On 24/05/2022 17:55, Christoph Martin wrote: > If I understand correctly, Hockeypuck would have the same issues with > GDPR and key remove request. Please correct me if I am wrong.
Hockeypuck is (since v2.1) capable of dealing with key deletion requests, however the interface to do so is not particularly friendly. In the interests of easier administration, I have written a command line tool (attached below) to automate the database deletion process (I hope to PR it into hockeypuck upstream shortly). The tool assumes that you are using the docker-compose/standalone deployment technique, although it should be straightforward to modify for use in other contexts (just edit the SQLCMD definition). Remember that you must also add the fingerprint(s) to the blacklist in hockeypuck.conf. It is best to do this before deleting, in case the offending key gets re-added in the interim. Blacklisting without deletion merely blocks updates to the key; it does not block the key entirely. ``` [hockeypuck.openpgp] blacklist=[ "DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF", ... ] ``` Then to delete the key(s) just pass the fingerprint(s) to the tool as command line parameter(s): ``` ./delete-keys.bash DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF [...] ``` Note that this does not delete the PTree entry, so in the case of accidental deletion you will need to ptree-rebuild in order to sync properly again. A delete-keys.bash ``` #!/bin/bash # Delete keys from the Hockeypuck postgres database by fingerprint set -euo pipefail if [[ ! ${1:-} ]]; then cat <<EOF Usage: $0 FINGERPRINT [FINGERPRINT ...] EOF exit 1 fi # Uncomment and edit one of the below for your postgres installation # for docker-compose/standalone default configuration SQLCMD="docker exec -i standalone_postgres_1 psql hkp -U hkp" # for docker-compose/dev default configuration #SQLCMD="docker exec -i hockeypuck_postgres_1 psql hkp -U docker" # for non-docker postgres, e.g. #SQLCMD="psql hkp -U hkp" reverse_fp() { # print the input string in reverse order input=$1 while [[ $input ]]; do echo -n "${input: -1}" input="${input%?}" done echo } reverse_fplist() { local rfplist for fp in "$@"; do rfp=$(reverse_fp "${fp,,}") # fold to lowercase and reverse if [[ ${rfplist:-} ]]; then rfplist="$rfplist, '$rfp'" else rfplist="'$rfp'" fi done echo "$rfplist" } rfplist=$(reverse_fplist "$@") $SQLCMD <<EOF delete from subkeys where rfingerprint in (${rfplist}); delete from keys where rfingerprint in (${rfplist}); EOF ```
OpenPGP_signature
Description: OpenPGP digital signature