Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
experiment to resolve #2931
|
|
|
|
The following commit broke login on the Parabola servers:
8f03372 Andreas Grapentin: Remove gpg key to refresh it in parabola-keyring
8f0337256560c4a16a2d271b7118aee854fedd31
Apparently removing gpg keys and the shell entry break login in the
Parabola servers that depend on the data in hackers to setup that
login process.
At first I got some help on IRC to guide me on how to do it, then as I got
some errors from the remote lint script, I tried to find a working
combination that wasn't triggered by it through trial and error.
Running the lint script locally with that patch also finds no error.
Once the login were broken, bill-auger tried to fix it by removing the SSH
keys:
6f4f6b2 fix users/1038.yml
6f4f6b2331a9b697355ee568b246ab9eb9d4262a
and re-adding a shell:
43a438f fix users/1038.yml
43a438fee15e23e95146ed317e5078876e760e05
Once that was done bill-auger tried to rebuild the keyring but that failed
because the login service was not running. But then the service could be
started.
Then bill-auger pushed an empty commit and the keyring build did succeed.
As this is now all fixed, we now know:
- How to break login with malformed yaml that doesn't trigger any warnings
nor errors. We will need to fix that.
- How to repair that once it happens. You probably need a root shell on the
affected machine to fix that though.
- How to effectively disable a user gpg key without breaking the login
service.
So we can now revert to the state before the "8f03372 Andreas Grapentin:
Remove gpg key to refresh it in parabola-keyring" commit to effectively
refresh Andreas Grapentin's gpg key.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
The parabola-keyring package has an old version of Andreas Grapentin's key
which is expired.
Andreas Grapentin's key was updated weeks ago and the new version with
the increased expiry date is already on the keyservers.
Removing and re-adding Andreas's key will probably trigger the autobuilder
that will in turn produce and release a new version of parabola-keyring.
This commit will be pushed alone, and if it triggers a rebuild, I will
then revert it to trigger a rebuild again, this time with the updated key.
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
|
|
This is because with priv-sep'd dbscripts, it needs to ssh to
autobuilder@localhost to run db-update.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|