2024-11-11 01:54:24 -08:00
# jake's keyserver
2024-11-15 23:35:42 -08:00
A pure Perl keyserver! When it receives a key, it does stuff to it then sticks it in postgres database.
2024-11-11 01:54:24 -08:00
## Features
* 'Secret' upload path.
* Disable upload for secret, normal path, or both. For when you don't want people to upload keys.
## Requirements
2024-11-15 22:08:01 -08:00
* Perl v5.38.0 or greater
* Relevant Mojo/Mojolicious modules and other Perl modules
2024-11-11 01:54:24 -08:00
* Postgresql server
2024-11-15 22:08:01 -08:00
* A dedicated user would be nice
2024-11-11 01:54:24 -08:00
### Install on your distro
Maybe it is packaged by your distro maintainers?
* Debian
```
apt install libmojolicious-perl libmojo-pg-perl
```
2024-11-15 22:08:01 -08:00
Note: the latest Perl at the time of writing on Debian stable is v5.36.x which doesn't have class support... I really wanted to use class(). Sorry!
So, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install v5.38.x.
2024-11-16 01:33:48 -08:00
### postgres
Probably not needed info, but postgres here is version 15.
```
% sudo apt install postgresql postgresql-server-dev-15
% sudo -u postgres psql # test if 'active' so to speak.
```
Follow instructions from 'Create relevent details for the database.'
2024-11-15 22:08:01 -08:00
### perlbrew (with Debian 12.8)
```
% sudo apt install perlbrew
% sudo -u jjakkekeyserver perlbrew init
% echo 'source ~/perl5/perlbrew/etc/bashrc' | sudo -u jjakkekeyserver tee -a /var/jjakkekeyserver/.profile
% sudo -u jjakkekeyserver perlbrew available # pick at least v5.38.x. Here I pick 5.40.x
% sudo -u jjakkekeyserver perlbrew install perl-5.40.0 # this *will* take a while
% sudo -u jjakkekeyserver perlbrew install-cpanm
% sudo chsh jjakkekeyserver -s /bin/bash # we will set this back to /bin/nologin later
% sudo -u jjakkekeyserver -i
2024-11-16 01:33:48 -08:00
jjakkekeyserver% perlbrew switch perl-5.40.0
2024-11-15 22:08:01 -08:00
jjakkekeyserver% PERL_CPANM_HOME=/tmp cpanm DBD::Pg # needs postgresql-server-dev-xx (on debian)
jjakkekeyserver% cpanm Mojolicious Mojo::Pg # AND postgres itself must be running
# DBD::Pg test wants to poke stuff, fails otherwise
jjakkekeyserver% perl ./keyserver # see whats broken or not.
# after you've made sure it works...
jjakkekeyserver% exit
% sudo chsh jjakkekeyserver -s /bin/nologin
```
2024-11-11 01:54:24 -08:00
### Install via cpan (or cpan-minus, considered way better by most)
```
cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util
```
2024-11-15 22:08:01 -08:00
Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or fucking DEAD there won't be permanently broken cpan repos that mojolicious depends on)
2024-11-11 01:54:24 -08:00
## To use
2024-11-16 01:33:48 -08:00
### Create a dedicated user to run this program (Debian)
```
sudo adduser --group --home /var/jjakkekeyserver --system -- jjakkekeyserver
```
### Create a dedicated user to run this program (not Debian)
2024-11-11 09:56:13 -08:00
```
2024-11-15 22:08:01 -08:00
sudo useradd --system --create-home --home-dir /var/jjakkekeyserver --shell /bin/nologin jjakkekeyserver
2024-11-11 09:56:13 -08:00
```
2024-11-11 01:54:24 -08:00
### Create the config file
```
cp keyserver.conf.example keyserver.conf
```
### Create relevant details for the database.
An example that you may follow:
```
sudo -u postgres psql
postgres=# create database jjakkekeyserverdb;
postgres=# create user jjakkekeyserver with encrypted password 'password';
postgres=# grant all privileges on database jjakkekeyserverdb to jjakkekeyserver;
postgres=# \c jjakkekeyserverdb;
2024-11-15 22:08:01 -08:00
jjakkekeyserverdb=# grant all privileges on schema public to jjakkekeyserver;
jjakkekeyserverdb=# exit
2024-11-11 01:54:24 -08:00
```
2024-11-16 01:33:48 -08:00
### Caveats
#### config file
For some reason, hypnotoad (or morbo) lacks a 'config' flag and there isn't a way to set it as far as I can tell (even in program (for now)). What I do know is that it looks for keyserver.conf in the working directory.
#### Usage of 'lib'
I used `use lib qw(lib)` in my program, which means the working directory has have 'lib/KeyData.pm' in it, or be manually installed somewhere (really not recommended). Basically the directory keyserver program resides in.
I will add a dedicated installer for this, later. KeyData.pm is useful.
2024-11-11 01:54:24 -08:00
### Start Program
```
2024-11-16 01:33:48 -08:00
sudo -u jjakkekeyserver hypnotoad -f ./keyserver; # -f = starts in foreground
2024-11-11 01:54:24 -08:00
```
2024-11-16 01:33:48 -08:00
2024-11-11 01:54:24 -08:00
### Proxy
It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443.
## Usage
### GnuPG examples
```
2024-11-15 22:08:01 -08:00
gpg --keyserver hkp(s)://hostname --send-keys < keyid >
gpg --keyserver hkp(s)://hostname --search-keys < search string >
gpg --keyserver hkp(s)://hostname --recv-keys < keyid >
2024-11-11 01:54:24 -08:00
```
### Web browser
2024-11-15 22:08:01 -08:00
http(s)://hostname
2024-11-11 01:54:24 -08:00
2024-11-15 22:08:01 -08:00
## SystemD
Make sure the service file actually makes sense for your use case; unless you've followed the guide in this README, it most certainly does not.
```
vim jjakkekeyserver.service
sudo cp jjakkekeyserver.service /etc/systemd/system
sudo systemctl daemon-reload
sudo systemctl start jjakkekeyserver.service
```