[GitHub] [hbase] ndimiduk commented on a change in pull request #2754: HBASE-25375 Provide a VM-based release environment

Wed, 06 Jan 2021 08:32:30 -0800 


ndimiduk commented on a change in pull request #2754:
URL: https://github.com/apache/hbase/pull/2754#discussion_r552783219



##########
File path: dev-support/release-vm/README.md
##########
@@ -0,0 +1,63 @@
+# HBase Release Env
+
+This is a vagrant project that provides a virtual machine environment suitable
+for running an Apache HBase release.
+
+Requires:
+* VirtualBox
+* Vagrant
+* The private portion of your signing key avilable in the local GPG agent
+* The private portion of your Github authentication key available in the local 
GPG agent
+
+## Usage
+
+Unlock the local keyring before proceeding (this should prompt you for your 
GPG passphrase). For
+example, assuming you have an authentication key configured in your keyring, 
this will do the
+trick.
+
+```sh
+$ ssh -T g...@github.com
+Hi <you>! You've successfully authenticated, but GitHub does not provide shell 
access.
+```
+
+Export the public portion of your signing credentials where the guest VM can 
access it,
+
+```sh
+$ gpg --export <you>@apache.org > gpg.<you>.apache.pub
+```
+
+Launch the VM
+
+```sh
+$ vagrant up
+```
+
+Connect to the VM. This should forward your ssh- and gpg-agent session.
+
+```sh
+$ vagrant ssh
+```
+
+Now from the VM, import your identity and verify the gpg-agent passthrough is 
working correctly.
+
+```sh
+$ gpg --no-autostart --import /vagrant/gpg.<you>.apache.pub
+...
+gpg: Total number processed: 1
+gpg:               imported: 1
+$ gpg --no-autostart --detach --armor --sign repos/hbase/pom.xml
+$ gpg --no-autostart --verify repos/hbase/pom.xml.asc
+gpg: assuming signed data in 'repos/hbase/pom.xml'
+...
+$ ssh -T g...@github.com

Review comment:
       In my case, I have an authentication key and a signing key in my gpg 
keyring, managed by gpg-agent. I have my ssh configuration set to use that gpg 
authorization key with GitHub. Thus, I can test agent forwarding works by 
issuing this command.
   
   Maybe the ssh incantation is adding unnecessary complexity here, as we 
verify gpg-agent forwarding via the `gpg --sign` command instead. Still, we 
should verify forwarding of both gpg and ssh credentials are working, as both 
are required during the release process (signing artifacts and tags, and 
pushing commits to the upstream repository).




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to