|
@@ -123,7 +123,7 @@ function restore_remote_keyserver {
|
123
|
123
|
|
124
|
124
|
function remove_keyserver {
|
125
|
125
|
systemctl stop sks
|
126
|
|
- apt-get -qy remove sks
|
|
126
|
+ apt-get -qy remove sks dirmngr
|
127
|
127
|
|
128
|
128
|
read_config_param "KEYSERVER_DOMAIN_NAME"
|
129
|
129
|
nginx_dissite $KEYSERVER_DOMAIN_NAME
|
|
@@ -195,6 +195,54 @@ function keyserver_import_keys {
|
195
|
195
|
sks build
|
196
|
196
|
}
|
197
|
197
|
|
|
198
|
+function keyserver_sync {
|
|
199
|
+ data=$(tempfile 2>/dev/null)
|
|
200
|
+ trap "rm -f $data" 0 1 2 5 15
|
|
201
|
+ dialog --backtitle $"Freedombone Control Panel" \
|
|
202
|
+ --title $"Sync with other keyserver" \
|
|
203
|
+ --form "\nDetails for the other server:" 10 50 3 \
|
|
204
|
+ $"Domain:" 1 1 "" 1 18 32 32 \
|
|
205
|
+ $"Port:" 2 1 "11370" 2 18 8 8 \
|
|
206
|
+ 2> $data
|
|
207
|
+ sel=$?
|
|
208
|
+ case $sel in
|
|
209
|
+ 1) return;;
|
|
210
|
+ 255) return;;
|
|
211
|
+ esac
|
|
212
|
+ other_keyserver_domain=$(cat $data | sed -n 1p)
|
|
213
|
+ other_keyserver_port=$(cat $data | sed -n 2p)
|
|
214
|
+ if [[ "$other_keyserver_domain" != *'.'* ]]; then
|
|
215
|
+ return
|
|
216
|
+ fi
|
|
217
|
+ if [[ "$other_keyserver_domain" == *' '* ]]; then
|
|
218
|
+ return
|
|
219
|
+ fi
|
|
220
|
+ if [[ "$other_keyserver_port" == *'.'* ]]; then
|
|
221
|
+ return
|
|
222
|
+ fi
|
|
223
|
+ if [[ "$other_keyserver_port" == *' '* ]]; then
|
|
224
|
+ return
|
|
225
|
+ fi
|
|
226
|
+ if [ ${#other_keyserver_domain} -lt 4 ]; then
|
|
227
|
+ return
|
|
228
|
+ fi
|
|
229
|
+ if [ ${#other_keyserver_port} -lt 4 ]; then
|
|
230
|
+ return
|
|
231
|
+ fi
|
|
232
|
+ if grep -q "$other_keyserver_domain $other_keyserver_port" /etc/sks/membership; then
|
|
233
|
+ return
|
|
234
|
+ fi
|
|
235
|
+ if grep -q "$other_keyserver_domain " /etc/sks/membership; then
|
|
236
|
+ sed -i "s|$other_keyserver_domain .*|$other_keyserver_domain $other_keyserver_port|g" /etc/sks/membership
|
|
237
|
+ else
|
|
238
|
+ echo "$other_keyserver_domain $other_keyserver_port" >> /etc/sks/membership
|
|
239
|
+ fi
|
|
240
|
+ chown -Rc debian-sks: /etc/sks/membership
|
|
241
|
+ systemctl restart sks
|
|
242
|
+ dialog --title $"Sync with other keyserver" \
|
|
243
|
+ --msgbox $"Keyserver added" 6 40
|
|
244
|
+}
|
|
245
|
+
|
198
|
246
|
function configure_interactive_keyserver {
|
199
|
247
|
while true
|
200
|
248
|
do
|
|
@@ -202,26 +250,37 @@ function configure_interactive_keyserver {
|
202
|
250
|
trap "rm -f $data" 0 1 2 5 15
|
203
|
251
|
dialog --backtitle $"Freedombone Control Panel" \
|
204
|
252
|
--title $"SKS Keyserver" \
|
205
|
|
- --radiolist $"Choose an operation:" 10 70 2 \
|
206
|
|
- 1 $"Import public keys database" off \
|
207
|
|
- 2 $"Exit" on 2> $data
|
|
253
|
+ --radiolist $"Choose an operation:" 11 70 3 \
|
|
254
|
+ 1 $"Sync with other keyserver" off \
|
|
255
|
+ 2 $"Import public keys database" off \
|
|
256
|
+ 3 $"Exit" on 2> $data
|
208
|
257
|
sel=$?
|
209
|
258
|
case $sel in
|
210
|
259
|
1) return;;
|
211
|
260
|
255) return;;
|
212
|
261
|
esac
|
213
|
262
|
case $(cat $data) in
|
214
|
|
- 1) keyserver_import_keys;;
|
215
|
|
- 2) break;;
|
|
263
|
+ 1) keyserver_sync;;
|
|
264
|
+ 2) keyserver_import_keys;;
|
|
265
|
+ 3) break;;
|
216
|
266
|
esac
|
217
|
267
|
done
|
218
|
268
|
}
|
219
|
269
|
|
|
270
|
+function keyserver_reset_database {
|
|
271
|
+ if [ -d /var/lib/sks/DB ]; then
|
|
272
|
+ rm -rf /var/lib/sks/DB
|
|
273
|
+ fi
|
|
274
|
+ sks build
|
|
275
|
+ chown -Rc debian-sks: /var/lib/sks
|
|
276
|
+ systemctl restart sks
|
|
277
|
+}
|
|
278
|
+
|
220
|
279
|
function install_keyserver {
|
221
|
280
|
apt-get -qy install build-essential gcc ocaml libdb-dev wget sks
|
222
|
|
- sks build
|
223
|
|
- chown -Rc debian-sks: /var/lib/sks/DB
|
|
281
|
+ keyserver_reset_database
|
224
|
282
|
sed -i 's|initstart=.*|initstart=yes|g' /etc/default/sks
|
|
283
|
+ apt-get -qy install dirmngr
|
225
|
284
|
systemctl restart sks
|
226
|
285
|
|
227
|
286
|
if [ ! -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then
|
|
@@ -270,29 +329,23 @@ function install_keyserver {
|
270
|
329
|
sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
|
271
|
330
|
sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
|
272
|
331
|
|
273
|
|
- sksconf_file=/var/lib/sks/sksconf
|
274
|
|
- echo 'debuglevel: 3' > $sksconf_file
|
275
|
|
- echo '' >> $sksconf_file
|
276
|
|
- echo "hostname: $KEYSERVER_DOMAIN_NAME" >> $sksconf_file
|
277
|
|
- echo '' >> $sksconf_file
|
278
|
|
- echo 'hkp_address: 127.0.0.1' >> $sksconf_file
|
279
|
|
- echo "hkp_port: $KEYSERVER_PORT" >> $sksconf_file
|
280
|
|
- echo 'recon_port: 11370' >> $sksconf_file
|
281
|
|
- echo '' >> $sksconf_file
|
282
|
|
- echo "server_contact: $GPG_ID" >> $sksconf_file
|
283
|
|
- echo '' >> $sksconf_file
|
284
|
|
- echo 'initial_stat:' >> $sksconf_file
|
285
|
|
- echo 'disable_mailsync:' >> $sksconf_file
|
286
|
|
- echo 'membership_reload_interval: 1' >> $sksconf_file
|
287
|
|
- echo 'stat_hour: 12' >> $sksconf_file
|
288
|
|
- echo '' >> $sksconf_file
|
289
|
|
- echo 'max_matches: 500' >> $sksconf_file
|
|
332
|
+ sksconf_file=/etc/sks/sksconf
|
|
333
|
+ sed -i "s|#hostname:.*|hostname: $KEYSERVER_DOMAIN_NAME|g" $sksconf_file
|
|
334
|
+ sed -i "s|hostname:.*|hostname: $KEYSERVER_DOMAIN_NAME|g" $sksconf_file
|
|
335
|
+ sed -i "s|#hkp_port:.*|hkp_port: 11373|g" $sksconf_file
|
|
336
|
+ sed -i "s|hkp_port:.*|hkp_port: 11373|g" $sksconf_file
|
|
337
|
+ sed -i "s|#recon_port:.*|recon_port: 11370|g" $sksconf_file
|
|
338
|
+ sed -i "s|recon_port:.*|recon_port: 11370|g" $sksconf_file
|
|
339
|
+ sed -i "s|#recon_address:.*|recon_address: 0.0.0.0|g" $sksconf_file
|
|
340
|
+ sed -i "s|recon_address:.*|recon_address: 0.0.0.0|g" $sksconf_file
|
|
341
|
+ sed -i 's|#hkp_address:.*|hkp_address: 0.0.0.0|g' $sksconf_file
|
|
342
|
+ sed -i 's|hkp_address:.*|hkp_address: 0.0.0.0|g' $sksconf_file
|
290
|
343
|
chown debian-sks: $sksconf_file
|
291
|
344
|
|
292
|
345
|
if ! grep -q "hidden_service_sks" /etc/tor/torrc; then
|
293
|
346
|
echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/' >> /etc/tor/torrc
|
294
|
347
|
echo "HiddenServicePort 11370 127.0.0.1:11370" >> /etc/tor/torrc
|
295
|
|
- echo "HiddenServicePort 11371 127.0.0.1:11371" >> /etc/tor/torrc
|
|
348
|
+ echo "HiddenServicePort 11371 127.0.0.1:11373" >> /etc/tor/torrc
|
296
|
349
|
echo "HiddenServicePort 11372 127.0.0.1:11372" >> /etc/tor/torrc
|
297
|
350
|
echo $'Added onion site for sks'
|
298
|
351
|
fi
|
|
@@ -344,9 +397,9 @@ function install_keyserver {
|
344
|
397
|
echo ' rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
|
345
|
398
|
echo '' >> $keyserver_nginx_site
|
346
|
399
|
echo ' location /pks {' >> $keyserver_nginx_site
|
347
|
|
- echo " proxy_pass http://127.0.0.1:$KEYSERVER_PORT;" >> $keyserver_nginx_site
|
|
400
|
+ echo " proxy_pass http://127.0.0.1:11373;" >> $keyserver_nginx_site
|
348
|
401
|
echo ' proxy_pass_header Server;' >> $keyserver_nginx_site
|
349
|
|
- echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_PORT (nginx)\";" >> $keyserver_nginx_site
|
|
402
|
+ echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11373 (nginx)\";" >> $keyserver_nginx_site
|
350
|
403
|
echo ' proxy_ignore_client_abort on;' >> $keyserver_nginx_site
|
351
|
404
|
echo ' client_max_body_size 8m;' >> $keyserver_nginx_site
|
352
|
405
|
echo ' }' >> $keyserver_nginx_site
|
|
@@ -378,9 +431,9 @@ function install_keyserver {
|
378
|
431
|
echo ' rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
|
379
|
432
|
echo '' >> $keyserver_nginx_site
|
380
|
433
|
echo ' location /pks {' >> $keyserver_nginx_site
|
381
|
|
- echo " proxy_pass http://127.0.0.1:$KEYSERVER_PORT;" >> $keyserver_nginx_site
|
|
434
|
+ echo " proxy_pass http://127.0.0.1:11373;" >> $keyserver_nginx_site
|
382
|
435
|
echo ' proxy_pass_header Server;' >> $keyserver_nginx_site
|
383
|
|
- echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_PORT (nginx)\";" >> $keyserver_nginx_site
|
|
436
|
+ echo " add_header Via \"1.1 $KEYSERVER_DOMAIN_NAME:11373 (nginx)\";" >> $keyserver_nginx_site
|
384
|
437
|
echo ' proxy_ignore_client_abort on;' >> $keyserver_nginx_site
|
385
|
438
|
echo ' client_max_body_size 8m;' >> $keyserver_nginx_site
|
386
|
439
|
echo ' }' >> $keyserver_nginx_site
|
|
@@ -409,6 +462,13 @@ function install_keyserver {
|
409
|
462
|
|
410
|
463
|
configure_firewall_for_keyserver
|
411
|
464
|
|
|
465
|
+ # remove membership file - don't try to sync with other keyservers
|
|
466
|
+ if [ -f /etc/sks/membership ]; then
|
|
467
|
+ rm /etc/sks/membership
|
|
468
|
+ fi
|
|
469
|
+
|
|
470
|
+ systemctl enable sks
|
|
471
|
+ systemctl restart sks
|
412
|
472
|
systemctl restart nginx
|
413
|
473
|
|
414
|
474
|
set_completion_param "keyserver domain" "$KEYSERVER_DOMAIN_NAME"
|