free
/
freedombone
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Pārlūkot izejas kodu

Don't backup infeasibly large keyserver databases

Bob Mottram 7 gadus atpakaļ
vecāks
fe024046ec
revīzija
0bbfd412b5
1 mainītis faili ar 42 papildinājumiem un 6 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 42
    6
      src/freedombone-app-keyserver

+ 42
- 6
src/freedombone-app-keyserver Parādīt failu 

@@ -46,6 +46,16 @@ keyserver_variables=(ONION_ONLY
46 46 
                      KEYSERVER_DOMAIN_NAME
47 47 
                      KEYSERVER_CODE)
48 48
49 
+function check_keyserver_directory_size {
50 
+    dirsize=$(du /var/lib/sks/DB | awk -F ' ' '{print $1}')
51 
+    # 500M
52 
+    if [ $dirsize -gt 500000 ]; then
53 
+        echo "1"
54 
+        return
55 
+    fi
56 
+    echo "0"
57 
+}
58 
+
49 59 
 function configure_firewall_for_keyserver {
50 60 
     if [[ $ONION_ONLY != "no" ]]; then
51 61 
         return
 
@@ -115,6 +125,10 @@ function upgrade_keyserver {
115 125 
 }
116 126
117 127 
 function backup_local_keyserver {
128 
+    if [[ "$(check_keyserver_directory_size)" != "0" ]]; then
129 
+        echo $'WARNING: Keyserver database size is too large to backup'
130 
+        return
131 
+    fi
118 132 
     source_directory=/var/lib/sks/DB
119 133 
     if [ -d $source_directory ]; then
120 134 
         systemctl stop sks
 
@@ -158,6 +172,10 @@ function restore_local_keyserver {
158 172 
 }
159 173
160 174 
 function backup_remote_keyserver {
175 
+    if [[ "$(check_keyserver_directory_size)" != "0" ]]; then
176 
+        echo $'WARNING: Keyserver database size is too large to backup'
177 
+        return
178 
+    fi
161 179 
     source_directory=/var/lib/sks/DB
162 180 
     if [ -d $source_directory ]; then
163 181 
         systemctl stop sks
 
@@ -247,7 +265,23 @@ function install_interactive_keyserver {
247 265 
     APP_INSTALLED=1
248 266 
 }
249 267
268 
+function keyserver_create_membership {
269 
+    if [ -f /etc/sks/membership ]; then
270 
+        return
271 
+    fi
272 
+    systemctl stop sks
273 
+    echo $"# List of other $PROJECT_NAME SKS Keyservers to sync with." > /etc/sks/membership
274 
+    echo '#' >> /etc/sks/membership
275 
+    echo $"# Don't add major keyservers here, because it will take an" >> /etc/sks/membership
276 
+    echo $'# Infeasible amount of time to sync and backups will become' >> /etc/sks/membership
277 
+    echo $'# absurdly long and probably break your system. You have been warned.' >> /etc/sks/membership
278 
+    echo '' >> /etc/sks/membership
279 
+    chown -Rc debian-sks: /etc/sks/membership
280 
+    systemctl start sks
281 
+}
282 
+
250 283 
 function keyserver_import_keys {
284 
+    # NOTE: this function isn't used, but kept for reference
251 285 
     dialog --title $"Import public keys database" \
252 286 
            --backtitle $"Freedombone Control Panel" \
253 287 
            --defaultno \
 
@@ -277,7 +311,7 @@ function keyserver_sync {
277 311 
     trap "rm -f $data" 0 1 2 5 15
278 312 
     dialog --backtitle $"Freedombone Control Panel" \
279 313 
            --title $"Sync with other keyserver" \
280 
-           --form "\nDetails for the other server:" 10 50 3 \
314 
+           --form $"\nEnter details for the other server. Please be aware that it's not a good idea to sync with major keyservers which have exceptionally large databases. This is intended to sync with other $PROJECT_NAME systems each having a small database for a particular community." 15 60 2 \
281 315 
            $"Domain:" 1 1 "" 1 18 32 32 \
282 316 
            $"Port:" 2 1 "11370" 2 18 8 8 \
283 317 
            2> $data
 
@@ -306,6 +340,7 @@ function keyserver_sync {
306 340 
     if [ ${#other_keyserver_port} -lt 4 ]; then
307 341 
         return
308 342 
     fi
343 
+    keyserver_create_membership
309 344 
     if grep -q "$other_keyserver_domain $other_keyserver_port" /etc/sks/membership; then
310 345 
         return
311 346 
     fi
 
@@ -321,6 +356,9 @@ function keyserver_sync {
321 356 
 }
322 357
323 358 
 function keyserver_edit {
359 
+    if [ ! -f /etc/sks/membership ]; then
360 
+        return
361 
+    fi
324 362 
     editor /etc/sks/membership
325 363 
     chown -Rc debian-sks: /etc/sks/membership
326 364 
     systemctl restart sks
 
@@ -333,11 +371,10 @@ function configure_interactive_keyserver {
333 371 
         trap "rm -f $data" 0 1 2 5 15
334 372 
         dialog --backtitle $"Freedombone Control Panel" \
335 373 
                --title $"SKS Keyserver" \
336 
-               --radiolist $"Choose an operation:" 12 70 4 \
374 
+               --radiolist $"Choose an operation:" 11 70 3 \
337 375 
                1 $"Sync with other keyserver" off \
338 376 
                2 $"Edit sync keyservers" off \
339 
-               3 $"Import public keys database" off \
340 
-               4 $"Exit" on 2> $data
377 
+               3 $"Exit" on 2> $data
341 378 
         sel=$?
342 379 
         case $sel in
343 380 
             1) return;;
 
@@ -346,8 +383,7 @@ function configure_interactive_keyserver {
346 383 
         case $(cat $data) in
347 384 
             1) keyserver_sync;;
348 385 
             2) keyserver_edit;;
349 
-            3) keyserver_import_keys;;
350 
-            4) break;;
386 
+            3) break;;
351 387 
         esac
352 388 
     done
353 389 
 }