keyserver/README.md

109 lines
4.1 KiB
Markdown

# jake's keyserver
This program pokes gpg when it receives a key. Then it does stuff to the output gpg produces and stores it in a postgres database.
## Features
* 'Secret' upload path.
* Disable upload for secret, normal path, or both. For when you don't want people to upload keys.
## Requirements
* Perl v5.38.0 or greater
* Relevant Mojo/Mojolicious modules and other Perl modules
* Postgresql server
* A dedicated user would be nice
### Install on your distro
Maybe it is packaged by your distro maintainers?
* Debian
```
apt install libmojolicious-perl libmojo-pg-perl
```
Note: the latest Perl at the time of writing on Debian stable is v5.36.x which doesn't have class support... I really wanted to use class(). Sorry!
So, you're likely better off installing perlbrew and having the dedicated user that will run this program compile and install v5.38.x.
### perlbrew (with Debian 12.8)
```
% sudo apt install perlbrew
% sudo -u jjakkekeyserver perlbrew init
% echo 'source ~/perl5/perlbrew/etc/bashrc' | sudo -u jjakkekeyserver tee -a /var/jjakkekeyserver/.profile
% sudo -u jjakkekeyserver perlbrew available # pick at least v5.38.x. Here I pick 5.40.x
% sudo -u jjakkekeyserver perlbrew install perl-5.40.0 # this *will* take a while
% sudo -u jjakkekeyserver perlbrew install-cpanm
% sudo chsh jjakkekeyserver -s /bin/bash # we will set this back to /bin/nologin later
% sudo -u jjakkekeyserver -i
jjakkekeyserver% PERL_CPANM_HOME=/tmp cpanm DBD::Pg # needs postgresql-server-dev-xx (on debian)
jjakkekeyserver% cpanm Mojolicious Mojo::Pg # AND postgres itself must be running
# DBD::Pg test wants to poke stuff, fails otherwise
jjakkekeyserver% perl ./keyserver # see whats broken or not.
# after you've made sure it works...
jjakkekeyserver% exit
% sudo chsh jjakkekeyserver -s /bin/nologin
```
#### postgres
Probably not needed info, but postgres here is version 15.
```
% sudo apt install postgresql postgresql-server-dev-xx
% sudo -u postgres psql # test if 'active' so to speak.
```
Follow instructions from 'Create relevent details for the database.'
### Install via cpan (or cpan-minus, considered way better by most)
```
cpanm Mojolicious Mojo::Pg Mojo::File Mojo::Util
```
Installing via cpan(m) will work because the Mojolicious devs are competent (to be more specific, they opt to recreate everything, that way if a dependency breaks because the author is ignoring issues or fucking DEAD there won't be permanently broken cpan repos that mojolicious depends on)
## To use
### Create a dedicated user to run this program
```
sudo useradd --system --create-home --home-dir /var/jjakkekeyserver --shell /bin/nologin jjakkekeyserver
```
### Create the config file
```
cp keyserver.conf.example keyserver.conf
```
### Create relevant details for the database.
An example that you may follow:
```
sudo -u postgres psql
postgres=# create database jjakkekeyserverdb;
postgres=# create user jjakkekeyserver with encrypted password 'password';
postgres=# grant all privileges on database jjakkekeyserverdb to jjakkekeyserver;
postgres=# \c jjakkekeyserverdb;
jjakkekeyserverdb=# grant all privileges on schema public to jjakkekeyserver;
jjakkekeyserverdb=# exit
```
### Start Program
```
sudo -u jjakkekeyserver hypnotoad -f keyserver ./keyserver.conf; # -f = starts in foreground
```
### Proxy
It's a good idea to proxy this program behind another dedicated program that listens on relevant ports: no TLS, 11371 and 80; with TLS, 11372 and 443.
## Usage
### GnuPG examples
```
gpg --keyserver hkp(s)://hostname --send-keys <keyid>
gpg --keyserver hkp(s)://hostname --search-keys <search string>
gpg --keyserver hkp(s)://hostname --recv-keys <keyid>
```
### Web browser
http(s)://hostname
## SystemD
Make sure the service file actually makes sense for your use case; unless you've followed the guide in this README, it most certainly does not.
```
vim jjakkekeyserver.service
sudo cp jjakkekeyserver.service /etc/systemd/system
sudo systemctl daemon-reload
sudo systemctl start jjakkekeyserver.service
```