[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
git server upgrade upgraded again
|
From: |
Bob Proulx |
|
Subject: |
git server upgrade upgraded again |
|
Date: |
Wed, 2 Oct 2024 10:41:53 -0600 |
Savannah Users,
TL;DR: git server upgrade attempt number 2, please report any problems
Hello Everyone! As you know we hit a few snags in the previous
upgrade of git from the Trisquel 9 system to the Trisquel 11 system.
We rolled back from the 11 server back onto the previous 9 server. We
think all of the issues have been worked through to allow this to be
attempted again. I have rolled the DNS name for git forward again to
the upgraded server.
Specifically the python2 issue has had "the can kicked down the road"
a little bit because python2 is still available in that release. It
actually disappears in the next subsequent release. Therefore python2
has been installed and all of the previously running python2 scripts
are working okay with it. Between Trisquel 11 and the upcoming 12 we
will need to work through all of the python2 programs and ensure that
they are upgraded.
Also cgit has been ... well... just plain weird for index links all of
a sudden. I am not going to go into the details here but the index
page link mangles that everyone has been seeing are hopefully not
there now. I could write a page or two about what I have learned in
the debug process but let me just say though things are not yet DONE
with cgit on the new git server but that you should be able to use it
now without the link mangling we have been seeing. For us behind the
scenes we are are still working on the overall problem in order to
have something robust for the system and for security upgrades moving
forward. Future changes will still be happening. But it's good to go
for the moment.
With the upgraded OpenSSH on Trisquel 11 server to the same on
Trisquel 11 client Simon Josefsson ran into a problem which was
enabled to be hit which was not enabled to be hit previously. It's
strange because it's only a "too old" problem if one upgrades to the
newer version. I'll include his message here verbatim in case anyone
else is hitting this issue too.
Simon Josefsson writes:
Thanks for the upgrade! If anyone except me was greeted by the
following strange error after the upgrade:
jas@kaka:~/src/gnulib$ git pull
sign_and_send_pubkey: signing failed for ED25519 "cardno:FFFE42315277" from
agent: agent refused operation
jas@git.sv.gnu.org's password:
The reason is that you are running a too old GnuPG version. Alas
Trisquel 11 (and therefor Ubuntu 22.04) is shipping this old version, so
many may be affected. See bug report here: https://dev.gnupg.org/T5931
One way to work around this is to insert this into your ~/.ssh/config:
Host git.sv.gnu.org
# https://dev.gnupg.org/T5931
# KexAlgorithms -sntrup761x25519-sha512@openssh.com
PubkeyAuthentication=unbound
As you can see another workaround is to disable sntrup761x2559, but it
is a security tradeoff which option to disable.
Of course, upgrading GnuPG is better, but for those of us to chose to
stay on Trisquel 11 the above may be a simpler way forward.
/Simon
And that has been a status update!
Bob
- git server upgrade upgraded again,
Bob Proulx <=