Getting Alerted on Expiring GPG Keys

GnuPG is a powerful cryptographic tool that enjoys widespread support by F/LOSS mail user agents. However, due to a lack of conventional public key management it is plagued by key-related issues. One such issue is the expiry of GnuPG keys, which often goes unnoticed by affected messaging partners until such time when it actually disturbs messaging between them.

The way user agents handle key expiry situations can roughly be described as follows:

(i) If the GnuPG key of a sender of a message is expired, user agents can not regard it as valid, and the attempt to sign the message using the sender’s key will fail. Once the GnuPG key of a user has expired the user will realize this situation without an external alerting mechanism only when trying to sign a message.

(ii) If the GnuPG key of an intended recipient of a message is expired, user agents can not regard it as valid; the attempt to encrypt a message using an expired key of a recipient will fail. Also, the sending of an encrypted message to multiple recipients, where a subset of the recipients feature expired public keys, can be blocked. Other users will realize this situation once they try to send an encrypted message to the user in question.

In the proposed setup specific GnuPG keys (specified using a list of key IDs) stored in ~/.gnupg are scanned periodically. The scan is repeated daily, at 11 A.M. local time (which can be changed to whatever systemd timers support). The tolerated remaining validity will be set to „more than 30 days“ (this, too, can easily be set to a different value).

Weiterlesen … »

Installing r10k on a Foreman Server

The following occurred to me on a recent version of Foreman (i used 3.9) on a recent version of Red Hat, Alma or Rocky Linux 8 (i used 8.9). I wanted to use r10k for management of Puppet environments. When i attempted installation of r10k

/opt/puppetlabs/puppet/bin/gem install r10k

i got the following error

/opt/puppetlabs/puppet/bin/gem install r10k
ERROR: Error installing r10k:
       The last version of faraday (~> 2.0) to support your Ruby & RubyGems was 2.8.1.
       Try installing it with `gem install faraday -v 2.8.1` and then running the
       current command again

Some background: „Faraday“ is a Ruby HTTP client library and is used by r10k for accessing the Puppet Forge. The problem is that foreman still ships with Ruby 2.7, and recent versions of Faraday are not compatible with this (outdated) version of Ruby.

At the time of writing, Foreman is not compatible with Ruby 3 in general, preventing an upgrade, but an effort in that regard is underway on behalf of the Foreman developers. See here for remaining issues: Foreman Tracker #32684 „Ruby 3.0 support“.

Bottom line, the following kludge is a workaround that can be expected to go away in the foreseeable future:

/opt/puppetlabs/puppet/bin/gem install faraday -v 2.8.1
/opt/puppetlabs/puppet/bin/gem install r10k

 The Noise

Playing the digital synthesizers:

 Da Synths II

It was time to upgrade the digital synthesizers.

Redirect PulseAudio/PipeWire over TCP/IP network

If you have two Linux hosts, host1 and host2, both running PulseAudio (or Pipewire with PulseAudio backwards compatibility) and you want host2 to use the speakers on host1, then you can use a PulseAudio TCP server on host1 and a „tunnel sink“ on host2 to do that.

Weiterlesen … »

WordPress Plugin to embed Gitea Repositories

I ported the WordPress plugin providing shortcodes for embedding Gitlab projects into posts and pages to a Gitea version.

Below is a usage example, displaying the latest 3 commits and the latest release (if any) from repository „linuxfoo-gitea“ on my Gitea instance:

[gitea-show-project url="https://tk-sls.de/git" project_owner=tk-sls.de project_repo=linuxfoo-gitea max=3 releases=latest]
Gitea project linuxfoo-giteaLast 3 commits: by root: 35962433 correct json pat to commit message by root: fccb7dd5 correct message formatting by root: 19f52bfb correct class namesLatest release: v1.0.0

Weiterlesen … »

PiKVM on an OrangePi Zero 2

The OrangePi Zero 2 H616/1GByte is capable of running PiKVM. I find this an interesting development, because if i only want the KVM functionality, a full-blown Raspberry Pi 4 with all its CPU resources, multiple Gigabytes of RAM and peripheral devices seems somewhat of an overkill. I am aware that the latest official PiKVM, the V4Plus uses a Raspberry Pi Compute Module with 2 GB RAM, but mine is still smaller. 🙂

Weiterlesen … »

Print all indented Lines following a non-indented Line

Some configuration and output text formats contain sections like the following:

foo:
   value1
   value2
bar:
   value 3

In this article, two scripts are presented that print all consecutive indented lines that follow a non-indented line that matches a search pattern given by a regular expression.

This means, given the single argument foo and the standard input above, the scripts should

  • determine the line that matches foo and
  • print the following two lines, but no other lines.

Also, the indentation of the printed lines should be removed.

Weiterlesen … »