Differences between revisions 3 and 6 (spanning 3 versions)
Revision 3 as of 2018-01-11 18:11:53
Size: 1332
Editor: ?RobieBasak
Comment: Add ssh key fingerprint information
Revision 6 as of 2018-01-27 00:50:13
Size: 3377
Editor: PaulWise
Comment: add a FAQ item about non-JS support
Deletions are marked like this. Additions are marked like this.
Line 10: Line 10:
=== Where can I verify the ssh key fingerprint for salsa.debian.org? === === How can I verify the ssh key for salsa.debian.org? ===
Line 12: Line 12:
See https://db.debian.org/machines.cgi?host=godard. You can echo a line from the "SSH host key" into `ssh-keygen -lf-` to calculate a fingerprint. Like all debian.org systems there are several options:

If you have a [[DNSSEC|secure path to a DNSSEC enabled resolver]] (install unbound and use it for DNS), use the existing DNSSEC and SSHFP records by turning on SSH host key verification via DNS:

{{{
$ cat >> ~/.ssh/config <<"EOF"
Host *.debian.org
 VerifyHostKeyDNS yes
EOF
}}}

If you have already verified the SSH host key of a debian.org host, you can download the full Debian SSH host key list over SSH from any debian.org host:

{{{
scp master.debian.org:/etc/ssh/ssh_known_hosts ~/.ssh/debian_known_hosts
}}}

If you haven't verified the SSH host key of any debian.org host yet, you can download the full Debian SSH host key list via HTTPS, pinned to the Lets Encrypt parent CA.

{{{
$ wget --ca-directory /dev/null --ca-certificate /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt -o ~/.ssh/debian_known_hosts https://db.debian.org/debian_known_hosts
}}}

You can either append the full Debian SSH key list to your usual known_hosts file or store it in a separate file and configure SSH to look at it for debian.org hosts:

{{{
$ cat >> ~/.ssh/config <<"EOF"
Host *.debian.org
 UserKnownHostsFile ~/.ssh/debian_known_hosts
EOF
}}}

You can also get the SSH host keys for salsa from the godard entry in Debian LDAP, which are also available via [[https://db.debian.org/machines.cgi?host=godard|the web interface]]. You should then save these in your known_hosts file.

{{{
$ ldapsearch -ZLLL -x -h db.debian.org -b ou=hosts,dc=debian,dc=org host=godard sshRSAHostKey
$ wget --ca-directory /dev/null --ca-certificate /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt https://db.debian.org/machines.cgi?host=godard -qO- | grep -o ssh-.* | sed 's/<br>/\n/g' >> ~/.ssh/known_hosts
}}}

=== How can I use salsa.debian.org without JavaScript? ===

The gitlab web interface requires JavaScript for a lot of different features. The gitlab upstream developers are hostile to changing this. You won't be able to view replies to issues or reply to issues for example. If you are not going to turn on JavaScript you are probably better off deleting your account or only using it for git based operations.

This page is maintained primarily by the administrators of Salsa to help spread knowledge about the service. You can also check the other Salsa-related pages:

1. Usage

1.1. How can I verify the ssh key for salsa.debian.org?

Like all debian.org systems there are several options:

If you have a secure path to a DNSSEC enabled resolver (install unbound and use it for DNS), use the existing DNSSEC and SSHFP records by turning on SSH host key verification via DNS:

$ cat >> ~/.ssh/config <<"EOF"
Host *.debian.org
 VerifyHostKeyDNS yes
EOF

If you have already verified the SSH host key of a debian.org host, you can download the full Debian SSH host key list over SSH from any debian.org host:

scp master.debian.org:/etc/ssh/ssh_known_hosts ~/.ssh/debian_known_hosts

If you haven't verified the SSH host key of any debian.org host yet, you can download the full Debian SSH host key list via HTTPS, pinned to the Lets Encrypt parent CA.

$ wget --ca-directory /dev/null --ca-certificate /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt -o ~/.ssh/debian_known_hosts https://db.debian.org/debian_known_hosts

You can either append the full Debian SSH key list to your usual known_hosts file or store it in a separate file and configure SSH to look at it for debian.org hosts:

$ cat >> ~/.ssh/config <<"EOF"
Host *.debian.org
 UserKnownHostsFile ~/.ssh/debian_known_hosts
EOF

You can also get the SSH host keys for salsa from the godard entry in Debian LDAP, which are also available via the web interface. You should then save these in your known_hosts file.

$ ldapsearch -ZLLL -x -h db.debian.org -b ou=hosts,dc=debian,dc=org host=godard sshRSAHostKey
$ wget --ca-directory /dev/null --ca-certificate /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt https://db.debian.org/machines.cgi?host=godard -qO- | grep -o ssh-.* | sed 's/<br>/\n/g' >> ~/.ssh/known_hosts

1.2. How can I use salsa.debian.org without JavaScript?

The gitlab web interface requires ?JavaScript for a lot of different features. The gitlab upstream developers are hostile to changing this. You won't be able to view replies to issues or reply to issues for example. If you are not going to turn on ?JavaScript you are probably better off deleting your account or only using it for git based operations.

2. Features

2.1. How can I create a mailing list?

For communication within a packaging team or with users you may want to create a mailing list on lists.debian.org. See the howto for requesting a new mailing list.

Legacy "commit" or "bug" mailinglists are superseded by the notification system of gitlab.

Former Alioth-based mailing lists can be partially migrated to lists.debian.org.

2.2. How do I create a Group? I see no button for that!

Group creation is disabled on the Debian ?GitLab instance, as we want to enforce namespacing guidelines. You can create a group for the team according to the namespacing guidelines from the signup page

3. Migration from Alioth