diff options
| author | kaotisk <kaotisk@arching-kaos.org> | 2025-07-25 21:06:58 +0300 |
|---|---|---|
| committer | kaotisk <kaotisk@arching-kaos.org> | 2025-07-25 21:06:58 +0300 |
| commit | 3915d5f8c54782d90e38bdb6f1b53ff41f1191d4 (patch) | |
| tree | b3ef24818f41ab42c22acee8d0f20ed2586c61e2 | |
| parent | 0f87a32bcf940873823fa7618f0fbb863a55f7f5 (diff) | |
| download | arching-kaos-tools-3915d5f8c54782d90e38bdb6f1b53ff41f1191d4.tar.gz arching-kaos-tools-3915d5f8c54782d90e38bdb6f1b53ff41f1191d4.tar.bz2 arching-kaos-tools-3915d5f8c54782d90e38bdb6f1b53ff41f1191d4.zip | |
[ns] Only try to resolve from incoming connections list
| -rwxr-xr-x | lib/_ak_ns | 82 |
1 files changed, 43 insertions, 39 deletions
@@ -234,7 +234,7 @@ function _ak_ns_publish_zchain(){ zlatest_file="$(_ak_make_temp_file)" echo -n ${zlatest} > ${zlatest_file} zlatest_csigned_file="$(_ak_make_temp_file)" - _ak_gpg_sign_clear_with_key ${zlatest_csigned_file} ${zlatest_file} ${zchain_key} + _ak_gpg_sign_clear_with_key ${zlatest_csigned_file} ${zlatest_file} ${zchain_key} if [ -f ${AK_NS_DIR}/${zchain_key} ] then _ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zchain_key} >> ${AK_NS_DIR}/${zchain_key}.history @@ -265,7 +265,7 @@ function _ak_ns_publish_config(){ zconfig_file="$(_ak_make_temp_file)" echo -n ${zconfig} > ${zconfig_file} zconfig_csigned_file="$(_ak_make_temp_file)" - _ak_gpg_sign_clear_with_key ${zconfig_csigned_file} ${zconfig_file} ${zconfig_key} + _ak_gpg_sign_clear_with_key ${zconfig_csigned_file} ${zconfig_file} ${zconfig_key} if [ -f ${AK_NS_DIR}/${zconfig_key} ] then _ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zconfig_key} >> ${AK_NS_DIR}/${zconfig_key}.history @@ -289,7 +289,7 @@ function _ak_ns_resolve_all_keys(){ cd $tmpdir _ak_log_info "Looking at local IPs..." ip a | grep inet6 | sed 's/ *inet6 //g' | cut -d '/' -f 1 > ip_list - ak network -p 2>/dev/null| jq -r '.[].incoming.ip' | while read ip + ak network -p incoming 2>/dev/null| jq -r '.[].incoming.ip' | while read ip do if [ $ip != "null" ] then @@ -309,49 +309,53 @@ function _ak_ns_resolve_all_keys(){ cat peer_list | while read ip do _ak_log_info "Extracing keys from $ip..." - ak network -p \ + ak network -p incoming \ | jq --arg ip "$ip" '.[] | select(.incoming.ip == $ip )' \ | jq '.node_info.keymaps.[]'> keymaps_list.$ip done cat peer_list | while read ip do - _ak_log_info "Looking at peer $ip" - if [ $ip != "null" ] + if [ "$ip" != "null" ] && [ ! -z "$ip" ] then - cat keymaps_list.$ip | jq -r '.fingerprint' | while read key - do - map="$(cat keymaps_list.$ip | jq -r 'select(.fingerprint == "'$key'")|.map')" - ak fs --net-cat-from-map $map > $key - ak fs --import $key - curl -s http://[$ip]:8610/v0/ns_get/$key > $key.reply - proof="$(cat $key.reply | jq -r '.proof')" - resolved="$(cat $key.reply | jq -r '.resolved')" - key="$(cat $key.reply | jq -r '.key')" - ak fs --net-cat-from-map $proof > $key.proof - _ak_gpg_verify_clear_signature $key.proof - if [ $? -ne 0 ] - then - _ak_log_error "Couldn't verify" - exit 1 - fi - if [ -f ${AK_NS_DIR}/${key} ] - then - _ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key} >> ${AK_NS_DIR}/${key}.history - fi - signed_akfs_map=$(_ak_fs_import ${key}.proof) - if [ -f ${AK_NS_DIR}/${key}.map ] - then - printf '%s %s\n' "$(echo -n $signed_akfs_map)" \ - "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key})" \ - >> ${AK_NS_DIR}/${key}.history_map + _ak_log_info "Looking at peer $ip" + if [ -f "keymaps_list.$ip" ] + then + cat keymaps_list.$ip | jq -r '.fingerprint' | while read key + do + map="$(cat keymaps_list.$ip | jq -r 'select(.fingerprint == "'$key'")|.map')" + ak fs --net-cat-from-map $map > $key + ak fs --import $key + ak gpg -r --import $key + curl -s http://[$ip]:8610/v0/ns_get/$key > $key.reply + proof="$(cat $key.reply | jq -r '.proof')" + resolved="$(cat $key.reply | jq -r '.resolved')" + key="$(cat $key.reply | jq -r '.key')" + ak fs --net-cat-from-map $proof > $key.proof + _ak_gpg_verify_clear_signature $key.proof + if [ $? -ne 0 ] + then + _ak_log_error "Couldn't verify" + exit 1 + fi + if [ -f ${AK_NS_DIR}/${key} ] + then + _ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key} >> ${AK_NS_DIR}/${key}.history + fi + signed_akfs_map=$(_ak_fs_import ${key}.proof) + if [ -f ${AK_NS_DIR}/${key}.map ] + then + printf '%s %s\n' "$(echo -n $signed_akfs_map)" \ + "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key})" \ + >> ${AK_NS_DIR}/${key}.history_map - fi - mv ${key}.proof ${AK_NS_DIR}/${key} - printf '%s %s\n' "$(echo -n $proof)" \ - "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key})" \ - > ${AK_NS_DIR}/${key}.map - done - _ak_log_info "Finished peer $ip" + fi + mv ${key}.proof ${AK_NS_DIR}/${key} + printf '%s %s\n' "$(echo -n $proof)" \ + "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key})" \ + > ${AK_NS_DIR}/${key}.map + done + _ak_log_info "Finished peer $ip" + fi fi done _ak_log_info "Finished resolving" |