ndimiduk commented on a change in pull request #2754: URL: https://github.com/apache/hbase/pull/2754#discussion_r552779216
########## File path: dev-support/release-vm/README.md ########## @@ -0,0 +1,63 @@ +# HBase Release Env + +This is a vagrant project that provides a virtual machine environment suitable +for running an Apache HBase release. + +Requires: +* VirtualBox +* Vagrant +* The private portion of your signing key avilable in the local GPG agent +* The private portion of your Github authentication key available in the local GPG agent + +## Usage + +Unlock the local keyring before proceeding (this should prompt you for your GPG passphrase). For +example, assuming you have an authentication key configured in your keyring, this will do the +trick. + +```sh +$ ssh -T [email protected] +Hi <you>! You've successfully authenticated, but GitHub does not provide shell access. +``` + +Export the public portion of your signing credentials where the guest VM can access it, + +```sh +$ gpg --export <you>@apache.org > gpg.<you>.apache.pub +``` + +Launch the VM + +```sh +$ vagrant up +``` + +Connect to the VM. This should forward your ssh- and gpg-agent session. + +```sh +$ vagrant ssh +``` + +Now from the VM, import your identity and verify the gpg-agent passthrough is working correctly. + +```sh +$ gpg --no-autostart --import /vagrant/gpg.<you>.apache.pub +... +gpg: Total number processed: 1 +gpg: imported: 1 +$ gpg --no-autostart --detach --armor --sign repos/hbase/pom.xml Review comment: If agent forwarding is working, and your password expire time is set reasonably long, you shouldn't need to enter the password on the guest side. Something is not working properly. Did you `vagrant destroy -f` your VM before applying my latest changes? Specifically, you'd need to re-run the puppet provisioner in order to get the new ssh configuration. It's also worth confirming that there is no gpg-agent process on the guest OS, ever. As I understand it, the gpg process run in the foreground of the guest terminal should always be communicating back to the gpg-agent process running on the host via the socket. I don't know how to ensure the process is not launched on the guest, other than via the `--no-autostart` argument added to the commands. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
