Infrastructure/Subversion/2020 Changes: Difference between revisions

From KDE Community Wiki
(Add heading)
m (Replace CGit URL)
 
(6 intermediate revisions by 2 users not shown)
Line 9: Line 9:


If you have commit access, to continue having access to the SVN repository,
If you have commit access, to continue having access to the SVN repository,
you will need to [https://invent.kde.org/profile/keys add your SSH keys on GitLab],
you will need to add your SSH keys on KDE's GitLab at [https://invent.kde.org/profile/keys invent.kde.org],
even if you only use Subversion and won't use GitLab in the future.
even if you only intend to use Subversion.
Then, if you're not in the [https://cgit.kde.org/repo-management.git/tree/svn-ssh-keys/users-list list of users with SVN access],
 
In addition, only users in the [https://invent.kde.org/sysadmin/repo-management/-/blob/master/svn-ssh-keys/users-list permitted list]
will be able to login to SVN.
If you're not in this list and you need to use SVN,
please [https://go.kde.org/systickets file a sysadmin ticket] and we'll add you.
please [https://go.kde.org/systickets file a sysadmin ticket] and we'll add you.


Finally, the host SSH keys of the server will change,
Finally, the SSH host keys of the server will necessarily change,
and you will get a nasty warning about it being a security issue.
and you will get a nasty security warning about it.
You should make sure the new host key fingerprint matches one of these,
You should add the new host keys to your <tt>~/.ssh/known_hosts</tt> file:
then remove the old one from <tt>known_hosts</tt> as the warning explains:
<pre>
<!-- these are leptone's host key fingerprints -->
svn.kde.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvvywZ0SNVmhy2MRC4v0iTPjxRxaY1NATlUNoluJZ8K6DIiO3hQN99QaqyduIwCvI3EfdFqqw/QzyWAuAZdUC5eZrzhYO09NcgHkK9PsCjutIZHzeE+8WXLQNBNKA41r6JLliRpCe5aCPGl5KWuCdP+T8caA6GHPImPXcwziFaYk7l6NPa8M7raDxBlcRqqYvfyeSQAkefN/PVw5boeqXDBTzU/x9DG0BdawrSg0jBqIjmznkaSOIWNNDxFryfXiVIfegeqXanJM194wrSD3wWs6gPGDXGa36/1F+12KjzZp3XieOMxHoxyqznaK7NjOxca4N20NFfDritYrqjM+bP
svn.kde.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNjuHOU2kseETX55MtRO3dzY+NZ+BAenpn1ghiDZF9s6903tF4ZQaUoKnlXDnvRXqOzBFf2lSmAjKD+z+S9t2ws=
svn.kde.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINACoE8znFN7FaS2CMK74trAPOehGoftawOjathkZFf6
</pre>
 
You can do this even before the server changes, keeping the old key too,
so that when the change happens, everything already works for you.
 
 
{{Note|<p>We recommend adding the new keys to <tt>known_hosts</tt> directly as explained above, because then you don't need to visually compare fingerprints. But for completeness, these are the host key fingerprints of the new server:
<pre>
<pre>
2048 SHA256:rgF+nO+jdBEKOdowaOZBnaeWtAV6vquW4EjFafO1aaM (RSA)
2048 SHA256:rgF+nO+jdBEKOdowaOZBnaeWtAV6vquW4EjFafO1aaM (RSA)
256 SHA256:UutSIkXdSGgyxQxL35dDEEAD2Owel+zEdKZ5I/JMqrA (ECDSA)
256 SHA256:UutSIkXdSGgyxQxL35dDEEAD2Owel+zEdKZ5I/JMqrA (ECDSA)
256 SHA256:tPgR57xn3BJVri4ncIMAtj/3Dxc9SB/ijOxORUTCQFk (ED25519)
256 SHA256:tPgR57xn3BJVri4ncIMAtj/3Dxc9SB/ijOxORUTCQFk (ED25519)
2048 MD5:32:c9:78:b1:1f:7c:2e:1c:12:26:62:1c:67:d0:6c:28 (RSA)
2048 MD5:32:c9:78:b1:1f:7c:2e:1c:12:26:62:1c:67:d0:6c:28 (RSA)
256 MD5:cb:56:a3:74:a8:69:5c:f3:93:b0:dc:f9:05:1c:3f:9a (ECDSA)
256 MD5:cb:56:a3:74:a8:69:5c:f3:93:b0:dc:f9:05:1c:3f:9a (ECDSA)
256 MD5:c8:99:54:39:84:9b:e5:39:1a:de:c6:6d:fa:4d:a4:e8 (ED25519)
256 MD5:c8:99:54:39:84:9b:e5:39:1a:de:c6:6d:fa:4d:a4:e8 (ED25519)
</pre>
</pre>
}}

Latest revision as of 11:23, 29 June 2020

April 2020 changes to Subversion server

As part of KDE's migration to GitLab, we will be moving our Subversion repository to a new server. To simplify our systems, we will also move the management of SSH keys to GitLab, and we will begin limiting access to the Subversion repository only to those actively using it.

If you have commit access, to continue having access to the SVN repository, you will need to add your SSH keys on KDE's GitLab at invent.kde.org, even if you only intend to use Subversion.

In addition, only users in the permitted list will be able to login to SVN. If you're not in this list and you need to use SVN, please file a sysadmin ticket and we'll add you.

Finally, the SSH host keys of the server will necessarily change, and you will get a nasty security warning about it. You should add the new host keys to your ~/.ssh/known_hosts file:

svn.kde.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvvywZ0SNVmhy2MRC4v0iTPjxRxaY1NATlUNoluJZ8K6DIiO3hQN99QaqyduIwCvI3EfdFqqw/QzyWAuAZdUC5eZrzhYO09NcgHkK9PsCjutIZHzeE+8WXLQNBNKA41r6JLliRpCe5aCPGl5KWuCdP+T8caA6GHPImPXcwziFaYk7l6NPa8M7raDxBlcRqqYvfyeSQAkefN/PVw5boeqXDBTzU/x9DG0BdawrSg0jBqIjmznkaSOIWNNDxFryfXiVIfegeqXanJM194wrSD3wWs6gPGDXGa36/1F+12KjzZp3XieOMxHoxyqznaK7NjOxca4N20NFfDritYrqjM+bP
svn.kde.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNjuHOU2kseETX55MtRO3dzY+NZ+BAenpn1ghiDZF9s6903tF4ZQaUoKnlXDnvRXqOzBFf2lSmAjKD+z+S9t2ws=
svn.kde.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINACoE8znFN7FaS2CMK74trAPOehGoftawOjathkZFf6

You can do this even before the server changes, keeping the old key too, so that when the change happens, everything already works for you.


Note

We recommend adding the new keys to known_hosts directly as explained above, because then you don't need to visually compare fingerprints. But for completeness, these are the host key fingerprints of the new server:

2048 SHA256:rgF+nO+jdBEKOdowaOZBnaeWtAV6vquW4EjFafO1aaM (RSA)
256 SHA256:UutSIkXdSGgyxQxL35dDEEAD2Owel+zEdKZ5I/JMqrA (ECDSA)
256 SHA256:tPgR57xn3BJVri4ncIMAtj/3Dxc9SB/ijOxORUTCQFk (ED25519)
2048 MD5:32:c9:78:b1:1f:7c:2e:1c:12:26:62:1c:67:d0:6c:28 (RSA)
256 MD5:cb:56:a3:74:a8:69:5c:f3:93:b0:dc:f9:05:1c:3f:9a (ECDSA)
256 MD5:c8:99:54:39:84:9b:e5:39:1a:de:c6:6d:fa:4d:a4:e8 (ED25519)