Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redundant key server pools #504

Merged
merged 2 commits into from
Jul 22, 2019
Merged

Redundant key server pools #504

merged 2 commits into from
Jul 22, 2019

Conversation

ilammy
Copy link
Collaborator

@ilammy ilammy commented Jul 22, 2019

RVM installation added in PR #503 requires PGP keys used by RVM to be available. We pull those from a public key server pool. However, using just "pool.sks-keyservers.net" as recommended by RVM documentation seems to be too unreliable for CI setup. It works fine for singular installations, but when deployed to CircleCI pool-selected servers are often unavailable, time out, and break our builds. Instead of using a single server try multiple ones for each key that we wish to request.

@ilammy
Redundant key server pools
1371573 
Using just "pool.sks-keyservers.net" as recommended by RVM documentation
seems to be too unreliable for CI setup. It works fine for singular
installations, but when deployed to CircleCI pool-selected servers are
often unavailable, time out, and break our builds. Instead of using a
single server try multiple ones for each key that we wish to request.
@ilammy ilammy added the infrastructure Automated building and packaging label Jul 22, 2019
Lagovas
Lagovas reviewed Jul 22, 2019
View reviewed changes
.circleci/config.yml
for key in 409B6B1796C275462A1703113804BB82D39DC0E3 \
7D2BAF1CF37B13E2069D6956105BD0E739499BDB
do
for server in pgp.mit.edu keyserver.pgp.com ha.pool.sks-keyservers.net
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can you add a comment where you took these servers? for example some link like https://rvm.io/rvm/security

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure. That's exactly where I took them. I've added a comment.

@ilammy
Mention source for key IDs and key servers
d7aa65c 
This makes it easier to verify key IDs and update them as necessary
if importing the keys or the signature checks that follow start failing.
Lagovas
Lagovas approved these changes Jul 22, 2019
View reviewed changes
Copy link
Collaborator

@Lagovas Lagovas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@ilammy ilammy merged commit b99a2d7 into cossacklabs:master Jul 22, 2019
@ilammy ilammy deleted the keyserver-pools branch July 22, 2019 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vixentael vixentael vixentael approved these changes

@Lagovas Lagovas Lagovas approved these changes

Assignees
No one assigned
Labels
infrastructure Automated building and packaging
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ilammy @vixentael @Lagovas