free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Backup and restore for keyserver

Bob Mottram 7 years ago
parent
5122bdbc48
commit
fe024046ec
3 changed files with 86 additions and 5 deletions
Split View Show Diff Stats
  1. 14
    1
      doc/EN/app_keyserver.org
  2. BIN
      img/keyserver.jpg
  3. 72
    4
      src/freedombone-app-keyserver

+ 14
- 1
doc/EN/app_keyserver.org View File 

@@ -12,12 +12,18 @@
12 12
13 13 
 #+BEGIN_EXPORT html
14 14 
 <center>
15 
-<h1>Key Server</h1>
15 
+<h1>OpenPGP Key Server</h1>
16 16 
 </center>
17 17 
 #+END_EXPORT
18 18
19 
+#+BEGIN_CENTER
20 
+[[file:images/keyserver.jpg]]
21 
+#+END_CENTER
22 
+
19 23 
 The usual way in which you obtain GPG public keys for email encryption or other purposes is via a key server. There are a few common ones out there, but it's also possible to run your own key server.
20 24
25 
+* Installation
26 
+
21 27 
 ssh into the system with:
22 28
23 29 
 #+BEGIN_SRC bash
 
@@ -27,3 +33,10 @@ ssh myusername@mydomain.com -p 2222
27 33 
 Select *Add/Remove Apps* then *keyserver*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /keys.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
28 34
29 35 
 After the install has completed go to *Security settings* and select *Create a new Let's Encrypt certificate* and enter the domain name that you are using for the Key server. If the certificate is obtained successfully then you will see a congratulations message.
36 
+
37 
+* How to use it
38 
+Interaction with the web user interface is pretty minimal and obvious, but most likely you will also want to be able to use your keyserver from the commandline. To do that use the *--keyserver* option:
39 
+
40 
+#+begin_src bash
41 
+gpg --keyserver [your keyserver domain] --search-keys [email address]
42 
+#+end_src

BIN
img/keyserver.jpg View File


+ 72
- 4
src/freedombone-app-keyserver View File 

@@ -115,19 +115,87 @@ function upgrade_keyserver {
115 115 
 }
116 116
117 117 
 function backup_local_keyserver {
118 
-    echo -n ''
118 
+    source_directory=/var/lib/sks/DB
119 
+    if [ -d $source_directory ]; then
120 
+        systemctl stop sks
121 
+        dest_directory=keyserver
122 
+        function_check backup_directory_to_usb
123 
+        backup_directory_to_usb $source_directory $dest_directory
124 
+        systemctl start sks
125 
+    fi
119 126 
 }
120 127
121 128 
 function restore_local_keyserver {
122 
-    echo -n ''
129 
+    if [ ! -d /var/lib/sks/DB ]; then
130 
+        return
131 
+    fi
132 
+    echo $"Restoring SKS Keyserver"
133 
+    systemctl stop sks
134 
+    temp_restore_dir=/root/tempkeyserver
135 
+    function_check restore_directory_from_usb
136 
+    restore_directory_from_usb $temp_restore_dir keyserver
137 
+    mv /var/lib/sks/DB /var/lib/sks/DB_prev
138 
+    cp -r $temp_restore_dir/var/lib/sks/DB /var/lib/sks/DB
139 
+    if [ ! "$?" = "0" ]; then
140 
+        # restore the old database
141 
+        rm -rf /var/lib/sks/DB
142 
+        mv /var/lib/sks/DB_prev /var/lib/sks/DB
143 
+
144 
+        rm -rf $temp_restore_dir
145 
+        function_check set_user_permissions
146 
+        set_user_permissions
147 
+        function_check backup_unmount_drive
148 
+        backup_unmount_drive
149 
+        exit 5627294
150 
+    fi
151 
+    rm -rf $temp_restore_dir
152 
+    chown -Rc debian-sks: /var/lib/sks
153 
+
154 
+    # remove the old database
155 
+    rm -rf /var/lib/sks/DB_prev
156 
+
157 
+    systemctl start sks
123 158 
 }
124 159
125 160 
 function backup_remote_keyserver {
126 
-    echo -n ''
161 
+    source_directory=/var/lib/sks/DB
162 
+    if [ -d $source_directory ]; then
163 
+        systemctl stop sks
164 
+        dest_directory=keyserver
165 
+        function_check backup_directory_to_friend
166 
+        backup_directory_to_friend $source_directory $dest_directory
167 
+        systemctl start sks
168 
+    fi
127 169 
 }
128 170
129 171 
 function restore_remote_keyserver {
130 
-    echo -n ''
172 
+    if [ ! -d /var/lib/sks/DB ]; then
173 
+        return
174 
+    fi
175 
+    echo $"Restoring SKS Keyserver"
176 
+    systemctl stop sks
177 
+    temp_restore_dir=/root/tempkeyserver
178 
+    function_check restore_directory_from_friend
179 
+    restore_directory_from_friend $temp_restore_dir keyserver
180 
+    mv /var/lib/sks/DB /var/lib/sks/DB_prev
181 
+    cp -r $temp_restore_dir/var/lib/sks/DB /var/lib/sks/DB
182 
+    if [ ! "$?" = "0" ]; then
183 
+        # restore the old database
184 
+        rm -rf /var/lib/sks/DB
185 
+        mv /var/lib/sks/DB_prev /var/lib/sks/DB
186 
+
187 
+        rm -rf $temp_restore_dir
188 
+        function_check set_user_permissions
189 
+        set_user_permissions
190 
+        return
191 
+    fi
192 
+    rm -rf $temp_restore_dir
193 
+    chown -Rc debian-sks: /var/lib/sks
194 
+
195 
+    # remove the old database
196 
+    rm -rf /var/lib/sks/DB_prev
197 
+
198 
+    systemctl start sks
131 199 
 }
132 200
133 201 
 function remove_keyserver {