Difference between revisions of "Infrastructure/Subversion/2020 Changes"

(Bunch of rewording)
m (Replace CGit URL)
 
(5 intermediate revisions by 2 users not shown)
Line 9: Line 9:
  
 
If you have commit access, to continue having access to the SVN repository,
 
If you have commit access, to continue having access to the SVN repository,
you will need to add your SSH keys on KDE's GitLab at [https://invent.kde.org/ invent.kde.org]
+
you will need to add your SSH keys on KDE's GitLab at [https://invent.kde.org/profile/keys invent.kde.org],
([https://invent.kde.org/profile/keys link to your GitLab SSH keys]),
 
 
even if you only intend to use Subversion.
 
even if you only intend to use Subversion.
  
In addition, if you're not in the [https://cgit.kde.org/repo-management.git/tree/svn-ssh-keys/users-list list of users with SVN access],
+
In addition, only users in the [https://invent.kde.org/sysadmin/repo-management/-/blob/master/svn-ssh-keys/users-list permitted list]
 +
will be able to login to SVN.
 +
If you're not in this list and you need to use SVN,
 
please [https://go.kde.org/systickets file a sysadmin ticket] and we'll add you.
 
please [https://go.kde.org/systickets file a sysadmin ticket] and we'll add you.
  
 
Finally, the SSH host keys of the server will necessarily change,
 
Finally, the SSH host keys of the server will necessarily change,
 
and you will get a nasty security warning about it.
 
and you will get a nasty security warning about it.
You should remove the old host key from <tt>known_hosts</tt> as the warning explains,
+
You should add the new host keys to your <tt>~/.ssh/known_hosts</tt> file:
then make sure the new host key fingerprint matches one of these before accepting it:
+
<pre>
<!-- these are leptone's host key fingerprints -->
+
svn.kde.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvvywZ0SNVmhy2MRC4v0iTPjxRxaY1NATlUNoluJZ8K6DIiO3hQN99QaqyduIwCvI3EfdFqqw/QzyWAuAZdUC5eZrzhYO09NcgHkK9PsCjutIZHzeE+8WXLQNBNKA41r6JLliRpCe5aCPGl5KWuCdP+T8caA6GHPImPXcwziFaYk7l6NPa8M7raDxBlcRqqYvfyeSQAkefN/PVw5boeqXDBTzU/x9DG0BdawrSg0jBqIjmznkaSOIWNNDxFryfXiVIfegeqXanJM194wrSD3wWs6gPGDXGa36/1F+12KjzZp3XieOMxHoxyqznaK7NjOxca4N20NFfDritYrqjM+bP
 +
svn.kde.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNjuHOU2kseETX55MtRO3dzY+NZ+BAenpn1ghiDZF9s6903tF4ZQaUoKnlXDnvRXqOzBFf2lSmAjKD+z+S9t2ws=
 +
svn.kde.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINACoE8znFN7FaS2CMK74trAPOehGoftawOjathkZFf6
 +
</pre>
 +
 
 +
You can do this even before the server changes, keeping the old key too,
 +
so that when the change happens, everything already works for you.
 +
 
 +
 
 +
{{Note|<p>We recommend adding the new keys to <tt>known_hosts</tt> directly as explained above, because then you don't need to visually compare fingerprints. But for completeness, these are the host key fingerprints of the new server:
 
<pre>
 
<pre>
 
2048 SHA256:rgF+nO+jdBEKOdowaOZBnaeWtAV6vquW4EjFafO1aaM (RSA)
 
2048 SHA256:rgF+nO+jdBEKOdowaOZBnaeWtAV6vquW4EjFafO1aaM (RSA)
 
256 SHA256:UutSIkXdSGgyxQxL35dDEEAD2Owel+zEdKZ5I/JMqrA (ECDSA)
 
256 SHA256:UutSIkXdSGgyxQxL35dDEEAD2Owel+zEdKZ5I/JMqrA (ECDSA)
 
256 SHA256:tPgR57xn3BJVri4ncIMAtj/3Dxc9SB/ijOxORUTCQFk (ED25519)
 
256 SHA256:tPgR57xn3BJVri4ncIMAtj/3Dxc9SB/ijOxORUTCQFk (ED25519)
 
 
2048 MD5:32:c9:78:b1:1f:7c:2e:1c:12:26:62:1c:67:d0:6c:28 (RSA)
 
2048 MD5:32:c9:78:b1:1f:7c:2e:1c:12:26:62:1c:67:d0:6c:28 (RSA)
 
256 MD5:cb:56:a3:74:a8:69:5c:f3:93:b0:dc:f9:05:1c:3f:9a (ECDSA)
 
256 MD5:cb:56:a3:74:a8:69:5c:f3:93:b0:dc:f9:05:1c:3f:9a (ECDSA)
 
256 MD5:c8:99:54:39:84:9b:e5:39:1a:de:c6:6d:fa:4d:a4:e8 (ED25519)
 
256 MD5:c8:99:54:39:84:9b:e5:39:1a:de:c6:6d:fa:4d:a4:e8 (ED25519)
 
</pre>
 
</pre>
 +
}}

Latest revision as of 11:23, 29 June 2020

April 2020 changes to Subversion server

As part of KDE's migration to GitLab, we will be moving our Subversion repository to a new server. To simplify our systems, we will also move the management of SSH keys to GitLab, and we will begin limiting access to the Subversion repository only to those actively using it.

If you have commit access, to continue having access to the SVN repository, you will need to add your SSH keys on KDE's GitLab at invent.kde.org, even if you only intend to use Subversion.

In addition, only users in the permitted list will be able to login to SVN. If you're not in this list and you need to use SVN, please file a sysadmin ticket and we'll add you.

Finally, the SSH host keys of the server will necessarily change, and you will get a nasty security warning about it. You should add the new host keys to your ~/.ssh/known_hosts file:

svn.kde.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvvywZ0SNVmhy2MRC4v0iTPjxRxaY1NATlUNoluJZ8K6DIiO3hQN99QaqyduIwCvI3EfdFqqw/QzyWAuAZdUC5eZrzhYO09NcgHkK9PsCjutIZHzeE+8WXLQNBNKA41r6JLliRpCe5aCPGl5KWuCdP+T8caA6GHPImPXcwziFaYk7l6NPa8M7raDxBlcRqqYvfyeSQAkefN/PVw5boeqXDBTzU/x9DG0BdawrSg0jBqIjmznkaSOIWNNDxFryfXiVIfegeqXanJM194wrSD3wWs6gPGDXGa36/1F+12KjzZp3XieOMxHoxyqznaK7NjOxca4N20NFfDritYrqjM+bP
svn.kde.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNjuHOU2kseETX55MtRO3dzY+NZ+BAenpn1ghiDZF9s6903tF4ZQaUoKnlXDnvRXqOzBFf2lSmAjKD+z+S9t2ws=
svn.kde.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINACoE8znFN7FaS2CMK74trAPOehGoftawOjathkZFf6

You can do this even before the server changes, keeping the old key too, so that when the change happens, everything already works for you.


Note

We recommend adding the new keys to known_hosts directly as explained above, because then you don't need to visually compare fingerprints. But for completeness, these are the host key fingerprints of the new server:

2048 SHA256:rgF+nO+jdBEKOdowaOZBnaeWtAV6vquW4EjFafO1aaM (RSA)
256 SHA256:UutSIkXdSGgyxQxL35dDEEAD2Owel+zEdKZ5I/JMqrA (ECDSA)
256 SHA256:tPgR57xn3BJVri4ncIMAtj/3Dxc9SB/ijOxORUTCQFk (ED25519)
2048 MD5:32:c9:78:b1:1f:7c:2e:1c:12:26:62:1c:67:d0:6c:28 (RSA)
256 MD5:cb:56:a3:74:a8:69:5c:f3:93:b0:dc:f9:05:1c:3f:9a (ECDSA)
256 MD5:c8:99:54:39:84:9b:e5:39:1a:de:c6:6d:fa:4d:a4:e8 (ED25519)

This page was last edited on 29 June 2020, at 11:23. Content is available under Creative Commons License SA 4.0 unless otherwise noted.