Commit 58775b2e authored by Edward Z. Yang's avatar Edward Z. Yang Committed by Mikhail Glushenkov

Rotate haskell-pushbot keys

Signed-off-by: default avatarEdward Z. Yang <ezyang@cs.stanford.edu>
parent d0c3defe
......@@ -13,7 +13,7 @@ if [ -z ${STACK_CONFIG+x} ]; then
if [ "$TRAVIS_OS_NAME" = "linux" ]; then
travis_retry sudo add-apt-repository -y ppa:hvr/ghc
travis_retry sudo apt-get update
travis_retry sudo apt-get install --force-yes cabal-install-head cabal-install-2.0 happy-1.19.5 alex-3.1.7 ghc-$GHCVER-prof ghc-$GHCVER-dyn
travis_retry sudo apt-get install --force-yes cabal-install-head cabal-install-2.0 happy-1.19.5 alex-3.1.7 ghc-$GHCVER-prof ghc-$GHCVER-dyn bsdgames
if [ "x$TEST_OTHER_VERSIONS" = "xYES" ]; then travis_retry sudo apt-get install --force-yes ghc-7.0.4-prof ghc-7.0.4-dyn ghc-7.2.2-prof ghc-7.2.2-dyn ghc-head-prof ghc-head-dyn; fi
elif [ "$TRAVIS_OS_NAME" = "osx" ]; then
......
......@@ -23,10 +23,11 @@ Here is the general lifecycle of a Travis run:
2. Once the build is successful, we invoke upload.sh to upload
the build products to the cabal-binaries repository. This is done
using the private key id_rsa (associated with haskell-pushbot's
account). This upload contains its own .travis.yml (customized
for the particular build matrix configuration), and some special
JSON metadata in the commit message.
using the ROT-13'ed private key id_rsa.rot13 (associated with
haskell-pushbot's account). This upload contains its own .travis.yml
(customized for the particular build matrix configuration), and some
special JSON metadata in the commit message. ROT-13 is used to
prevent GitHub from deciding the private key is compromised.
3. Triggered by the push to cabal-binaries, Travis on haskell-pushbot
will run the tests. After this finishes, it will invoke a webhook
......@@ -55,7 +56,8 @@ would need to do:
* Create a new GitHub account to replace haskell-pushbot
* Generate a new private key, associate it with the GH account, and
replace id_rsa and id_rsa.pub with the new account
replace id_rsa.rot13 and id_rsa.pub with the ROT-13'ed private
key and the public key.
* Create a new binaries repository, modify the invocation of
"git remote add" in upload.sh to point to the new location.
......
......@@ -3,6 +3,6 @@
# See travis/upload.sh for more documentation
git remote set-url --push origin git@github.com:haskell-pushbot/cabal-binaries.git
(umask 177 && cp id_rsa $HOME/.ssh/id_rsa)
(umask 177 && rot13 < id_rsa.rot13 > $HOME/.ssh/id_rsa)
ssh-keyscan github.com >> $HOME/.ssh/known_hosts
git push origin --delete "$(git rev-parse --abbrev-ref HEAD)"
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAwyBagHDRv7lqPz0Jus26XmLa9erl29MAT2ns2LURbszqhP6v
KW5bp0bYeCrBOhUUq14tNpI/5xDnHdt1GJGztiLzTu9FLy7gts4xmkYlkiAJeUkg
RGUeWDU0oK6Df5jkxu0N+tYcxMFMZLi1Nmm4ISGpYPHvfAPwRDRAojFZBFFI1vYO
4awyz5X6DaMHu/D+TSTHDBzNDtq2oCWtDT1hh2Bhtxw5ZGeujlEXWLkp9eoA/TU/
RBWL4s2xAot81iEWNN5xhFijlt2RsBLpqTj+TcEpvU9xMXYkQFpyqPJzxMsjHo4i
50qnZdKQXeZJd/ZmIiAt4B4/tlSLz6RUmfSQfwIDAQABAoIBAQCXlrD4i61Hx2IV
UvQWHfGlliMJXb3JM3lQOLh5+uFaNPQU8k9eXo/xuoY9hOmsl+gA4h86ABCJEIac
mXu05Ky62RgwwI39A+wr2LCMa+aQSTdS9E6PFAeo+1yxYCJkpIFHUa7EqkabTJhu
v1h4t1UG2EHgQNSOgfjM49M6rh+7y5b8NDH/67y0ygdaXQAlqPOxmllKAKJWKrCd
zsrhaZXezPljblzGQpaV0+EhGGbrrqaos+kdraZcYXqo++sGEnITg2ElCHtGf0/0
h1yr1PtNeLvhC0w/3piZnA58ls8OmXy0erVi9Pj1LLGEbeuFSz81+6SpmORgx1Kd
4jazO1mxAoGBAOM2SXvmqS+8CCI3u52I9bbkE4keIM54tzFLNHWQknVHQn04GGxC
lXjjcTyLNW2rT04RfGs2tXSse3sgEg1x/4uqo/kJvdZAAG9vUlWNukzqEVawVu84
AJhhqWQWGSdOhnOS7G2aXjdrTfIvlvwjuUBii4s0fRw6QE0s5vpVyNh9AoGBANvZ
WtYnuQuzsedhZDB0Chrg/z83DYpxlubDeP3iWnT7eBXes1nTLM0r9AChFCbyX6Ml
Wd5phCbjvZrtQG04E90xHQNFq77F5q9U8D0gJIDi3fcktRrP9pCQqZhCbuLTKhxa
eFFS3W8c7pivQLsdwr29wZK+yegN6ksZax7OktmrAoGAewGw1rsRbR5G6P9zOt4i
6FihmuIMsLr5sl4ckGksYQGrJU9xKWsCsOexLi3PRwgvbvxYd1Ku+fNHBmleXJkS
1/IRw4lalNshYTLLSDXqXil6KYxeBDQ1XknBAsZT58vDTl6EUPH5f9c/45WQEADn
EcxH750C/n0qwp1EjtJSYaECgYBTSZi8IPhdkooHWkIWiR9651pLnJOoqze73Lnt
lN8oCkyIHIJduT7zy3747g0wZAoPSIsvU1IZWZXvJ4qM1f3Qgla3cqGJ+HdYXRlW
TuMFYO0uP93MdpS2V9eoMyLHE7CUZUHHrVjuS0uo1Fv1h2TLdSPscBMVso/cO5j1
ZtUDWQKBgQCrIdI4X25eQg7h9noZkOkv0puQQJ/g/+sE7DOL6van74dtVSbgahwu
/7umITYSfvkEFfbck5m7Yvsaje1Mzj0skXX8tST80WrCYwJ3BCY+BYvHoYOjhPt/
q3Ycs1SPZ0Ao7/NkTEnkv0+hIGb5K99UvvLNXTk83pYcS09i5TfXDA==
-----END RSA PRIVATE KEY-----
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDIFqAcNG/uWo/PQm6zbpeYtr16uXb0wBPaezYtRFuzOqE/q8pblunRth4KsE6FRSrXi02kj/nEOcd23UYkbO2IvNO70UvLuC2zjGaRiWSIAl5SSBEZR5YNTSgroN/mOTG7Q361hzEwUxkuLU2abghIalg8e98A/BENECiMVkEUUjW9g7hrDLPlfoNowe78P5NJMcMHM0O2ragJa0NPWGHYGG3HDlkZ66OURdYuSn16gD9NT9EFYvizbECi3zWIRY03nGEWKOW3ZGwEumpOP5NwSm9T3ExdiRAWnKo8nPEyyMejiLnSqdl0pBd5kl39mYiIC3gHj+2VIvPpFSZ9JB/ ezyang@sabre
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD5OxM9GP24D0agQZ4IZu2fHIsvfmcTdwshTfHhP+IaDmUK6a9xuoqdzhoXW4+YRbSYI8CzEfIgnCgI6NBrV81t/GrwL51mueUtLHrY5QAE+UBSX6CU9UZw8epgqFil0dGmriHcCU6ifdclsENx8eh90DAUJq9JEHcp72OdlizxC2gfawdS9Gl1o609Q+rHD1+XZVHWV3UQ8ecdLFBxaZS/9FtVlx1HmOmjJPFniUArkb3ob5xe98+i1cRP1gOflg9ZpEt8a6AN8GNzwSZx11KGED7USTC9K9KosT+9TB+e4AsOjZWzra0r0NjZY7HPr2fHSZjQZKvZSqPs6Q9BB4wL ezyang@sabre
-----ORTVA EFN CEVINGR XRL-----
ZVVRcNVONNXPNDRN+GfGCEw9hN9TbRTrPTogaklYY35aR3pYVH3k4G/vTt5yPhzi
podXap4nS1hCzRJ0zPCNfkUlVWjbPBwDn1sAoskd8P+qMeayYFk62BHNOCyNHy+t
yCITpCUdLXuLcqUEcd4u3NyBba3KWoOQpsUbsqNjSPniFEO3Xr9waMLf8DgbU2fU
HiEcqnBgCHCdkj9sy2IE1yq1RCUaUFkDpJzHi/EoIMpqE5wcblGkM4yNX5T96T+p
KisCbgKRG9LQa5LCJnEYsThtQsOwp8RzpqqFuuN+1RxjiFiFdYR/iHjsahNYQb2I
f62gX9QL2JBkm69ak0zL0TFe2Hdw7BxCDDrZPjVQNDNONbVONDQk13gOeRO3UVhu
8xcEFA+UdNQ/bk6BngBbP6FZhWeRDsrJpIOUtLLRiiirpbPFrNSLXRyF+wHQb8CA
pJmp3XFN95RyMT7BDqP61kPI6kQejcaO1C1GmsK+alPMwbVT1rHxLcPRaMgdKpLc
0wXNUDqUUa+b7vwyZ08BdQo3fpDTJBfTb70OMmN0JUKLjmwfOTvnBxM8NHc+cfTe
qJmD7MocgTI5TnEKpOIgnmfPj5e/kOq+veWrxDSwbsb8FGSuYDpXyJPKqumTERj/
ZpLfLTzM1KfEOtE09SQdBH38GQJVi22AVsntjtEGDBKkGvfVPZ+eylOeCoD3FJGb
r7Wd0CAENbTONC2QvIQSxZiTd0u3a4ZbVjcQEl6celTqFi6lC5xkkJFrFzaFmQZS
hbs6ZYrN67YZ1E2Xild0ro6/NCIMuOEVbxAw2+dKo65/MiCeRAoXCTlBsBRKvIma
//CPsAN08aUi0AtgGEUPfywZo7x/DZoKrV9Wj1Os0WSBKwEXKx2AwcAANbTONChf
lF7FaVawEUBZt/aial1bcjw1twTixPAq5ZFiAvJS5Cbb5+mvhwu7RKgaugyu/wmG
93/TDHikXVcUOX2o9Az8ef21z9cvK1Jxl4PBn0PZrqHxPQ2gU0zF5QF0sRceSV0i
jU8WPmsEs5zMMF9Hy8twRHwwad1YYG8JLiQO7HP3NbTONCyMNkdn98j2LNbd/b22
HXPet7i10srlPv1kwCEH694UtkTX8XKBbXIJN8l51EcZArTHfzdPxXk4znl4zklV
EURpXkLJIEoN4YMEVbYt74JzfSJSUBcjyzAsv/jA19xER81Z4ImlekPNV/BRe2Kx
HDD+sDw09BB2iEzMsO+mq+FENbTNJsKsF+9LdFxyyYNYyATRpaGDRQUOjtGuKhY3
UE8ZTpzZzno5xNSGH1RnMXDF3n1oqI7UC1ZpxNd51DBugaGvkgaqTtodzAgR/WLI
o/E4ssN4gTyJ0ZHYD/9Cg080uy1HHHgnLL5LOwUXwWe6DweLey9dyRILhAHNoJnE
V0VBwz0PtLNurcdM6tYR6GqmlrBHuVKLRYFFB+eoXPfpsJi7OEtYMzHtSnjz1eDp
h+TiSZfiNelDthfbA+sWaqmdRPs1GNeT1507QLVbV+3mZYJUMhdIE3mONijR/Bs+
RCWY5B+Bz91k/80W/B9zszpkBhNgw2EzXqgRmeejhl6mLuEylKqRMj==
-----RAQ EFN CEVINGR XRL-----
......@@ -39,7 +39,7 @@ cd travis
# Setup SSH key we will use to push to binaries repository.
# umask to get the permissions to be 600 (not 400, because the deploy
# script in .travis.yml is going to clobber this private key)
(umask 177 && cp id_rsa $HOME/.ssh/id_rsa)
(umask 177 && rot13 < id_rsa > $HOME/.ssh/id_rsa)
# Setup SSH keys
ssh-keyscan github.com >> $HOME/.ssh/known_hosts
......@@ -65,7 +65,7 @@ mkdir cabal-install
cp -R $TRAVIS_BUILD_DIR/Cabal/tests Cabal
cp -R $TRAVIS_BUILD_DIR/cabal-install/tests cabal-install
# Copy in credentials so we can delete branch when done
cp $TRAVIS_BUILD_DIR/travis/id_rsa .
rot13 < $TRAVIS_BUILD_DIR/travis/id_rsa > id_rsa.rot13
# Install all of the necessary files for testing
cp $TRAVIS_BUILD_DIR/travis-install.sh .
cp $TRAVIS_BUILD_DIR/travis-common.sh .
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment