After last year's kernel.org break-in, the new regime for access to kernel.org resources changed, and everyone had to reestablish access under the new system. I've only recently finished all the required steps so that I can both host the man-pages Git repository on kernel.org and upload release tarballs to the download directory.
To remind myself, and perhaps help others who may in the future need to do some of these steps, here's what I needed to do (corrections and comments welcome):
- As per H. Peter Anvin's instructions, create a (new) PGP key.
- Upload the PGP public key to the keyserver system (I used pgp.mit.edu, but any of the interconnected keyserver systems will do).
- Get my PGP key signed by others in the kernel.org ecosystem, so that my key can be considered trustworthy. Luckily, I was at LinuxCon in Prague last year when a lot other people, including many of the kernel developers at the collocated Kernel Summit, were trying to do exactly the same thing, so I managed to get a healthy set of signatures on my key. One way or another, you need to get such signatures on your key. (If you don't come into regular contact with some core kernel developers, or see them at conferences, this map may help.)
- Send the key ID and fingerprint to keys@zytor.com.
- Since my key was well signed, I soon afterward received an email from the kernel.org admins. That mail was encrypted using my public PGP key, and after decrypting, decompressing, and untarring, it contained three files:
- mtk: A private ssh key generated for me by the kernel.org admins. (The file has the same name as my kernel.org username.) The public key is stored on kernel.org. The private key is needed for gitolite and kup access.
- welcome.readme: Various information, including
- The name of the host providing gitolite access (ra.kernel.org)
- My username on that host (mtk)
- The password for my SSH key
- Some basic information on working with gitolite
- ssh_keygen.output: Information on the generation of my RSA key pair.
- Configure SSH to know about my new key:
- Use ssh-keygen to change the password on my SSH key to something more memorable.
- Create a new empty man-pages Git repo on kernel.org:
$ git clone gitolite@ra.kernel.org:/pub/scm/docs/man-pages/man-pages
- Set up my local man-pages Git repo to use gitolite. No software installation is required on the client side to use gitolite, but the local Git repo must be configured to use the gitolite protocol. Now, I have the following in my .git/config:
[remote "origin"]
url = gitolite@ra.kernel.org:/pub/scm/docs/man-pages/man-pages.git
fetch = +refs/heads/*:refs/remotes/origin/*
[branch "master"]
remote = gitolite@ra.kernel.org:/pub/scm/docs/man-pages/man-pages.git
merge = refs/heads/master
[remote "kernel.org"]
url = gitolite@ra.kernel.org:/pub/scm/docs/man-pages/man-pages.git
push = +refs/heads/master:refs/heads/master
- Push my Git repo to kernel.org:
$ git push kernel.org
$ git push --tags kernel.org
- Set a description for the kernel.org repo:
$ echo "Linux man pages Sections 2, 3, 4, 5, and 7" | \
ssh gitolite@ra.kernel.org setdesc /pub/scm/docs/man-pages/man-pages.git
Enter passphrase for key '/home/mtk/.ssh/mtk.kernel.org':
$ ssh gitolite@ra.kernel.org getdesc /pub/scm/docs/man-pages/man-pages.git
Enter passphrase for key '/home/mtk/.ssh/mtk.kernel.org':
Linux man pages Sections 2, 3, 4, 5, and 7
Update, August 2013: The way to do this nowadays is something like:
$ ssh gitolite@ra.kernel.org desc pub/scm/docs/man-pages/man-pages "Linux man pages Sections 2, 3, 4, 5, and 7"
- Install kup, by cloning the kup Git repo, which provides a perl script that is the kup client.
$ git clone git://git.kernel.org/pub/scm/utils/kup/kup.git
Along the way, I installed gnupg-agent and libconfig-simple-perl. This was a recently rebuilt system, so some pieces like this were still missing; the libconfig-simple-perl package was essential to run the kup perl script. (There are kup packages or kup-client packages available for RPM-based systems, and a kup-client package for Debian-based systems.)
- Set up a kup config file, ~/.kuprc, containing:
host = mtk@geb.kernel.org
rsh = /usr/bin/ssh -a -x -k -T
As noted in a Nov 2011 message to the kernel.org users mailing list, geb.kernel.org is the domain used for kup uploads on kernel.org.
- Configure SSH to use my SSH key on geb.kernel.org, by adding the following lines to ~/.ssh/config:
Host geb.kernel.org
IdentityFile ~/.ssh/mtk.kernel.org
- Sign and upload a man-pages tarball to the directory to which the kernel.org admins had already given me access:
$ gpg --detach-sig man-pages-3.35.tar
$ ls man-pages-3.35.tar*
man-pages-3.35.tar man-pages-3.35.tar.sig
$ kup put man-pages-3.35.tar man-pages-3.35.tar.sig \
/pub/linux/docs/man-pages/man-pages-3.35.tar.gz
Enter passphrase for key '/home/mtk/.ssh/mtk.kernel.org':
7813120 [==================================================] 100%
Compressing: .bz2:100% .gz:100% .xz:100%
And then allow a moment before checking that the upload is visible at http://www.kernel.org/pub/linux/docs/man-pages/.
Updated 2012-02-27 to add a piece to step 10, and add a step (11) to set the repo description.