import key, so that gpg-2.2.x actually shows relevent data with --with-colons
This commit is contained in:
parent
968681dcaa
commit
02be71f30c
3 changed files with 36 additions and 17 deletions
20
README.md
20
README.md
|
@ -1,6 +1,14 @@
|
||||||
# jake's keyserver
|
# jake's keyserver
|
||||||
|
|
||||||
This program pokes gpg when it receives a key. Then it does stuff to the output gpg produces and stores it in a postgres database.
|
This program pokes gpg when it receives a key. Then it does stuff to the output gpg produces and stores it in a postgres database.
|
||||||
|
This program is exceedingly fragile; thanks to it's reliance on GnuPG.
|
||||||
|
|
||||||
|
On gpg-2.2.x and on gpg-2.4.x --with-colons flag on a file has differing outputs, 2.2.x omitting signature records but 2.4.x not omitting signature records.
|
||||||
|
|
||||||
|
To show the signature records for 2.2.x gpg, one must import the key then run 'gpg --with-colons --list-sigs john@domain'.
|
||||||
|
On 2.4.x, --with-colons will show them without having to import the key.
|
||||||
|
|
||||||
|
Due to this, I've opted to always import key, plug that output to a bunch of regexs, then delete them. Meaning, if you upload your own key while the program is running as your user, it will delete your own key.
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
* 'Secret' upload path.
|
* 'Secret' upload path.
|
||||||
|
@ -10,6 +18,7 @@ This program pokes gpg when it receives a key. Then it does stuff to the output
|
||||||
* Relevant Mojo/Mojolicious modules
|
* Relevant Mojo/Mojolicious modules
|
||||||
* Postgresql server
|
* Postgresql server
|
||||||
* GnuPG
|
* GnuPG
|
||||||
|
* A dedicated user (DO NOT RUN AS YOUR DAILY USER)
|
||||||
|
|
||||||
### Install on your distro
|
### Install on your distro
|
||||||
Maybe it is packaged by your distro maintainers?
|
Maybe it is packaged by your distro maintainers?
|
||||||
|
@ -24,9 +33,16 @@ apt install libmojolicious-perl libmojo-pg-perl
|
||||||
```
|
```
|
||||||
cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util
|
cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util
|
||||||
```
|
```
|
||||||
Installing via cpan(m) will work because the Mojolicious devs are competent.
|
Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependancy breaks because the author is ignoring issues or fucking DEAD there won't be permanently broken cpan repos that mojolicious depends on)
|
||||||
|
|
||||||
## To use
|
## To use
|
||||||
|
### Create a dedicated user to run this program
|
||||||
|
```
|
||||||
|
sudo useradd --system -m /var/jjakkekeyserver --shell /bin/nologin jjakkekeyserver
|
||||||
|
sudo chmod 700 /var/jjakkekeyserver
|
||||||
|
sudo -u jjakkekeyserver --set-home gpg # gpg needs to create some files or it won't work right. press Ctrl + D to exit it.
|
||||||
|
```
|
||||||
|
|
||||||
### Create the config file
|
### Create the config file
|
||||||
```
|
```
|
||||||
cp keyserver.conf.example keyserver.conf
|
cp keyserver.conf.example keyserver.conf
|
||||||
|
@ -46,7 +62,7 @@ postgres=# grant all privileges on schema public to jjakkekeyserver;
|
||||||
|
|
||||||
### Start Program
|
### Start Program
|
||||||
```
|
```
|
||||||
hypnotoad -f keyserver; # starts in foreground
|
sudo -u jjakkekeyserver hypnotoad -f keyserver; # -f = starts in foreground
|
||||||
```
|
```
|
||||||
|
|
||||||
### Proxy
|
### Proxy
|
||||||
|
|
30
keyserver
30
keyserver
|
@ -18,7 +18,6 @@ my $config = app->config;
|
||||||
#my $cache = Mojo::Cache->new(max_keys => 5);
|
#my $cache = Mojo::Cache->new(max_keys => 5);
|
||||||
my $start_time;
|
my $start_time;
|
||||||
my $magic_delimiter = '||,;,||';
|
my $magic_delimiter = '||,;,||';
|
||||||
my $gpg_options = "--no-default-keyring --keyring /dev/null --dry-run";
|
|
||||||
my $tmpdir;
|
my $tmpdir;
|
||||||
my $pg = Mojo::Pg->new("postgresql://$config->{pguser}:$config->{pgpass}\@$config->{pghost}/$config->{pgdb}");
|
my $pg = Mojo::Pg->new("postgresql://$config->{pguser}:$config->{pgpass}\@$config->{pghost}/$config->{pgdb}");
|
||||||
|
|
||||||
|
@ -200,7 +199,7 @@ sub stats {
|
||||||
#$cache->set(operations => ($cache->get('operations') + 1));
|
#$cache->set(operations => ($cache->get('operations') + 1));
|
||||||
operation();
|
operation();
|
||||||
my $output = "jjakke's keyserver ($VERSION)\n\n";
|
my $output = "jjakke's keyserver ($VERSION)\n\n";
|
||||||
$output .= `gpg $gpg_options --version`;
|
$output .= `gpg --version`;
|
||||||
$output =~ s/Home: (.*)/Home: [redacted]/g;
|
$output =~ s/Home: (.*)/Home: [redacted]/g;
|
||||||
$output .= "\n";
|
$output .= "\n";
|
||||||
my $data = $pg->db->select('this_service', ['starttime', 'operations'])->array;
|
my $data = $pg->db->select('this_service', ['starttime', 'operations'])->array;
|
||||||
|
@ -269,21 +268,22 @@ sub add ($c) {
|
||||||
syswrite $fh, $keytext, length $keytext;
|
syswrite $fh, $keytext, length $keytext;
|
||||||
close $fh;
|
close $fh;
|
||||||
|
|
||||||
my $res = `gpg $gpg_options --with-colons --with-fingerprint --with-fingerprint $tmpfile`;
|
my $res = `gpg --with-colons --with-fingerprint --with-fingerprint --import --import-options import-show $tmpfile`;
|
||||||
if ($? ne 0) {
|
if ($? ne 0) {
|
||||||
return $c->render(text=>"not accepting (gpg bugged out)", status=>422);
|
return $c->render(text=>"not accepting (gpg bugged out)", status=>422);
|
||||||
}
|
}
|
||||||
|
my $fingerprint = (split(/:/, (grep(/^fpr:/, split(/\n/, $res)))[0]))[9];
|
||||||
|
# --with-colons show more relevent data with an imported key.
|
||||||
|
$res = `gpg --with-colons --with-fingerprint --with-fingerprint --list-sigs $fingerprint`;
|
||||||
|
`gpg --batch --delete-keys --yes $fingerprint`;
|
||||||
|
|
||||||
# need to get 'version number' for machine readable format and
|
|
||||||
# this is the only way that I can think of. I really hate this.
|
my $version = `gpg --list-packets $tmpfile`;
|
||||||
# get the output then plug it to a bunch of regexes.
|
|
||||||
my $version = `gpg $gpg_options --list-packets $tmpfile`;
|
|
||||||
my @versions;
|
my @versions;
|
||||||
my $record;
|
my $record;
|
||||||
my $nonext = 0;
|
my $nonext = 0;
|
||||||
my $pub_count = 0;
|
my $pub_count = 0;
|
||||||
for (split /\n/, $version) {
|
for my $string (split /\n/, $version) {
|
||||||
my $string = $_;
|
|
||||||
if ($string =~ m/^(:[\w\s]*:)/) {
|
if ($string =~ m/^(:[\w\s]*:)/) {
|
||||||
$record = $1;
|
$record = $1;
|
||||||
$nonext = 1;
|
$nonext = 1;
|
||||||
|
@ -438,16 +438,18 @@ sub insert_gpg_key ($fingerprint, $keyid, $version, $flags, $armored, $blob) {
|
||||||
|
|
||||||
sub insert_gpg_uid ($id, @these_uids) {
|
sub insert_gpg_uid ($id, @these_uids) {
|
||||||
for my $uid (@these_uids) {
|
for my $uid (@these_uids) {
|
||||||
# 'magic_delimiter' but unfortunately has special meaning to split.
|
# 'magic_delimiter' but unfortunately has special meaning to split.
|
||||||
my @the_actual_uid = split /\|\|\,\;\,\|\|/, $uid; # 0 = the string
|
my @the_actual_uid = split /\|\|\,\;\,\|\|/, $uid; # 0 = the string
|
||||||
#my @the_actual_uid = split $magic_delimiter, $uid; # 0 = the string
|
#my @the_actual_uid = split $magic_delimiter, $uid; # 0 = the string
|
||||||
$the_actual_uid[0] = url_escape $the_actual_uid[0];
|
$the_actual_uid[0] = url_escape $the_actual_uid[0];
|
||||||
my @meta = split /:/, $the_actual_uid[-1]; # 0 = creation, 1 = expiration, 2 = flags
|
my @meta;
|
||||||
|
@meta = split /:/, $the_actual_uid[-1] if (scalar @the_actual_uid >= 2);
|
||||||
|
#^ 0 = creation, 1 = expiration, 2 = flags
|
||||||
$pg->db->insert('gpg_uid', {
|
$pg->db->insert('gpg_uid', {
|
||||||
uid => $the_actual_uid[0],
|
uid => $the_actual_uid[0],
|
||||||
creationdate => $meta[0],
|
creationdate => $meta[0] || 0,
|
||||||
expirationdate => $meta[1],
|
expirationdate => $meta[1] || undef,
|
||||||
flags => $meta[2],
|
flags => $meta[2] || '-',
|
||||||
relatedto => $id
|
relatedto => $id
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
{
|
{
|
||||||
hypnotoad => {
|
hypnotoad => {
|
||||||
listen => [
|
listen => [
|
||||||
'http://127.0.0.55:8080'
|
'http://127.0.0.55:8080' # .55 not .1
|
||||||
],
|
],
|
||||||
|
pid_file => '/var/run/jjakkekeyserver.pid',
|
||||||
workers => 6
|
workers => 6
|
||||||
},
|
},
|
||||||
pguser => 'jjakkekeyserver',
|
pguser => 'jjakkekeyserver',
|
||||||
|
|
Loading…
Reference in a new issue