Update key server URLs and decommission of sks-keyservers.net

[Aevyz]

Keyservers changed to reflect sks-keyservers.net no longer existing. The keyservers were modified to those of rvm.io, as can be seen here https://github.com/rvm/rvm-site/pull/345/files (Note: these changes have been committed, but the CI appears to be down so the changes are not on the website).

228

[stevenhaddox]

If this fixes the repeated timeout of 1+ minute for 2 keys every time the role is run, this gets a huge 👍🏻 from me (for what little that's worth). Thanks, @Aevyz.

[Aevyz]

@stevenhaddox

It should fix at least part of the issue, I don't know if something else might be slowing down the execution. As a temporary fix, you can manually set the rvm1_gpg_key_server and rvm1_gpg_key_servers to remove the failing URLs. Just set them to the values you see here

[thbar]

A helpful hint for those working behind corporate firewalls (like me): the default port is often blocked.

It is possible to override it to 80, though, which is often more open.

I'm using this at the moment (thanks @Aevyz for the PR which put me on the right track), with good success:

rvm1_gpg_key_servers:
  - hkp://keys.openpgp.org:80
  - hkp://keyserver.ubuntu.com:80

Support for alternate ports can (as I discovered) be verified this way:

gpg --keyserver hkp://keys.openpgp.org:80 --search-key 409B6B1796C275462A1703113804BB82D39DC0E3
gpg: data source: http://keys.openpgp.org:80
(1)   4096 bit RSA key 3804BB82D39DC0E3, created: 2014-10-28
Keys 1-1 of 1 for "409B6B1796C275462A1703113804BB82D39DC0E3".  Enter number(s), N)ext, or Q)uit > 
gpg: signal Interrupt caught ... exiting

[pkuczynski]

A helpful hint for those working behind corporate firewalls (like me): the default port is often blocked.

It is possible to override it to 80, though, which is often more open.

I'm using this at the moment (thanks @Aevyz for the PR which put me on the right track), with good success:

rvm1_gpg_key_servers:
  - hkp://keys.openpgp.org:80
  - hkp://keyserver.ubuntu.com:80

@thbar should we maybe update these two servers to use :80? This feels indeed safer!

[thbar]

@pkuczynski

should we maybe update these two servers to use :80? This feels indeed safer!

It will have more chances to work, but on the other hand, I do not fully understand yet the security implications it could have, so I would be a bit careful to introduce it as a default in the role.

I suggest we let it sink and if over time we find more documentation on it, we can move forward?

[pkuczynski]

I suggest we let it sink and if over time we find more documentation on it, we can move forward?

Make sense to me!

[coldnebo]

$ ansible-galaxy install -f -r requirements.yml is still fetching the old version?

$ ansible-galaxy install -f -r requirements.yml 
Starting galaxy role install process
- changing role rvm.ruby from v2.1.2 to unspecified
- downloading role 'ruby', owned by rvm
- downloading role from https://github.com/rvm/rvm1-ansible/archive/v2.1.2.tar.gz
- extracting rvm.ruby to /home/lkyrala/.ansible/roles/rvm.ruby
- rvm.ruby (v2.1.2) was installed successfully

$ find /home/lkyrala/.ansible/roles/rvm.ruby -type f | xargs grep -in "rvm1_gpg_key_server"
/home/lkyrala/.ansible/roles/rvm.ruby/README.md:78:rvm1_gpg_key_server: 'hkp://pool.sks-keyservers.net'
/home/lkyrala/.ansible/roles/rvm.ruby/defaults/main.yml:44:rvm1_gpg_key_server: 'hkp://pool.sks-keyservers.net'
/home/lkyrala/.ansible/roles/rvm.ruby/defaults/main.yml:47:rvm1_gpg_key_servers:
/home/lkyrala/.ansible/roles/rvm.ruby/defaults/main.yml:48:  - '{{ rvm1_gpg_key_server }}'
/home/lkyrala/.ansible/roles/rvm.ruby/tasks/rvm.yml:28:  with_items: '{{ rvm1_gpg_key_servers }}'

[erkie]

@coldnebo it seems that 2.2.0 is not yet released to galaxy. I had to add the following to my requirements.yml:

- name: rvm.ruby
  src: https://github.com/rvm/rvm1-ansible
  version: v2.2.0

@pkuczynski is it possible to push the latest to galaxy?

[pkuczynski]

@thbar @lpaulmp can you help?