ソースを参照

Add sync keyservers

Bob Mottram 7 年 前
コミット
8b39a6d211
共有1 個のファイルを変更した90 個の追加30 個の削除を含む
  1. 90
    30
      src/freedombone-app-keyserver

+ 90
- 30
src/freedombone-app-keyserver ファイルの表示

@@ -123,7 +123,7 @@ function restore_remote_keyserver {
123 123
 
124 124
 function remove_keyserver {
125 125
     systemctl stop sks
126
-    apt-get -qy remove sks
126
+    apt-get -qy remove sks dirmngr
127 127
 
128 128
     read_config_param "KEYSERVER_DOMAIN_NAME"
129 129
     nginx_dissite $KEYSERVER_DOMAIN_NAME
@@ -195,6 +195,54 @@ function keyserver_import_keys {
195 195
     sks build
196 196
 }
197 197
 
198
+function keyserver_sync {
199
+    data=$(tempfile 2>/dev/null)
200
+    trap "rm -f $data" 0 1 2 5 15
201
+    dialog --backtitle $"Freedombone Control Panel" \
202
+           --title $"Sync with other keyserver" \
203
+           --form "\nDetails for the other server:" 10 50 3 \
204
+           $"Domain:" 1 1 "" 1 18 32 32 \
205
+           $"Port:" 2 1 "11370" 2 18 8 8 \
206
+           2> $data
207
+    sel=$?
208
+    case $sel in
209
+        1) return;;
210
+        255) return;;
211
+    esac
212
+    other_keyserver_domain=$(cat $data | sed -n 1p)
213
+    other_keyserver_port=$(cat $data | sed -n 2p)
214
+    if [[ "$other_keyserver_domain" != *'.'* ]]; then
215
+        return
216
+    fi
217
+    if [[ "$other_keyserver_domain" == *' '* ]]; then
218
+        return
219
+    fi
220
+    if [[ "$other_keyserver_port" == *'.'* ]]; then
221
+        return
222
+    fi
223
+    if [[ "$other_keyserver_port" == *' '* ]]; then
224
+        return
225
+    fi
226
+    if [ ${#other_keyserver_domain} -lt 4 ]; then
227
+        return
228
+    fi
229
+    if [ ${#other_keyserver_port} -lt 4 ]; then
230
+        return
231
+    fi
232
+    if grep -q "$other_keyserver_domain $other_keyserver_port" /etc/sks/membership; then
233
+        return
234
+    fi
235
+    if grep -q "$other_keyserver_domain " /etc/sks/membership; then
236
+        sed -i "s|$other_keyserver_domain .*|$other_keyserver_domain $other_keyserver_port|g" /etc/sks/membership
237
+    else
238
+        echo "$other_keyserver_domain $other_keyserver_port" >> /etc/sks/membership
239
+    fi
240
+    chown -Rc debian-sks: /etc/sks/membership
241
+    systemctl restart sks
242
+    dialog --title $"Sync with other keyserver" \
243
+           --msgbox $"Keyserver added" 6 40
244
+}
245
+
198 246
 function configure_interactive_keyserver {
199 247
     while true
200 248
     do
@@ -202,26 +250,37 @@ function configure_interactive_keyserver {
202 250
         trap "rm -f $data" 0 1 2 5 15
203 251
         dialog --backtitle $"Freedombone Control Panel" \
204 252
                --title $"SKS Keyserver" \
205
-               --radiolist $"Choose an operation:" 10 70 2 \
206
-               1 $"Import public keys database" off \
207
-               2 $"Exit" on 2> $data
253
+               --radiolist $"Choose an operation:" 11 70 3 \
254
+               1 $"Sync with other keyserver" off \
255
+               2 $"Import public keys database" off \
256
+               3 $"Exit" on 2> $data
208 257
         sel=$?
209 258
         case $sel in
210 259
             1) return;;
211 260
             255) return;;
212 261
         esac
213 262
         case $(cat $data) in
214
-            1) keyserver_import_keys;;
215
-            2) break;;
263
+            1) keyserver_sync;;
264
+            2) keyserver_import_keys;;
265
+            3) break;;
216 266
         esac
217 267
     done
218 268
 }
219 269
 
270
+function keyserver_reset_database {
271
+    if [ -d /var/lib/sks/DB ]; then
272
+        rm -rf /var/lib/sks/DB
273
+    fi
274
+    sks build
275
+    chown -Rc debian-sks: /var/lib/sks
276
+    systemctl restart sks
277
+}
278
+
220 279
 function install_keyserver {
221 280
     apt-get -qy install build-essential gcc ocaml libdb-dev wget sks
222
-    sks build
223
-    chown -Rc debian-sks: /var/lib/sks/DB
281
+    keyserver_reset_database
224 282
     sed -i 's|initstart=.*|initstart=yes|g' /etc/default/sks
283
+    apt-get -qy install dirmngr
225 284
     systemctl restart sks
226 285
 
227 286
     if [ ! -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then
@@ -270,29 +329,23 @@ function install_keyserver {
270 329
     sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html
271 330
     sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html
272 331
 
273
-    sksconf_file=/var/lib/sks/sksconf
274
-    echo 'debuglevel: 3' > $sksconf_file
275
-    echo '' >> $sksconf_file
276
-    echo "hostname:                       $KEYSERVER_DOMAIN_NAME" >> $sksconf_file
277
-    echo '' >> $sksconf_file
278
-    echo 'hkp_address:                    127.0.0.1' >> $sksconf_file
279
-    echo "hkp_port:                       $KEYSERVER_PORT" >> $sksconf_file
280
-    echo 'recon_port:                     11370' >> $sksconf_file
281
-    echo '' >> $sksconf_file
282
-    echo "server_contact:                 $GPG_ID" >> $sksconf_file
283
-    echo '' >> $sksconf_file
284
-    echo 'initial_stat:' >> $sksconf_file
285
-    echo 'disable_mailsync:' >> $sksconf_file
286
-    echo 'membership_reload_interval:     1' >> $sksconf_file
287
-    echo 'stat_hour:                      12' >> $sksconf_file
288
-    echo '' >> $sksconf_file
289
-    echo 'max_matches:                    500' >> $sksconf_file
332
+    sksconf_file=/etc/sks/sksconf
333
+    sed -i "s|#hostname:.*|hostname: $KEYSERVER_DOMAIN_NAME|g" $sksconf_file
334
+    sed -i "s|hostname:.*|hostname: $KEYSERVER_DOMAIN_NAME|g" $sksconf_file
335
+    sed -i "s|#hkp_port:.*|hkp_port: 11373|g" $sksconf_file
336
+    sed -i "s|hkp_port:.*|hkp_port: 11373|g" $sksconf_file
337
+    sed -i "s|#recon_port:.*|recon_port: 11370|g" $sksconf_file
338
+    sed -i "s|recon_port:.*|recon_port: 11370|g" $sksconf_file
339
+    sed -i "s|#recon_address:.*|recon_address: 0.0.0.0|g" $sksconf_file
340
+    sed -i "s|recon_address:.*|recon_address: 0.0.0.0|g" $sksconf_file
341
+    sed -i 's|#hkp_address:.*|hkp_address: 0.0.0.0|g' $sksconf_file
342
+    sed -i 's|hkp_address:.*|hkp_address: 0.0.0.0|g' $sksconf_file
290 343
     chown debian-sks: $sksconf_file
291 344
 
292 345
     if ! grep -q "hidden_service_sks" /etc/tor/torrc; then
293 346
         echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/' >> /etc/tor/torrc
294 347
         echo "HiddenServicePort 11370 127.0.0.1:11370" >> /etc/tor/torrc
295
-        echo "HiddenServicePort 11371 127.0.0.1:11371" >> /etc/tor/torrc
348
+        echo "HiddenServicePort 11371 127.0.0.1:11373" >> /etc/tor/torrc
296 349
         echo "HiddenServicePort 11372 127.0.0.1:11372" >> /etc/tor/torrc
297 350
         echo $'Added onion site for sks'
298 351
     fi
@@ -344,9 +397,9 @@ function install_keyserver {
344 397
         echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
345 398
         echo '' >> $keyserver_nginx_site
346 399
         echo '  location /pks {' >> $keyserver_nginx_site
347
-        echo "    proxy_pass         http://127.0.0.1:$KEYSERVER_PORT;" >> $keyserver_nginx_site
400
+        echo "    proxy_pass         http://127.0.0.1:11373;" >> $keyserver_nginx_site
348 401
         echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
349
-        echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_PORT (nginx)\";" >> $keyserver_nginx_site
402
+        echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11373 (nginx)\";" >> $keyserver_nginx_site
350 403
         echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
351 404
         echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
352 405
         echo '  }' >> $keyserver_nginx_site
@@ -378,9 +431,9 @@ function install_keyserver {
378 431
     echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
379 432
     echo '' >> $keyserver_nginx_site
380 433
     echo '  location /pks {' >> $keyserver_nginx_site
381
-    echo "    proxy_pass         http://127.0.0.1:$KEYSERVER_PORT;" >> $keyserver_nginx_site
434
+    echo "    proxy_pass         http://127.0.0.1:11373;" >> $keyserver_nginx_site
382 435
     echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
383
-    echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_PORT (nginx)\";" >> $keyserver_nginx_site
436
+    echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11373 (nginx)\";" >> $keyserver_nginx_site
384 437
     echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
385 438
     echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
386 439
     echo '  }' >> $keyserver_nginx_site
@@ -409,6 +462,13 @@ function install_keyserver {
409 462
 
410 463
     configure_firewall_for_keyserver
411 464
 
465
+    # remove membership file - don't try to sync with other keyservers
466
+    if [ -f /etc/sks/membership ]; then
467
+        rm /etc/sks/membership
468
+    fi
469
+
470
+    systemctl enable sks
471
+    systemctl restart sks
412 472
     systemctl restart nginx
413 473
 
414 474
     set_completion_param "keyserver domain" "$KEYSERVER_DOMAIN_NAME"