From 4ed1a6e1d4fcb1ba272a4fb3931b33d1c6fbee0d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 13 Apr 2024 16:25:47 +0200 Subject: Adding upstream version 2023.12.24. Signed-off-by: Daniel Baumann --- cheatsheets/infrastructure/git.txt | 111 +++++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 cheatsheets/infrastructure/git.txt (limited to 'cheatsheets/infrastructure/git.txt') diff --git a/cheatsheets/infrastructure/git.txt b/cheatsheets/infrastructure/git.txt new file mode 100644 index 0000000..353957d --- /dev/null +++ b/cheatsheets/infrastructure/git.txt @@ -0,0 +1,111 @@ +Git working tree +---------------- + +Keyring work is coordinated in the Git tree living in +/srv/keyring.debian.org/master-keyring.git/ at keyring.debian.org +(which is an alias to kaufmann.debian.org). You need to have an +account on kaufmann to get access to the working tree. The URL for the +Git repository is: + + ssh://kaufmann.debian.org/srv/keyring.debian.org/master-keyring.git/ + +Note that, before March 2014, we used to work on a Bazaar tree. When +the tree was imported over to Git, the only bit of lost information +were the commit signatures. The Bazaar tree up to that point (left at +commit #1297) is still available in Kaufmann, at +/srv/keyring.debian.org/master-keyring/ (probably we should replace it +to avoid confusions!). + +Public tree copy +---------------- + +There is a public copy of the tree we push to whenever we push the +updates; it is available at Debian's Git server: + + https://salsa.debian.org/debian-keyring/keyring.git + +This tree can also be browsed online at: + + http://salsa.debian.org/debian-keyring/keyring + +So, when you push a new revision, do: + + $ git push git@salsa.debian.org:debian-keyring/keyring.git master + +Signing commits +--------------- + +All commits should be GPG-signed. To do so, specify your signing key +to Git, like: + + $ git config user.signingkey 0x0000DEAD0000BEEF + +And remember to always specify the '-S' switch when committing! + +Note that if you use debcommit, you can ask it to always sign commits +by either setting its DEBCOMMIT_SIGN_COMMITS configuration variable or +by specifying --sign-commit in the command line. + +** Note: A nice Git hook can be of use here to remind us if we're + missing -S + +Parsing the Git changelog +------------------------- + +When pushing a new keyring revision, you can use +./script/parse-git-changelog to automate several steps. Pipe it the +changelog since the last uploaded revision (remember to tag it!): + +$ git log 2014.11.19.. | scripts/parse-git-changelog + +It will create three files: rt-update, ldap-update and dak-update. For +the two first ones, look in the respective cheatsheets; for the +dak-update; refer to Ansgar Burchardt's message (Message-ID: +<87tx2uvcti.fsf@deep-thought.43-1.org>): + + Hi, + + as DM permissions are bound to specific keys they need to be updated if + a DM changes his key. Currently I do so from time to time (usually when + somebody has problems uploading packages), but it would be nice if you + could tell dak that keys changed. + + To do so, please wait until the new keys have been installed and then + upload a --.dak-commands via ftp to ftp-master. It + should look like the following: + + +----------------------------------------------------------------------- + | Archive: ftp.debian.org + | Uploader: Ansgar Burchardt *optional* + | Cc: keyring-maint@debian.org *optional* + | + | Action: dm-migrate + | From: 3C0B6EB0AB2729E8CE2255A7385AE490868EFA66 + | To: 5691 873A A9B1 C18E 3CEE 82E6 0F8C E0BF 4E85 E61B + | Reason: Replace 0x385AE490868EFA66 with 0x0F8CE0BF4E85E61B (Stefan Völkel) (RT #5318) + | + | Action: dm-migrate + | From: B86CB5487CC4B58F0CA3856E7EE852DEE6B78725 + | To: FBF3 EEAF A780 7802 B56B 27A9 70A8 FEE0 74B3 ED3A + | Reason: Replace 0x7EE852DEE6B78725 with 0x70A8FEE074B3ED3A (Yauheni Kaliuta) (RT #5251) + | + | Action: dm-remove + | Fingerprint: ~bla~ + | Reason: ~blubb~ + +----------------------------------------------------------------------- + + Plus a GPG cleartext signature around everything. + + The Uploader and Cc fields are optional; if Uploader is not given email + replies are sent to the primary UID of the key that was used to sign the + file. Whitespace in fields with fingerprints is ignored to make life + easier. The Reason field is optional and just for informational use. + + Would it be possible for you to do this? + + Ansgar + +Do note that ftp to ftp-master is no longer possible. We can place the +file in its place by scp: + + $ scp ${user}-${date}-${time}.dak-commands ssh.upload.debian.org:/srv/upload.debian.org/UploadQueue/ -- cgit v1.2.3