Re: Convenient access to Debian keyrings
- Date: Sun, 2 Apr 2017 11:29:22 +0800
- From: Paul Wise <pabs@xxxxxxxxxx>
- Subject: Re: Convenient access to Debian keyrings
On Sun, Apr 2, 2017 at 7:06 AM, gregor herrmann wrote:
> % crontab -l | grep debian-keyring
> 30 17 * * * /usr/bin/rsync -rlptDq "keyring.debian.org::keyrings/keyrings/*.gpg" /home/gregoa/.gnupg/debian-keyring
The rsync protocol is unencrypted, I'd suggest switching this to SSH
(one colon instead of two). You could also use rsync over TLS on port
1873 (uses the same cert as via http). I couldn't easily work out how
to do it with stunnel but the following works with socat. I thought
there was also a way to verify the keyring when it was at rest but
can't find where I saw that.
rsync --rsh 'sh -c "socat OPENSSL:keyring.debian.org:1873 STDIO"'