mirror of
https://github.com/GrapheneOS/infrastructure.git
synced 2025-11-23 00:10:25 -05:00
cleanly phase in new TLS session ticket keys
This closes a small window where new workers could give keys not accepted by the old workers before they're gracefully shut down. This will also be needed when syncing keys across a cluster.
This commit is contained in:
Daniel Micay
parent
9ffcb3e648
commit
17f0ec527d
2 changed files with 7 additions and 6 deletions
|
|
@ -4,8 +4,8 @@ set -o errexit -o nounset -o pipefail
|
||||||
|
|
||||||
cd /etc/session-ticket-keys
|
cd /etc/session-ticket-keys
|
||||||
|
|
||||||
for i in {1..4}; do
|
for i in next.key {1..4}.key; do
|
||||||
head -c 80 </dev/random >$i.key
|
head -c 80 </dev/random >$i
|
||||||
done
|
done
|
||||||
|
|
||||||
cat {1..4}.key > keys
|
cat next.key {1..4}.key > keys
|
||||||
|
|
|
||||||
|
|
@ -7,10 +7,11 @@ cd /etc/session-ticket-keys
|
||||||
rsync -tI 2.key 1.key
|
rsync -tI 2.key 1.key
|
||||||
rsync -tI 3.key 2.key
|
rsync -tI 3.key 2.key
|
||||||
rsync -tI 4.key 3.key
|
rsync -tI 4.key 3.key
|
||||||
head -c 80 </dev/random >new.key
|
rsync -tI next.key 4.key
|
||||||
mv new.key 4.key
|
head -c 80 </dev/random >tmp.key
|
||||||
|
mv tmp.key next.key
|
||||||
|
|
||||||
cat {1..4}.key > keys.new
|
cat next.key {1..4}.key > keys.new
|
||||||
mv keys.new keys
|
mv keys.new keys
|
||||||
|
|
||||||
status=0
|
status=0
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue