Jump to content

Infrastructure/Subversion/2020 Changes: Difference between revisions

From KDE Community Wiki
Nalvarez (talk | contribs)
rewording
Nalvarez (talk | contribs)
No edit summary
Line 19: Line 19:
Finally, the SSH host keys of the server will necessarily change,
Finally, the SSH host keys of the server will necessarily change,
and you will get a nasty security warning about it.
and you will get a nasty security warning about it.
You should add the new host keys to your ~/.ssh/known_hosts file:
You should add the new host keys to your <tt>~/.ssh/known_hosts</tt> file:
<pre>
<pre>
svn.kde.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvvywZ0SNVmhy2MRC4v0iTPjxRxaY1NATlUNoluJZ8K6DIiO3hQN99QaqyduIwCvI3EfdFqqw/QzyWAuAZdUC5eZrzhYO09NcgHkK9PsCjutIZHzeE+8WXLQNBNKA41r6JLliRpCe5aCPGl5KWuCdP+T8caA6GHPImPXcwziFaYk7l6NPa8M7raDxBlcRqqYvfyeSQAkefN/PVw5boeqXDBTzU/x9DG0BdawrSg0jBqIjmznkaSOIWNNDxFryfXiVIfegeqXanJM194wrSD3wWs6gPGDXGa36/1F+12KjzZp3XieOMxHoxyqznaK7NjOxca4N20NFfDritYrqjM+bP
svn.kde.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvvywZ0SNVmhy2MRC4v0iTPjxRxaY1NATlUNoluJZ8K6DIiO3hQN99QaqyduIwCvI3EfdFqqw/QzyWAuAZdUC5eZrzhYO09NcgHkK9PsCjutIZHzeE+8WXLQNBNKA41r6JLliRpCe5aCPGl5KWuCdP+T8caA6GHPImPXcwziFaYk7l6NPa8M7raDxBlcRqqYvfyeSQAkefN/PVw5boeqXDBTzU/x9DG0BdawrSg0jBqIjmznkaSOIWNNDxFryfXiVIfegeqXanJM194wrSD3wWs6gPGDXGa36/1F+12KjzZp3XieOMxHoxyqznaK7NjOxca4N20NFfDritYrqjM+bP
Line 28: Line 28:
You can do this even before the server changes, keeping the old key too,
You can do this even before the server changes, keeping the old key too,
so that when the server changes, everything already works for you.
so that when the server changes, everything already works for you.
Adding the new keys to <tt>known_hosts</tt> directly is recommended,
because then you don't need to visually compare fingerprints.
But for completeness, these are the host key fingerprints of the new server:
<pre>
2048 SHA256:rgF+nO+jdBEKOdowaOZBnaeWtAV6vquW4EjFafO1aaM leptone.kde.org (RSA)
256 SHA256:UutSIkXdSGgyxQxL35dDEEAD2Owel+zEdKZ5I/JMqrA leptone.kde.org (ECDSA)
256 SHA256:tPgR57xn3BJVri4ncIMAtj/3Dxc9SB/ijOxORUTCQFk leptone.kde.org (ED25519)
2048 MD5:32:c9:78:b1:1f:7c:2e:1c:12:26:62:1c:67:d0:6c:28 leptone.kde.org (RSA)
256 MD5:cb:56:a3:74:a8:69:5c:f3:93:b0:dc:f9:05:1c:3f:9a leptone.kde.org (ECDSA)
256 MD5:c8:99:54:39:84:9b:e5:39:1a:de:c6:6d:fa:4d:a4:e8 leptone.kde.org (ED25519)
</pre>

Revision as of 00:37, 18 April 2020

April 2020 changes to Subversion server

As part of KDE's migration to GitLab, we will be moving our Subversion repository to a new server. To simplify our systems, we will also move the management of SSH keys to GitLab, and we will begin limiting access to the Subversion repository only to those actively using it.

If you have commit access, to continue having access to the SVN repository, you will need to add your SSH keys on KDE's GitLab at invent.kde.org, even if you only intend to use Subversion.

In addition, only users in the permitted list will be able to login to SVN. If you're not in this list and you need to use SVN, please file a sysadmin ticket and we'll add you.

Finally, the SSH host keys of the server will necessarily change, and you will get a nasty security warning about it. You should add the new host keys to your ~/.ssh/known_hosts file:

svn.kde.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvvywZ0SNVmhy2MRC4v0iTPjxRxaY1NATlUNoluJZ8K6DIiO3hQN99QaqyduIwCvI3EfdFqqw/QzyWAuAZdUC5eZrzhYO09NcgHkK9PsCjutIZHzeE+8WXLQNBNKA41r6JLliRpCe5aCPGl5KWuCdP+T8caA6GHPImPXcwziFaYk7l6NPa8M7raDxBlcRqqYvfyeSQAkefN/PVw5boeqXDBTzU/x9DG0BdawrSg0jBqIjmznkaSOIWNNDxFryfXiVIfegeqXanJM194wrSD3wWs6gPGDXGa36/1F+12KjzZp3XieOMxHoxyqznaK7NjOxca4N20NFfDritYrqjM+bP
svn.kde.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNjuHOU2kseETX55MtRO3dzY+NZ+BAenpn1ghiDZF9s6903tF4ZQaUoKnlXDnvRXqOzBFf2lSmAjKD+z+S9t2ws=
svn.kde.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINACoE8znFN7FaS2CMK74trAPOehGoftawOjathkZFf6

You can do this even before the server changes, keeping the old key too, so that when the server changes, everything already works for you.

Adding the new keys to known_hosts directly is recommended, because then you don't need to visually compare fingerprints. But for completeness, these are the host key fingerprints of the new server:

2048 SHA256:rgF+nO+jdBEKOdowaOZBnaeWtAV6vquW4EjFafO1aaM leptone.kde.org (RSA)
256 SHA256:UutSIkXdSGgyxQxL35dDEEAD2Owel+zEdKZ5I/JMqrA leptone.kde.org (ECDSA)
256 SHA256:tPgR57xn3BJVri4ncIMAtj/3Dxc9SB/ijOxORUTCQFk leptone.kde.org (ED25519)
2048 MD5:32:c9:78:b1:1f:7c:2e:1c:12:26:62:1c:67:d0:6c:28 leptone.kde.org (RSA)
256 MD5:cb:56:a3:74:a8:69:5c:f3:93:b0:dc:f9:05:1c:3f:9a leptone.kde.org (ECDSA)
256 MD5:c8:99:54:39:84:9b:e5:39:1a:de:c6:6d:fa:4d:a4:e8 leptone.kde.org (ED25519)