Infrastructure/Subversion/2020 Changes: Difference between revisions

From KDE Community Wiki
(Put fingerprints in a note)
m (Protected "Infrastructure/Subversion/2020 Changes" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)))
(No difference)

Revision as of 07:21, 20 April 2020

April 2020 changes to Subversion server

As part of KDE's migration to GitLab, we will be moving our Subversion repository to a new server. To simplify our systems, we will also move the management of SSH keys to GitLab, and we will begin limiting access to the Subversion repository only to those actively using it.

If you have commit access, to continue having access to the SVN repository, you will need to add your SSH keys on KDE's GitLab at invent.kde.org, even if you only intend to use Subversion.

In addition, only users in the permitted list will be able to login to SVN. If you're not in this list and you need to use SVN, please file a sysadmin ticket and we'll add you.

Finally, the SSH host keys of the server will necessarily change, and you will get a nasty security warning about it. You should add the new host keys to your ~/.ssh/known_hosts file:

svn.kde.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvvywZ0SNVmhy2MRC4v0iTPjxRxaY1NATlUNoluJZ8K6DIiO3hQN99QaqyduIwCvI3EfdFqqw/QzyWAuAZdUC5eZrzhYO09NcgHkK9PsCjutIZHzeE+8WXLQNBNKA41r6JLliRpCe5aCPGl5KWuCdP+T8caA6GHPImPXcwziFaYk7l6NPa8M7raDxBlcRqqYvfyeSQAkefN/PVw5boeqXDBTzU/x9DG0BdawrSg0jBqIjmznkaSOIWNNDxFryfXiVIfegeqXanJM194wrSD3wWs6gPGDXGa36/1F+12KjzZp3XieOMxHoxyqznaK7NjOxca4N20NFfDritYrqjM+bP
svn.kde.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNjuHOU2kseETX55MtRO3dzY+NZ+BAenpn1ghiDZF9s6903tF4ZQaUoKnlXDnvRXqOzBFf2lSmAjKD+z+S9t2ws=
svn.kde.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINACoE8znFN7FaS2CMK74trAPOehGoftawOjathkZFf6

You can do this even before the server changes, keeping the old key too, so that when the change happens, everything already works for you.


Note

We recommend adding the new keys to known_hosts directly as explained above, because then you don't need to visually compare fingerprints. But for completeness, these are the host key fingerprints of the new server:

2048 SHA256:rgF+nO+jdBEKOdowaOZBnaeWtAV6vquW4EjFafO1aaM (RSA)
256 SHA256:UutSIkXdSGgyxQxL35dDEEAD2Owel+zEdKZ5I/JMqrA (ECDSA)
256 SHA256:tPgR57xn3BJVri4ncIMAtj/3Dxc9SB/ijOxORUTCQFk (ED25519)
2048 MD5:32:c9:78:b1:1f:7c:2e:1c:12:26:62:1c:67:d0:6c:28 (RSA)
256 MD5:cb:56:a3:74:a8:69:5c:f3:93:b0:dc:f9:05:1c:3f:9a (ECDSA)
256 MD5:c8:99:54:39:84:9b:e5:39:1a:de:c6:6d:fa:4d:a4:e8 (ED25519)