bwalton at opencsw.org
Wed Jul 13 04:03:55 CEST 2011
Excerpts from Maciej Bliziński's message of Mon Jul 11 05:55:36 -0400 2011:
> 2011/7/11 Ben Walton <bwalton at opencsw.org>:
> > I misinterpreted what you meant here. Yes, a cron job on the private
> > host running as the same uid as the daemon could sign some file and
> > verify it. If this fails, mail would be sent.
> Yup, that's the idea I had.
Ok, here's what I've got:
1. A screen session gets started with two screens. One screen runs
the signing daemon and the other a verification script.
2. The signing daemon creates a gpg-agent process and saves the info
for use by other programs. It then runs the restful web agent.
3. The verification script tries to encrypt the signing daemon script
every minute. If it fails, it will generate an alert and wait for
4. Operator intervention will take the form of a script that connects
to the verification screen to accept the passphrase again.
Until the passphrase times out, you can test the restful interface by
detachsign is also an option as is unstable in place of current.
If this is run on a private host where all gpg files reside on
host-local storage and the mirror tree is shared to this host so it
can see the catalog files to sign, we should be in reasonable shape as
long as we trust the nfs share...
We'd need to make the signing agent sign catalog.update or catalog.new
or something instead of catalog as presumably catalog would be the
previously clear signed file. (I'm still happy to see clear signed
catalogs go away in favour of a detached signature.)
I still have some error handling and logging to take care of, but I
think the proof of concept is in good shape now.
Systems Programmer - CHASS
University of Toronto
C:416.407.5610 | W:416.978.4302
More information about the maintainers