muellert / keysigning Goto Github PK

This repository contains the voodoo that is used to run FOSDEM keysigning
events.  It is shared on github so that people requesting features can just
implement them themselves.  Perhaps our infrastructure is also useful to
others organizing similar events?

There is no particular order here.  This all grew organically over years of
organizing FOSDEM keysigning events.  Parts were written by FOSDEM, parts by
others.  Most files have a licence block.  Files without a licence block are
placed in the public domain.

Share and enjoy!

 - Philip Paeps <[email protected]> 20120131

Table of contents (roughly):
----------------------------

Scripts
-------

 o kspd.pl -- key submission server.
   Start this as user ksp on apeiron.fosdem.org:
     su -s /bin/sh -c "/var/ksp/kspd.pl" ksp
   Writes received keys to keys/* with filename keyid.
   Refuses submissions if a kspd.lock file is present.

 o klist.sh -- key list generator.
   Generates a pretty-printable list of keys from the
   keys in keys/* and klist.head.  Uses kstats.pl to
   add some statistics for every key.

 o kstats.pl -- key statistics.
   Looks up statistics for every key.  Used internally
   by klist.sh.  Probably shouldn't be touched. :-)

 o subgraph.pl -- graph submissions.
   Hackish script to throw submissions-per-day into
   rrdtool to prove procrastination by participants.
   
   - Runs as a cronjob on apeiron.fosdem.org
   - Bails out if it finds a kspd.lock

Miscellaneous
-------------

 o htdocs/ contains symlinks to the submission scripts
   for anyone who wants to review them (what fun!).

 o Use paps --columns=2 --font=Monospace\ 5 ksp-fosdemXXXX.txt
   to print the keylist.


TODO / nice to have
-------------------

 o Sort the keylist somehow, to avoid people with multiple keys to
   either be at 2 places in the row at once, or having to flip back
   and forth between pages.
   Sorting by name might not do it ( first/last name ordering, ...)
   Sorting by submit timestamp?
   - See 48b53c209d9ff5c82528e961bf0552d66378caa6

 o Have kspd listen on IPv6 as well
   - HTTP::Daemon is a subclass of IO::Socket::INET and will
     probably never get IPv6 support (though ugly patches do exist).
   - It should not be too difficult to write our own, but ... meh.
   - In the mean time, we have a socat proxy:
     % socat TCP6-LISTEN:11371,bind=ksp.fosdem.org,ipv6only,fork,su=ksp \
          TCP4:ksp.fosdem.org:11371

Sequence of events for a FOSDEM
-------------------------------

  Kickoff, mid-December:

    o Archive previous years state (mv to year directory)
      % mkdir $prevyear
      % mv {files,graphs,keys,output} $prevyear
      % mkdir files graphs keys output
    o Adjust the dates in subgraph.pl
      - Note that the 'start date' should be yesterday
    o Run subgraph.pl manually to bootstrap the graph
      % sudo -u ksp perl ./subgraph.pl
    o Remember to adjust the vhost configuration
      - / should redirect to /keys, not /files
    o Remember to remove the kspd.lock file
    o Send email (announce/0_announce.mail) to fosdem@
    o Update the dates in the keysigning: stanza of the
      website's config.yaml and regenerate the website

  List generation, week before FOSDEM:

    o Touch kspd.lock to stop submissions
    o Run klist.sh
    o Verify hashes with someone
    o Sign the list
    o Put in files/ksp-fosdemXXXX.txt{.asc}
      - Note: *not* the hashes file! This motivates people to verify
        the hashes themselves.
    o Also copy the keyring there

    o Send email (announce/1_list.mail) to fosdem@
    o Update event page (announce/1_list.html) in Drupal