free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Merge branch 'stretch' of https://github.com/bashrc/freedombone

Bob Mottram 8 years ago
parent
17dd9b26f8 79cfba462d
commit
e5b0ae0abd
1 changed files with 63 additions and 140 deletions
Split View Show Diff Stats
  1. 63
    140
      src/freedombone-app-keyserver

+ 63
- 140
src/freedombone-app-keyserver View File 

@@ -33,15 +33,12 @@ VARIANTS='full full-vim'
33 33 
 IN_DEFAULT_INSTALL=0
34 34 
 SHOW_ON_ABOUT=1
35 35
36 
-KEYSERVER_SKS_REPO="https://bitbucket.org/skskeyserver/sks-keyserver"
37 
-KEYSERVER_SKS_COMMIT='0106ba2'
38 36 
 KEYSERVER_WEB_REPO="https://github.com/mattrude/pgpkeyserver-lite"
39 37 
 KEYSERVER_WEB_COMMIT='a038cb79b927c99bf7da62f20d2c6a2f20374339'
40 38 
 KEYSERVER_PORT=11371
41 39 
 KEYSERVER_ONION_PORT=8122
42 40 
 KEYSERVER_DOMAIN_NAME=
43 41 
 KEYSERVER_CODE=
44 
-KEYSERVER_DUMP_URL="https://keyserver.mattrude.com/dump/current/"
45 42
46 43 
 keyserver_variables=(ONION_ONLY
47 44 
                      MY_USERNAME
 
@@ -61,33 +58,7 @@ function reconfigure_keyserver {
61 58 
     echo -n ''
62 59 
 }
63 60
64 
-function upgrade_keyserver_sks {
65 
-    CURR_KEYSERVER_SKS_COMMIT=$(get_completion_param "keyserver commit")
66 
-    if [[ "$CURR_KEYSERVER_SKS_COMMIT" == "$KEYSERVER_SKS_COMMIT" ]]; then
67 
-        return
68 
-    fi
69 
-
70 
-    if grep -q "keyserver domain" $COMPLETION_FILE; then
71 
-        KEYSERVER_DOMAIN_NAME=$(get_completion_param "keyserver domain")
72 
-    fi
73 
-
74 
-    # update to the next commit
75 
-    function_check set_repo_commit
76 
-    set_repo_commit $INSTALL_DIR/keyserver "keyserver commit" "$KEYSERVER_SKS_COMMIT" $KEYSERVER_SKS_REPO
77 
-
78 
-    cd $INSTALL_DIR/keyserver
79 
-    make dep
80 
-    make all
81 
-    if [ ! "$?" = "0" ]; then
82 
-        echo $'Unable to build sks-keyserver'
83 
-        exit 836252
84 
-    fi
85 
-    make install
86 
-
87 
-    chown -R keyserver:keyserver /var/lib/sks
88 
-}
89 
-
90 
-function upgrade_keyserver_web {
61 
+function upgrade_keyserver {
91 62 
     CURR_KEYSERVER_WEB_COMMIT=$(get_completion_param "keyserver web commit")
92 63 
     if [[ "$CURR_KEYSERVER_WEB_COMMIT" == "$KEYSERVER_WEB_COMMIT" ]]; then
93 64 
         return
 
@@ -104,11 +75,6 @@ function upgrade_keyserver_web {
104 75 
     chown -R www-data:www-data /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
105 76 
 }
106 77
107 
-function upgrade_keyserver {
108 
-    upgrade_keyserver_sks
109 
-    upgrade_keyserver_web
110 
-}
111 
-
112 78 
 function backup_local_keyserver {
113 79 
     echo -n ''
114 80 
 }
 
@@ -126,10 +92,8 @@ function restore_remote_keyserver {
126 92 
 }
127 93
128 94 
 function remove_keyserver {
129 
-    systemctl stop keyserver
130 
-    systemctl disable keyserver
131 
-    rm /etc/systemd/system/keyserver.service
132 
-    systemctl daemon-reload
95 
+    systemctl stop sks
96 
+    apt-get -qy remove sks
133 97
134 98 
     read_config_param "KEYSERVER_DOMAIN_NAME"
135 99 
     nginx_dissite $KEYSERVER_DOMAIN_NAME
 
@@ -143,9 +107,6 @@ function remove_keyserver {
143 107 
     function_check remove_ddns_domain
144 108 
     remove_ddns_domain $KEYSERVER_DOMAIN_NAME
145 109
146 
-    groupdel -f keyserver
147 
-    userdel -r keyserver
148 
-
149 110 
     remove_config_param KEYSERVER_DOMAIN_NAME
150 111 
     remove_config_param KEYSERVER_CODE
151 112 
     function_check remove_onion_service
 
@@ -153,14 +114,9 @@ function remove_keyserver {
153 114 
     remove_completion_param "install_keyserver"
154 115
155 116 
     sed -i '/keyserver/d' $COMPLETION_FILE
156 
-    if [ -f /usr/bin/keyserver-start ]; then
157 
-        rm /usr/bin/keyserver-start
117 
+    if [ -d /var/lib/sks ]; then
118 
+        rm -rf /var/lib/sks
158 119 
     fi
159 
-    if [ -f /usr/bin/keyserver-stop ]; then
160 
-        rm /usr/bin/keyserver-stop
161 
-    fi
162 
-    groupdel -f keyserver
163 
-    userdel -r keyserver
164 120 
 }
165 121
166 122 
 function install_interactive_keyserver {
 
@@ -178,35 +134,64 @@ function install_interactive_keyserver {
178 134 
     APP_INSTALLED=1
179 135 
 }
180 136
137 
+function keyserver_import_keys {
138 
+    dialog --title $"Import public keys database" \
139 
+           --backtitle $"Freedombone Control Panel" \
140 
+           --defaultno \
141 
+           --yesno $"\nThis will download many gigabytes of data and so depending on your bandwidth it could take several days.\n\nContinue?" 10 60
142 
+    sel=$?
143 
+    case $sel in
144 
+        1) return;;
145 
+        255) return;;
146 
+    esac
147 
+    if [ ! -d /var/lib/sks/dump ]; then
148 
+        mkdir -p /var/lib/sks/dump
149 
+    fi
150 
+    cd /var/lib/sks/dump
151 
+    echo $'Getting keyserver dump. This may take a few days or longer, so be patient.'
152 
+    rm -rf cd /var/lib/sks/dump/*
153 
+    KEYSERVER_DUMP_URL="https://keyserver.mattrude.com/dump/$(date +%F)/"
154 
+    wget -crp -e robots=off --level=1 --cut-dirs=3 -nH \
155 
+         -A pgp,txt $KEYSERVER_DUMP_URL
156 
+
157 
+    cd /var/lib/sks
158 
+    echo $'Building the keyserver database from the downloaded dump'
159 
+    sks build
160 
+}
161 
+
162 
+function configure_interactive_keyserver {
163 
+    while true
164 
+    do
165 
+        data=$(tempfile 2>/dev/null)
166 
+        trap "rm -f $data" 0 1 2 5 15
167 
+        dialog --backtitle $"Freedombone Control Panel" \
168 
+               --title $"SKS Keyserver" \
169 
+               --radiolist $"Choose an operation:" 10 70 2 \
170 
+               1 $"Import public keys database" off \
171 
+               2 $"Exit" on 2> $data
172 
+        sel=$?
173 
+        case $sel in
174 
+            1) return;;
175 
+            255) return;;
176 
+        esac
177 
+        case $(cat $data) in
178 
+            1) keyserver_import_keys;;
179 
+            2) break;;
180 
+        esac
181 
+    done
182 
+}
183 
+
181 184 
 function install_keyserver {
182 
-    apt-get -qy install build-essential gcc ocaml libdb-dev wget
185 
+    apt-get -qy install build-essential gcc ocaml libdb-dev wget sks
186 
+    sks build
187 
+    chown -Rc debian-sks: /var/lib/sks/DB
188 
+    sed -i 's|initstart=.*|initstart=yes|g' /etc/default/sks
189 
+    systemctl restart sks
183 190
184 191 
     if [ ! -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then
185 192 
         mkdir /var/www/$KEYSERVER_DOMAIN_NAME
186 193 
     fi
187 194
188 
-    if [ ! -d $INSTALL_DIR ]; then
189 
-        mkdir -p $INSTALL_DIR
190 
-    fi
191 
-    cd $INSTALL_DIR
192 
-    if [ -d /repos/keyserver ]; then
193 
-        mkdir $INSTALL_DIR/keyserver
194 
-        cp -r -p /repos/keyserver/. $INSTALL_DIR/keyserver
195 
-        cd $INSTALL_DIR/keyserver
196 
-        git pull
197 
-    else
198 
-        if [ -d $INSTALL_DIR/keyserver ]; then
199 
-            cd $INSTALL_DIR/keyserver
200 
-            pull
201 
-        else
202 
-            git_clone $KEYSERVER_SKS_REPO $INSTALL_DIR/keyserver
203 
-        fi
204 
-    fi
205 
-
206 
-    cd $INSTALL_DIR/keyserver
207 
-    git checkout $KEYSERVER_SKS_COMMIT -b $KEYSERVER_SKS_COMMIT
208 
-    set_completion_param "keyserver commit" "$KEYSERVER_SKS_COMMIT"
209 
-
210 195 
     cd /var/www/$KEYSERVER_DOMAIN_NAME
211 196 
     if [ -d /var/www/$KEYSERVER_DOMAIN_NAME/htdocs ]; then
212 197 
         rm -rf /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
 
@@ -220,31 +205,15 @@ function install_keyserver {
220 205 
     else
221 206 
         git_clone $KEYSERVER_WEB_REPO htdocs
222 207 
     fi
208 
+    if [ ! -d /var/www/$KEYSERVER_DOMAIN_NAME/htdocs ]; then
209 
+        echo $"/var/www/$KEYSERVER_DOMAIN_NAME/htdocs not found"
210 
+        exit 6539230
211 
+    fi
223 212
224 213 
     cd /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
225 214 
     git checkout $KEYSERVER_WEB_COMMIT -b $KEYSERVER_WEB_COMMIT
226 215 
     set_completion_param "keyserver web commit" "$KEYSERVER_WEB_COMMIT"
227 216
228 
-    cd $INSTALL_DIR/keyserver
229 
-    if [ ! -f Makefile.local.unused ]; then
230 
-        echo $'Unused makefile not found'
231 
-        exit 72398
232 
-    fi
233 
-    cp Makefile.local.unused Makefile.local
234 
-    sed -i 's|LIBDB=.*|LIBDB=-ldb-5.3.1|g' Makefile.local
235 
-
236 
-    make dep
237 
-    make all
238 
-    if [ ! "$?" = "0" ]; then
239 
-        echo $'Unable to build sks-keyserver'
240 
-        exit 8356328
241 
-    fi
242 
-    make install
243 
-
244 
-    if [ ! -f /usr/local/bin/sks_build.sh ]; then
245 
-        echo $'/usr/local/bin/sks_build.sh not found'
246 
-        exit 238460
247 
-    fi
248 217
249 218 
     USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
250 219 
     GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
 
@@ -278,51 +247,10 @@ function install_keyserver {
278 247 
     echo 'stat_hour:                      12' >> $sksconf_file
279 248 
     echo '' >> $sksconf_file
280 249 
     echo 'max_matches:                    500' >> $sksconf_file
281 
-
282 
-    if [ ! -d /var/lib/sks/dump ]; then
283 
-        mkdir -p /var/lib/sks/dump
284 
-    fi
285 
-    cd /var/lib/sks/dump
286 
-    echo $'Getting keyserver dump. This may take a few hours, so be patient.'
287 
-    wget -crp -e robots=off --level=1 --cut-dirs=3 -nH \
288 
-         -A pgp,txt $KEYSERVER_DUMP_URL
289 
-
290 
-    cd /var/lib/sks
291 
-    echo $'Building the keyserver database from the downloaded dump'
292 
-    echo '2' | /usr/local/bin/sks_build.sh
250 
+    chown debian-sks: $sksconf_file
293 251
294 252 
     KEYSERVER_ONION_HOSTNAME=$(add_onion_service keyserver 80 ${KEYSERVER_ONION_PORT})
295 253
296 
-    echo '#!/bin/sh' > /usr/bin/keyserver-start
297 
-    echo 'cd /var/lib/sks' >> /usr/bin/keyserver-start
298 
-    echo 'echo -n \ sks_db' >> /usr/bin/keyserver-start
299 
-    echo '$DAEMON db &' >> /usr/bin/keyserver-start
300 
-    echo 'echo -n \ sks_recon' >> /usr/bin/keyserver-start
301 
-    echo '$DAEMON recon &' >> /usr/bin/keyserver-start
302 
-    chmod +x /usr/bin/keyserver-start
303 
-
304 
-    echo '#!/bin/sh' > /usr/bin/keyserver-stop
305 
-    echo 'killall sks' >> /usr/bin/keyserver-stop
306 
-    echo 'sleep 5' >> /usr/bin/keyserver-stop
307 
-    chmod +x /usr/bin/keyserver-stop
308 
-
309 
-    echo '[Unit]' > /etc/systemd/system/keyserver.service
310 
-    echo 'Description=SKS Keyserver' >> /etc/systemd/system/keyserver.service
311 
-    echo 'After=syslog.target network.target nginx.target' >> /etc/systemd/system/keyserver.service
312 
-    echo '' >> /etc/systemd/system/keyserver.service
313 
-    echo '[Service]' >> /etc/systemd/system/keyserver.service
314 
-    echo 'User=keyserver' >> /etc/systemd/system/keyserver.service
315 
-    echo 'Group=keyserver' >> /etc/systemd/system/keyserver.service
316 
-    echo "WorkingDirectory=/var/lib/sks" >> /etc/systemd/system/keyserver.service
317 
-    echo "ExecStart=/usr/bin/keyserver-start" >> /etc/systemd/system/keyserver.service
318 
-    echo "ExecStop=/usr/bin/keyserver-stop" >> /etc/systemd/system/keyserver.service
319 
-    echo 'Restart=always' >> /etc/systemd/system/keyserver.service
320 
-    echo 'RestartSec=10' >> /etc/systemd/system/keyserver.service
321 
-    echo '' >> /etc/systemd/system/keyserver.service
322 
-    echo '[Install]' >> /etc/systemd/system/keyserver.service
323 
-    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/keyserver.service
324 
-    chmod +x /etc/systemd/system/keyserver.service
325 
-
326 254 
     keyserver_nginx_site=/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME
327 255 
     if [[ $ONION_ONLY == "no" ]]; then
328 256 
         function_check nginx_http_redirect
 
@@ -416,20 +344,15 @@ function install_keyserver {
416 344 
         chown root:root /etc/ssl/private/${KEYSERVER_DOMAIN_NAME}.key
417 345 
     fi
418 346
419 
-    groupadd keyserver
420 
-    useradd -c "SKS Keyserver system account" -d /var/lib/sks -m -r -g keyserver keyserver
421 
-    chown -R keyserver:keyserver /var/lib/sks
422 347 
     chown -R www-data:www-data /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
423 348
424 349 
     function_check nginx_ensite
425 350 
     nginx_ensite $KEYSERVER_DOMAIN_NAME
426 351
427 
-    systemctl enable keyserver
428 
-    systemctl daemon-reload
429 
-    systemctl start keyserver
430 352 
     systemctl restart nginx
431 353
432 354 
     set_completion_param "keyserver domain" "$KEYSERVER_DOMAIN_NAME"
355 
+    set_completion_param "keyserver onion domain" "$KEYSERVER_ONION_HOSTNAME"
433 356
434 357 
     APP_INSTALLED=1
435 358 
 }