[csw-devel] SF.net SVN: opencsw:[497] catalog_signatures/README.csw

bdwalton at users.sourceforge.net bdwalton at users.sourceforge.net
Thu Jul 21 05:33:40 CEST 2011


Revision: 497
          http://opencsw.svn.sourceforge.net/opencsw/?rev=497&view=rev
Author:   bdwalton
Date:     2011-07-21 03:33:39 +0000 (Thu, 21 Jul 2011)

Log Message:
-----------
add an initial readme file.  more work to do there still

Signed-off-by: Ben Walton <bwalton at opencsw.org>

Added Paths:
-----------
    catalog_signatures/README.csw

Added: catalog_signatures/README.csw
===================================================================
--- catalog_signatures/README.csw	                        (rev 0)
+++ catalog_signatures/README.csw	2011-07-21 03:33:39 UTC (rev 497)
@@ -0,0 +1,43 @@
+This directory contains the scripts and configuration required to run
+the OpenCSW catalog signing daemon.
+
+bin/ -> scripts used for the daemon
+etc/ -> various configuration files
+etc/gpg -> gpg configuration and keys
+lib/ -> ruby library used by webrick
+tmp -> transient files and log files
+
+To start things up, run: signing_daemon
+
+It sets up some environment and then runs gpg-agent which calls
+screen.  Both gpg-agent and screen use configuration from etc/.
+
+The screen session is named gpg-daemon and it starts http_daemon_init
+on screen number 1.  This script 'warms up' the gpg passphrase by
+clear signing the primary webrick/httpd daemon script
+(http_gpg_daemon).  This will force a pinentry session to allow
+seeding the initial passphrase.
+
+The gpg-agent configuration in etc/gpg uses timeout_pinentry as the
+pinentry-program value.  This script uses gtimeout (from coreutils) to
+wrap the normal pinentry program with a timeout so it doesn't run
+forever.
+
+Once the passphrase is warmed up, a second screen session (on screen
+0) is started to run passphrase_verify which signs the http_gpg_daemon
+script every minute and generates an admin notice if this fails.
+Failure indicates that the passphrase has timed out.
+
+The key administrators, upon receiving the notice should run
+reset_passphrase to get things going again.
+
+
+Required Packages:
+CSWbash (for scripts)
+CSWscrn (for screen)
+CSWgnupg (for gpg)
+CSWpineentry (for pinentry)
+CSWgnupg-agent (for gpg-agent)
+CSWruby (for http_gpg_daemon via webrick)
+CSWcoreutils (for gtimeout)
+


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


More information about the devel mailing list