Update README.md and update example config file
This commit is contained in:
parent
d5ef2ef483
commit
c47a2fce47
2 changed files with 52 additions and 25 deletions
73
README.md
73
README.md
|
@ -1,24 +1,16 @@
|
||||||
# jake's keyserver
|
# jake's keyserver
|
||||||
|
|
||||||
This program pokes gpg when it receives a key. Then it does stuff to the output gpg produces and stores it in a postgres database.
|
This program pokes gpg when it receives a key. Then it does stuff to the output gpg produces and stores it in a postgres database.
|
||||||
This program is exceedingly fragile; thanks to it's reliance on GnuPG.
|
|
||||||
|
|
||||||
On gpg-2.2.x and on gpg-2.4.x --with-colons flag on a file has differing outputs, 2.2.x omitting signature records but 2.4.x not omitting signature records.
|
|
||||||
|
|
||||||
To show the signature records for 2.2.x gpg, one must import the key then run 'gpg --with-colons --list-sigs john@domain'.
|
|
||||||
On 2.4.x, --with-colons will show them without having to import the key.
|
|
||||||
|
|
||||||
Due to this, I've opted to always import key, plug that output to a bunch of regexs, then delete them. Meaning, if you upload your own key while the program is running as your user, it will delete your own key.
|
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
* 'Secret' upload path.
|
* 'Secret' upload path.
|
||||||
* Disable upload for secret, normal path, or both. For when you don't want people to upload keys.
|
* Disable upload for secret, normal path, or both. For when you don't want people to upload keys.
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
* Relevant Mojo/Mojolicious modules
|
* Perl v5.38.0 or greater
|
||||||
|
* Relevant Mojo/Mojolicious modules and other Perl modules
|
||||||
* Postgresql server
|
* Postgresql server
|
||||||
* GnuPG
|
* A dedicated user would be nice
|
||||||
* A dedicated user (DO NOT RUN AS YOUR DAILY USER)
|
|
||||||
|
|
||||||
### Install on your distro
|
### Install on your distro
|
||||||
Maybe it is packaged by your distro maintainers?
|
Maybe it is packaged by your distro maintainers?
|
||||||
|
@ -27,27 +19,51 @@ Maybe it is packaged by your distro maintainers?
|
||||||
```
|
```
|
||||||
apt install libmojolicious-perl libmojo-pg-perl
|
apt install libmojolicious-perl libmojo-pg-perl
|
||||||
```
|
```
|
||||||
(Not sure if you'll need to cpan Mojo::File and/or Mojo::Util)
|
Note: the latest Perl at the time of writing on Debian stable is v5.36.x which doesn't have class support... I really wanted to use class(). Sorry!
|
||||||
|
So, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install v5.38.x.
|
||||||
|
|
||||||
|
### perlbrew (with Debian 12.8)
|
||||||
|
```
|
||||||
|
% sudo apt install perlbrew
|
||||||
|
% sudo -u jjakkekeyserver perlbrew init
|
||||||
|
% echo 'source ~/perl5/perlbrew/etc/bashrc' | sudo -u jjakkekeyserver tee -a /var/jjakkekeyserver/.profile
|
||||||
|
% sudo -u jjakkekeyserver perlbrew available # pick at least v5.38.x. Here I pick 5.40.x
|
||||||
|
% sudo -u jjakkekeyserver perlbrew install perl-5.40.0 # this *will* take a while
|
||||||
|
% sudo -u jjakkekeyserver perlbrew install-cpanm
|
||||||
|
% sudo chsh jjakkekeyserver -s /bin/bash # we will set this back to /bin/nologin later
|
||||||
|
% sudo -u jjakkekeyserver -i
|
||||||
|
jjakkekeyserver% PERL_CPANM_HOME=/tmp cpanm DBD::Pg # needs postgresql-server-dev-xx (on debian)
|
||||||
|
jjakkekeyserver% cpanm Mojolicious Mojo::Pg # AND postgres itself must be running
|
||||||
|
# DBD::Pg test wants to poke stuff, fails otherwise
|
||||||
|
jjakkekeyserver% perl ./keyserver # see whats broken or not.
|
||||||
|
# after you've made sure it works...
|
||||||
|
jjakkekeyserver% exit
|
||||||
|
% sudo chsh jjakkekeyserver -s /bin/nologin
|
||||||
|
```
|
||||||
|
|
||||||
|
#### postgres
|
||||||
|
```
|
||||||
|
% sudo apt install postgresql postgresql-server-dev-xx
|
||||||
|
% sudo -u postgres psql # test if 'active' so to speak.
|
||||||
|
```
|
||||||
|
Follow instructions from 'Create relevent details for the database.'
|
||||||
|
|
||||||
### Install via cpan (or cpan-minus, considered way better by most)
|
### Install via cpan (or cpan-minus, considered way better by most)
|
||||||
```
|
```
|
||||||
cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util
|
cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util
|
||||||
```
|
```
|
||||||
Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependancy breaks because the author is ignoring issues or fucking DEAD there won't be permanently broken cpan repos that mojolicious depends on)
|
Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or fucking DEAD there won't be permanently broken cpan repos that mojolicious depends on)
|
||||||
|
|
||||||
## To use
|
## To use
|
||||||
### Create a dedicated user to run this program
|
### Create a dedicated user to run this program
|
||||||
```
|
```
|
||||||
sudo useradd --system -m /var/jjakkekeyserver --shell /bin/nologin jjakkekeyserver
|
sudo useradd --system --create-home --home-dir /var/jjakkekeyserver --shell /bin/nologin jjakkekeyserver
|
||||||
sudo chmod 700 /var/jjakkekeyserver
|
|
||||||
sudo -u jjakkekeyserver --set-home gpg # gpg needs to create some files or it won't work right. press Ctrl + D to exit it.
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Create the config file
|
### Create the config file
|
||||||
```
|
```
|
||||||
cp keyserver.conf.example keyserver.conf
|
cp keyserver.conf.example keyserver.conf
|
||||||
```
|
```
|
||||||
Note that hypnotoad/morbo looks for the config file in the same directory as it was called from. I have no idea how to change this as there isn't a --config-file option one can use with hypnotoad or morbo.
|
|
||||||
|
|
||||||
### Create relevant details for the database.
|
### Create relevant details for the database.
|
||||||
An example that you may follow:
|
An example that you may follow:
|
||||||
|
@ -57,12 +73,13 @@ postgres=# create database jjakkekeyserverdb;
|
||||||
postgres=# create user jjakkekeyserver with encrypted password 'password';
|
postgres=# create user jjakkekeyserver with encrypted password 'password';
|
||||||
postgres=# grant all privileges on database jjakkekeyserverdb to jjakkekeyserver;
|
postgres=# grant all privileges on database jjakkekeyserverdb to jjakkekeyserver;
|
||||||
postgres=# \c jjakkekeyserverdb;
|
postgres=# \c jjakkekeyserverdb;
|
||||||
postgres=# grant all privileges on schema public to jjakkekeyserver;
|
jjakkekeyserverdb=# grant all privileges on schema public to jjakkekeyserver;
|
||||||
|
jjakkekeyserverdb=# exit
|
||||||
```
|
```
|
||||||
|
|
||||||
### Start Program
|
### Start Program
|
||||||
```
|
```
|
||||||
sudo -u jjakkekeyserver hypnotoad -f keyserver; # -f = starts in foreground
|
sudo -u jjakkekeyserver hypnotoad -f keyserver ./keyserver.conf; # -f = starts in foreground
|
||||||
```
|
```
|
||||||
|
|
||||||
### Proxy
|
### Proxy
|
||||||
|
@ -71,11 +88,21 @@ It's a good idea to proxy this program behind another dedicated program that lis
|
||||||
## Usage
|
## Usage
|
||||||
### GnuPG examples
|
### GnuPG examples
|
||||||
```
|
```
|
||||||
gpg --keyserver hkp://hostname --send-keys <keyid>
|
gpg --keyserver hkp(s)://hostname --send-keys <keyid>
|
||||||
gpg --keyserver hkp://hostname --search-keys <search string>
|
gpg --keyserver hkp(s)://hostname --search-keys <search string>
|
||||||
gpg --keyserver hkp://hostname --recv-keys <keyid>
|
gpg --keyserver hkp(s)://hostname --recv-keys <keyid>
|
||||||
```
|
```
|
||||||
|
|
||||||
### Web browser
|
### Web browser
|
||||||
http://hostname
|
http(s)://hostname
|
||||||
|
|
||||||
|
|
||||||
|
## SystemD
|
||||||
|
|
||||||
|
Make sure the service file actually makes sense for your use case; unless you've followed the guide in this README, it most certainly does not.
|
||||||
|
```
|
||||||
|
vim jjakkekeyserver.service
|
||||||
|
sudo cp jjakkekeyserver.service /etc/systemd/system
|
||||||
|
sudo systemctl daemon-reload
|
||||||
|
sudo systemctl start jjakkekeyserver.service
|
||||||
|
```
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
{
|
{
|
||||||
hypnotoad => {
|
hypnotoad => {
|
||||||
listen => [
|
listen => [
|
||||||
'http://127.0.0.55:8080' # .55 not .1
|
'http://127.0.0.1:8080'
|
||||||
],
|
],
|
||||||
pid_file => '/var/run/jjakkekeyserver.pid',
|
pid_file => './jjakkekeyserver.pid',
|
||||||
workers => 6
|
workers => 6
|
||||||
},
|
},
|
||||||
pguser => 'jjakkekeyserver',
|
pguser => 'jjakkekeyserver',
|
||||||
|
|
Loading…
Reference in a new issue