Backup and restore for keyserver

This commit is contained in:
Bob Mottram 2017-07-30 10:34:44 +01:00
parent 5122bdbc48
commit fe024046ec
3 changed files with 86 additions and 5 deletions

View File

@ -12,12 +12,18 @@
#+BEGIN_EXPORT html #+BEGIN_EXPORT html
<center> <center>
<h1>Key Server</h1> <h1>OpenPGP Key Server</h1>
</center> </center>
#+END_EXPORT #+END_EXPORT
#+BEGIN_CENTER
[[file:images/keyserver.jpg]]
#+END_CENTER
The usual way in which you obtain GPG public keys for email encryption or other purposes is via a key server. There are a few common ones out there, but it's also possible to run your own key server. The usual way in which you obtain GPG public keys for email encryption or other purposes is via a key server. There are a few common ones out there, but it's also possible to run your own key server.
* Installation
ssh into the system with: ssh into the system with:
#+BEGIN_SRC bash #+BEGIN_SRC bash
@ -27,3 +33,10 @@ ssh myusername@mydomain.com -p 2222
Select *Add/Remove Apps* then *keyserver*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /keys.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it. Select *Add/Remove Apps* then *keyserver*. You will then be asked for a domain name and if you are using FreeDNS also the code for the domain which can be found under *Dynamic DNS* on the FreeDNS site (the random string from "/quick cron example/" which appears after /update.php?/ and before />>/). For more details on obtaining a domain and making it accessible via dynamic DNS see the [[./faq.html][FAQ]]. Typically the domain name you use will be a subdomain, such as /keys.mydomainname.net/. It will need to be a domain which you have bought somewhere and own and not one of the FreeDNS subdomains, otherwise you won't be able to get a SSL/TLS certificate for it.
After the install has completed go to *Security settings* and select *Create a new Let's Encrypt certificate* and enter the domain name that you are using for the Key server. If the certificate is obtained successfully then you will see a congratulations message. After the install has completed go to *Security settings* and select *Create a new Let's Encrypt certificate* and enter the domain name that you are using for the Key server. If the certificate is obtained successfully then you will see a congratulations message.
* How to use it
Interaction with the web user interface is pretty minimal and obvious, but most likely you will also want to be able to use your keyserver from the commandline. To do that use the *--keyserver* option:
#+begin_src bash
gpg --keyserver [your keyserver domain] --search-keys [email address]
#+end_src

BIN
img/keyserver.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 11 KiB

View File

@ -115,19 +115,87 @@ function upgrade_keyserver {
} }
function backup_local_keyserver { function backup_local_keyserver {
echo -n '' source_directory=/var/lib/sks/DB
if [ -d $source_directory ]; then
systemctl stop sks
dest_directory=keyserver
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory $dest_directory
systemctl start sks
fi
} }
function restore_local_keyserver { function restore_local_keyserver {
echo -n '' if [ ! -d /var/lib/sks/DB ]; then
return
fi
echo $"Restoring SKS Keyserver"
systemctl stop sks
temp_restore_dir=/root/tempkeyserver
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir keyserver
mv /var/lib/sks/DB /var/lib/sks/DB_prev
cp -r $temp_restore_dir/var/lib/sks/DB /var/lib/sks/DB
if [ ! "$?" = "0" ]; then
# restore the old database
rm -rf /var/lib/sks/DB
mv /var/lib/sks/DB_prev /var/lib/sks/DB
rm -rf $temp_restore_dir
function_check set_user_permissions
set_user_permissions
function_check backup_unmount_drive
backup_unmount_drive
exit 5627294
fi
rm -rf $temp_restore_dir
chown -Rc debian-sks: /var/lib/sks
# remove the old database
rm -rf /var/lib/sks/DB_prev
systemctl start sks
} }
function backup_remote_keyserver { function backup_remote_keyserver {
echo -n '' source_directory=/var/lib/sks/DB
if [ -d $source_directory ]; then
systemctl stop sks
dest_directory=keyserver
function_check backup_directory_to_friend
backup_directory_to_friend $source_directory $dest_directory
systemctl start sks
fi
} }
function restore_remote_keyserver { function restore_remote_keyserver {
echo -n '' if [ ! -d /var/lib/sks/DB ]; then
return
fi
echo $"Restoring SKS Keyserver"
systemctl stop sks
temp_restore_dir=/root/tempkeyserver
function_check restore_directory_from_friend
restore_directory_from_friend $temp_restore_dir keyserver
mv /var/lib/sks/DB /var/lib/sks/DB_prev
cp -r $temp_restore_dir/var/lib/sks/DB /var/lib/sks/DB
if [ ! "$?" = "0" ]; then
# restore the old database
rm -rf /var/lib/sks/DB
mv /var/lib/sks/DB_prev /var/lib/sks/DB
rm -rf $temp_restore_dir
function_check set_user_permissions
set_user_permissions
return
fi
rm -rf $temp_restore_dir
chown -Rc debian-sks: /var/lib/sks
# remove the old database
rm -rf /var/lib/sks/DB_prev
systemctl start sks
} }
function remove_keyserver { function remove_keyserver {