Update README.md and update example config file

This commit is contained in:
jake 2024-11-16 01:08:01 -05:00
parent d5ef2ef483
commit c47a2fce47
2 changed files with 52 additions and 25 deletions

View file

@ -1,24 +1,16 @@
# jake's keyserver
This program pokes gpg when it receives a key. Then it does stuff to the output gpg produces and stores it in a postgres database.
This program is exceedingly fragile; thanks to it's reliance on GnuPG.
On gpg-2.2.x and on gpg-2.4.x --with-colons flag on a file has differing outputs, 2.2.x omitting signature records but 2.4.x not omitting signature records.
To show the signature records for 2.2.x gpg, one must import the key then run 'gpg --with-colons --list-sigs john@domain'.
On 2.4.x, --with-colons will show them without having to import the key.
Due to this, I've opted to always import key, plug that output to a bunch of regexs, then delete them. Meaning, if you upload your own key while the program is running as your user, it will delete your own key.
## Features
* 'Secret' upload path.
* Disable upload for secret, normal path, or both. For when you don't want people to upload keys.
## Requirements
* Relevant Mojo/Mojolicious modules
* Perl v5.38.0 or greater
* Relevant Mojo/Mojolicious modules and other Perl modules
* Postgresql server
* GnuPG
* A dedicated user (DO NOT RUN AS YOUR DAILY USER)
* A dedicated user would be nice
### Install on your distro
Maybe it is packaged by your distro maintainers?
@ -27,27 +19,51 @@ Maybe it is packaged by your distro maintainers?
```
apt install libmojolicious-perl libmojo-pg-perl
```
(Not sure if you'll need to cpan Mojo::File and/or Mojo::Util)
Note: the latest Perl at the time of writing on Debian stable is v5.36.x which doesn't have class support... I really wanted to use class(). Sorry!
So, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install v5.38.x.
### perlbrew (with Debian 12.8)
```
% sudo apt install perlbrew
% sudo -u jjakkekeyserver perlbrew init
% echo 'source ~/perl5/perlbrew/etc/bashrc' | sudo -u jjakkekeyserver tee -a /var/jjakkekeyserver/.profile
% sudo -u jjakkekeyserver perlbrew available # pick at least v5.38.x. Here I pick 5.40.x
% sudo -u jjakkekeyserver perlbrew install perl-5.40.0 # this *will* take a while
% sudo -u jjakkekeyserver perlbrew install-cpanm
% sudo chsh jjakkekeyserver -s /bin/bash # we will set this back to /bin/nologin later
% sudo -u jjakkekeyserver -i
jjakkekeyserver% PERL_CPANM_HOME=/tmp cpanm DBD::Pg # needs postgresql-server-dev-xx (on debian)
jjakkekeyserver% cpanm Mojolicious Mojo::Pg # AND postgres itself must be running
# DBD::Pg test wants to poke stuff, fails otherwise
jjakkekeyserver% perl ./keyserver # see whats broken or not.
# after you've made sure it works...
jjakkekeyserver% exit
% sudo chsh jjakkekeyserver -s /bin/nologin
```
#### postgres
```
% sudo apt install postgresql postgresql-server-dev-xx
% sudo -u postgres psql # test if 'active' so to speak.
```
Follow instructions from 'Create relevent details for the database.'
### Install via cpan (or cpan-minus, considered way better by most)
```
cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util
```
Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependancy breaks because the author is ignoring issues or fucking DEAD there won't be permanently broken cpan repos that mojolicious depends on)
Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or fucking DEAD there won't be permanently broken cpan repos that mojolicious depends on)
## To use
### Create a dedicated user to run this program
```
sudo useradd --system -m /var/jjakkekeyserver --shell /bin/nologin jjakkekeyserver
sudo chmod 700 /var/jjakkekeyserver
sudo -u jjakkekeyserver --set-home gpg # gpg needs to create some files or it won't work right. press Ctrl + D to exit it.
sudo useradd --system --create-home --home-dir /var/jjakkekeyserver --shell /bin/nologin jjakkekeyserver
```
### Create the config file
```
cp keyserver.conf.example keyserver.conf
```
Note that hypnotoad/morbo looks for the config file in the same directory as it was called from. I have no idea how to change this as there isn't a --config-file option one can use with hypnotoad or morbo.
### Create relevant details for the database.
An example that you may follow:
@ -57,12 +73,13 @@ postgres=# create database jjakkekeyserverdb;
postgres=# create user jjakkekeyserver with encrypted password 'password';
postgres=# grant all privileges on database jjakkekeyserverdb to jjakkekeyserver;
postgres=# \c jjakkekeyserverdb;
postgres=# grant all privileges on schema public to jjakkekeyserver;
jjakkekeyserverdb=# grant all privileges on schema public to jjakkekeyserver;
jjakkekeyserverdb=# exit
```
### Start Program
```
sudo -u jjakkekeyserver hypnotoad -f keyserver; # -f = starts in foreground
sudo -u jjakkekeyserver hypnotoad -f keyserver ./keyserver.conf; # -f = starts in foreground
```
### Proxy
@ -71,11 +88,21 @@ It's a good idea to proxy this program behind another dedicated program that lis
## Usage
### GnuPG examples
```
gpg --keyserver hkp://hostname --send-keys <keyid>
gpg --keyserver hkp://hostname --search-keys <search string>
gpg --keyserver hkp://hostname --recv-keys <keyid>
gpg --keyserver hkp(s)://hostname --send-keys <keyid>
gpg --keyserver hkp(s)://hostname --search-keys <search string>
gpg --keyserver hkp(s)://hostname --recv-keys <keyid>
```
### Web browser
http://hostname
http(s)://hostname
## SystemD
Make sure the service file actually makes sense for your use case; unless you've followed the guide in this README, it most certainly does not.
```
vim jjakkekeyserver.service
sudo cp jjakkekeyserver.service /etc/systemd/system
sudo systemctl daemon-reload
sudo systemctl start jjakkekeyserver.service
```

View file

@ -1,9 +1,9 @@
{
hypnotoad => {
listen => [
'http://127.0.0.55:8080' # .55 not .1
'http://127.0.0.1:8080'
],
pid_file => '/var/run/jjakkekeyserver.pid',
pid_file => './jjakkekeyserver.pid',
workers => 6
},
pguser => 'jjakkekeyserver',