# jake's keyserver A pure Perl keyserver! When it receives a key, it does stuff to it then sticks it in postgres database. ## Features * 'Secret' upload path. * Disable upload for secret, normal path, or both. For when you don't want people to upload keys. ## Requirements * Perl v5.38.0 or greater * Relevant Mojo/Mojolicious modules and other Perl modules * Postgresql server * A dedicated user would be nice ## Install Instructions from Top to Bottom ### Install on your distro Maybe it is packaged by your distro maintainers? * Debian ``` apt install libmojolicious-perl libmojo-pg-perl ``` Note: the latest Perl at the time of writing on Debian stable is v5.36.x which doesn't have class support... I really wanted to use class(). Sorry! So, right now, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install perl v5.38.x or higher. ### Create user: #### Debian's adduser ``` sudo adduser --group --home /var/lib/jjakkekeyserver --system -- jjakkekeyserver ``` #### not Debian ``` sudo useradd --system --create-home --home-dir /var/lib/jjakkekeyserver --shell /bin/nologin jjakkekeyserver ``` ### postgres Probably not needed info, but postgres here is version 15. ``` % sudo apt install postgresql postgresql-server-dev-xx % sudo -u postgres psql # test if 'active' so to speak. ``` Follow instructions from 'Create relevant details for the database.' ### perlbrew (with Debian 12.8) ``` % sudo apt install perlbrew % sudo -u jjakkekeyserver perlbrew init % echo 'source ~/perl5/perlbrew/etc/bashrc' | sudo -u jjakkekeyserver tee -a /var/jjakkekeyserver/.profile % sudo -u jjakkekeyserver perlbrew available # pick at least v5.38.x. Here I pick 5.40.x % sudo -u jjakkekeyserver perlbrew install perl-5.40.0 # this *will* take a while % sudo -u jjakkekeyserver perlbrew install-cpanm % sudo chsh jjakkekeyserver -s /bin/bash # we will set this back to /bin/nologin later % sudo -u jjakkekeyserver -i jjakkekeyserver% perlbrew switch perl-5.40.0 jjakkekeyserver% PERL_CPANM_HOME=/tmp cpanm DBD::Pg # needs postgresql-server-dev-xx (on debian) jjakkekeyserver% cpanm Mojolicious Mojo::Pg # AND postgres itself must be running # DBD::Pg test wants to poke stuff, fails otherwise jjakkekeyserver% perl ./keyserver # see whats broken or not. # after you've made sure it works... jjakkekeyserver% exit % sudo chsh jjakkekeyserver -s /bin/nologin ``` ### Install modules via cpan (or cpan-minus, considered way better by most) ``` cpanm Mojolicious Mojo::Pg ``` Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or has passed on there won't be permanently broken cpan repos that mojolicious depends on) ## To use ### Create the config file ``` cp keyserver.conf.example keyserver.conf vim keyserver.conf chmod 600 keyserver.conf # this file has secrets ``` ### Create relevant details for the database. An example that you may follow: ``` sudo -u postgres psql postgres=# create database jjakkekeyserverdb; postgres=# create user jjakkekeyserver with encrypted password 'password'; postgres=# grant all privileges on database jjakkekeyserverdb to jjakkekeyserver; postgres=# \c jjakkekeyserverdb; jjakkekeyserverdb=# grant all privileges on schema public to jjakkekeyserver; jjakkekeyserverdb=# exit ``` ## Caveats #### config file For some reason, hypnotoad (or morbo) lacks a 'config' flag and there isn't a way to set it as far as I can tell (even in program (for now)). What I do know is that it looks for keyserver.conf somewhere, most likely working directory, but maybe the directory the program itself is in. ### Usage of 'lib' I used `use lib qw(lib)` in my program, which means the working directory has have 'lib/KeyData.pm' in it, or be manually installed somewhere (really not recommended). Basically the directory keyserver program resides in. I will add a dedicated installer for this, later. KeyData.pm is useful. ## Start Program ``` sudo -u jjakkekeyserver hypnotoad -f ./keyserver; # -f = starts in foreground ``` ## Proxy It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443. ## Usage ### GnuPG examples ``` gpg --keyserver hkp(s)://hostname --send-keys gpg --keyserver hkp(s)://hostname --search-keys gpg --keyserver hkp(s)://hostname --recv-keys ``` ### Web browser http(s)://hostname ## SystemD Make sure the service file actually makes sense for your use case; unless you've followed the guide in this README, it most certainly does not. ``` vim jjakkekeyserver.service sudo cp jjakkekeyserver.service /etc/systemd/system sudo systemctl daemon-reload sudo systemctl start jjakkekeyserver.service ```