From fe024046ecea971f2c07302ab36745f1fdb2e277 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 30 Jul 2017 10:34:44 +0100 Subject: [PATCH] Backup and restore for keyserver --- doc/EN/app_keyserver.org | 15 ++++++- img/keyserver.jpg | Bin 0 -> 11317 bytes src/freedombone-app-keyserver | 76 ++++++++++++++++++++++++++++++++-- 3 files changed, 86 insertions(+), 5 deletions(-) create mode 100644 img/keyserver.jpg diff --git a/doc/EN/app_keyserver.org b/doc/EN/app_keyserver.org index 323db437..2ce332d8 100644 --- a/doc/EN/app_keyserver.org +++ b/doc/EN/app_keyserver.org @@ -12,12 +12,18 @@ #+BEGIN_EXPORT html
-

Key Server

+

OpenPGP Key Server

#+END_EXPORT +#+BEGIN_CENTER +[[file:images/keyserver.jpg]] +#+END_CENTER + The usual way in which you obtain GPG public keys for email encryption or other purposes is via a key server. There are a few common ones out there, but it's also possible to run your own key server. +* Installation + ssh into the system with: #+BEGIN_SRC bash @@ -27,3 +33,10 @@ ssh myusername@mydomain.com -p 2222 Select *Add/Remove Apps* then *keyserver*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /keys.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it. After the install has completed go to *Security settings* and select *Create a new Let's Encrypt certificate* and enter the domain name that you are using for the Key server. If the certificate is obtained successfully then you will see a congratulations message. + +* How to use it +Interaction with the web user interface is pretty minimal and obvious, but most likely you will also want to be able to use your keyserver from the commandline. To do that use the *--keyserver* option: + +#+begin_src bash +gpg --keyserver [your keyserver domain] --search-keys [email address] +#+end_src diff --git a/img/keyserver.jpg b/img/keyserver.jpg new file mode 100644 index 0000000000000000000000000000000000000000..d179ff1ca05afc067e76a031bb363d9a9cf77288 GIT binary patch literal 11317 zcmeHs2UJwslJ@BYO_FYM&N)XxBs4iHISP`qC?Hvo+yu!WNpc3sibPSONX{st5)=s{ zh=70y)2R23*L&Z3bJzdgKWk=9b*(zJzpr*U)xGvUUFYQ4$vl8iQ&Lp|Kp+sHg82X^ zF93M}frozv9~W_k;0zHGK}^9xML|YJA;`>1%ON2wC3#L*TnwdRdJ&~ys3<0`<)Uq9 zZe{OaFMYwy*VV?y)YjhmbPy1dh=_uef}e_t-&#&w&iZf5Nhg4WgLJ?e5D*doBS8=( z=%gE<0zd%dbhZB}ATR_9!@_VB82pbEaLS#`0{9RR07gI%0027t&yN4Yz0e_HDYg%V)?U{2&v!*AKKNd;pgSk(u_>vTbYA<9$AXR zp$W}UTKjW4B|Vy`pSyp;qm78x+tm~pT;;fd9c|%77qytP@abKFTXsnVa*YP7IA-`$ z3`J&wUqp(7JFTK7YVzmqjoF5Snox-Mk?BJQ?nT0OFQXKB;KOaLd z?EW@xV(9#^5c=IOE0_E<`eQ6emeafY`!fjj7 z|GneS%gO)k=OD~u1OUSIW47O8!1y0*zI#7gFt^6@-)4tm2!xx*<5T`jj5C29$EhbF zSXF#_tv@wCgwpuaajwWfQL{4x2Jtg(Imq@^73vB4-Z=DcIrV-L(Cu8A)lZ(*UTMib ztHTwEa@M>Tvz#T0Gn}Q<_}c9+n~Bd9kJMyOWXD_?H>$^_rEH$!88F^y_S`w}{Arj| z7s4$aII*1Jm3E$&hc&gJKP{E#e$)E*VRSr}{9p7ok0LF~eXR!6KVj?DC6ciHHLWrQ4 z1>|4~2@EXq7D1R31dcg!KrrwL0Kql^FPU;%J`MR z@ljoG{D*+UUZfot%9s0LG`-a$Qr<%tw<5lAEzXbxr45cR+-X@_JjXgNjp~jfbDP!m zi)dr8NmTT?TlHg|{)z5L{gir|qU)#%8@CX#Ou2okg*FkT9(?pzIPl7RbM5#Q-p;Bu zC-KC!ukzE1&P4XkYauVDa3M<7%&c`087x zN?JBP?hNb@zV~)})TCh_ zW}ayp29kLhf2G)IXX;t(@!(IUFYbRDz4B^kkw2O3qxJT+o@+YZ)Q!={tn>2koFDfN zhYs_re+hZde?;7V0({IZ#+!e24{V2b9=@M`Bd`lgvpo5w$#(5MPAPo+#hZjT`k{mP z(*{j-_e!@xqq&T`$bDktl$_^26n;h9-a`ZS_O0~EH@W>DAuf>}nR+$GAC5eIME-Q! zm?u@8HR-8M{oizw_m2pZ-iK^}|IsI=SIIBI{vWX$U<|+C98fgm%`q709=~q?wO=MC zZC2|*uKUi=kx_x0eO%|qd&C0s7ot>nxT7{A#^YB3d*(i9DH2C=nvMm3JvJ3r$?_a5 z+)b+XQ2WTHeSG_Z;JrlCPZzy4S*Nchrv*!E-g%onMiw2vK5)n_+P9uKef8cAq|HIQ z@k^vb*|EUvLa%eo3}v;jsa?~MTjrAJPfeX*JV~XIpMXE`<*4vSn&WNd?g+gK%AM%)hVuDn{&fueC{P%QN(O z`1T2K{sh2mI4nraQ!4<1fqLNXG85rSF}lz_H{TSDHqO$PI5D+4+KNHZNv z{tNoZ%y%z-onLzFtL?j4naZ{=%Dby-Iw{4R|JeBMn2rt6{7G>pGS3zMN%POI)5mRy z9!SfKd^~)z)Tlb~awj1>eQWXJYx=9VjkPBWWkL{P^oa}I+3hk$N8WF~U?$&CGtF+7 zKC1V^EJG-z`Mm$lx-4VLpJg<^C-G;=#=UuLON?1`8YiZYxi4G}2NA|5uQ?gUDAP{( zJ$qmXX8S$WAA$rCF(SYaL6p`{*#rN`Ub-ck;-70y+x}tVx@LSi-TmL37DN~$T<#y6 zczWC<9W_-|PF9wpl%(I>bj6=rKL~+#8{cI%_HAz&nd{5SITCTjgP!u)N<~ ziMOeL!g#SwAH5!BvcRmKS1wp3j4_}uF~$Zn!#WLpUa#N@;7^aqq!l#=J?N7+X4F#C z;r7(TH#hCGq}Ym2D}CB$PCL6|&4DjD9B+k{Vl>xM%*%$SD;=wR1-p`IoQd6(@;qtAH`Ukw8a0tuZ&lQybt{L-*FQY62Fp_RW|eWO zfsB1rhKC(nN|MPfHZJvIc=IBAT3^S)E%XU+v8axAdC)Yuf4v%QY*q3QMi&+!9j;`E z>mlP9bpqHK#qrOsRY5zlx;Sy_`3E@?b_^5E6`ej{Wr0ogdm?Y!IcWdP}x!8H#w+-D+GA$gv1IHXI#$<|# zHvbQ%;=ulhWM9-oYx3R2Hu}WNikYn5<$A0&b$0#R3m1&j-*uLck)$^8^zU-o87KCC zFcj6Om(+l5&ENn46+hcYpfs2v-}HGTIlx6S#E4RU!6)(qcOxY$kq z%ha|#+>tEt&ze7!`WI;F1p8`dW_ecls&)eq74 zT-w7LR;zFcDgr~Z?^>=Gb9een;aBil|PhLMP0Y?w^}| zK-Z$v#=i6P&~>!hs$92kjK$cnY{w*aw`mHg-CmqlR%o)7OOv(lNRq45Kgm<2mNO|; zrgyE}c8y~i)33Ls(597|_1Sa2-ltw?)$8ibVw2uqNwfY1j5=GclVScV`WK;WQ`|=Z z#of<0OJP+#%jRhN@e+GA4?fY+eD_>a{d#V?hDom~r?9lo%x|?t)z%CLst5^0^@Q3} zgj#gVBX5h+-_aN-=GHx^a5tX`#cXFhr`s6>0>;7|t{DAxssfCHTe8|8EyoaU!TEI^ zD6K>Ri=c$x_ArnP;|b7lLm8F%OfDAUYD$C1JOSdWy7z}GzcR9-__X`hu8<4VhZXE> zWZUbkiV80wV<+b(efS+dG!yQj=impjVe&4kU~oJWVw%3v3P3R!z-gHPF0U|#7rqoE z0z)B?1g85~6iiN`QdSeMsP;W`ycLdRkL74Cg^nt=JS#NC+qLh^_th7x^$l7OfdJHuHh~LdhXW^PH}k649NvVE2aLP4asj0#COx#nbEb`H@Fp;K8Q= zcuf{FId#b~wUR+>K?sx9U=q?q(@SOTD>7_1PyQMl$l{*Q+Y6!_GU*aa7JYQYtfgP?H2bZ$n0AcVoyGkR1HEn$K391uN} zN7EW1fs$R!%m2vQ&6IV%V^aMrsH@W{rSLUvwl zA6aBHqC!AMCqM;D9%Tl8pPjrAWx^oZMwszm)8OFo5V*;h^DN+a;w`;QwD1eUN6?Xy z@;Gv+gI&QkNr(WFWraa5gy3;MgWOpQFp9@GvW_=s9Nz%{Z2X5X5D-2Z##pJRUm!W} zfHST)8QxvVf$q`mKz9|oO1{7n5YXaRM}=(Q8F4{sZ69-x7w1nwULkmCWs&zmSQ;qf z>1bqhs0s8bK^0u92|?mTD<^<7zFgs^4ClY=bA*;2~{Xsov zSQ3{spFkzI52`fe+GILX$$-KkgEmJ6fTzSWD7!B$X zC@^H>l)->CRJaL`1#xT?+yMVTd1NtWuWR$;wbK2^_Z7<>*OE>E!W92wp>nM5$0aZU z&R`8(3tezJ$-kl@#Gxn;?1p|!(N-kEs8$}!Gr2E0$!OYl_~(Zyyt4#0#VudCcC{@; z_;#K7^hcP4yto4$%&o=#&qFaIaPX^#o=$P9HzVe5O2YG!JP>#s)F(jktN13~c@!lS za-8NTeF7MNkfA%%rq)fatEVtmNxVuCi6#`y+lhmYwFI&T^C|T~nx-Y~r#Zv=S6MW@ z6OKEpEMexIo62)!L2ynzzb;aPjq4gXRrzw-7f93(sRC$Nz=&H#yMTXL=;URGZ7o3! zHbYgW8*LGLq|R`zWAfkT1d?oGV3sBnU|fP8bgMgK`m|mV`(0Z*(D*n>9=K|pG|C}% zNkvpK z2t%5*;i6)C&`w?jORTrD58>hp)s~|YvfdS5t{l7Jh}(MM-ApXh{OXEh0{Ee#7xc^K zg{~S*gY%}ROE;;a(c$D=77Pr?=al7s5-f#)LEiAzT`u`ATmU?3t|_2ijjEvfvC}v< zU2P$8k=!zsI}yvOERLEXL7Jn2(e(5OqlpvXZg7*lEwQ=g*ZJRGV*n7$F^4!k>;5+g z^z=?tp+vHOaWi051_TZR5eOOtVgTSQLBJmb0Wc)s0AL&_<_HG=%z&UFC}2OyGVLEtof=fJK%Vt%_|s{2^;-y1l;E(5bL%b@QZ%jqIV zPks7t$OfkQW619T?x%N{seNj{1$;-pSaZ=E6)`dYGabY3oEu zFz+1yAdokwIa4Y+wG4k?{%Hf-3Wot7_19rvWwR1+82+03KlI<20U69=IxD971%SWF z>E?ARAf%-mqaZ>HB`cuKU=jRN`3rFZL_c_WYxa8_?o1%{y;)E4p7(p%iXU%Cm1_H6 z9&wyBCr?=||JzdbVgdFs|674a8ltbS&*?-(b2O!|uajEvt>!~K=Ix`}j-2Ixy7!6x z%@@DnOlC9r_CGNJ!Ic=CFPK- za43@@Y^?mSl|__Y=s9T-A>W#GH?VFi)N_2}9ARkJ#*qO>eLsiOs#jJ-$HLxjl&%s4 z8QE8WfDCUc=73mi`J4VpVT~K;JZ2r09_vHUldbD&CL@>%~37~#T{%Q3LlYCM~ zPV?{25dX|7>>tk2O{5h2zg0E)3l>*q&7OD4BzIMrvqw}et`1$sdY=_H+<85dvF=icS8`VD zW2dqejcC5yGqty0x=X~EwZ(~OG#{nypO0{%ro~BAoLE>FZxQvSP6^Rg8cfgAJ-?-) zzQwo3O2Wp%L4LikYp3!#O9CnpCkhufx3aYxOJyg|n9ye)&d!GIQp@a$L zK1ym|x`8Ab;1B73zXg4Qw2rn_GiO!bWN0Otw3$P^xT4-nB|WIl$e;X}h*nWmm}u`< z<=s=Vc}Mnd-xD_ibXuE(K{2JyAOB?m8(Kc*DxcXzsY!;npaPUbothjRz)kumxjT$zSfnO}~}DJYaL(~{E8S;;y;^oEob_ zKX9Nk02dza;LkKx(;sJwCtHHXK;Tt>X0VB;8vHw<LA%9@ymv+4^RF58Zd28Wt3>Pd4L8QR zNPqc^@0!P5bhU+@_AYGZKEa!dNkC3@;382i_@Ua(UW9O77JM&*M8~Gsko?k3_OUdB z%i+^~;-Y?rGdv7IK$+A6JI%DCQFTLZj!-y~5NUXrDfX0^b@}02f)DpJZk6T}2ZJse zc-J(&bIjcgJ(A0Vrdur-1gfzhpSO^Zg zN}H6iOW1`QVS|>!0xOGph_dEPxH(87xgO4IZ-H+W;GYf7pEzvRkW*hpTbrDd@81YC zcSV)Ukci8dm>28$iZMIwyamSxk(ePY?-QKKo$BDa#Mvkoa}!oLGM*NTZ8N?U@8|;= zy*3jI4H0pi!qGQ|i7J~uanLeIB|SbnR9F1^+B(0EVR&fvUZ}#P%s$iKe|h%fm7Dpl z(L=<8S)AIV3lWP~WQZ;I?+|uByUEt|@hpAR|8J0Jic!?devwQdO$ zx=1%)1M#&nkw9IA*UiU->|U&)>07}nj#yKx?Fbha3c4Xyc7KQ&Y$p{lIah{#E(&); z`-zx%JVQWM$?KvQo_98xjFKud>9pA_7+uM?M0+_V?q0B9Re$f`l=f-TFtyErcO93p zZ|<&mf%xqpLos+zP`=%)l^&i8F&~*`>z8}1thXyPQ1zs#!I9mtkoVVPE9%rrWmIIH zQeQ;#lBwOV2xzMn;N=>}uMAa!Y4Zs-aYjfo;~2rNyM|@M>K4%C-l@$~!jaq9&-(+g z_<~>q!A~>xC~lRSdc>8Bas;nULN6fbOz6uR^pkSpdr1ha(RW&|sknx+fOe{E(K?n@ zZm}<&v2eo-3C{ISy!cFZ3yFLu@&vz*A>bzzBUDkmH zAA|$k4JO0?i9*1lBNPk&^b&E!Bv=*FNUD~r9+>_ch~ds#P2#HlE-HjuUhUU9hNxkc zXQ$SrAElbm2bmyr3BM4{9y}s*BH(q}@hp=*6Er?8wZx}~OI1o~)KJX)(3$X}pyqA9 z^2~v_0Om3*leg{m<{?5!7ijfBzB5IQjTIC;b?UFf#uAE(jZ$we@--8O)|3!4vbQXPur*&`BqF?X(El#7pN{rjQiUnpWjn`A&&v zXB)k1jy>`f`Mg+ZiIeWXEobEs#hp*sV&AAMW+rTcixw@JA1E!m%* zedpMC{zCJt%kaciuRGW8zsN3`+xP>RRsfJJ?%#L<>oFnJX8VQwbC2;I6gbPAFz{fD z1t)fV=Gy(67N(@t2>dlc5o{B3RO1ZKVzLuQNz)kw%vmmy)C1cn!KfZ7S`D68hfzx@ z#n9FDwn@k}@j9TeJLzt9*P(Po+=iAP!oTu{)Eg1a78*72wj|8@ZWb-Qm}<=TG#tn0 znz^A*b+@8Ty{R5OeL=RuBXG_jI8rL^tjD7ab&C#@yEJV%l9t!iyG<-OpKwbp1@O=$ zpQH3ys=QZOOL__ZRWLd;5}KbmGs{+MiO>3`N@Hapfb}EL zbkAWwIVt*p>E15BzD31=QN>#<-)=Di+-m=;q}Q&;c74{PP1mU#p~J2^0bXODJpT`2 Cmwc!I literal 0 HcmV?d00001 diff --git a/src/freedombone-app-keyserver b/src/freedombone-app-keyserver index 96707564..3d1d87ac 100755 --- a/src/freedombone-app-keyserver +++ b/src/freedombone-app-keyserver @@ -115,19 +115,87 @@ function upgrade_keyserver { } function backup_local_keyserver { - echo -n '' + source_directory=/var/lib/sks/DB + if [ -d $source_directory ]; then + systemctl stop sks + dest_directory=keyserver + function_check backup_directory_to_usb + backup_directory_to_usb $source_directory $dest_directory + systemctl start sks + fi } function restore_local_keyserver { - echo -n '' + if [ ! -d /var/lib/sks/DB ]; then + return + fi + echo $"Restoring SKS Keyserver" + systemctl stop sks + temp_restore_dir=/root/tempkeyserver + function_check restore_directory_from_usb + restore_directory_from_usb $temp_restore_dir keyserver + mv /var/lib/sks/DB /var/lib/sks/DB_prev + cp -r $temp_restore_dir/var/lib/sks/DB /var/lib/sks/DB + if [ ! "$?" = "0" ]; then + # restore the old database + rm -rf /var/lib/sks/DB + mv /var/lib/sks/DB_prev /var/lib/sks/DB + + rm -rf $temp_restore_dir + function_check set_user_permissions + set_user_permissions + function_check backup_unmount_drive + backup_unmount_drive + exit 5627294 + fi + rm -rf $temp_restore_dir + chown -Rc debian-sks: /var/lib/sks + + # remove the old database + rm -rf /var/lib/sks/DB_prev + + systemctl start sks } function backup_remote_keyserver { - echo -n '' + source_directory=/var/lib/sks/DB + if [ -d $source_directory ]; then + systemctl stop sks + dest_directory=keyserver + function_check backup_directory_to_friend + backup_directory_to_friend $source_directory $dest_directory + systemctl start sks + fi } function restore_remote_keyserver { - echo -n '' + if [ ! -d /var/lib/sks/DB ]; then + return + fi + echo $"Restoring SKS Keyserver" + systemctl stop sks + temp_restore_dir=/root/tempkeyserver + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir keyserver + mv /var/lib/sks/DB /var/lib/sks/DB_prev + cp -r $temp_restore_dir/var/lib/sks/DB /var/lib/sks/DB + if [ ! "$?" = "0" ]; then + # restore the old database + rm -rf /var/lib/sks/DB + mv /var/lib/sks/DB_prev /var/lib/sks/DB + + rm -rf $temp_restore_dir + function_check set_user_permissions + set_user_permissions + return + fi + rm -rf $temp_restore_dir + chown -Rc debian-sks: /var/lib/sks + + # remove the old database + rm -rf /var/lib/sks/DB_prev + + systemctl start sks } function remove_keyserver {