@nickgnazzo's GPG rollup

playbooks/roles/gpg/files/4AE8DA82.putty@projects.tartarus.org.asc

@@ -0,0 +1,35 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBFt5Z2QBDADj1NG9wXQ9ZicIaCwlLHbFHFwUSzNwt2wBgzBbn/QXSKcsZnCQ
+W3spJ/hdHtpWTwTTE56JK4pwjPpXNO4+awkvQKgzaE7P8Sk1x5NH0tprKcYIZq4V
+nkIUAym6KBrVHJGuS1H4MVuEmi3JqzIDBYbub6NRwY7R6lGg4R+kS4jI7Mhz42cy
+PTy93sX1W82oKwTI40bSp3Mg4sF0mfXYU6h1iDtVDp54S9bi1iEqTkzjPB30OC8t
+t9roCb88ppF3dbmSbfPe4pQAxvm/3Ky++bsaQY9FJyNxdHw0Smcw9fTaD51tuIrI
+SeJ8YbNKEfSPr7094VxaSIKdY2JHvB4k9AcSCC2VJNAbsV48LzprWKEob7FLqhbC
+l0hvfK6QPkfrbpIq2BVeIQC5zMYyKMU8BRdEB60DQCBW/xUjO9f6PK7ZbSu1GVew
+Eb+15BLTXP7PTTfDGkJsxN4NFFp28lFQRazogVJ/oQHk8AFaMRn9ZEeQazGmq+qa
+EjcJTEY9D4HAHnkAEQEAAbQsUHVUVFkgUmVsZWFzZXMgPHB1dHR5QHByb2plY3Rz
+LnRhcnRhcnVzLm9yZz6JAdQEEwEIAD4WIQTic5Sso/nZBJUi4FRiiaJfSujaggUC
+W3lnZAIbAwUJBbdhAAULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBiiaJfSuja
+gp43DACjSe2OD3pOVkBJTpzV7cwN1huB1580kxW2JRxgsvtKEag5MK2NG0tW5MTT
+yRQcKsH7Nbnb6aCNbISVD49+WNZgna+g3mfYn7ITqWL7LqpF1sr3SyVkXZhQDCgc
+bA5MRCzJttboDA7hGyg7lMu6hkG88H7zZkuxL1/hMqzwhHe8+o5lssRKajyWbvfR
+lEvRNBalBSl7Ntwxpf6Kzmc3JxzRQ9J0DYcJNaEH3wr7JAMucVBTjU8b+R9iDKP2
+FIxfMmxfTG1/j8nnG8QwNlPmGO+jyVZGWzA9MxM8gaKuJM8dipErQnu8kDu8vvNw
+KS2rg73c9jqjw3g4hirZzAlO9swV+irmi8hySDdRLjCI+AzfWir07ppjr6NS6pgm
+OLI4KtRosrfKxWs9VKt/DXXWK6vzYMX3D+snJ4BCn5+sJPNGMoHs5QwLSJqNvPox
+9K2D+ay+D1zGs8t5SoA7y/f6/vonanrbk4YtNg1kEm4FJgK43gVDStnFUYTPR4Fi
+ovUjm4GJAjMEEAEIAB0WIQQk4bHFdeo8n/dSqSJ2vH/k6/0tngUCW3lo9AAKCRB2
+vH/k6/0tnow3D/950w6E5h8Rw4C1iZJjJOAPljdsOc/OBkb+p1RUzMF0c0VUvKl+
+QzLmRY34a02mZKARpJYaEezZJ+BaVr0hDsfits2sAgsHkNu7I1P7q/JoJO+hpUA6
+A65C2qacZfOn9tgegw6TnB68s0F8YcKTVSFbRxCNbp9mAEkv0xpz2TdNOsU2fFLT
+o4EXM06Pv+KEbukMo8sQP48DlSpTKJoQ5RUahkOUhr7Ml+cRaxIefXob5dq4W+/m
+WsH9AUjccGy7VTf5/RxZ6AO03KOXizciCMzxnjDukq6xMBOZkcJ4SlD72LQNFiov
+2DL3taJrjwS67FEPf4BpXfJ9al2K0ZQgY51psVjcKvpgmXuFYDO1STJBAvnFnCSH
+IiC3rSM2LxEVdz9jNOF8TOjtMfnGh0FCz99M/1bwDAJk+iHyUZ9ydCzI2w/Ut4QZ
+fxMIIgT1yK/nxMDAKwPOuVN0T0JYcc9LNVB+3Z93qDusae9GN3JRNRVq8pOCqyMT
+Y2hkyLkCPScS4PDkw57GTK5SHb7OYR+Qo6KGQo9bNbWcF0gWjsFkF4/7MckCfvoR
+Tie4nmZdVYZvih9YZBwwheR5mCC/z0yRYh59gWSl0dkSshCdgHrN9caLheeJC6Gq
+ET7F9zplL1YgkZWXFELPyAnBctJy8iVQW9l5r5da9ru/Uwby6rZkfqyXbQ==
+=5Mif
+-----END PGP PUBLIC KEY BLOCK-----

playbooks/roles/gpg/templates/dirmngr.conf.j2

@@ -1 +1,2 @@
 keyserver {{ streisand_gpg_keyserver_address }}
+hkp-cacert /etc/ssl/certs/{{ streisand_gpg_keyserver_root_ca }}

playbooks/roles/gpg/vars/main.yml

@@ -5,6 +5,11 @@ root_gpg_dir: "/root/.gnupg"
 # Keep Streisand's GPG cruft out of the way
 streisand_gpg_dir: "{{ root_gpg_dir }}/streisand"
 
+# GPG Keyserver's Root CA Cert
+# Currently the keyserver is using an Amazon certificate, whose root CA is signed
+# by "Starfield Services", which should be available by default in /etc/ssl/certs
+streisand_gpg_keyserver_root_ca: "Starfield_Services_Root_Certificate_Authority_-_G2.pem"
+
 # Where is the Streisand specific GPG keyring kept?
 streisand_gpg_keyring: "{{ streisand_gpg_dir }}/pubring.gpg"
 
@@ -16,7 +21,7 @@ streisand_default_gpg_flags: "--no-default-keyring --keyring {{ streisand_gpg_ke
 # built into the GNUPG distribution, so we don't need to specify a CA cert
 # explicitly in a dirmngr config if we stick with this particular pool.
 # By default use HKP over HTTPS to the SKS Keyserver pool
-streisand_gpg_keyserver_address: "hkps://hkps.pool.sks-keyservers.net"
+streisand_gpg_keyserver_address: "hkps://gpg.mozilla.org"
 
 # The default timeout is 30s, we use something larger
 streisand_gpg_timeout: "120"
@@ -34,7 +39,7 @@ streisand_bootstrap_gpg_keys:
   # Tor browser release signing key
   - [email protected]
   # PuTTY release signing key
-  - B43434E4[email protected]
+  - 4AE8DA82[email protected]
   # Stunnel release signing key
   - [email protected]
   # Streisand maintainer - Github @cpu

playbooks/roles/openvpn/vars/mirror.yml

@@ -16,7 +16,7 @@ openvpn_windows_installer_sig_filename: "{{ openvpn_windows_installer_filename }
 openvpn_windows_installer_href:         "{{ openvpn_mirror_href_base }}/{{ openvpn_windows_installer_filename }}"
 openvpn_windows_installer_sig_href:     "{{ openvpn_mirror_href_base }}/{{ openvpn_windows_installer_sig_filename }}"
 
-openvpn_gpg_keyid: "AF131CAE"
+openvpn_gpg_keyid: "5ACFEAC6"
 openvpn_download_files:
   - { "file": "{{ openvpn_source_filename }}", "sig": "{{ openvpn_source_sig_filename }}" }
   - { "file": "{{ openvpn_windows_installer_filename }}", "sig": "{{ openvpn_windows_installer_sig_filename }}" }

playbooks/roles/ssh-forward/vars/mirror.yml

@@ -12,7 +12,7 @@ putty_href: "{{ ssh_mirror_href_base }}/{{ putty_filename }}"
 # download-and-verify.yml renames files with non-standard extensions
 putty_sig_href: "{{ ssh_mirror_href_base }}/{{ putty_filename }}.asc"
 
-putty_gpg_keyid: "B43434E4"
+putty_gpg_keyid: "4AE8DA82"
 putty_download_files:
   - { "file": "{{ putty_filename }}", "sig": "{{ putty_sig_filename }}" }
 

playbooks/roles/tor-bridge/vars/mirror-download.yml

@@ -18,7 +18,7 @@ tor_browser_bundle_linux32_sig_filename: "{{ tor_browser_bundle_linux32_filename
 tor_browser_bundle_linux64_filename: "{{ tor_linux64_filename_base }}_{{ locale }}.tar.xz"
 tor_browser_bundle_linux64_sig_filename: "{{ tor_browser_bundle_linux64_filename }}.asc"
 
-tor_signer_keyid: "C3C07136"
+tor_signer_keyid: "D9FF06E2"
 
 tor_download_files:
   - { "file": "{{ tor_browser_bundle_windows_filename }}", "sig": "{{ tor_browser_bundle_windows_sig_filename }}" }