... but with a reasonable delay of five minutes, and limited to three
invocations per hour. After that the service goes into failed state.
This should mitigate service failure caused by intermittent network
issues or server reboot on our side.
keyring/packager/pierre/3E80CA1A8B89F69CBA57D98A76A5EF9054449A5C/uid/Pierre_Schmitz__pierre@archlinux.org_e7e0700e/certification/2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E.asc:
Add main key signature of dvzrv
(2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E) for pierre
(3E80CA1A8B89F69CBA57D98A76A5EF9054449A5C).
On Debian/Ubuntu the default shell is dash, and builds are done with
SHELL overridden to dash. Since archlinux-keyring now has Bash-isms in
the install and uninstall targets (for {} expansion), and rewriting it
to drop this is inconvenient (because we'll have to repeat the path
prefixes), hardcode the use of Bash instead.
Use /bin/bash to be compatible with distros that have not finished the
/bin -> /usr/bin migration yet.
Signed-off-by: Michel Alexandre Salim <michel@michel-slm.name>
keyring/packager/blakkheim/54C1FD273361EA514A237793F296BDE50368C6CE/uid/T.J._Townsend__blakkheim@archlinux.org_476bd08f/certification/2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E.asc:
Add main key signature of dvzrv
(2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E) for blakkheim
(54C1FD273361EA514A237793F296BDE50368C6CE).
.gitlab-ci.yml:
Copy the WKD dir to a public dir (used by gitlab pages) directly instead
of creating the public dir and copying into it, as that is brittle.
Makefile:
Force symlinking of systemd unit for activation. If the service is
already installed and activated (symlinked) on the target system, a
non-forced symlink would fail otherwise.
.gitlab-ci.yml:
Add gitlab-ci integration to build WKD dir on tag using the `make wkd`
target per FQDN used by Arch Linux. Builds only happen on a secure
runner, the job is running in its own stage after the tests and only
runs in pipelines for tags.
keyring/packager/serebit/CAAE0C97533C35D3A0C6C34066E60E5F785A6824/uid/Campbell_Jones__for_package_signing_only___serebit@archlinux.org_55f6fd2b/certification/2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E.asc:
Add main key signature by dvzrv
(2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E) for serebit
(CAAE0C97533C35D3A0C6C34066E60E5F785A6824).
keyring/packager/yan12125/E62545315B012B69C8C94A1D56EC201BFC794362/uid/Chih-Hsuan_Yen__yan12125@archlinux.org_fea86268/certification/2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E.asc:
Add main key signature by dvzrv
(2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E) for yan12125
(E62545315B012B69C8C94A1D56EC201BFC794362).
There are some other changes with my current key:
* Actually revoke an unused uid
As per RFC 4880 [1], a revocation signature (sigclass 0x30) "should
have a later creation date than that certificate." However, somehow in
my keyring I have certificates newer than the previous revocation
signature. As a result, that uid is not marked as revoked by gpg. I
created a new revocation signature to fix that.
* Make @archlinux.org the primary UID
[1] https://datatracker.ietf.org/doc/html/rfc4880
wkd_sync/archlinux-keyring-wkd-sync.service.in:
Replace use of explicit script location (i.e. /usr/bin) with
SCRIPT_TARGET_DIR placeholder.
Makefile:
Create WKD sync service file from input file, replacing the
SCRIPT_TARGET_DIR placeholder with $SCRIPT_TARGET_DIR.