Commits · 51220e51867946cf53d165d3dd11dc3d3f627524 · Arch Linux / Arch Linux Keyring

Feb 10, 2025
- Extend bertptrs packager key · 51220e51
  Bert Peters authored 1 month ago and David Runge committed 1 month ago
  
  Verified
  
  51220e51
- fix(mypy): Rename variable preventing (wrong) redefinition detection · d6acce77
  David Runge authored 1 month ago
  
  Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  d6acce77
- fix: Format code using black · 51aa4eb0
  David Runge authored 1 month ago
  
  Due to the linter check not running in merge request pipelines, this has not been caught in 2cfc9d2e. Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  51aa4eb0
Jan 28, 2025

fix(tests): sequoia-sq 1.0 compat: avoid reusing file handles · 1dc5f514

Levente Polyak authored 1 month ago

Previously we opened a temporary file handle and have used this handle
in multiple stages during creating a revocation certification, which has
worked so far. Since latest sequoia, the passed file does not seem to be
truncated but unlinked before being written to, which means our cached
file handle is not valid anymore and subsequent truncation and write
operations will point into the void instead of the inode currently used
for the specific path. This lead to the actual certificate containing
the revocation to never be written to the expected path, which means the
keyring tooling has never picked up this packet.

Stop relying on this behavior and instead just write to a handle once
and create a new file for any further stages where we need to write
a certificate to the filesystem.

Signed-off-by: Levente Polyak <anthraxx@archlinux.org>

Verified

1dc5f514

fix: Adapt to sequoia-sq > 1.0 CLI API · 2cfc9d2e

David Runge authored 1 month ago and

Levente Polyak committed 1 month ago


Sq once more shuffled its interface around by removing the previously
introduced toolbox subcommand again.
We now add `--home none` and `--cert-store none` for all sq calls to
ensure to hopefully not use a stateful interface.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Verified

2cfc9d2e

Jan 23, 2025
- Add anthraxx signature for carsme · 3484c5cb
  Levente Polyak authored 2 months ago
  
  Verified
  
  3484c5cb
- feat: Export all certificates that track a specific UserID · 745cfcbb
  David Runge authored 2 months ago
  
  Allow downloading all certificates of a UserID, so that users are able to get to old ones and those used in parallel as well. Signed-off-by: David Runge <dvzrv@archlinux.org>
  View commits for tag 20250123.1 20250123.1 Verified
  
  745cfcbb
Jan 22, 2025
- Add anthraxx signature for mh4ckt3mh4ckt1c4s · 297d64a4
  Levente Polyak authored 2 months ago
  
  View commits for tag 20250123 20250123 Verified
  
  297d64a4
Dec 04, 2024
- Add artafinde's signature for mh4ckt3mh4ckt1c4s · 39176ba5
  Leonidas Spyropoulos authored 3 months ago
  
  Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
  Verified
  
  39176ba5
Dec 03, 2024
- Add certification from dvzrv for mh4ckt3mh4ckt1c4s · 7f48d318
  David Runge authored 3 months ago
  
  Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  7f48d318
- Add demize's signature for mh4ckt3mh4ckt1c4s · f2a91ee1
  Johannes Löthberg authored 4 months ago and David Runge committed 3 months ago
  
  Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
  Verified
  
  f2a91ee1
- Add new packager key for mh4ckt3mh4ckt1c4s · f18f7608
  Quentin Michaud authored 4 months ago and David Runge committed 3 months ago
  
  Verified
  
  f18f7608
Nov 29, 2024
- Extend expiry of alex19EP's key · a29a73ac
  Alexander Epaneshnikov authored 3 months ago and Christian Hesse committed 3 months ago
  
  fixes #275
  View commits for tag 20241203 20241203
  
  a29a73ac
- fix: Add Kyle's archlinux.org UID · 687e85fb
  Wiktor Kwapisiewicz authored 3 months ago
  
  This UID is present on the mumble server and when the sync services tries to refresh Kyle's certificate using archlinux.org WKD it fails. Add the missing User ID which will then be exported via WKD. Reported-by: Christian Heusel Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
  Verified
  
  687e85fb
- Extend expiry of bgyorgy's key · f2af6ab4
  Balló György authored 4 months ago and David Runge committed 3 months ago
  
  Closes #276
  Verified
  
  f2af6ab4
Nov 11, 2024

fix(sq): Adjust test to expected system call · 4985dd8b

David Runge authored 4 months ago


In 1b5d2bdd the invocation for packet
dump has changed, but the expected system call for the test had not.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Verified

4985dd8b

Nov 01, 2024

fix: Adapt use of sq to sequoia-sq 0.39.0 · 1b5d2bdd

David Runge authored 4 months ago


Add various fixes, as
- the output format of `sq toolbox packet split` changed (again)
- the CLI of `sq toolbox packet split` changed (again)
- the useless warning message on stderr now covers two lines and
  interferes with parsing of `sq toolbox packet dump` output
- the global option `--force` was renamed to `--overwrite`
- the `sq key generate` subcommand introduced a mandatory `--rev-cert`
  option
- the `pki certify` subcommand was moved to `pki vouch certify` and
  introduced mandatory options for our use-case (`--certifier-file`,
  `--cert-file`, `--userid`)

Signed-off-by: David Runge <dvzrv@archlinux.org>

Verified

1b5d2bdd

Oct 23, 2024

feat: Build and inspect WKD when testing · 3f14a828

David Runge authored 5 months ago and

Christian Hesse committed 5 months ago

Add `build` target to .PHONY targets so that it is actually run when
only calling `make wkd`.

Fixes: #258


Signed-off-by: David Runge <dvzrv@archlinux.org>

3f14a828

feat: Switch to wkd-exporter for exporting WKD directory · cba8938c

David Runge authored 5 months ago and

Christian Hesse committed 5 months ago


As sequoia-sq >= 0.38 breaks our use-case of exporting a keyring to a
WKD directory structure, we switch to the simpler `wkd-exporter`.

In addition to all `archlinux.org` User IDs, we now also export all
`master-key.archlinux.org` User IDs.

The `wkd-exporter` tool omits the creation of the `.well-known`
directory, as the dedicated `openpgp` directory in it is the relevant
bit. Therefore we adjust (the use of) `WKD_BUILD_DIR` accordingly.

Signed-off-by: David Runge <dvzrv@archlinux.org>

cba8938c

fix(libkeyringctl): Generate OpenPGP key without password · 60480f5f

David Runge authored 5 months ago and

Christian Hesse committed 5 months ago


When calling `sq key generate` also pass in `--without-password`, as
otherwise an interactive prompt is spawned.
The default has changed in 0.38.0.

Signed-off-by: David Runge <dvzrv@archlinux.org>

60480f5f

Oct 15, 2024
- Add certification from anthraxx for ptr1337 · 8439a4ad
  Levente Polyak authored 5 months ago
  
  View commits for tag 20241015 20241015 Verified
  
  8439a4ad
Oct 12, 2024
- Add demize's signature for ptr1337 · 49a3477a
  Johannes Löthberg authored 5 months ago
  
  Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
  Unverified
  
  49a3477a
Oct 02, 2024
- Add artafinde's signature for ptr1337 · e8b3c22b
  Leonidas Spyropoulos authored 5 months ago
  
  Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
  Verified
  
  e8b3c22b
Oct 01, 2024
- Add certification from dvzrv for ptr1337 · ee66c4f1
  David Runge authored 5 months ago
  
  Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  ee66c4f1
- Add new packager key for ptr1337 · 4f169b8a
  Peter Jung authored 6 months ago
  
  Signed-off-by: Peter Jung <admin@ptr1337.dev>
  Unverified
  
  4f169b8a
Sep 18, 2024
- Extend expiry of polyzen's key · 81353e83
  Daniel M. Capella authored 6 months ago
  
  Verified
  
  81353e83
Aug 23, 2024
- Add artafinde's signature for seblu · 951ce013
  Leonidas Spyropoulos authored 7 months ago
  
  Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
  Verified
  
  951ce013
Aug 17, 2024
- Add artafinde's signature for bgyorgy · 9e229749
  Leonidas Spyropoulos authored 7 months ago
  
  Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
  Verified
  
  9e229749
Aug 14, 2024

feat: Add revocation certification for bluewind's packager key · 21ba59d2

David Runge authored 7 months ago

Add revocation certification for the bluewind@archlinux.org User ID on
bluewind's packager key.

Related to #268



Signed-off-by: David Runge <dvzrv@archlinux.org>

Verified

21ba59d2

Aug 13, 2024

fix: Adapt use of sq to sequoia-sq 0.37.0 · 14343175

David Runge authored 7 months ago


As something has again been changed in some sq subcommand, we need to
adapt library and tests.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Verified

14343175

Jul 17, 2024

fix(README.md): Remove bluewind from list of project releasers · 039268c0

David Runge authored 8 months ago


As bluewind is leaving the project, he can no longer craft releases for
the archlinux-keyring.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Verified

039268c0

fix(.gitlab/CODEOWNERS): Simplify codeowners file · ea0f3e2a

David Runge authored 8 months ago


Just assign everything to the main-key-holders group.
There is not much sense in being more specific and currently the file
does not seem to do anything.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Verified

ea0f3e2a

fix(.gitlab/): Do not break long lines · a9b15b04

David Runge authored 8 months ago


It is easier to modify text and review changes to singular lines and not
deal with (changing) line breaks in prose documents, than it is to deal
with them.
Text editors are able to do linewraps and as such long lines should not
be a problem.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Verified

a9b15b04

fix(.gitlab/): Move all links to the bottom · 18f6d8e4

David Runge authored 8 months ago


Not adding full links to the text but to the bottom is easier to read
and review.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Verified

18f6d8e4

Jul 15, 2024

fix(.gitlab/issue_templates/): Adjust minimum required main signers · f84563f8

David Runge authored 8 months ago


Raise the minimum group size of main signing keys from three to four.
If only three main signing keys are left, each of them becomes a
liability. If four or more main signing keys are left, this becomes
less problematic.

Signed-off-by: David Runge <dvzrv@archlinux.org>

Verified

f84563f8

fix(.gitlab/issue_templates): Remove bluewind from templates · ede916fd

David Runge authored 8 months ago

As bluewind resigned as main signing key holder, they should not be used
in the GitLab issue templates anymore, see:
#269



Signed-off-by: David Runge <dvzrv@archlinux.org>

Verified

ede916fd

Jul 09, 2024
- Add dvzrv's revocation of third-party certification for escondida · e159442b
  David Runge authored 8 months ago and Christian Hesse committed 8 months ago
  
  Signed-off-by: David Runge <dvzrv@archlinux.org>
  View commits for tag 20240709 20240709 Verified
  
  e159442b
- Add dvzrv's revocation of third-party certification for maximbaz · ac06d11a
  David Runge authored 8 months ago and Christian Hesse committed 8 months ago
  
  Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  ac06d11a
- Add artafinde's signature for anonfunc · a44dd123
  Leonidas Spyropoulos authored 8 months ago and David Runge committed 8 months ago
  
  Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
  Verified
  
  a44dd123
- Add dvzrv's third-party certification for anonfunc · b98350d2
  David Runge authored 8 months ago
  
  Signed-off-by: David Runge <dvzrv@archlinux.org>
  Verified
  
  b98350d2

Admin message