Commit Graph

10 Commits

Author SHA1 Message Date
Samir Benmendil
29d9caa9dc
Collect failed keys and print them at the end
Since !180, all keys are tried. This can indeed be useful but buries
the offending key in a long output log.

This stores a message containing the key and UID during processing and
prints them all at the end.
2023-03-20 16:24:49 +01:00
David Runge
8cb0c6d8a0
wkd_sync: Ignore keys with SHA-1 self-signature
wkd_sync/archlinux-keyring-wkd-sync:
Ignore keys with SHA-1 self-signature (by hardcoding them in a readonly
array) so that they will not be synced from WKD.
The Arch Linux WKD setup does not contain keys with SHA-1
self-signatures anymore.
2023-02-25 16:18:37 +01:00
Christian Hesse
1c296bf292
restart wkd sync on failure...
... but with a reasonable delay of five minutes, and limited to three
invocations per hour. After that the service goes into failed state.

This should mitigate service failure caused by intermittent network
issues or server reboot on our side.
2022-11-28 11:42:57 +01:00
Christian Hesse
30b8fa1653
try all keys, fail at the end for wkd sync
This makes sure all keys are tried at least, instead of failing with the
first error.

Fixes #202
2022-11-10 15:56:09 +01:00
Christian Hesse
e347a820c6
increase random delay for wkd sync
Most systems run this in the same 12 hours... Stop DDOS'ing ourselves
and spread over the whole week.

Fixes #198
2022-09-21 14:50:49 +02:00
David Runge
8036719a2e
Allow overriding the script location in WKD sync service
wkd_sync/archlinux-keyring-wkd-sync.service.in:
Replace use of explicit script location (i.e. /usr/bin) with
SCRIPT_TARGET_DIR placeholder.

Makefile:
Create WKD sync service file from input file, replacing the
SCRIPT_TARGET_DIR placeholder with $SCRIPT_TARGET_DIR.
2022-08-04 12:59:24 +02:00
David Runge
b3279eafcf
Rename WKD sync service file to an input file
wkd_sync/archlinux-keyring-wkd-sync.service -> wkd_sync/archlinux-keyring-wkd-sync.service.in:
This allows using the file as input file, where overriding keywords can
be done using sed.
2022-08-04 12:57:46 +02:00
David Runge
ad8698e96c
Add timer to regularly refresh PGP keys
wkd_sync/archlinux-keyring-wkd-sync.timer:
Add timer which triggers archlinux-keyring-wkd-sync.service to
persistently refresh existing PGP keys of archlinux-keyring weekly with
up to 12h of randomized delay.
2022-07-29 14:37:04 +02:00
David Runge
8436229ea6
Add hardened systemd service to run WKD sync
wkd_sync/archlinux-keyring-wkd-sync.service:
Add hardened systemd service to run WKD sync using
`archlinux-keyring-wkd-sync`.
2022-07-29 14:36:59 +02:00
David Runge
e5a2665a4c
Script to refresh existing keys of archlinux-keyring
wkd_sync/archlinux-keyring-wkd-sync:
Add script to refresh existing keys of archlinux-keyring on user
systems based on the state of the distribution's Web Key Directory
(WKD).
Invalid or revoked keys are ignored.
2022-07-29 14:36:51 +02:00