Web lists-archives.com

Re: Convenient access to Debian keyrings




On Sun, Apr 2, 2017 at 7:06 AM, gregor herrmann wrote:

> % crontab -l | grep debian-keyring
> 30 17 * * * /usr/bin/rsync -rlptDq "keyring.debian.org::keyrings/keyrings/*.gpg" /home/gregoa/.gnupg/debian-keyring

The rsync protocol is unencrypted, I'd suggest switching this to SSH
(one colon instead of two). You could also use rsync over TLS on port
1873 (uses the same cert as via http). I couldn't easily work out how
to do it with stunnel but the following works with socat. I thought
there was also a way to verify the keyring when it was at rest but
can't find where I saw that.

rsync --rsh 'sh -c "socat OPENSSL:keyring.debian.org:1873 STDIO"'
keyring.debian.org::keyrings .

-- 
bye,
pabs

https://wiki.debian.org/PaulWise