How to sign a remote repository, i.e. forward agent

Jameson Rollins jrollins at finestructure.net
Thu Jul 1 12:41:07 CEST 2010


On Tue, 29 Jun 2010 21:40:37 +0200, Carsten Aulbert <carsten.aulbert at aei.mpg.de> wrote:
> My problem is relatively simple. We provide a (Debian) repository for our 
> colleagues as well as ourselves and would like to sign it (for the experts: 
> reprepro's export option). Of course one could either copy around the secret 
> keyring and start the agent remotely or type the passphrase many times, but 
> straight from the FAQ this is not a good idea(TM).
> 
> Now the notorious question: Does anyone know how to forward the agent's socket 
> to the remote machine? I've briefly tried socat (remote unix socket to tcp 
> port, ssh tunnel of this port and then socat again to link the forwarded port 
> to the existing socket) but so far to no avail.

Hey, Carsten.  It just occurred to me that maybe you could use sshfs to
accomplish this.  You could mount the needed reprepro directory locally
with sshfs, and then sign the needed files locally without having to
actually move the files around or forward the gnupg agent.  I just tried
signing something over an sshfs mount and it seemed to work fine.

sshfs is fabulous.  hth.

jamie.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: </pipermail/attachments/20100701/6cf6fa1c/attachment.pgp>


More information about the Gnupg-users mailing list