[aur-dev] AUR 4.0.0 pre-alpha
The 4.0.0 release brings Git repositories to AUR packages. You can test a pre-alpha version at aur-dev.archlinux.org [1]. In order to submit packages, you can follow these steps: 1. Create a new SSH key pair for the AUR. While this step is not strictly necessary (you can use any existing SSH key), it is recommended to do this: $ ssh-keygen -f ~/.ssh/id_rsa-aur 2. Log into the AUR web interface at [1], go to "My Account" and copy the content of ~/.ssh/id_rsa-aur.pub (or any other key you want to use) into the "SSH Public Key" field. Click "Update" to save the key. 3. The SSH daemon for the AUR uses a custom user and a custom port. It is recommended to add the following lines to your ~/.ssh/config so you don't need to specify user and port each time you connect to the AUR SSH interface: Host aur-dev.archlinux.org IdentityFile ~/.ssh/id_rsa-aur User aur Port 2222 4. To create a new (empty) package base foobar, run the following command: $ ssh aur-dev.archlinux.org setup-repo foobar 5. If you want to submit changes to a package base, you need to clone the package repository via SSH: $ git clone ssh+git://aur-dev.archlinux.org/foobar.git/ When making changes to the repository, make sure you always include the PKGBUILD and .SRCINFO in the top-level directory. You can submit new versions of a package base to the AUR by committing the new PKGBUILD and .SRCINFO and running `git push`. If you spot any major flaws or have suggestions for the new interface, please let me know. Regards, Lukas [1] https://aur-dev.archlinux.org/
* Lukas Fleischer <archlinux@cryptocrack.de> (Mon, 29 Dec 2014 22:01:45 +0100):
The 4.0.0 release brings Git repositories to AUR packages. You can test a pre-alpha version at aur-dev.archlinux.org
Suggestion: when downloading a snapshot the file is always called 'master.tar.gz'. Can't this be renamed to $pkgbase.tar.gz? Now I have to rename the tarball myself each time I download a new snapshot (provided that users don't use git to clone a complete repository). If there's interest for this feature, I'm willing to create a patch myself (if no-one does this before me). Regards, Marcel
On Tue, 30 Dec 2014 at 15:56:12, Marcel Korpel wrote:
* Lukas Fleischer <archlinux@cryptocrack.de> (Mon, 29 Dec 2014 22:01:45 +0100):
The 4.0.0 release brings Git repositories to AUR packages. You can test a pre-alpha version at aur-dev.archlinux.org
Suggestion: when downloading a snapshot the file is always called 'master.tar.gz'. Can't this be renamed to $pkgbase.tar.gz? Now I have to rename the tarball myself each time I download a new snapshot (provided that users don't use git to clone a complete repository).
It is recommended to always use Git to fetch packages, unless you are in an environment without a Git client (which is supposed to be a corner case). If you do not want to import the full history, you can use shallow clones (`git clone --depth 1`).
If there's interest for this feature, I'm willing to create a patch myself (if no-one does this before me).
I do not think it requires a patch, maybe a rewrite rule is sufficient?
Regards, Marcel
On Mon, Dec 29, 2014 at 4:01 PM, Lukas Fleischer <archlinux@cryptocrack.de> wrote:
In order to submit packages, you can follow these steps:
I have followed the steps, but for some reason it doesn't seem to like my key. Are there logs on the server side that can be checked? Thanks, =-Jameson $ ssh -v aur-dev.archlinux.org setup-repo direvent OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 debug1: Reading configuration data /home/imntreal/.ssh/config debug1: /home/imntreal/.ssh/config line 1: Applying options for aur-dev.archlinux.org debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to aur-dev.archlinux.org [5.9.250.164] port 2222. debug1: Connection established. debug1: identity file /home/imntreal/.ssh/id_rsa-aur type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/imntreal/.ssh/id_rsa-aur-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7 debug1: Remote protocol version 2.0, remote software version ROSSSH debug1: no match: ROSSSH debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-sha1 none debug1: kex: client->server aes128-cbc hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: DSA 0c:fd:fc:ef:90:40:d6:e8:d1:60:76:e2:9c:bb:99:40 debug1: Host '[aur-dev.archlinux.org]:2222' is known and matches the DSA host key. debug1: Found key in /home/imntreal/.ssh/known_hosts:23 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/imntreal/.ssh/id_rsa-aur debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key: /home/imntreal/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Next authentication method: password aur@aur-dev.archlinux.org's password:
On Tue, 30 Dec 2014 at 16:22:43, Jameson wrote:
On Mon, Dec 29, 2014 at 4:01 PM, Lukas Fleischer <archlinux@cryptocrack.de> wrote:
In order to submit packages, you can follow these steps:
I have followed the steps, but for some reason it doesn't seem to like my key. Are there logs on the server side that can be checked? Thanks,
=-Jameson
$ ssh -v aur-dev.archlinux.org setup-repo direvent OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014 debug1: Reading configuration data /home/imntreal/.ssh/config debug1: /home/imntreal/.ssh/config line 1: Applying options for aur-dev.archlinux.org debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to aur-dev.archlinux.org [5.9.250.164] port 2222. debug1: Connection established. debug1: identity file /home/imntreal/.ssh/id_rsa-aur type 1 debug1: key_load_public: No such file or directory debug1: identity file /home/imntreal/.ssh/id_rsa-aur-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.7 debug1: Remote protocol version 2.0, remote software version ROSSSH debug1: no match: ROSSSH debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-sha1 none debug1: kex: client->server aes128-cbc hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<7680<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: DSA 0c:fd:fc:ef:90:40:d6:e8:d1:60:76:e2:9c:bb:99:40 debug1: Host '[aur-dev.archlinux.org]:2222' is known and matches the DSA host key. debug1: Found key in /home/imntreal/.ssh/known_hosts:23 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering RSA public key: /home/imntreal/.ssh/id_rsa-aur debug1: Authentications that can continue: publickey,password debug1: Offering RSA public key: /home/imntreal/.ssh/id_rsa debug1: Authentications that can continue: publickey,password debug1: Next authentication method: password aur@aur-dev.archlinux.org's password:
On 30.12.2014 16:22, Jameson wrote:
debug1: Remote protocol version 2.0, remote software version ROSSSH
This is wrong, it should read "Remote protocol version 2.0, remote software version OpenSSH_6.7"
debug1: Server host key: DSA 0c:fd:fc:ef:90:40:d6:e8:d1:60:76:e2:9c:bb:99:40
Our server has only one rsa host key configured with this fingerprint 71:b9:78:92:af:70:9a:b6:99:cb:93:af:b9:63:87:40. It looks like someone is doing a MITM attack on your ssh connections.
debug1: Authentications that can continue: publickey,password
Should be "Authentications that can continue: publickey,keyboard-interactive"
On Tue, Dec 30, 2014 at 10:56 AM, Florian Pritz <bluewind@xinu.at> wrote:
On 30.12.2014 16:22, Jameson wrote:
debug1: Remote protocol version 2.0, remote software version ROSSSH
This is wrong, it should read "Remote protocol version 2.0, remote software version OpenSSH_6.7"
debug1: Server host key: DSA 0c:fd:fc:ef:90:40:d6:e8:d1:60:76:e2:9c:bb:99:40
Our server has only one rsa host key configured with this fingerprint 71:b9:78:92:af:70:9a:b6:99:cb:93:af:b9:63:87:40. It looks like someone is doing a MITM attack on your ssh connections.
debug1: Authentications that can continue: publickey,password
Should be "Authentications that can continue: publickey,keyboard-interactive"
Haha. I just realized that my router is the MITM. I've got it forwarding incoming connections from port 2222, and totally forgot about it. Thanks, again.
participants (4)
-
Florian Pritz
-
Jameson
-
Lukas Fleischer
-
Marcel Korpel