39:84:9b:e5:39:1a:de:c6:6d:fa:4d:a4:e8 (ED25519)