pgp-happy-eyeballs

command module

v0.0.0-...-1df8995 Latest Latest Go to latest Published: Jun 27, 2022 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tianon/pgp-happy-eyeballs

Links

Open Source Insights

README ¶

DEPRECATED

See #4 for some discussion around why this tool is no longer actively maintained (nor recommended for use).

The TL;DR is that the SKS network is mostly too decentralized now to track well with a naive approach like that of this tool.

PGP "Happy Eyeballs"

PGP keyservers are flaky:

This tool was intended to sit in front of clients to keyservers (most easily via DNS or transparent traffic hijacking) and "multiplex" requests across several servers simultaneously, returning the fastest successful result.

Note: if you're looking at this tool, you should seriously consider using the hkps://keys.openpgp.org server / "Hagrid" instead! (It's a refreshingly modern take on OpenPGP infrastructure in general.)

Barring that, I would recommend sticking with a single stable server like hkps://keyserver.ubuntu.com.

How to Use

The easiest/intended way to use this (and the way Tianon used it) is to hijack your personal DNS requests and redirect relevant domains to a running instance of it. The hard part of that is doing so in a way that also affects any Docker instances and works in a way that other Docker instances can hit the running instance of pgp-happy-eyeballs successfully.

See rawdns for the tool Tianon uses; example configuration snippet:

...
	"ha.pool.sks-keyservers.net.": {
		"type": "static",
		"cnames": [
			"pgp-happy-eyeballs.docker"
		],
		"nameservers": [
			"127.0.0.1"
		]
	},
...

See also the hack-my-builds.sh script which was intended for use in disposable CI environments such as those provided by Travis CI (see docker-library/php#666 and the linked PRs for implementation examples).

Known Issues

using gpg --send-keys doesn't work, among other things (our server hijacking is a tad too aggressive -- should probably only perform our aggressive logic for .../pks/lookup?op=get... requests and pass everything else through as-is as a standard transparent proxy)

"Happy Eyeballs" ?

See RFC 6555.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL