66 lines
1.9 KiB
Markdown
66 lines
1.9 KiB
Markdown
|
# jake's keyserver
|
||
|
|
||
|
This program pokes gpg when it receives a key. Then it does stuff to the output gpg produces and stores it in a postgres database.
|
||
|
|
||
|
## Features
|
||
|
* 'Secret' upload path.
|
||
|
* Disable upload for secret, normal path, or both. For when you don't want people to upload keys.
|
||
|
|
||
|
## Requirements
|
||
|
* Relevant Mojo/Mojolicious modules
|
||
|
* Postgresql server
|
||
|
* GnuPG
|
||
|
|
||
|
### Install on your distro
|
||
|
Maybe it is packaged by your distro maintainers?
|
||
|
|
||
|
* Debian
|
||
|
```
|
||
|
apt install libmojolicious-perl libmojo-pg-perl
|
||
|
```
|
||
|
(Not sure if you'll need to cpan Mojo::File and/or Mojo::Util)
|
||
|
|
||
|
### Install via cpan (or cpan-minus, considered way better by most)
|
||
|
```
|
||
|
cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util
|
||
|
```
|
||
|
Installing via cpan(m) will work because the Mojolicious devs are competent.
|
||
|
|
||
|
## To use
|
||
|
### Create the config file
|
||
|
```
|
||
|
cp keyserver.conf.example keyserver.conf
|
||
|
```
|
||
|
Note that hypnotoad/morbo looks for the config file in the same directory as it was called from. I have no idea how to change this as there isn't a --config-file option one can use with hypnotoad or morbo.
|
||
|
|
||
|
### Create relevant details for the database.
|
||
|
An example that you may follow:
|
||
|
```
|
||
|
sudo -u postgres psql
|
||
|
postgres=# create database jjakkekeyserverdb;
|
||
|
postgres=# create user jjakkekeyserver with encrypted password 'password';
|
||
|
postgres=# grant all privileges on database jjakkekeyserverdb to jjakkekeyserver;
|
||
|
postgres=# \c jjakkekeyserverdb;
|
||
|
postgres=# grant all privileges on schema public to jjakkekeyserver;
|
||
|
```
|
||
|
|
||
|
### Start Program
|
||
|
```
|
||
|
hypnotoad -f keyserver; # starts in foreground
|
||
|
```
|
||
|
|
||
|
### Proxy
|
||
|
It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443.
|
||
|
|
||
|
## Usage
|
||
|
### GnuPG examples
|
||
|
```
|
||
|
gpg --keyserver hkp://hostname --send-keys <keyid>
|
||
|
gpg --keyserver hkp://hostname --search-keys <search string>
|
||
|
gpg --keyserver hkp://hostname --recv-keys <keyid>
|
||
|
```
|
||
|
|
||
|
### Web browser
|
||
|
http://hostname
|
||
|
|