Page MenuHomeSoftware Heritage

Outboarding of tenma
Closed, MigratedEdits Locked

Description

Perform the outboarding of tenma according to https://intranet.softwareheritage.org/wiki/Outboarding

Event Timeline

vsellier changed the task status from Open to Work in Progress.Apr 16 2021, 10:42 AM
vsellier triaged this task as High priority.
vsellier created this task.
  • unix credentials disabled
  • user tenma removed from the groups Staff and Reviewers in phabricator
  • VPN credential revoked:
root@louvre:~# cd /etc/openvpn/keys
root@louvre:/etc/openvpn/keys# ls
dh1024.pem  dh2048.pem	easyrsa  old  pki  vars  x509-types
root@louvre:/etc/openvpn/keys# ./easyrsa revoke tenma

Note: using Easy-RSA configuration from: ./vars

Using SSL: openssl OpenSSL 1.1.1d  10 Sep 2019


Please confirm you wish to revoke the certificate with the following subject:

subject=
    commonName                = tenma


Type the word 'yes' to continue, or any other input to abort.
  Continue with revocation: yes
Using configuration from /etc/openvpn/keys/pki/safessl-easyrsa.cnf
Revoking Certificate 07DDFAD8CFA118C4A3B249C7FCDCAE69.
Data Base Updated

IMPORTANT!!!

Revocation was successful. You must run gen-crl and upload a CRL to your
infrastructure in order to prevent the revoked cert from being accepted.

root@louvre:/etc/openvpn/keys# ./easyrsa gen-crl; chmod a+r pki/crl.pem

Note: using Easy-RSA configuration from: ./vars

Using SSL: openssl OpenSSL 1.1.1d  10 Sep 2019
Using configuration from /etc/openvpn/keys/pki/safessl-easyrsa.cnf

An updated CRL has been created.
CRL file: /etc/openvpn/keys/pki/crl.pem
  • task T2743, T2885 and T1410 unassigned
  • IRC he was already kicked from the private channels
  • Mailing list: Need the help of @ardumont as I haven't not the permission to manage the members of the swh-team list
  • he was not in the list of members of the swh-team (thanks @ardumont for adding me to the owners of the list)