copr-dns-update

Created 5 years ago
Maintained by msehnout
Store public GPG keys in DNS for automatic verification in dnf
Members 1
Martin Sehnoutka committed 5 years ago

DNS Update service for COPR

Features:

  • Holds configuration for dynamic DNS (server IP, secrets)
  • Provides web API for the keygen service (?)
  • Logging

Design:

  • Frontend API written using Flask
  • Backend using nsupdate utility

How to run:

# Run the dev. env.
$ vagrant up
# Submit update (This will come from the keygen service)
$ curl -d '@test/example-input.json' -H "Content-Type: application/json"  -X POST http://192.168.99.10:5000/upload
{
  "result": "success"
}
# Verify, that the key is available in DNS
$ dig 96d9632f363564cc3032521409cf22a852f2032eec099ed5967c0d00._openpgpkey.copr.fedora.org @192.168.99.100 OPENPGPKEY
...

# Some tips:
# Watch logs from the application
$ vagrant ssh -c 'watch tail /app/output' updateservice
# Watch journal output of the bind DNS server
$ vagrant ssh -c 'sudo journalctl -xe --unit named --follow' server
# Sync. files automatically while programming the application.
# Flask is set to restart itself on any file change.
$ vagrant rsync-auto updateservice