Commit Graph

905 Commits

Author SHA1 Message Date
Christian Hesse
7fa672586a
Merge branch 'merge-requests/173' 2022-09-12 09:58:20 +02:00
Michel Alexandre Salim
335a31dcf6
Hardcode using bash as make's shell
On Debian/Ubuntu the default shell is dash, and builds are done with
SHELL overridden to dash. Since archlinux-keyring now has Bash-isms in
the install and uninstall targets (for {} expansion), and rewriting it
to drop this is inconvenient (because we'll have to repeat the path
prefixes), hardcode the use of Bash instead.

Use /bin/bash to be compatible with distros that have not finished the
/bin -> /usr/bin migration yet.

Signed-off-by: Michel Alexandre Salim <michel@michel-slm.name>
2022-09-12 09:34:26 +02:00
David Runge
eb12f06550
Add signature of dvzrv for blakkheim
keyring/packager/blakkheim/54C1FD273361EA514A237793F296BDE50368C6CE/uid/T.J._Townsend__blakkheim@archlinux.org_476bd08f/certification/2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E.asc:
Add main key signature of dvzrv
(2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E) for blakkheim
(54C1FD273361EA514A237793F296BDE50368C6CE).
2022-09-11 21:18:47 +02:00
David Runge
3eb5037a48
Merge remote-tracking branch 'blakkheim/master'
* blakkheim/master:
  Add packager key for new Trusted User blakkheim
2022-09-11 13:48:39 +02:00
T.J. Townsend
375d4bff87 Add packager key for new Trusted User blakkheim
Application: https://lists.archlinux.org/pipermail/aur-general/2022-August/036930.html
Voting result: https://lists.archlinux.org/pipermail/aur-general/2022-September/036964.html
2022-09-10 10:35:21 -04:00
Florian Pritz
33e8374d12
Add signature from Bluewind for serebit
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2022-09-04 10:01:52 +02:00
David Runge
7b331e8a7d
Rename wkd_build to pages
.gitlab-ci.yml:
Rename wkd_build to pages, as that is apparently what gitlab needs.
2022-09-02 19:04:02 +02:00
David Runge
05f17ee267
Copy WKD dir to public directly
.gitlab-ci.yml:
Copy the WKD dir to a public dir (used by gitlab pages) directly instead
of creating the public dir and copying into it, as that is brittle.
2022-09-02 18:31:38 +02:00
David Runge
75b7394377
Force symlinking of systemd unit for activation
Makefile:
Force symlinking of systemd unit for activation. If the service is
already installed and activated (symlinked) on the target system, a
non-forced symlink would fail otherwise.
2022-09-02 13:26:29 +02:00
David Runge
a6f2a84baa
Add gitlab-ci integration to build WKD dir on tag
.gitlab-ci.yml:
Add gitlab-ci integration to build WKD dir on tag using the `make wkd`
target per FQDN used by Arch Linux. Builds only happen on a secure
runner, the job is running in its own stage after the tests and only
runs in pipelines for tags.
2022-08-31 11:41:45 +02:00
David Runge
85dc87d167
Adapt Makefile to build wkd dir and inspect it
Makefile:
Change the Makefile to build WKD dirs based on a given WKD_FQDN and add
them to WKD_BUILD_DIR.
2022-08-31 11:19:57 +02:00
Christian Hesse
0a6ff56c80
Merge branch 'merge-requests/165' 2022-08-31 09:35:24 +02:00
Levente Polyak
d0bea7ad8a
Add signature from anthraxx for yan12125 2022-08-31 01:34:29 +02:00
Florian Pritz
0f217bd222
Add signature from Bluewind for yan12125
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2022-08-31 01:06:53 +02:00
Christian Hesse
fae9b09614
Merge branch 'merge-requests/162' 2022-08-29 22:51:43 +02:00
Levente Polyak
1e57a3038e
Add signature from anthraxx for serebit 2022-08-28 22:50:59 +02:00
David Runge
8f787824c1
Add main key signature by dvzrv for serebit
keyring/packager/serebit/CAAE0C97533C35D3A0C6C34066E60E5F785A6824/uid/Campbell_Jones__for_package_signing_only___serebit@archlinux.org_55f6fd2b/certification/2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E.asc:
Add main key signature by dvzrv
(2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E) for serebit
(CAAE0C97533C35D3A0C6C34066E60E5F785A6824).
2022-08-28 20:01:07 +02:00
David Runge
25d07327d6
Add main key signature by dvzrv for yan12125
keyring/packager/yan12125/E62545315B012B69C8C94A1D56EC201BFC794362/uid/Chih-Hsuan_Yen__yan12125@archlinux.org_fea86268/certification/2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E.asc:
Add main key signature by dvzrv
(2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E) for yan12125
(E62545315B012B69C8C94A1D56EC201BFC794362).
2022-08-28 19:59:45 +02:00
kpcyrd
f0200aba0d
Update expiry of kpcyrd key 2022-08-19 15:01:36 +02:00
Jonas Witschel
f235233372
Add signature from diabonas for yan12125 2022-08-19 10:53:25 +02:00
Christian Hesse
7854fefc9f
Merge branch 'merge-requests/156' 2022-08-19 10:00:18 +02:00
Christian Hesse
48a4282873
Merge branch 'merge-requests/158' 2022-08-19 09:55:56 +02:00
Christian Hesse
da16cd7c6b
Merge branch 'merge-requests/145' 2022-08-19 09:50:46 +02:00
Christian Hesse
79c81cbe6a
Merge branch 'merge-requests/157' 2022-08-19 09:45:52 +02:00
Jonas Witschel
b01b1f77dc
Revoke signature from diabonas for tensor5
Trusted User resignation:
https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/TZWGYQY3AGNVVTIV4QB5CIJP4PI5JM4T/
2022-08-18 16:15:50 +02:00
Jonas Witschel
4c6fbc3779
Add signature from diabonas for serebit 2022-08-18 14:20:06 +02:00
Jonas Witschel
378e0ed4f3
Add packager key for new Trusted User serebit
Application: https://lists.archlinux.org/pipermail/aur-general/2022-January/036781.html
Voting results: https://lists.archlinux.org/pipermail/aur-general/2022-March/036842.html
2022-08-17 21:02:39 +02:00
Nicola Squartini
1352aa782b
Revoke @tensor5’s key 2022-08-14 22:11:08 +09:00
Chih-Hsuan Yen
498a19d0c6
Add yan12125's new key
There are some other changes with my current key:

* Actually revoke an unused uid

As per RFC 4880 [1], a revocation signature (sigclass 0x30) "should
have a later creation date than that certificate." However, somehow in
my keyring I have certificates newer than the previous revocation
signature. As a result, that uid is not marked as revoked by gpg. I
created a new revocation signature to fix that.

* Make @archlinux.org the primary UID

[1] https://datatracker.ietf.org/doc/html/rfc4880
2022-08-13 23:49:22 +08:00
Jonas Witschel
8b336741d1
Add signature from diabonas for sangy 2022-08-09 08:48:38 +02:00
Jonas Witschel
7217c34c04
Add signature from diabonas for foxxx0 2022-08-09 08:48:32 +02:00
David Runge
8036719a2e
Allow overriding the script location in WKD sync service
wkd_sync/archlinux-keyring-wkd-sync.service.in:
Replace use of explicit script location (i.e. /usr/bin) with
SCRIPT_TARGET_DIR placeholder.

Makefile:
Create WKD sync service file from input file, replacing the
SCRIPT_TARGET_DIR placeholder with $SCRIPT_TARGET_DIR.
2022-08-04 12:59:24 +02:00
David Runge
b3279eafcf
Rename WKD sync service file to an input file
wkd_sync/archlinux-keyring-wkd-sync.service -> wkd_sync/archlinux-keyring-wkd-sync.service.in:
This allows using the file as input file, where overriding keywords can
be done using sed.
2022-08-04 12:57:46 +02:00
David Runge
1dfc921a87
Make install locations more configurable and clean up
Makefile:
Change Makefile to allow installation of keyring data, systemd units and
scripts more configurable.
This allows user provided overrides via KEYRING_TARGET_DIR,
SCRIPT_TARGET_DIR, SYSTEMD_SYSTEM_UNIT_DIR.
Instead of relying on wildcards, rely on specifically named files, as
this can be reused also in the uninstall target without issue and
provides a clearer overview of what will be installed/uninstalled.
Specifically only make use of DESTDIR in the install and uninstall
targets, which allows easier overrides.
Extend uninstall target to also remove WKD sync related script and
systemd units.
2022-08-04 12:41:23 +02:00
Jonas Witschel
3e24dfe0a0
Add signature from diabonas for maximbaz 2022-08-04 09:03:54 +02:00
Jonas Witschel
e82a4e99db
Add signature from diabonas for anthraxx 2022-08-03 09:01:26 +02:00
David Runge
6c2b081c1e
Add main signature of anthraxx for dvzrv
keyring/packager/dvzrv/991F6E3F0765CF6295888586139B09DA5BF0D338/uid/David_Runge__dvzrv@archlinux.org_d2ad250f/certification/D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C.asc:
Add main key signature by anthraxx for dvzrv on key 991F6E3F0765CF6295888586139B09DA5BF0D338.
2022-08-02 19:44:47 +02:00
Jonas Witschel
427fe46040
Add signature from diabonas for alerque 2022-08-01 16:24:09 +02:00
Jonas Witschel
3d342e48ab
Merge branch 'sha1die_jelle' 2022-08-01 16:10:45 +02:00
Michel Alexandre Salim
baeb0c0a44
Remove reference to AUTHORS file
This file no longer exists in the repository, drop the mention.

Signed-off-by: Michel Alexandre Salim <michel@michel-slm.name>
2022-07-31 22:55:33 +02:00
Michel Alexandre Salim
3a43867e1c
Fix the permission of keyring files
These are non-executables, they should be installed 644 rather than 755.

Signed-off-by: Michel Alexandre Salim <michel@michel-slm.name>
2022-07-31 22:55:28 +02:00
Jelle van der Waa
c14acdfef7
Replace SHA-1 usage for jelle
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
2022-07-31 17:36:37 +02:00
David Runge
76c59984a0
Revoke signature on muflone's key
keyring/packager/muflone/CAA1D2323A05219AA2F01AA4E642299183ED727E/*:
Revoke signature on muflone@archlinux.org for
CAA1D2323A05219AA2F01AA4E642299183ED727E.
2022-07-31 08:32:16 +02:00
David Runge
4ef129ebd8
Extend contributing guidelines for WKD
CONTRIBUTING.md:
Extend contributing guidelines by a section about which data is released
to the Web Key Directory.
2022-07-29 14:37:24 +02:00
David Runge
470f854942
Add additional build dependencies pkgconf and systemd
README.md:
As we are dynamically deriving the target systemd system unit dir, we
require pkgconf and systemd during build time.
2022-07-29 14:37:20 +02:00
David Runge
87b1a4ab72
Install WKD update script/service/timer with Makefile
Makefile:
Extend install target to also install the WKD update script and the
systemd service and timer.
Vendor enable the systemd timer.
2022-07-29 14:37:12 +02:00
David Runge
9f8c58f340
Add pkgconf and systemd before building/ installing
.gitlab-ci.yml:
Add pkgconf and systemd to the list of packages, that are installed
before executing the build and install targets. They are required to
retrieve the correct path for systemd's system units.
2022-07-29 14:37:08 +02:00
David Runge
ad8698e96c
Add timer to regularly refresh PGP keys
wkd_sync/archlinux-keyring-wkd-sync.timer:
Add timer which triggers archlinux-keyring-wkd-sync.service to
persistently refresh existing PGP keys of archlinux-keyring weekly with
up to 12h of randomized delay.
2022-07-29 14:37:04 +02:00
David Runge
8436229ea6
Add hardened systemd service to run WKD sync
wkd_sync/archlinux-keyring-wkd-sync.service:
Add hardened systemd service to run WKD sync using
`archlinux-keyring-wkd-sync`.
2022-07-29 14:36:59 +02:00
David Runge
e5a2665a4c
Script to refresh existing keys of archlinux-keyring
wkd_sync/archlinux-keyring-wkd-sync:
Add script to refresh existing keys of archlinux-keyring on user
systems based on the state of the distribution's Web Key Directory
(WKD).
Invalid or revoked keys are ignored.
2022-07-29 14:36:51 +02:00