free
/
freedombone
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull Requests 0 Versões 0 Wiki Atividade
7934 Commits
5 Branches
Tag: c9189104d5
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de c9189104d5
${ noResults }
freedombone/src/freedombone-app-keyserver

freedombone-app-keyserver 34KB
Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866 
  1. #!/bin/bash

  2. #

  3. # .---.                  .              .

  4. # |                      |              |

  5. # |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.

  6. # |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'

  7. # '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'

  8. #

  9. #                    Freedom in the Cloud

  10. #

  11. # SKS Keyserver

  12. #

  13. # License

  14. # =======

  15. #

  16. # Copyright (C) 2017 Bob Mottram <bob@freedombone.net>

  17. #

  18. # This program is free software: you can redistribute it and/or modify

  19. # it under the terms of the GNU Affero General Public License as published by

  20. # the Free Software Foundation, either version 3 of the License, or

  21. # (at your option) any later version.

  22. #

  23. # This program is distributed in the hope that it will be useful,

  24. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  25. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

  26. # GNU Affero General Public License for more details.

  27. #

  28. # You should have received a copy of the GNU Affero General Public License

  29. # along with this program.  If not, see <http://www.gnu.org/licenses/>.

  30. 

  31. VARIANTS='full full-vim'

  32. 

  33. IN_DEFAULT_INSTALL=0

  34. SHOW_ON_ABOUT=1

  35. 

  36. KEYSERVER_WEB_REPO="https://github.com/mattrude/pgpkeyserver-lite"

  37. KEYSERVER_WEB_COMMIT='a038cb79b927c99bf7da62f20d2c6a2f20374339'

  38. KEYSERVER_PORT=11371

  39. KEYSERVER_ONION_PORT=8122

  40. KEYSERVER_DOMAIN_NAME=

  41. KEYSERVER_CODE=

  42. 

  43. keyserver_variables=(ONION_ONLY

  44.                      MY_USERNAME

  45.                      DEFAULT_DOMAIN_NAME

  46.                      KEYSERVER_DOMAIN_NAME

  47.                      KEYSERVER_CODE)

  48. 

  49. function check_keyserver_directory_size {

  50.     dirsize=$(du /var/lib/sks/DB | awk -F ' ' '{print $1}')

  51.     # 500M

  52.     if [ $dirsize -gt 500000 ]; then

  53.         echo "1"

  54.         return

  55.     fi

  56.     echo "0"

  57. }

  58. 

  59. function keyserver_watchdog {

  60.     ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | awk -F ':' '{print $2}')

  61.     ADMIN_EMAIL_ADDRESS=${ADMIN_USERNAME}@${HOSTNAME}

  62.     keyserver_size_warning=$"The SKS keyserver database is getting large. Check that you aren't being spammed"

  63.     keyserver_disabled_warning=$"The SKS keyserver has been disabled because it is getting too large. This is to prevent flooding attacks from crashing the server. You may need to restore the keyserver from backup."

  64.     keyserver_mail_subject_line=$"${PROJECT_NAME} keyserver warning"

  65.     keyserver_mail_subject_line_disabled=$"${PROJECT_NAME} keyserver disabled"

  66.     read_config_param KEYSERVER_DOMAIN_NAME

  67. 

  68.     # check database size hourly

  69.     keyserver_watchdog_script=/tmp/keyserver-watchdog

  70.     echo '#!/bin/bash' > $keyserver_watchdog_script

  71.     echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')" >> $keyserver_watchdog_script

  72.     echo 'if [ $dirsize -gt 450000 ]; then' >> $keyserver_watchdog_script

  73. 

  74.     echo "  echo \"$keyserver_size_warning\" | mail -s \"$keyserver_mail_subject_line\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script

  75. 

  76.     echo '  if [ $dirsize -gt 500000 ]; then' >> $keyserver_watchdog_script

  77.     echo "    nginx_dissite $KEYSERVER_DOMAIN_NAME" >> $keyserver_watchdog_script

  78.     echo '    systemctl stop sks' >> $keyserver_watchdog_script

  79.     echo '    systemctl disable sks' >> $keyserver_watchdog_script

  80.     echo "    echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script

  81.     echo '  fi' >> $keyserver_watchdog_script

  82.     echo 'fi' >> $keyserver_watchdog_script

  83.     chmod +x $keyserver_watchdog_script

  84. 

  85.     if [ ! -f /etc/cron.hourly/keyserver-watchdog ]; then

  86.         cp $keyserver_watchdog_script /etc/cron.hourly/keyserver-watchdog

  87.     else

  88.         HASH1=$(sha256sum $keyserver_watchdog_script | awk -F ' ' '{print $1}')

  89.         HASH2=$(sha256sum /etc/cron.hourly/keyserver-watchdog | awk -F ' ' '{print $1}')

  90.         if [[ "$HASH1" != "$HASH2" ]]; then

  91.             cp $keyserver_watchdog_script /etc/cron.hourly/keyserver-watchdog

  92.         fi

  93.     fi

  94.     rm $keyserver_watchdog_script

  95. }

  96. 

  97. 

  98. function configure_firewall_for_keyserver {

  99.     if [[ $ONION_ONLY != "no" ]]; then

  100.         return

  101.     fi

  102.     firewall_add keyserver 11370 tcp

  103.     firewall_add keyserver 11371 tcp

  104.     firewall_add keyserver 11372 tcp

  105.     mark_completed $FUNCNAME

  106. }

  107. 

  108. function keyserver_reset_database {

  109.     if [ -d /var/lib/sks/DB ]; then

  110.         rm -rf /var/lib/sks/DB

  111.     fi

  112.     sks build

  113.     chown -Rc debian-sks: /var/lib/sks

  114.     systemctl restart sks

  115. }

  116. 

  117. function logging_on_keyserver {

  118.     echo -n ''

  119. }

  120. 

  121. function logging_off_keyserver {

  122.     echo -n ''

  123. }

  124. 

  125. function reconfigure_keyserver {

  126.     echo -n ''

  127. }

  128. 

  129. function upgrade_keyserver {

  130.     keyserver_watchdog

  131. 

  132.     CURR_KEYSERVER_WEB_COMMIT=$(get_completion_param "keyserver web commit")

  133.     if [[ "$CURR_KEYSERVER_WEB_COMMIT" == "$KEYSERVER_WEB_COMMIT" ]]; then

  134.         return

  135.     fi

  136. 

  137.     if grep -q "keyserver domain" $COMPLETION_FILE; then

  138.         KEYSERVER_DOMAIN_NAME=$(get_completion_param "keyserver domain")

  139.     fi

  140. 

  141.     # update to the next commit

  142.     function_check set_repo_commit

  143.     set_repo_commit /var/www/$KEYSERVER_DOMAIN_NAME/htdocs "keyserver web commit" "$KEYSERVER_WEB_COMMIT" $KEYSERVER_WEB_REPO

  144. 

  145.     read_config_param MY_USERNAME

  146.     USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME

  147.     GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)

  148.     if [ ! $GPG_ID ]; then

  149.         echo $'No GPG ID for admin user'

  150.         exit 846336

  151.     fi

  152.     if [ ${#GPG_ID} -lt 5 ]; then

  153.         echo $'GPG ID not retrieved for admin user'

  154.         exit 835292

  155.     fi

  156.     if [[ "$GPG_ID" == *"error"* ]]; then

  157.         echo $'GPG ID not retrieved for admin user due to error'

  158.         exit 74825

  159.     fi

  160.     sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html

  161.     sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html

  162.     sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html

  163.     sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html

  164. 

  165.     chown -R www-data:www-data /var/www/$KEYSERVER_DOMAIN_NAME/htdocs

  166. }

  167. 

  168. function backup_local_keyserver {

  169.     # remove any unused log files

  170.     cd /var/lib/sks/DB

  171.     db_archive -d

  172. 

  173.     source_directory=/etc/sks

  174.     if [ -d $source_directory ]; then

  175.         systemctl stop sks

  176.         dest_directory=keyserverconfig

  177.         function_check backup_directory_to_usb

  178.         backup_directory_to_usb $source_directory $dest_directory

  179.         systemctl start sks

  180.     fi

  181.     if [[ "$(check_keyserver_directory_size)" != "0" ]]; then

  182.         echo $'WARNING: Keyserver database size is too large to backup'

  183.         return

  184.     fi

  185.     source_directory=/var/lib/sks/DB

  186.     if [ -d $source_directory ]; then

  187.         systemctl stop sks

  188.         dest_directory=keyserver

  189.         function_check backup_directory_to_usb

  190.         backup_directory_to_usb $source_directory $dest_directory

  191.         systemctl start sks

  192.     fi

  193. }

  194. 

  195. function restore_local_keyserver {

  196.     if [ ! -d /var/lib/sks/DB ]; then

  197.         return

  198.     fi

  199.     echo $"Restoring SKS Keyserver"

  200.     systemctl stop sks

  201. 

  202.     temp_restore_dir=/root/tempkeyserverconfig

  203.     function_check restore_directory_from_usb

  204.     restore_directory_from_usb $temp_restore_dir keyserverconfig

  205.     if [ -d $temp_restore_dir/etc/sks ]; then

  206.         cp -r $temp_restore_dir/etc/sks/* /etc/sks/

  207.     else

  208.         cp -r $temp_restore_dir/* /etc/sks/

  209.     fi

  210.     rm -rf $temp_restore_dir

  211.     chown -Rc debian-sks: /etc/sks/sksconf

  212.     chown -Rc debian-sks: /etc/sks/mailsync

  213. 

  214.     temp_restore_dir=/root/tempkeyserver

  215.     function_check restore_directory_from_usb

  216.     restore_directory_from_usb $temp_restore_dir keyserver

  217.     mv /var/lib/sks/DB /var/lib/sks/DB_prev

  218.     if [ -d $temp_restore_dir/var/lib/sks/DB ]; then

  219.         cp -r $temp_restore_dir/var/lib/sks/DB /var/lib/sks/DB

  220.     else

  221.         if [ ! -d /var/lib/sks/DB ]; then

  222.             mkdir /var/lib/sks/DB

  223.         fi

  224.         cp -r $temp_restore_dir/* /var/lib/sks/DB

  225.     fi

  226.     if [ ! "$?" = "0" ]; then

  227.         # restore the old database

  228.         rm -rf /var/lib/sks/DB

  229.         mv /var/lib/sks/DB_prev /var/lib/sks/DB

  230. 

  231.         rm -rf $temp_restore_dir

  232.         function_check set_user_permissions

  233.         set_user_permissions

  234.         function_check backup_unmount_drive

  235.         backup_unmount_drive

  236.         exit 5627294

  237.     fi

  238.     rm -rf $temp_restore_dir

  239.     chown -Rc debian-sks: /var/lib/sks

  240. 

  241.     # remove the old database

  242.     rm -rf /var/lib/sks/DB_prev

  243. 

  244.     systemctl enable sks

  245.     systemctl start sks

  246.     nginx_ensite $KEYSERVER_DOMAIN_NAME

  247. }

  248. 

  249. function backup_remote_keyserver {

  250.     # remove any unused log files

  251.     cd /var/lib/sks/DB

  252.     db_archive -d

  253. 

  254.     source_directory=/etc/sks

  255.     if [ -d $source_directory ]; then

  256.         systemctl stop sks

  257.         dest_directory=keyserverconfig

  258.         function_check backup_directory_to_friend

  259.         backup_directory_to_friend $source_directory $dest_directory

  260.         systemctl start sks

  261.     fi

  262.     if [[ "$(check_keyserver_directory_size)" != "0" ]]; then

  263.         echo $'WARNING: Keyserver database size is too large to backup'

  264.         return

  265.     fi

  266.     source_directory=/var/lib/sks/DB

  267.     if [ -d $source_directory ]; then

  268.         systemctl stop sks

  269.         dest_directory=keyserver

  270.         function_check backup_directory_to_friend

  271.         backup_directory_to_friend $source_directory $dest_directory

  272.         systemctl start sks

  273.     fi

  274. }

  275. 

  276. function restore_remote_keyserver {

  277.     if [ ! -d /var/lib/sks/DB ]; then

  278.         return

  279.     fi

  280.     echo $"Restoring SKS Keyserver"

  281.     systemctl stop sks

  282. 

  283.     temp_restore_dir=/root/tempkeyserverconfig

  284.     function_check restore_directory_from_friend

  285.     restore_directory_from_friend $temp_restore_dir keyserverconfig

  286.     if [ -d $temp_restore_dir/etc/sks ]; then

  287.         cp -r $temp_restore_dir/etc/sks/* /etc/sks/

  288.     else

  289.         cp -r $temp_restore_dir/* /etc/sks/

  290.     fi

  291.     rm -rf $temp_restore_dir

  292.     chown -Rc debian-sks: /etc/sks/sksconf

  293.     chown -Rc debian-sks: /etc/sks/mailsync

  294. 

  295.     temp_restore_dir=/root/tempkeyserver

  296.     function_check restore_directory_from_friend

  297.     restore_directory_from_friend $temp_restore_dir keyserver

  298.     mv /var/lib/sks/DB /var/lib/sks/DB_prev

  299.     if [ -d $temp_restore_dir/var/lib/sks/DB ]; then

  300.         cp -r $temp_restore_dir/var/lib/sks/DB /var/lib/sks/DB

  301.     else

  302.         if [ ! -d /var/lib/sks/DB ]; then

  303.             mkdir /var/lib/sks/DB

  304.         fi

  305.         cp -r $temp_restore_dir/* /var/lib/sks/DB

  306.     fi

  307.     if [ ! "$?" = "0" ]; then

  308.         # restore the old database

  309.         rm -rf /var/lib/sks/DB

  310.         mv /var/lib/sks/DB_prev /var/lib/sks/DB

  311. 

  312.         rm -rf $temp_restore_dir

  313.         function_check set_user_permissions

  314.         set_user_permissions

  315.         return

  316.     fi

  317.     rm -rf $temp_restore_dir

  318.     chown -Rc debian-sks: /var/lib/sks

  319. 

  320.     # remove the old database

  321.     rm -rf /var/lib/sks/DB_prev

  322. 

  323.     systemctl enable sks

  324.     systemctl start sks

  325.     nginx_ensite $KEYSERVER_DOMAIN_NAME

  326. }

  327. 

  328. function remove_keyserver {

  329.     systemctl stop sks

  330.     if [ -f /etc/cron.hourly/keyserver-watchdog ]; then

  331.         rm /etc/cron.hourly/keyserver-watchdog

  332.     fi

  333.     apt-get -qy remove sks dirmngr

  334. 

  335.     read_config_param "KEYSERVER_DOMAIN_NAME"

  336.     nginx_dissite $KEYSERVER_DOMAIN_NAME

  337.     remove_certs ${KEYSERVER_DOMAIN_NAME}

  338.     if [ -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME ]; then

  339.         rm -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME

  340.     fi

  341.     if [ -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then

  342.         rm -rf /var/www/$KEYSERVER_DOMAIN_NAME

  343.     fi

  344.     function_check remove_ddns_domain

  345.     remove_ddns_domain $KEYSERVER_DOMAIN_NAME

  346. 

  347.     remove_config_param KEYSERVER_DOMAIN_NAME

  348.     remove_config_param KEYSERVER_CODE

  349.     function_check remove_onion_service

  350.     remove_onion_service keyserver ${KEYSERVER_ONION_PORT}

  351.     remove_onion_service sks 11370 11371 11372

  352.     remove_completion_param "install_keyserver"

  353. 

  354.     firewall_remove 11370 tcp

  355.     firewall_remove 11371 tcp

  356.     firewall_remove 11372 tcp

  357. 

  358.     sed -i '/keyserver/d' $COMPLETION_FILE

  359.     sed -i '/sks onion/d' $COMPLETION_FILE

  360.     if [ -d /var/lib/sks ]; then

  361.         rm -rf /var/lib/sks

  362.     fi

  363. }

  364. 

  365. function install_interactive_keyserver {

  366.     if [ ! $ONION_ONLY ]; then

  367.         ONION_ONLY='no'

  368.     fi

  369. 

  370.     if [[ $ONION_ONLY != "no" ]]; then

  371.         KEYSERVER_DOMAIN_NAME='keyserver.local'

  372.         write_config_param "KEYSERVER_DOMAIN_NAME" "$KEYSERVER_DOMAIN_NAME"

  373.     else

  374.         function_check interactive_site_details

  375.         interactive_site_details "keyserver" "KEYSERVER_DOMAIN_NAME" "KEYSERVER_CODE"

  376.     fi

  377.     APP_INSTALLED=1

  378. }

  379. 

  380. function keyserver_create_mailsync {

  381.     echo $"# List of email addresses which submitted keys will be forwarded to" > /etc/sks/mailsync

  382.     echo '' >> /etc/sks/mailsync

  383.     chown -Rc debian-sks: /etc/sks/mailsync

  384. }

  385. 

  386. function keyserver_create_membership {

  387.     if [ -f /etc/sks/membership ]; then

  388.         return

  389.     fi

  390.     systemctl stop sks

  391.     echo $"# List of other $PROJECT_NAME SKS Keyservers to sync with." > /etc/sks/membership

  392.     echo '#' >> /etc/sks/membership

  393.     echo $"# Don't add major keyservers here, because it will take an" >> /etc/sks/membership

  394.     echo $'# Infeasible amount of time to sync and backups will become' >> /etc/sks/membership

  395.     echo $'# absurdly long and probably break your system. You have been warned.' >> /etc/sks/membership

  396.     echo '' >> /etc/sks/membership

  397.     chown -Rc debian-sks: /etc/sks/membership

  398.     systemctl start sks

  399. }

  400. 

  401. function keyserver_import_keys {

  402.     # NOTE: this function isn't used, but kept for reference

  403.     dialog --title $"Import public keys database" \

  404.            --backtitle $"Freedombone Control Panel" \

  405.            --defaultno \

  406.            --yesno $"\nThis will download many gigabytes of data and so depending on your bandwidth it could take several days.\n\nContinue?" 10 60

  407.     sel=$?

  408.     case $sel in

  409.         1) return;;

  410.         255) return;;

  411.     esac

  412.     if [ ! -d /var/lib/sks/dump ]; then

  413.         mkdir -p /var/lib/sks/dump

  414.     fi

  415.     cd /var/lib/sks/dump

  416.     echo $'Getting keyserver dump. This may take a few days or longer, so be patient.'

  417.     rm -rf /var/lib/sks/dump/*

  418.     KEYSERVER_DUMP_URL="https://keyserver.mattrude.com/dump/$(date +%F)/"

  419.     wget -crp -e robots=off --level=1 --cut-dirs=3 -nH \

  420.          -A pgp,txt $KEYSERVER_DUMP_URL

  421. 

  422.     cd /var/lib/sks

  423.     echo $'Building the keyserver database from the downloaded dump'

  424.     keyserver_reset_database

  425. }

  426. 

  427. function keyserver_sync {

  428.     data=$(tempfile 2>/dev/null)

  429.     trap "rm -f $data" 0 1 2 5 15

  430.     dialog --backtitle $"Freedombone Control Panel" \

  431.            --title $"Sync with other keyserver" \

  432.            --form $"\nEnter details for the other server. Please be aware that it's not a good idea to sync with major keyservers which have exceptionally large databases. This is intended to sync with other $PROJECT_NAME systems each having a small database for a particular community." 16 60 3 \

  433.            $"Domain:" 1 1 "" 1 25 32 64 \

  434.            $"Port:" 2 1 "11370" 2 25 6 6 \

  435.            $"Sync Email (optional):" 3 1 "pgp-public-keys@" 3 25 32 64 \

  436.            2> $data

  437.     sel=$?

  438.     case $sel in

  439.         1) return;;

  440.         255) return;;

  441.     esac

  442.     other_keyserver_domain=$(cat $data | sed -n 1p)

  443.     other_keyserver_port=$(cat $data | sed -n 2p)

  444.     other_keyserver_email=$(cat $data | sed -n 3p)

  445.     if [[ "$other_keyserver_domain" != *'.'* ]]; then

  446.         return

  447.     fi

  448.     if [[ "$other_keyserver_domain" == *' '* ]]; then

  449.         return

  450.     fi

  451.     if [[ "$other_keyserver_port" == *'.'* ]]; then

  452.         return

  453.     fi

  454.     if [[ "$other_keyserver_port" == *' '* ]]; then

  455.         return

  456.     fi

  457.     if [ ${#other_keyserver_domain} -lt 4 ]; then

  458.         return

  459.     fi

  460.     if [ ${#other_keyserver_port} -lt 4 ]; then

  461.         return

  462.     fi

  463. 

  464.     # Warn if trying to sync

  465.     if [[ "$other_keyserver_domain" == *"sks-keyservers.net" || "$other_keyserver_domain" == *"gnupg.net" || "$other_keyserver_domain" == *"pgp.com" || "$other_keyserver_domain" == *"pgp.mit.edu" || "$other_keyserver_domain" == *"the.earth.li" || "$other_keyserver_domain" == *"mayfirst.org" || "$other_keyserver_domain" == *"ubuntu.com" ]]; then

  466.         dialog --title $"Sync with other keyserver" \

  467.                --msgbox $"\nDon't try to sync with the major keyservers. Your system will be overloaded with an infeasible database size." 8 60

  468.         return

  469.     fi

  470. 

  471.     if [[ "$other_keyserver_email" != "pgp-public-keys@" ]]; then

  472.         if [[ "$other_keyserver_email" == *"@"* ]]; then

  473.             if [[ "$other_keyserver_email" == *"."* ]]; then

  474.                 keyserver_create_mailsync

  475.                 if ! grep -q "$other_keyserver_email" /etc/sks/mailsync; then

  476.                     echo "$other_keyserver_email" >> /etc/sks/mailsync

  477.                     chown -Rc debian-sks: /etc/sks/mailsync

  478.                 fi

  479.             else

  480.                 dialog --title $"Sync with other keyserver" \

  481.                        --msgbox $"Email doesn't look right: $other_keyserver_email" 6 60

  482.                 return

  483.             fi

  484.         fi

  485.     fi

  486.     keyserver_create_membership

  487.     if grep -q "$other_keyserver_domain $other_keyserver_port" /etc/sks/membership; then

  488.         return

  489.     fi

  490.     if grep -q "$other_keyserver_domain " /etc/sks/membership; then

  491.         sed -i "s|$other_keyserver_domain .*|$other_keyserver_domain $other_keyserver_port|g" /etc/sks/membership

  492.     else

  493.         echo "$other_keyserver_domain $other_keyserver_port" >> /etc/sks/membership

  494.     fi

  495.     chown -Rc debian-sks: /etc/sks/membership

  496.     systemctl restart sks

  497.     dialog --title $"Sync with other keyserver" \

  498.            --msgbox $"Keyserver added" 6 40

  499. }

  500. 

  501. function keyserver_edit {

  502.     if [ ! -f /etc/sks/membership ]; then

  503.         return

  504.     fi

  505.     editor /etc/sks/membership

  506.     chown -Rc debian-sks: /etc/sks/membership

  507.     systemctl restart sks

  508. }

  509. 

  510. function keyserver_remove_key {

  511.     data=$(tempfile 2>/dev/null)

  512.     trap "rm -f $data" 0 1 2 5 15

  513.     dialog --title $"Remove a key" \

  514.            --backtitle $"Freedombone Control Panel" \

  515.            --inputbox $"Enter the ID of the key which you wish to remove:" 12 60 2>$data

  516.     sel=$?

  517.     case $sel in

  518.         0)

  519.             remove_key_id=$(<$data)

  520.             if [ ${#remove_key_id} -gt 8 ]; then

  521.                 sks drop $remove_key_id

  522.                 dialog --title $"Remove a key" \

  523.                        --msgbox $"The key was removed" 6 40

  524.             fi

  525.             ;;

  526.     esac

  527. }

  528. 

  529. function configure_interactive_keyserver {

  530.     while true

  531.     do

  532.         data=$(tempfile 2>/dev/null)

  533.         trap "rm -f $data" 0 1 2 5 15

  534.         dialog --backtitle $"Freedombone Control Panel" \

  535.                --title $"SKS Keyserver" \

  536.                --radiolist $"Choose an operation:" 12 70 4 \

  537.                1 $"Remove a key" off \

  538.                2 $"Sync with other keyserver" off \

  539.                3 $"Edit sync keyservers" off \

  540.                4 $"Exit" on 2> $data

  541.         sel=$?

  542.         case $sel in

  543.             1) return;;

  544.             255) return;;

  545.         esac

  546.         case $(cat $data) in

  547.             1) keyserver_remove_key;;

  548.             2) keyserver_sync;;

  549.             3) keyserver_edit;;

  550.             4) break;;

  551.         esac

  552.     done

  553. }

  554. 

  555. function install_keyserver {

  556.     apt-get -qy install build-essential gcc ocaml libdb-dev wget sks

  557.     keyserver_reset_database

  558.     sed -i 's|initstart=.*|initstart=yes|g' /etc/default/sks

  559.     apt-get -qy install dirmngr

  560.     systemctl restart sks

  561. 

  562.     if [ ! -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then

  563.         mkdir /var/www/$KEYSERVER_DOMAIN_NAME

  564.     fi

  565. 

  566.     cd /var/www/$KEYSERVER_DOMAIN_NAME

  567.     if [ -d /var/www/$KEYSERVER_DOMAIN_NAME/htdocs ]; then

  568.         rm -rf /var/www/$KEYSERVER_DOMAIN_NAME/htdocs

  569.     fi

  570. 

  571.     if [ -d /repos/keyserverweb ]; then

  572.         mkdir htdocs

  573.         cp -r -p /repos/keyserverweb/. htdocs

  574.         cd htdocs

  575.         git pull

  576.     else

  577.         git_clone $KEYSERVER_WEB_REPO htdocs

  578.     fi

  579.     if [ ! -d /var/www/$KEYSERVER_DOMAIN_NAME/htdocs ]; then

  580.         echo $"/var/www/$KEYSERVER_DOMAIN_NAME/htdocs not found"

  581.         exit 6539230

  582.     fi

  583. 

  584.     cd /var/www/$KEYSERVER_DOMAIN_NAME/htdocs

  585.     git checkout $KEYSERVER_WEB_COMMIT -b $KEYSERVER_WEB_COMMIT

  586.     set_completion_param "keyserver web commit" "$KEYSERVER_WEB_COMMIT"

  587. 

  588. 

  589.     USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME

  590.     GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)

  591.     if [ ! $GPG_ID ]; then

  592.         echo $'No GPG ID for admin user'

  593.         exit 846336

  594.     fi

  595.     if [ ${#GPG_ID} -lt 5 ]; then

  596.         echo $'GPG ID not retrieved for admin user'

  597.         exit 835292

  598.     fi

  599.     if [[ "$GPG_ID" == *"error"* ]]; then

  600.         echo $'GPG ID not retrieved for admin user due to error'

  601.         exit 74825

  602.     fi

  603.     sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html

  604.     sed -i "s|###ENTERPUBLICKEYHERE###|$GPG_ID|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html

  605.     sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/404.html

  606.     sed -i "s|###ENTERNAMEHERE###|$USER_EMAIL_ADDRESS|g" /var/www/$KEYSERVER_DOMAIN_NAME/htdocs/index.html

  607. 

  608.     sksconf_file=/etc/sks/sksconf

  609.     sed -i "s|#hostname:.*|hostname: $KEYSERVER_DOMAIN_NAME|g" $sksconf_file

  610.     sed -i "s|hostname:.*|hostname: $KEYSERVER_DOMAIN_NAME|g" $sksconf_file

  611.     sed -i "s|#hkp_port:.*|hkp_port: 11373|g" $sksconf_file

  612.     sed -i "s|hkp_port:.*|hkp_port: 11373|g" $sksconf_file

  613.     sed -i "s|#recon_port:.*|recon_port: 11370|g" $sksconf_file

  614.     sed -i "s|recon_port:.*|recon_port: 11370|g" $sksconf_file

  615.     sed -i "s|#recon_address:.*|recon_address: 0.0.0.0|g" $sksconf_file

  616.     sed -i "s|recon_address:.*|recon_address: 0.0.0.0|g" $sksconf_file

  617.     sed -i 's|#hkp_address:.*|hkp_address: 127.0.0.1|g' $sksconf_file

  618.     sed -i 's|hkp_address:.*|hkp_address: 127.0.0.1|g' $sksconf_file

  619.     sed -i "s|#from_addr:.*|from_addr: \"pgp-public-keys@$DEFAULT_DOMAIN_NAME\"|g" $sksconf_file

  620.     sed -i "s|from_addr:.*|from_addr: \"pgp-public-keys@$DEFAULT_DOMAIN_NAME\"|g" $sksconf_file

  621.     sed -i 's|#sendmail_cmd:|sendmail_cmd:|g' $sksconf_file

  622. 

  623.     if ! grep -q "#disable_mailsync" $sksconf_file; then

  624.         echo '#disable_mailsync:' >> $sksconf_file

  625.     else

  626.         sed -i 's|disable_mailsync:|#disable_mailsync:|g' $sksconf_file

  627.     fi

  628.     if ! grep -q "membership_reload_interval:" $sksconf_file; then

  629.         echo 'membership_reload_interval:     1' >> $sksconf_file

  630.     else

  631.         sed -i 's|#membership_reload_interval:.*|membership_reload_interval:     1|g' $sksconf_file

  632.         sed -i 's|membership_reload_interval:.*|membership_reload_interval:     1|g' $sksconf_file

  633.     fi

  634.     if ! grep -q "max_matches:" $sksconf_file; then

  635.         echo 'max_matches: 50' >> $sksconf_file

  636.     else

  637.         sed -i 's|#max_matches:.*|max_matches: 50|g' $sksconf_file

  638.         sed -i 's|max_matches:.*|max_matches: 50|g' $sksconf_file

  639.     fi

  640.     if ! grep -q "stat_hour:" $sksconf_file; then

  641.         echo "stat_hour: $((1 + RANDOM % 8))" >> $sksconf_file

  642.     else

  643.         sed -i "s|#stat_hour:.*|stat_hour: $((1 + RANDOM % 8))|g" $sksconf_file

  644.         sed -i "s|stat_hour:.*|stat_hour: $((1 + RANDOM % 8))|g" $sksconf_file

  645.     fi

  646.     if ! grep -q "disable_log_diffs:" $sksconf_file; then

  647.         echo "disable_log_diffs:" >> $sksconf_file

  648.     else

  649.         sed -i "s|#disable_log_diffs:.*|disable_log_diffs:|g" $sksconf_file

  650.         sed -i "s|disable_log_diffs:.*|disable_log_diffs:|g" $sksconf_file

  651.     fi

  652.     if ! grep -q "debuglevel:" $sksconf_file; then

  653.         echo "debuglevel: 0" >> $sksconf_file

  654.     else

  655.         sed -i "s|#debuglevel:.*|debuglevel: 0|g" $sksconf_file

  656.         sed -i "s|debuglevel:.*|debuglevel: 0|g" $sksconf_file

  657.     fi

  658. 

  659.     chown debian-sks: $sksconf_file

  660. 

  661.     if ! grep -q "hidden_service_sks" /etc/tor/torrc; then

  662.         echo 'HiddenServiceDir /var/lib/tor/hidden_service_sks/' >> /etc/tor/torrc

  663.         echo "HiddenServicePort 11370 127.0.0.1:11370" >> /etc/tor/torrc

  664.         echo "HiddenServicePort 11373 127.0.0.1:11371" >> /etc/tor/torrc

  665.         echo "HiddenServicePort 11372 127.0.0.1:11372" >> /etc/tor/torrc

  666.         echo $'Added onion site for sks'

  667.     fi

  668. 

  669.     onion_update

  670.     wait_for_onion_service 'sks'

  671. 

  672.     if [ ! -f /var/lib/tor/hidden_service_sks/hostname ]; then

  673.         echo $'sks onion site hostname not found'

  674.         exit 8352982

  675.     fi

  676.     SKS_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_sks/hostname)

  677. 

  678.     KEYSERVER_ONION_HOSTNAME=$(add_onion_service keyserver 80 ${KEYSERVER_ONION_PORT})

  679. 

  680.     keyserver_nginx_site=/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME

  681.     if [[ $ONION_ONLY == "no" ]]; then

  682.         # NOTE: without http active on port 80 the keyserver doesn't work

  683.         #       from the commandline

  684.         echo 'server {' > $keyserver_nginx_site

  685.         echo '  listen 80;' >> $keyserver_nginx_site

  686.         echo '  listen 0.0.0.0:11371;' >> $keyserver_nginx_site

  687.         echo '  listen [::]:80;' >> $keyserver_nginx_site

  688.         echo "  server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site

  689.         echo '' >> $keyserver_nginx_site

  690.         echo '  # Logs' >> $keyserver_nginx_site

  691.         echo '  access_log /dev/null;' >> $keyserver_nginx_site

  692.         echo '  error_log /dev/null;' >> $keyserver_nginx_site

  693.         echo '' >> $keyserver_nginx_site

  694.         echo '  # Root' >> $keyserver_nginx_site

  695.         echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site

  696.         echo '' >> $keyserver_nginx_site

  697.         echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site

  698.         echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site

  699.         echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site

  700.         echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site

  701.         echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site

  702.         echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site

  703.         echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site

  704.         echo '' >> $keyserver_nginx_site

  705.         echo '  location / {' >> $keyserver_nginx_site

  706.         function_check nginx_limits

  707.         nginx_limits $KEYSERVER_DOMAIN_NAME '128k'

  708.         echo '  }' >> $keyserver_nginx_site

  709.         echo '' >> $keyserver_nginx_site

  710.         echo '  location /pks {' >> $keyserver_nginx_site

  711.         echo '    proxy_pass         http://127.0.0.1:11373;' >> $keyserver_nginx_site

  712.         echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site

  713.         echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11371 (nginx)\";" >> $keyserver_nginx_site

  714.         echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site

  715.         echo '    client_max_body_size 8m;' >> $keyserver_nginx_site

  716.         echo '    client_body_buffer_size 128k;' >> $keyserver_nginx_site

  717.         echo '  }' >> $keyserver_nginx_site

  718.         echo '}' >> $keyserver_nginx_site

  719.         echo '' >> $keyserver_nginx_site

  720.         echo 'server {' >> $keyserver_nginx_site

  721.         echo '  listen 443 ssl;' >> $keyserver_nginx_site

  722.         echo '  listen 0.0.0.0:11372 ssl;' >> $keyserver_nginx_site

  723.         echo '  listen [::]:443 ssl;' >> $keyserver_nginx_site

  724.         echo "  server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site

  725.         echo '' >> $keyserver_nginx_site

  726.         echo '  error_page 404 /404.html;' >> $keyserver_nginx_site

  727.         echo '' >> $keyserver_nginx_site

  728.         echo '  location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site

  729.         echo '    deny all;' >> $keyserver_nginx_site

  730.         echo '    return 404;' >> $keyserver_nginx_site

  731.         echo '  }' >> $keyserver_nginx_site

  732.         echo '' >> $keyserver_nginx_site

  733.         echo '  # Security' >> $keyserver_nginx_site

  734.         function_check nginx_ssl

  735.         nginx_ssl $KEYSERVER_DOMAIN_NAME

  736. 

  737.         function_check nginx_disable_sniffing

  738.         nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME

  739. 

  740.         echo '  add_header Strict-Transport-Security max-age=15768000;' >> $keyserver_nginx_site

  741.         echo '' >> $keyserver_nginx_site

  742.         echo '  # Logs' >> $keyserver_nginx_site

  743.         echo '  access_log /dev/null;' >> $keyserver_nginx_site

  744.         echo '  error_log /dev/null;' >> $keyserver_nginx_site

  745.         echo '' >> $keyserver_nginx_site

  746.         echo '  # Root' >> $keyserver_nginx_site

  747.         echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site

  748.         echo '' >> $keyserver_nginx_site

  749. 

  750.         echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site

  751.         echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site

  752.         echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site

  753.         echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site

  754.         echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site

  755.         echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site

  756.         echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site

  757.         echo '' >> $keyserver_nginx_site

  758.         echo '  location / {' >> $keyserver_nginx_site

  759.         function_check nginx_limits

  760.         nginx_limits $KEYSERVER_DOMAIN_NAME '128k'

  761.         echo '  }' >> $keyserver_nginx_site

  762.         echo '' >> $keyserver_nginx_site

  763.         echo '  location /pks {' >> $keyserver_nginx_site

  764.         echo "    proxy_pass         http://127.0.0.1:11373;" >> $keyserver_nginx_site

  765.         echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site

  766.         echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:11372 (nginx)\";" >> $keyserver_nginx_site

  767.         echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site

  768.         echo '    client_max_body_size 8m;' >> $keyserver_nginx_site

  769.         echo '    client_body_buffer_size 128k;' >> $keyserver_nginx_site

  770.         echo '  }' >> $keyserver_nginx_site

  771.         echo '}' >> $keyserver_nginx_site

  772.         echo '' >> $keyserver_nginx_site

  773.     else

  774.         echo -n '' > $keyserver_nginx_site

  775.     fi

  776.     echo 'server {' >> $keyserver_nginx_site

  777.     echo "  listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;" >> $keyserver_nginx_site

  778.     echo "  server_name $KEYSERVER_ONION_HOSTNAME;" >> $keyserver_nginx_site

  779.     echo '' >> $keyserver_nginx_site

  780.     echo '  error_page 404 /404.html;' >> $keyserver_nginx_site

  781.     echo '' >> $keyserver_nginx_site

  782.     echo '  location ~ (.git|LICENSE|readme.md) {' >> $keyserver_nginx_site

  783.     echo '    deny all;' >> $keyserver_nginx_site

  784.     echo '    return 404;' >> $keyserver_nginx_site

  785.     echo '  }' >> $keyserver_nginx_site

  786.     echo '' >> $keyserver_nginx_site

  787.     function_check nginx_disable_sniffing

  788.     nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME

  789.     echo '' >> $keyserver_nginx_site

  790.     echo '  # Logs' >> $keyserver_nginx_site

  791.     echo '  access_log /dev/null;' >> $keyserver_nginx_site

  792.     echo '  error_log /dev/null;' >> $keyserver_nginx_site

  793.     echo '' >> $keyserver_nginx_site

  794.     echo '  # Root' >> $keyserver_nginx_site

  795.     echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/mail;" >> $keyserver_nginx_site

  796.     echo '' >> $keyserver_nginx_site

  797.     echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site

  798.     echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site

  799.     echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site

  800.     echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site

  801.     echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site

  802.     echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site

  803.     echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site

  804.     echo '' >> $keyserver_nginx_site

  805.     echo '  location / {' >> $keyserver_nginx_site

  806.     function_check nginx_limits

  807.     nginx_limits $KEYSERVER_DOMAIN_NAME '128k'

  808.     echo '  }' >> $keyserver_nginx_site

  809.     echo '' >> $keyserver_nginx_site

  810.     echo '  location /pks {' >> $keyserver_nginx_site

  811.     echo "    proxy_pass         http://127.0.0.1:11373;" >> $keyserver_nginx_site

  812.     echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site

  813.     echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_ONION_PORT (nginx)\";" >> $keyserver_nginx_site

  814.     echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site

  815.     echo '    client_max_body_size 8m;' >> $keyserver_nginx_site

  816.     echo '    client_body_buffer_size 128k;' >> $keyserver_nginx_site

  817.     echo '  }' >> $keyserver_nginx_site

  818.     echo '}' >> $keyserver_nginx_site

  819. 

  820.     function_check create_site_certificate

  821.     if [ ! -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem ]; then

  822.         create_site_certificate $KEYSERVER_DOMAIN_NAME 'yes'

  823.     fi

  824. 

  825.     if [ -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.crt ]; then

  826.         mv /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.crt /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem

  827.     fi

  828.     if [ -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem ]; then

  829.         chown root:root /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem

  830.         sed -i "s|.crt|.pem|g" /etc/nginx/sites-available/${KEYSERVER_DOMAIN_NAME}

  831.     fi

  832.     if [ -f /etc/ssl/private/${KEYSERVER_DOMAIN_NAME}.key ]; then

  833.         chown root:root /etc/ssl/private/${KEYSERVER_DOMAIN_NAME}.key

  834.     fi

  835. 

  836.     chown -R www-data:www-data /var/www/$KEYSERVER_DOMAIN_NAME/htdocs

  837. 

  838.     function_check nginx_ensite

  839.     nginx_ensite $KEYSERVER_DOMAIN_NAME

  840. 

  841.     configure_firewall_for_keyserver

  842. 

  843.     # remove membership file - don't try to sync with other keyservers

  844.     if [ -f /etc/sks/membership ]; then

  845.         rm /etc/sks/membership

  846.     fi

  847. 

  848.     if ! grep -q "pgp-public-keys" /etc/aliases; then

  849.         echo 'pgp-public-keys:      "|/usr/lib/sks/sks_add_mail /etc/sks"' >> /etc/aliases

  850.     fi

  851.     chown -Rc debian-sks: /etc/sks/mailsync

  852. 

  853.     systemctl enable sks

  854.     systemctl restart sks

  855.     systemctl restart nginx

  856. 

  857.     set_completion_param "keyserver domain" "$KEYSERVER_DOMAIN_NAME"

  858.     set_completion_param "keyserver onion domain" "$KEYSERVER_ONION_HOSTNAME"

  859.     set_completion_param "sks onion domain" "$SKS_ONION_HOSTNAME"

  860. 

  861.     keyserver_watchdog

  862. 

  863.     APP_INSTALLED=1

  864. }

  865. 

  866. # NOTE: deliberately no exit 0