[tor-bugs] #34371 [Internal Services/Tor Sysadmin Team]: make db.torproject.org a real debian archive
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jun 3 14:26:39 UTC 2020
#34371: make db.torproject.org a real debian archive
-----------------------------------------------------+-----------------
Reporter: anarcat | Owner: tpa
Type: task | Status: new
Priority: Low | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Major | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-----------------------------------------------------+-----------------
I often have trouble uploading packages following our procedure here:
https://help.torproject.org/tsa/howto/build_and_upload_debs/#Uploading_admin_packages
For example, just now I have stumbled upon this:
{{{
Failed to upload userdir-ldap-cgi_0.3.43~x.tpo.8.dsc to
anarcat at alberti.torproject.org:/srv/db.torproject.org/ftp-
archive/archive/pool/tpo-all/userdir-ldap-cgi_0.3.43~x.tpo.8.dsc: scp:
/srv/db.torproject.org/ftp-archive/archive/pool/tpo-all/userdir-ldap-
cgi_0.3.43~x.tpo.8.dsc: Permission denied
}}}
That was because there was already a `.8.dsc` file from a previous
("UNRELEASED") upload. (I feel it was a mistake to upload such a package
in the first place, but that's besides the point: this is only one of many
ways this procedure can fail on upload.)
The archive also manually handles OpenPGP certifications and rotations,
which is sub-optimal, to say the least, from a security perspective.
Instead, we should use well-known software like reprepro or else to manage
the repository, with a proper "incoming" queue.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/34371>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list