Commit Graph

986 Commits

Author SHA1 Message Date
Jonas Witschel
f235233372
Add signature from diabonas for yan12125 2022-08-19 10:53:25 +02:00
Christian Hesse
7854fefc9f
Merge branch 'merge-requests/156' 2022-08-19 10:00:18 +02:00
Christian Hesse
48a4282873
Merge branch 'merge-requests/158' 2022-08-19 09:55:56 +02:00
Christian Hesse
da16cd7c6b
Merge branch 'merge-requests/145' 2022-08-19 09:50:46 +02:00
Christian Hesse
79c81cbe6a
Merge branch 'merge-requests/157' 2022-08-19 09:45:52 +02:00
Jonas Witschel
b01b1f77dc
Revoke signature from diabonas for tensor5
Trusted User resignation:
https://lists.archlinux.org/archives/list/arch-dev-public@lists.archlinux.org/thread/TZWGYQY3AGNVVTIV4QB5CIJP4PI5JM4T/
2022-08-18 16:15:50 +02:00
Jonas Witschel
4c6fbc3779
Add signature from diabonas for serebit 2022-08-18 14:20:06 +02:00
Jonas Witschel
378e0ed4f3
Add packager key for new Trusted User serebit
Application: https://lists.archlinux.org/pipermail/aur-general/2022-January/036781.html
Voting results: https://lists.archlinux.org/pipermail/aur-general/2022-March/036842.html
2022-08-17 21:02:39 +02:00
Nicola Squartini
1352aa782b
Revoke @tensor5’s key 2022-08-14 22:11:08 +09:00
Chih-Hsuan Yen
498a19d0c6
Add yan12125's new key
There are some other changes with my current key:

* Actually revoke an unused uid

As per RFC 4880 [1], a revocation signature (sigclass 0x30) "should
have a later creation date than that certificate." However, somehow in
my keyring I have certificates newer than the previous revocation
signature. As a result, that uid is not marked as revoked by gpg. I
created a new revocation signature to fix that.

* Make @archlinux.org the primary UID

[1] https://datatracker.ietf.org/doc/html/rfc4880
2022-08-13 23:49:22 +08:00
Jonas Witschel
8b336741d1
Add signature from diabonas for sangy 2022-08-09 08:48:38 +02:00
Jonas Witschel
7217c34c04
Add signature from diabonas for foxxx0 2022-08-09 08:48:32 +02:00
David Runge
8036719a2e
Allow overriding the script location in WKD sync service
wkd_sync/archlinux-keyring-wkd-sync.service.in:
Replace use of explicit script location (i.e. /usr/bin) with
SCRIPT_TARGET_DIR placeholder.

Makefile:
Create WKD sync service file from input file, replacing the
SCRIPT_TARGET_DIR placeholder with $SCRIPT_TARGET_DIR.
2022-08-04 12:59:24 +02:00
David Runge
b3279eafcf
Rename WKD sync service file to an input file
wkd_sync/archlinux-keyring-wkd-sync.service -> wkd_sync/archlinux-keyring-wkd-sync.service.in:
This allows using the file as input file, where overriding keywords can
be done using sed.
2022-08-04 12:57:46 +02:00
David Runge
1dfc921a87
Make install locations more configurable and clean up
Makefile:
Change Makefile to allow installation of keyring data, systemd units and
scripts more configurable.
This allows user provided overrides via KEYRING_TARGET_DIR,
SCRIPT_TARGET_DIR, SYSTEMD_SYSTEM_UNIT_DIR.
Instead of relying on wildcards, rely on specifically named files, as
this can be reused also in the uninstall target without issue and
provides a clearer overview of what will be installed/uninstalled.
Specifically only make use of DESTDIR in the install and uninstall
targets, which allows easier overrides.
Extend uninstall target to also remove WKD sync related script and
systemd units.
2022-08-04 12:41:23 +02:00
Jonas Witschel
3e24dfe0a0
Add signature from diabonas for maximbaz 2022-08-04 09:03:54 +02:00
Jonas Witschel
e82a4e99db
Add signature from diabonas for anthraxx 2022-08-03 09:01:26 +02:00
David Runge
6c2b081c1e
Add main signature of anthraxx for dvzrv
keyring/packager/dvzrv/991F6E3F0765CF6295888586139B09DA5BF0D338/uid/David_Runge__dvzrv@archlinux.org_d2ad250f/certification/D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C.asc:
Add main key signature by anthraxx for dvzrv on key 991F6E3F0765CF6295888586139B09DA5BF0D338.
2022-08-02 19:44:47 +02:00
Jonas Witschel
427fe46040
Add signature from diabonas for alerque 2022-08-01 16:24:09 +02:00
Jonas Witschel
3d342e48ab
Merge branch 'sha1die_jelle' 2022-08-01 16:10:45 +02:00
Michel Alexandre Salim
baeb0c0a44
Remove reference to AUTHORS file
This file no longer exists in the repository, drop the mention.

Signed-off-by: Michel Alexandre Salim <michel@michel-slm.name>
2022-07-31 22:55:33 +02:00
Michel Alexandre Salim
3a43867e1c
Fix the permission of keyring files
These are non-executables, they should be installed 644 rather than 755.

Signed-off-by: Michel Alexandre Salim <michel@michel-slm.name>
2022-07-31 22:55:28 +02:00
Jelle van der Waa
c14acdfef7
Replace SHA-1 usage for jelle
Signed-off-by: Jelle van der Waa <jelle@archlinux.org>
2022-07-31 17:36:37 +02:00
David Runge
76c59984a0
Revoke signature on muflone's key
keyring/packager/muflone/CAA1D2323A05219AA2F01AA4E642299183ED727E/*:
Revoke signature on muflone@archlinux.org for
CAA1D2323A05219AA2F01AA4E642299183ED727E.
2022-07-31 08:32:16 +02:00
David Runge
4ef129ebd8
Extend contributing guidelines for WKD
CONTRIBUTING.md:
Extend contributing guidelines by a section about which data is released
to the Web Key Directory.
2022-07-29 14:37:24 +02:00
David Runge
470f854942
Add additional build dependencies pkgconf and systemd
README.md:
As we are dynamically deriving the target systemd system unit dir, we
require pkgconf and systemd during build time.
2022-07-29 14:37:20 +02:00
David Runge
87b1a4ab72
Install WKD update script/service/timer with Makefile
Makefile:
Extend install target to also install the WKD update script and the
systemd service and timer.
Vendor enable the systemd timer.
2022-07-29 14:37:12 +02:00
David Runge
9f8c58f340
Add pkgconf and systemd before building/ installing
.gitlab-ci.yml:
Add pkgconf and systemd to the list of packages, that are installed
before executing the build and install targets. They are required to
retrieve the correct path for systemd's system units.
2022-07-29 14:37:08 +02:00
David Runge
ad8698e96c
Add timer to regularly refresh PGP keys
wkd_sync/archlinux-keyring-wkd-sync.timer:
Add timer which triggers archlinux-keyring-wkd-sync.service to
persistently refresh existing PGP keys of archlinux-keyring weekly with
up to 12h of randomized delay.
2022-07-29 14:37:04 +02:00
David Runge
8436229ea6
Add hardened systemd service to run WKD sync
wkd_sync/archlinux-keyring-wkd-sync.service:
Add hardened systemd service to run WKD sync using
`archlinux-keyring-wkd-sync`.
2022-07-29 14:36:59 +02:00
David Runge
e5a2665a4c
Script to refresh existing keys of archlinux-keyring
wkd_sync/archlinux-keyring-wkd-sync:
Add script to refresh existing keys of archlinux-keyring on user
systems based on the state of the distribution's Web Key Directory
(WKD).
Invalid or revoked keys are ignored.
2022-07-29 14:36:51 +02:00
David Runge
11c500a186
Use spaces instead of tabs in files
.editorconfig:
Use spaces instead of tabs in files.
Add section for Makefile using tabs.
2022-07-29 14:36:46 +02:00
Jonas Witschel
fa02de4c0c
Add signature from diabonas for lfleischer 2022-07-29 14:20:08 +02:00
Jonas Witschel
22046c3c2d
Add signature from diabonas for kpcyrd 2022-07-29 14:20:04 +02:00
Lukas Fleischer
fa5c5845d1
Upgrade signatures for lfleischer to SHA-2
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2022-07-29 14:17:17 +02:00
Giancarlo Razzolini
d1276ba49a
This is the signature for svenstaro from grazzolini master key. 2022-07-28 12:04:50 -03:00
Jonas Witschel
22ac6fb976
Add signature from diabonas for bluewind 2022-07-26 11:39:32 +02:00
Jonas Witschel
db472fd30e
Update self-signatures of bluewind's packager key from SHA-1 to SHA-2 2022-07-26 11:39:30 +02:00
Jonas Witschel
21a59b2369
Add signature from diabonas for alucryd 2022-07-26 11:39:25 +02:00
Jonas Witschel
5fefe1c75a
Add signature from diabonas for remy 2022-07-26 11:37:35 +02:00
Jonas Witschel
a77f7d713b
Add signature from diabonas for shibumi 2022-07-26 11:37:33 +02:00
Jonas Witschel
7b94aa7604
Add signature from diabonas for morganamilo 2022-07-26 11:37:30 +02:00
Jonas Witschel
923ef2c429
Add signature from diabonas for escondida 2022-07-26 11:37:25 +02:00
Florian Pritz
9a83b10110
Add signature from Bluewind for muflone
Signed-off-by: Florian Pritz <bluewind@xinu.at>
2022-07-24 13:44:01 +02:00
Rémy Oudompheng
bcad513404
Update self-signatures of remy's packager key from SHA-1 to SHA-2 2022-07-23 19:56:41 +02:00
Christian Rebischke
0cee060429
update shibumi's key 2022-07-23 03:55:03 +02:00
Jonas Witschel
c34e8cca5c
Add signature from diabonas for arojas 2022-07-20 23:09:01 +02:00
Antonio Rojas
58def93247
Update arojas key 2022-07-20 23:08:55 +02:00
Levente Polyak
099df52a04
feature(keyringctl): support query expressions for packet field selection
Instead of simply string matching a line, we now traverse the packet as
a tree and match the path based on a depth first search.

While traversing, we support logical OR and current depth * wildcard
processed as a component based query expression.

Callee's are adjusted to specifically select the appropriate Issuer at
the correct depth.

Fixes #185
2022-07-20 21:34:37 +02:00
Levente Polyak
9d4c7057f4
add signature from anthraxx for svenstaro 2022-07-19 21:17:40 +02:00