-
Notifications
You must be signed in to change notification settings - Fork 3
FOSDEM/keysigning
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
This repository contains the voodoo that is used to run FOSDEM keysigning events. It is shared on github so that people requesting features can just implement them themselves. Perhaps our infrastructure is also useful to others organizing similar events? There is no particular order here. This all grew organically over years of organizing FOSDEM keysigning events. Parts were written by FOSDEM, parts by others. Most files have a licence block. Files without a licence block are placed in the public domain. Share and enjoy! - Philip Paeps <[email protected]> 20120131 Table of contents (roughly): ---------------------------- Scripts ------- o kspd.pl -- key submission server. Start this as user ksp on apeiron.fosdem.org: su -s /bin/sh -c "/var/ksp/kspd.pl" ksp Writes received keys to keys/* with filename keyid. Refuses submissions if a kspd.lock file is present. o bin/generate-keylist.sh -- the keylist generation script This parses in the keys/ directory and generates the output directory. It uses: - bin/keydir-to-keyring.sh to parse the keys/ directory into a keyring - scripts/* to render different views of the keyring - templates/keylist-head.sh to render the header for the official ksp-fosdemXXXX.txt file o subgraph.pl -- graph submissions. Hackish script to throw submissions-per-day into rrdtool to prove procrastination by participants. - Runs as a cronjob on apeiron.fosdem.org - Bails out if it finds a kspd.lock Miscellaneous ------------- o htdocs/ contains symlinks to the submission scripts for anyone who wants to review them (what fun!). o Use paps --columns=2 --font=Monospace\ 5 ksp-fosdemXXXX.txt to print the keylist. TODO / nice to have ------------------- o Have kspd listen on IPv6 as well - HTTP::Daemon is a subclass of IO::Socket::INET and will probably never get IPv6 support (though ugly patches do exist). - It should not be too difficult to write our own, but ... meh. - In the mean time, we have a socat proxy: % socat TCP6-LISTEN:11371,bind=ksp.fosdem.org,ipv6only,fork,su=ksp \ TCP4:ksp.fosdem.org:11371 o Provide a way to delete the keys - Authentication is an issue... Sequence of events for a FOSDEM ------------------------------- Kickoff, mid-December: o Archive previous years state (mv to year directory) % mkdir $prevyear % mv files graphs keys output $prevyear/. % mkdir files graphs keys % chgrp ksp files graphs keys % chmod g+w files graphs keys o Remove the kspd.lock file o Adjust the dates in subgraph.pl - Note that the 'start date' should be yesterday o Run subgraph.pl manually to bootstrap the graph % sudo -u ksp perl ./subgraph.pl o Remember to adjust the vhost configuration - / should redirect to /keys, not /files o Send email (announce/0_announce.mail) to fosdem@ o Update the dates in the keysigning: stanza of the website's config.yaml and regenerate the website List generation, week before FOSDEM: o Touch kspd.lock to stop submissions o Run bin/generate-keylist.sh o Sign the list and the non-authoritative files o Copy output/* to files/ This allows you to experiment while the files are kept in a consistent state o Update the vhost.conf to change the redirect o Send email (announce/1_list.mail) to fosdem@ o Update website - In the Nanoc site, it should be sufficient to edit the keysigning-section of config.yaml
About
FOSDEM keysigning infrastructure
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published