openpgpkey-control : WKD website content management
Phil Pennock
gnupg-devel at spodhuis.org
Mon Jan 20 02:22:20 CET 2020
On 2020-01-13 at 12:29 +0100, Andre Heinecke wrote:
> That is great! Thank you.
>
> I have added it to the WKD Hosting page in the wiki as a start.
> https://wiki.gnupg.org/WKDHosting
Thanks for that. :)
In case it's of interest, it's grown a little. I don't intend to bother
the list repeatedly about this, but since it's useful and open source,
built around GnuPG, I'm going to do so this once more.
The repo is currently authoritative not just for my own domains but for
"exim.org" too. We can fork for Exim just as soon as another maintainer
wants to deal with this book-keeping. :-D
As well openpgpkey content areas, it now also generates DNS zonefile
fragments for the domain, in a stable output order (diff minimization)
and can create "key bundles", which are sets of keys which are an
export-clean export from a keyring containing only the keys in the
bundle. Ie, "minimal plus cross-sigs between present keys". This is
the process I've been using for a while for making
<https://downloads.exim.org/Exim-Maintainers-Keyring.asc>. Before I
just did it manually, but now a tool in the repo can make this. I think
this might be useful for other projects.
There's also a _demo_ Dockerfile/Caddyfile for creating a container
which can be used to implement the openpgpkey.example.org website. If
your org has a container hosting setup for production, this should help
with getting you "one more website" running in a manageable way.
Myself, I'm still using rsync to deploy to existing websites. There are
no plans to make docker a required tool; it's simply a demo which I hope
might be useful.
<https://github.com/PennockTech/openpgpkey-control>
-Phil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 996 bytes
Desc: Digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20200119/eb8d0c4c/attachment.sig>
More information about the Gnupg-devel
mailing list