Opened 4 months ago

#34371 new task

make db.torproject.org a real debian archive

Reported by: anarcat Owned by: tpa
Priority: Low Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Major Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I often have trouble uploading packages following our procedure here:

https://help.torproject.org/tsa/howto/build_and_upload_debs/#Uploading_admin_packages

For example, just now I have stumbled upon this:

Failed to upload userdir-ldap-cgi_0.3.43~x.tpo.8.dsc to anarcat@alberti.torproject.org:/srv/db.torproject.org/ftp-archive/archive/pool/tpo-all/userdir-ldap-cgi_0.3.43~x.tpo.8.dsc: scp: /srv/db.torproject.org/ftp-archive/archive/pool/tpo-all/userdir-ldap-cgi_0.3.43~x.tpo.8.dsc: Permission denied

That was because there was already a .8.dsc file from a previous ("UNRELEASED") upload. (I feel it was a mistake to upload such a package in the first place, but that's besides the point: this is only one of many ways this procedure can fail on upload.)

The archive also manually handles OpenPGP certifications and rotations, which is sub-optimal, to say the least, from a security perspective.

Instead, we should use well-known software like reprepro or else to manage the repository, with a proper "incoming" queue.

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.