[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pgp.uni-mainz.de Takedown
|
From: |
Andrew Gallagher |
|
Subject: |
Re: pgp.uni-mainz.de Takedown |
|
Date: |
Wed, 8 Jun 2022 09:42:48 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0 |
On 24/05/2022 17:55, Christoph Martin wrote:
> If I understand correctly, Hockeypuck would have the same issues with
> GDPR and key remove request. Please correct me if I am wrong.
Hockeypuck is (since v2.1) capable of dealing with key deletion
requests, however the interface to do so is not particularly friendly.
In the interests of easier administration, I have written a command line
tool (attached below) to automate the database deletion process (I hope
to PR it into hockeypuck upstream shortly).
The tool assumes that you are using the docker-compose/standalone
deployment technique, although it should be straightforward to modify
for use in other contexts (just edit the SQLCMD definition).
Remember that you must also add the fingerprint(s) to the blacklist in
hockeypuck.conf. It is best to do this before deleting, in case the
offending key gets re-added in the interim. Blacklisting without
deletion merely blocks updates to the key; it does not block the key
entirely.
```
[hockeypuck.openpgp]
blacklist=[
"DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF",
...
]
```
Then to delete the key(s) just pass the fingerprint(s) to the tool as
command line parameter(s):
```
./delete-keys.bash DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF [...]
```
Note that this does not delete the PTree entry, so in the case of
accidental deletion you will need to ptree-rebuild in order to sync
properly again.
A
delete-keys.bash
```
#!/bin/bash
# Delete keys from the Hockeypuck postgres database by fingerprint
set -euo pipefail
if [[ ! ${1:-} ]]; then
cat <<EOF
Usage: $0 FINGERPRINT [FINGERPRINT ...]
EOF
exit 1
fi
# Uncomment and edit one of the below for your postgres installation
# for docker-compose/standalone default configuration
SQLCMD="docker exec -i standalone_postgres_1 psql hkp -U hkp"
# for docker-compose/dev default configuration
#SQLCMD="docker exec -i hockeypuck_postgres_1 psql hkp -U docker"
# for non-docker postgres, e.g.
#SQLCMD="psql hkp -U hkp"
reverse_fp() {
# print the input string in reverse order
input=$1
while [[ $input ]]; do
echo -n "${input: -1}"
input="${input%?}"
done
echo
}
reverse_fplist() {
local rfplist
for fp in "$@"; do
rfp=$(reverse_fp "${fp,,}") # fold to lowercase and reverse
if [[ ${rfplist:-} ]]; then
rfplist="$rfplist, '$rfp'"
else
rfplist="'$rfp'"
fi
done
echo "$rfplist"
}
rfplist=$(reverse_fplist "$@")
$SQLCMD <<EOF
delete from subkeys where rfingerprint in (${rfplist});
delete from keys where rfingerprint in (${rfplist});
EOF
```
OpenPGP_signature
Description: OpenPGP digital signature
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: pgp.uni-mainz.de Takedown,
Andrew Gallagher <=