# jake's keyserver A pure Perl keyserver! When it receives a key, it does stuff to it then sticks it in postgres database. ## Features * 'Secret' upload path. * Disable upload for secret, normal path, or both. For when you don't want people to upload keys. ## Requirements * Perl v5.38.0 or greater * Relevant Mojo/Mojolicious modules and other Perl modules * Postgresql server * A dedicated user would be nice ### Install on your distro Maybe it is packaged by your distro maintainers? * Debian ``` apt install libmojolicious-perl libmojo-pg-perl ``` Note: the latest Perl at the time of writing on Debian stable is v5.36.x which doesn't have class support... I really wanted to use class(). Sorry! So, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install v5.38.x. ### postgres Probably not needed info, but postgres here is version 15. ``` % sudo apt install postgresql postgresql-server-dev-15 % sudo -u postgres psql # test if 'active' so to speak. ``` Follow instructions from 'Create relevent details for the database.' ### perlbrew (with Debian 12.8) ``` % sudo apt install perlbrew % sudo -u jjakkekeyserver perlbrew init % echo 'source ~/perl5/perlbrew/etc/bashrc' | sudo -u jjakkekeyserver tee -a /var/jjakkekeyserver/.profile % sudo -u jjakkekeyserver perlbrew available # pick at least v5.38.x. Here I pick 5.40.x % sudo -u jjakkekeyserver perlbrew install perl-5.40.0 # this *will* take a while % sudo -u jjakkekeyserver perlbrew install-cpanm % sudo chsh jjakkekeyserver -s /bin/bash # we will set this back to /bin/nologin later % sudo -u jjakkekeyserver -i jjakkekeyserver% perlbrew switch perl-5.40.0 jjakkekeyserver% PERL_CPANM_HOME=/tmp cpanm DBD::Pg # needs postgresql-server-dev-xx (on debian) jjakkekeyserver% cpanm Mojolicious Mojo::Pg # AND postgres itself must be running # DBD::Pg test wants to poke stuff, fails otherwise jjakkekeyserver% perl ./keyserver # see whats broken or not. # after you've made sure it works... jjakkekeyserver% exit % sudo chsh jjakkekeyserver -s /bin/nologin ``` ### Install via cpan (or cpan-minus, considered way better by most) ``` cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util ``` Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or fucking DEAD there won't be permanently broken cpan repos that mojolicious depends on) ## To use ### Create a dedicated user to run this program (Debian) ``` sudo adduser --group --home /var/jjakkekeyserver --system -- jjakkekeyserver ``` ### Create a dedicated user to run this program (not Debian) ``` sudo useradd --system --create-home --home-dir /var/jjakkekeyserver --shell /bin/nologin jjakkekeyserver ``` ### Create the config file ``` cp keyserver.conf.example keyserver.conf ``` ### Create relevant details for the database. An example that you may follow: ``` sudo -u postgres psql postgres=# create database jjakkekeyserverdb; postgres=# create user jjakkekeyserver with encrypted password 'password'; postgres=# grant all privileges on database jjakkekeyserverdb to jjakkekeyserver; postgres=# \c jjakkekeyserverdb; jjakkekeyserverdb=# grant all privileges on schema public to jjakkekeyserver; jjakkekeyserverdb=# exit ``` ### Caveats #### config file For some reason, hypnotoad (or morbo) lacks a 'config' flag and there isn't a way to set it as far as I can tell (even in program (for now)). What I do know is that it looks for keyserver.conf in the working directory. #### Usage of 'lib' I used `use lib qw(lib)` in my program, which means the working directory has have 'lib/KeyData.pm' in it, or be manually installed somewhere (really not recommended). Basically the directory keyserver program resides in. I will add a dedicated installer for this, later. KeyData.pm is useful. ### Start Program ``` sudo -u jjakkekeyserver hypnotoad -f ./keyserver; # -f = starts in foreground ``` ### Proxy It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443. ## Usage ### GnuPG examples ``` gpg --keyserver hkp(s)://hostname --send-keys gpg --keyserver hkp(s)://hostname --search-keys gpg --keyserver hkp(s)://hostname --recv-keys ``` ### Web browser http(s)://hostname ## SystemD Make sure the service file actually makes sense for your use case; unless you've followed the guide in this README, it most certainly does not. ``` vim jjakkekeyserver.service sudo cp jjakkekeyserver.service /etc/systemd/system sudo systemctl daemon-reload sudo systemctl start jjakkekeyserver.service ```