Mailing List Archive

openpgpkey-control : WKD website content management
I've just published something I've been using for a little while:

https://github.com/PennockTech/openpgpkey-control

I use WKD, but I don't use WKS. I want content of websites to be
redeployable, and tracked with revision history. The repo above manages
that for me. It should be something which anyone can fork, change the
content of config/, then use for their own sites.

It uses shell (bash), and Python3 in one place, for handling zbase32; it
has no dependencies upon any Python not in the standard library. (This
is why I hadn't published it before now, but I just broke out my
personal zbase32 library and included it in-repo; seems to work).

In the repo: bin/ and lib/ are static, while config/ has three very
simple control files. The content of keyrings/ and sites/ is managed by
the tools in bin/.

Update the keyids in config/keys and run bin/update-keyrings to pull in
keys from your external GnuPG keyring.

Run bin/update-sites to blow away and re-create the sites/ directory; it
uses config/keys and config/domains to control what gets created. It
needs Python (3) installed.

Run bin/deploy-sites to deploy websites; controlled by config/deploys;
at present, only the `rsync` mechanism is supported, it's all I've
needed. `rsync:delete` is used in practice, but leave off the `:delete`
until you're happy.


I just added exim.org to this setup. Having the repo be public should
be fine: there are no secret memberships in exim.org and the whole point
is to make PGP keys publicly available. The email addresses are all
obfuscated, either by being inside a PGP key, or via zbase32 encoding,
so it should be spammer-safe (until they start using PGP).

Regards,
-Phil
Re: openpgpkey-control : WKD website content management [ In reply to ]
Hi,

That is great! Thank you.

I have added it to the WKD Hosting page in the wiki as a start.
https://wiki.gnupg.org/WKDHosting

Best Regards,
Andre

--
GnuPG.com - a brand of g10 Code, the GnuPG experts.

g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459
GF Werner Koch, USt-Id DE215605608, www.g10code.com.

GnuPG e.V., Rochusstr. 44, D-40479 D?sseldorf. VR 11482 D?sseldorf
Vorstand: W.Koch, M.Gollowitzer, A.Heinecke. Mail: board@gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779. Tel: +49-2104-4938799
Re: openpgpkey-control : WKD website content management [ In reply to ]
On 2020-01-13 at 12:29 +0100, Andre Heinecke wrote:
> That is great! Thank you.
>
> I have added it to the WKD Hosting page in the wiki as a start.
> https://wiki.gnupg.org/WKDHosting

Thanks for that. :)

In case it's of interest, it's grown a little. I don't intend to bother
the list repeatedly about this, but since it's useful and open source,
built around GnuPG, I'm going to do so this once more.

The repo is currently authoritative not just for my own domains but for
"exim.org" too. We can fork for Exim just as soon as another maintainer
wants to deal with this book-keeping. :-D

As well openpgpkey content areas, it now also generates DNS zonefile
fragments for the domain, in a stable output order (diff minimization)
and can create "key bundles", which are sets of keys which are an
export-clean export from a keyring containing only the keys in the
bundle. Ie, "minimal plus cross-sigs between present keys". This is
the process I've been using for a while for making
<https://downloads.exim.org/Exim-Maintainers-Keyring.asc>. Before I
just did it manually, but now a tool in the repo can make this. I think
this might be useful for other projects.

There's also a _demo_ Dockerfile/Caddyfile for creating a container
which can be used to implement the openpgpkey.example.org website. If
your org has a container hosting setup for production, this should help
with getting you "one more website" running in a manageable way.
Myself, I'm still using rsync to deploy to existing websites. There are
no plans to make docker a required tool; it's simply a demo which I hope
might be useful.

<https://github.com/PennockTech/openpgpkey-control>

-Phil