[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers-public] git server upgraded
|
From: |
Bob Proulx |
|
Subject: |
Re: [Savannah-hackers-public] git server upgraded |
|
Date: |
Sat, 21 Sep 2024 11:03:16 -0600 |
Simon Josefsson wrote:
> Thanks for the upgrade! If anyone except me was greeted by the
> following strange error after the upgrade:
>
> jas@kaka:~/src/gnulib$ git pull
> sign_and_send_pubkey: signing failed for ED25519 "cardno:FFFE42315277" from
> agent: agent refused operation
> jas@git.sv.gnu.org's password:
>
> The reason is that you are running a too old GnuPG version. Alas
> Trisquel 11 (and therefor Ubuntu 22.04) is shipping this old version, so
> many may be affected. See bug report here: https://dev.gnupg.org/T5931
I am completely confused because here are the versions of note here.
vcs2
- Trisquel 9 (Ubuntu 18.04)
- gpg (GnuPG) 2.2.4
- OpenSSH_7.6p1
vcs3
- Trisquel 11 (Ubuntu 22.04)
- gpg (GnuPG) 2.2.27
- OpenSSH_8.9p1
Meaning that git was using the even older versions. This upgrade
would have both your Trisquel 11 client and the Trisquel 11 server
using the same versions. That confuses me why using the same versions
is causing a problem.
> One way to work around this is to insert this into your ~/.ssh/config:
>
> Host git.sv.gnu.org
> # https://dev.gnupg.org/T5931
> # KexAlgorithms -sntrup761x25519-sha512@openssh.com
> PubkeyAuthentication=unbound
>
> As you can see another workaround is to disable sntrup761x2559, but it
> is a security tradeoff which option to disable.
Thank you for including this workaround, though I am confused how
using Trisquel 11 clients talking to a Trisquel 11 server cause this
problem when Trisquel 11 clients talking to a Trisquel 9 server did
not.
> Of course, upgrading GnuPG is better, but for those of us to chose to
> stay on Trisquel 11 the above may be a simpler way forward.
For the other reasons posted in the other email I have reverted this
change switching the DNS back to vcs2 until those other issues are
resolved. That relieves the immediate stress of this gpg problem
needing to be solved urgently. The new vcs3 server remains online of
course and DNS can be overridden locally to force testing to it.
I do not have time to read the bug T5931 you linked at this moment due
to needing to run now immediately to change the oil in an airplane!
Life and time is what keeps everything from happening all at once.
Upon returning from that task I will read https://dev.gnupg.org/T5931
in detail and try to understand this problem in full.
Thank you for reporting this!
Bob
Re: [Savannah-hackers-public] git server upgraded, Simon Josefsson, 2024/09/21
- Re: [Savannah-hackers-public] git server upgraded,
Bob Proulx <=
Re: [Savannah-hackers-public] git server upgraded, Bob Proulx, 2024/09/21