A pure Perl keyserver!

Find a file

jake 1f0732f22c Re-arrange README.md, reduce workers to 1, and perfer /var/lib/jjakkekeyserver instead of /var/jjakkekeyserver		2024-11-19 12:07:36 -05:00
lib	adjust number for opengpg format length_of_length	2024-11-16 02:56:14 -05:00
templates	fix bug where v4 signature doesnt have keyid but does have fingerprint issuer -> make it appear correctly	2024-11-16 01:54:07 -05:00
.gitignore	GIT THIS	2024-11-11 04:54:24 -05:00
jjakkekeyserver.service	Re-arrange README.md, reduce workers to 1, and perfer /var/lib/jjakkekeyserver instead of /var/jjakkekeyserver	2024-11-19 12:07:36 -05:00
keyserver	decided that keyserver is in fact not 1.0.x yet. Still alpha, but perfectly usable right now.	2024-11-17 13:45:54 -05:00
keyserver.conf.example	Re-arrange README.md, reduce workers to 1, and perfer /var/lib/jjakkekeyserver instead of /var/jjakkekeyserver	2024-11-19 12:07:36 -05:00
README.md	Re-arrange README.md, reduce workers to 1, and perfer /var/lib/jjakkekeyserver instead of /var/jjakkekeyserver	2024-11-19 12:07:36 -05:00
upload_key.pl	GIT THIS	2024-11-11 04:54:24 -05:00

README.md

jake's keyserver

A pure Perl keyserver! When it receives a key, it does stuff to it then sticks it in postgres database.

Features

'Secret' upload path.
Disable upload for secret, normal path, or both. For when you don't want people to upload keys.

Requirements

Perl v5.38.0 or greater
Relevant Mojo/Mojolicious modules and other Perl modules
Postgresql server
A dedicated user would be nice

Install Instructions from Top to Bottom

Install on your distro

Maybe it is packaged by your distro maintainers?

Debian

apt install libmojolicious-perl libmojo-pg-perl

Note: the latest Perl at the time of writing on Debian stable is v5.36.x which doesn't have class support... I really wanted to use class(). Sorry! So, right now, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install perl v5.38.x or higher.

Create user:

Debian's adduser

sudo adduser --group --home /var/lib/jjakkekeyserver --system -- jjakkekeyserver

not Debian

sudo useradd --system --create-home --home-dir /var/lib/jjakkekeyserver --shell /bin/nologin jjakkekeyserver

postgres

Probably not needed info, but postgres here is version 15.

% sudo apt install postgresql postgresql-server-dev-xx
% sudo -u postgres psql                                 # test if 'active' so to speak.

Follow instructions from 'Create relevant details for the database.'

perlbrew (with Debian 12.8)

% sudo apt install perlbrew
% sudo -u jjakkekeyserver perlbrew init
% echo 'source ~/perl5/perlbrew/etc/bashrc' | sudo -u jjakkekeyserver tee -a /var/jjakkekeyserver/.profile
% sudo -u jjakkekeyserver perlbrew available            # pick at least v5.38.x.  Here I pick 5.40.x
% sudo -u jjakkekeyserver perlbrew install perl-5.40.0  # this *will* take a while
% sudo -u jjakkekeyserver perlbrew install-cpanm
% sudo chsh jjakkekeyserver -s /bin/bash                # we will set this back to /bin/nologin later
% sudo -u jjakkekeyserver -i
jjakkekeyserver% perlbrew switch perl-5.40.0
jjakkekeyserver% PERL_CPANM_HOME=/tmp cpanm DBD::Pg     # needs postgresql-server-dev-xx (on debian)
jjakkekeyserver% cpanm Mojolicious Mojo::Pg             #   AND postgres itself must be running
                                                        #   DBD::Pg test wants to poke stuff, fails otherwise
jjakkekeyserver% perl ./keyserver                       # see whats broken or not.
# after you've made sure it works...
jjakkekeyserver% exit
% sudo chsh jjakkekeyserver -s /bin/nologin

Install modules via cpan (or cpan-minus, considered way better by most)

cpanm Mojolicious Mojo::Pg

Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or has passed on there won't be permanently broken cpan repos that mojolicious depends on)

To use

Create the config file

cp keyserver.conf.example keyserver.conf
vim keyserver.conf
chmod 600 keyserver.conf  # this file has secrets

Create relevant details for the database.

An example that you may follow:

sudo -u postgres psql
postgres=# create database jjakkekeyserverdb;
postgres=# create user jjakkekeyserver with encrypted password 'password';
postgres=# grant all privileges on database jjakkekeyserverdb to jjakkekeyserver;
postgres=# \c jjakkekeyserverdb;
jjakkekeyserverdb=# grant all privileges on schema public to jjakkekeyserver;
jjakkekeyserverdb=# exit

Caveats

config file

For some reason, hypnotoad (or morbo) lacks a 'config' flag and there isn't a way to set it as far as I can tell (even in program (for now)). What I do know is that it looks for keyserver.conf somewhere, most likely working directory, but maybe the directory the program itself is in.

Usage of 'lib'

I used use lib qw(lib) in my program, which means the working directory has have 'lib/KeyData.pm' in it, or be manually installed somewhere (really not recommended). Basically the directory keyserver program resides in.

I will add a dedicated installer for this, later. KeyData.pm is useful.

Start Program

sudo -u jjakkekeyserver hypnotoad -f ./keyserver; # -f = starts in foreground

Proxy

It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443.

Usage

GnuPG examples

gpg --keyserver hkp(s)://hostname --send-keys <keyid>
gpg --keyserver hkp(s)://hostname --search-keys <search string>
gpg --keyserver hkp(s)://hostname --recv-keys <keyid>

Web browser

http(s)://hostname

SystemD

Make sure the service file actually makes sense for your use case; unless you've followed the guide in this README, it most certainly does not.

vim jjakkekeyserver.service               
sudo cp jjakkekeyserver.service /etc/systemd/system
sudo systemctl daemon-reload
sudo systemctl start jjakkekeyserver.service