+++ /dev/null
-Nothing that isn't on the TODO list at present.
+++ /dev/null
-0.0.1 - 16th May 2002.
-
-* First release.
-* Merges gpgstats 0.0.2 (never released).
-
-0.0.2 - 28th May 2002.
-
-* Added support for subpacket type 0x83 (critical key expiration)
-* Fixed bug in parsing of one byte new format packet length.
-* Added support for 4 byte old format packet lengths.
-* Changed various error statements to output to stderr instead of stdout.
-* Fixed bug in deleting keys in Postgres backend.
-* Moved code to merge a list of keys to merge.c and changed add.c to use it
- rather than just replacing existing keys.
-* Added comment & trust packets as known but ignored types.
-* Added storage of uids to Postgres backend; this speeds up verbose indexing
- and will also allow searching on UIDs.
-* Fixed bug in armor handling (didn't like 2 newlines before the armor header).
-* Made dearmor gracefully handle non armored input.
-* Added support for incoming incremental update mails.
-* Added searching on uids to lookup & keydb_pg.
-* Changed Postgres backend to use 64 bit keyids instead of 32 bit.
-* Made dearmor ignore CRs when looking for 2 blank lines.
-
-0.0.3 - 2nd July 2002
-
-* Added index on keyid for key table in Postgres backend.
-* Twiddled transaction support in an attempt to speed up mass key adding.
-* Changed putchar_func to take a character count rather than doing one char at
- a time (massive speed up in Postgres case).
-* Introduced onak binary for general keyserver operations.
-* Changed all version number references to use VERSION macro.
-* Made lldel free the unused list structure. (pointed out by Simon Huggins)
-* Made llfind assert that the cmp function is non NULL. (Simon Huggins again)
-* Fixed gpgwww; after the move to 64bit keyids internally it was trying to
- compare the 32bit user supplied keyid to the retrieved 64bit one and never
- finding paths.
-* Various tidying up I've forgotten.
-* Fixed bug with removing signed packets while merging.
-* Fixed bug with potentially adding an already existing uid to a key when
- merging.
-* Fixed stupid typo bug in merging keys.
-
-0.0.4 - 10th November 2002
-
-* Made keydb_file backend compile again.
-* Changed merging to compare signature keyids rather than packet contents
- so we don't add the same signature multiple times.
-* Changed keydb_pg backend over to using PQescapeString to escape SQL data.
-* Added list of keyids in a path to gpgwww output (suitable for C&P into
- a gnupg command line for example).
-* Pulled out HTML start/end code to getcgi.c and added a DOCTYPE and charset
- of utf8.
-* Did some work on getting onak-mail.pl to output incrementals as well as
- receiving them.
-* Some cleanup in getting signature keyids.
-* Made sure we freed more things after we've finished with them.
-* Changed maxpath to display the path found.
-* Added use of onak_sigs to keydb_pg to speed up retrieval of key sigs. Should
- speed up the pathfinder a lot.
-* Added llfree for freeing up linked lists.
-* Wrote DB3 backend; although much work is still needed it vastly outperforms
- the PostgreSQL backend and should hopefully not suffer from the problems of
- the DB2 implementation.
-
-0.1.0 - 13th November 2002
-
-* Code cleanup; pull out common character functions.
-* Make DB3 backend support proper searching.
-* Added config file.
-* Fixed ASCII armor bug (we'd output NULLs in the headers/footer).
-* Added bidirectional syncing (previously we could receive but wouldn't send).
-
-0.1.1 - 2nd December 2002
-
-* Fixed utf8 content type - should be UTF-8. (Thanks to Simon Huggins)
-* Made getfullkeyid not assert if the key isn't found. (Thanks to Simon
- Huggins for reporting this.)
-* Fixed onak-mail.pl to check the stdout of onak before stderr to prevent
- blocking when reading the output update.
-* Used ccmalloc to find various memory leaks and fixed them.
-* Added display of key subkeys.
-* Tightened up table creation SQL a bit.
-* Fixed bug with merging keys that have no new content (we'd sometimes stop
- processing the incoming stream of keys).
-* Updated README to be a bit more useful.
-* Code cleanup; removed circular dependencies.
-* Added sixdegrees.
-
-0.1.2 - 15th February 2003
-
-* Added fingerprint calculation/display.
-* Cleanup sixdegrees binary/object file on make clean.
-* Introduced transaction support to DB3 backend, along with deadlock detection.
-* Added keydb dumping ability.
-* Added logging infrastructure to help more easily track down problems.
-
-0.2.0 - 8th June 2003
-
-* Output multiple paths in gpgwww (thanks to Simon Huggins).
-* Allow a keyid on the command line for sixdegrees (Simon Huggins).
-* Make db2 backend check for a num_keydb file to know how many db files to use.
-* Add 0x to generated URLs as pks needs these.
-* Add "Find Reverse Path" link to gpgwww output.
-* Checkpoint the db3 database upon clean exit.
-* Fix bug with logging where the month was one less than it should have been.
-* Fall back to stderr if we can't open the logfile.
-* Move dependancy list from Makefile to separate file.
-* Checkpoint the DB on clean shutdown.
-* First cut at MRHKP support.
-* Clean up various compile warnings under gcc 3.3
-* Log a critical error when we can't handle a critical subpacket rather than
- asserting.
-* Make the Postgres backend compile again.
-* First attempt at supporting revoked keys.
-
-0.2.1 - 11th October 2003
-
-* Added support for multiple backend DB3 key files.
-* Fixed DB3 database dumping to be outside a transaction (otherwise the
- transaction is too big and we run out of memory).
-* Change over onak-mail.pl to use the config file more.
-* Fix bug where we always read one byte from stdin in rather than allowing
- zero.
-* Tightened up error checking in a couple of places to allow proper DB cleanup.
-* Changed a printf error message over to using logthing.
-* Allow read_openpgp_stream to append to an existing packet list.
-* Tidy up various character functions into charfuncs.c
-* Add splitkeys for spliting up keyrings.
-* Various code cleanups to help reduce warnings under C99.
-* Add (verbose) index support to onak-mail.pl
-
-0.3.0 - 14th September 2004
-
-* Add the ability to choose a config file at runtime.
-* Fix extra LF when the last line of the key is a full line.
-* Relax restriction on Type 2/3 keys being RSA - log the fact, but don't error.
-* Stop trying to parse a key if we get an unexpected character.
-* Make onak-mail.pl only run a single copy of onak at a time.
-* Add photoid support; lookup and onak both use this.
-* Move db3 backend to db4.
-* Move db4 backend to 64bit keyids.
-* Add keyfs backend. (Daniel Silverstone)
-* Pull MD5/SHA1 implementations from sigcheck as they're more portable.
-* Add readonly open mode for DB backends if we're not going to add keys.
-* Log assertions before exiting.
-* Add man pages for onak and splitkeys.
-* autoconf; very basic at present - endianness and file paths.
-* Clean up various compiler and preprocessor warnings. With --std=c99 and
- -D_BSD_SOURCE=1 we should be almost warning free.
-* Fix gpg --search support (it doesn't like uid/sub at the start of the index
- lines).
-* Let gpgwww return all the key data for the keys listed in the paths. Thanks
- to Ian Haywood <ihaywood@gnu.org>.
-* Add support for searching on subkeys.
-* Fix writing packets that are larger than 8k.
-* Fix bug with reading new format packet lengths.
-* Relax some assertions in mem.c as we can hit them legitimately.
-* Initial key cleaning routines; de-dupe key uids.
-* Add loglevel setting in the configuration file.
-* Add logging for the various CGI interfaces.
-* Add stripkey from Daniel Silverstone.
-* Add signal catching infrastructure; this is primarily due to db4's fragile
- behaviour in the face of abnormal termination.
-* Add Apache2 example config info.
-* Update mathopd example config to newer version.
-
-0.3.1 - 23rd October 2004
-
-* Add onak-mail.pl man page (Debian bug #276879)
-* Add links to HTML index output. (Debian bug #275227)
-* Speed up fetch_key_text (use of lladdend/sorted keyid array).
-* Cleanup db4 properly if we fail to open it.
-* Change buffer_put/fetchchar functions to use memcpy (speed up).
-* Add key iteration functionality to keydb backends.
-* Move dumpdb to iterate_keys.
-* Add keyd backend (persistant database access over Unix socket)
-* Cleanup logging in sixdegrees.c
-* Fix maxpath to initialise the logging infrastructure.
-* Fix sixdegrees to initialise the logging infrastructure.
-* Fix transaction around id32 updating in DB4 backend.
-* Compile warning cleanup; add missed include file.
-* Hard error when db version is < 4.
-
-0.3.2 - 25th March 2005
-
-* Change word split routine to split on punctuation/spaces. (Jason Harris)
-* Fix problem parsing empty config lines. (Thanks to Fred Strauss)
-* Do some checking before closing stderr in add.c. Fixes an issue seen in
- RH by Fred Strauss.
-* Make sure we use the configured path to the MTA in sendsync.c
-* Support UID revokations. Thanks to Hanna Wallach for reporting this.
-
-0.3.3 - 4th March 2007
-
-* Make onak-mail sequentially processes requests.
-* Fix db4 memory leak.
-* Add support for dynamic loading of backends.
-* Use 64bit key ids for HTML keyindex links and support these in lookup.
-* Add support for ADD to onak-mail.
-* Fix replyto address bug in onak-mail.
-* Gracefully fail when we can't open a db4 db.
-* Fix assumption that a signature on a public key is a revocation.
-* Document test keys.
-* Check signature time as well as keyid for key merges.
-
-0.3.4 - 29th December 2007
-
-* Fix dynamic backends bug involving passing the config to the backend.
-* Add an install target to the Makefile.
-* Add a man page for keyd.
-
-0.3.5 - 16th January 2008
-
-* Fix dumb mistake with db4 backend. Serves me right for testing with
- the file one.
-
-0.3.6 - 7th June 2008
-
-* Make key addition success text more like SKS/PKS. (Thanks to Timothy Legge)
-* Allow the use of search text for gets, rather than just keyids. ""
-* Fix fetching key by text bug in db4 backend (we'd fetch too many keys).
-* Fix lookup display for more than one photo id. (Thanks to Philippe Teuwen)
-* "Recognize" some extra critical subpacket types.
-* Add support for upgrading db4 DBs built with older DB4 version.
-* Various minor code cleanups.
-
-0.3.7 - 2nd June 2009
-
-* Escape colons and similar in MRHKP output. (Debian bug #487284)
-* Add support for displaying Elgamal encrypt or sign keys. (deprecated)
-* Ensure DB4 backend dbconns memory is initialised to zero.
-* Open DB read only for onak lookup function.
-* Obey binary flag for "onak get".
-
-0.3.8 - 29th December 2009
-
-* Fix "onak dump" to actually generate multiple output files.
-* Limit key dump files to 100,000 keys for "onak dump".
-* Correct formatting of some places we output a keyid. (Debian bug #540196)
-* Don't add a key to the stats hash if it doesn't have any sigs. (Debian bug
- #542187)
-* Change PostgreSQL backend to use PQescapeStringConn
-* Fix PostgreSQL backend key iteration
-
-0.4.0 - 19th April 2011
-
-* Fix delete_key function in keyd backend
-* Send close command when cleaning up keyd backend
-* Actually close the socket in keyd/the keyd backend
-* Update the copy of my key to my 4096R one
-* Update maxpath/sixdegrees to my "new" RSA key
-* Add -c option to specify keyd config file on command line
-* Make keyd background itself by default
-* Add use_keyd config file option to select keyd as the backend
-* Clean up remaining uses of %llX for printing keyids
-* Fix fs backend compilation/linking
-* Configure db4 locks according to maxkeys and actually check maxkeys
-* Explicitly use 32 bits for keyd socket commands
-* Log when we're doing a clean keyd shutdown
-* Add help text for keyd
-* Add keydctl for talking to keyd backend
-* Add the bzr version number to non release builds
-* Allow db4 backend to compile with later versions of Berkeley DB
-* Add a stats command to keyd
-* Clean up use of PATH_MAX in keydb_fs.c
-* Output details of key search after retrieval for pks/lookup
-
-0.4.1 - 24th April 2012
-
-* Add basic testing infrastructure + initial tests
-* Change fd_write to use fwrite instead of fputc
-* Fix buffer_getchar to only error if we'd exceed the buffer size
-* Add support for calculating SKS style key hashes
-* Add support for key retrieval by SKS hash
-* Add support for displaying/retrieving by SKS hash to lookup and onak CLI
-* Add /pks/hashquery
-* Cleanup lookup/gpgwww trailers
-* Define OpenPGP constants and use them rather than magic numbers
-* Clean up file header copyrights
-* Add some more subpacket types to the list to ignore
-* Clean up "set but not used" GCC warnings
-* Use nettle for hashing when available rather than internal MD5/SHA1 routines
-* Add AC_PROG_CC_C99 to configure.ac
-* Fix display of SHA-1 fingerprints
-* Always put a leading 0x on keyids in HTML output links
-* Allow retrieval of key by full fingerprint
-* Add keyid to DB4 backend deletion error messages
-
-0.4.2 - 1st October 2013
-
-* Add support for RIPEMD160, SHA224, SHA384 & SHA512 when available
-* Fix stripkeys to output all the keys at the end rather as it goes along
-* Add support for checking signature hashes
-* Use Doxygen for some initial code documentation generation
-* Cleanup code in preparation for a separate libonak for general PGP bits
-* Prevent read_openpgp_stream from returning empty packages + causing crashes
-* Allow maxpath + splitkeys to take a -c option to specify the config file
-* Add wotsap tool to generate data files for wotsap
-* Add HKP backend to allow onak to be used as a proxying keyserver
-
-0.4.3 - 30th September 2014
-
-* Set our user agent in the HKP backend
-* Allow keyd to serve multiple clients at once
-* Improve HKP backend URL parsing, adding support for HKPS
-* Add support for a user specific config file for onak binary
-* Make wotsap output tool ignore revoked keys
-* Add support for old Elgamal v3 key IDs
-* Add support for displaying EC/ECDSA key types + sizes
-* Extend database backends to support key fetching by fingerprint
-* Remove legacy pksd compatible DB2 backend
-* Add SHA1x hash support
-* Ignore X509 signatures for signature hash checking
-* Code cleanups for issues found using scan-build (llvm) + valgrind
-* Extend tests to include retrieval by subkey ID
-* Switch DB4 backend to using key fingerprint as primary index
-* Sanity check signature data lengths
-* Add support for systemd socket activation
-
-0.4.4 - 30th September 2014
-
-* Fix key ID lookups using onak CLI tool on 32 bit platforms
-
-0.4.5 - 3rd October 2014
-
-* Fix for detecting systemd socket support with more recent versions of systemd
-
-0.4.6 - 25th August 2015
-
-* Add additional ECC OIDs (Ed25519/Brainpool/secp256k1/Curve25519)
-* Re-order linking for backend plugins to cope with ld --as-needed
-* Add de-duplication of subkeys on a key
-* Add support for displaying EDDSA keys (type 22)
-* Add config file option to specify keyd socket directory
-
-0.5.0 - 28th August 2016
-
-* Use mail_dir for the incoming mail lock file
-* Switch to .ini style config file
-* Add dumpconfig command to dump running config in .ini format
-* Add stacked backend
-* Include statistics for fetch by SKS hash in 'keydctl status'
-* Pull key updates into keyd protocol rather than using delete/store
-* Various robustness cleanups from American Fuzzy Lop testing
+++ /dev/null
-Performance of adding 2M key chunks (~ 1700 keys).
-
-Originally ~ 30 mins with 0.0.2.
-
-After adding an index on keyid for onak_keys:
- Command being timed: "/u2/noodles/onak-0.0.3/onak"
- User time (seconds): 75.12
- System time (seconds): 76.08
- Percent of CPU this job got: 3%
- Elapsed (wall clock) time (h:mm:ss or m:ss): 1:18:17
- Major (requiring I/O) page faults: 630
- Minor (reclaiming a frame) page faults: 1238
-
-Making deletion in the same transaction as readding:
- Command being timed: "/u2/noodles/onak-0.0.3/onak"
- User time (seconds): 67.28
- System time (seconds): 75.74
- Percent of CPU this job got: 2%
- Elapsed (wall clock) time (h:mm:ss or m:ss): 1:22:08
- Major (requiring I/O) page faults: 617
- Minor (reclaiming a frame) page faults: 1241
-
-Making merge_keys all one transaction:
- Command being timed: "/u2/noodles/onak-0.0.3/onak"
- User time (seconds): 74.45
- System time (seconds): 69.82
- Percent of CPU this job got: 2%
- Elapsed (wall clock) time (h:mm:ss or m:ss): 1:29:28
- Major (requiring I/O) page faults: 610
- Minor (reclaiming a frame) page faults: 1237
-
-Only delete old key if we know it exists:
- Command being timed: "/u2/noodles/onak-0.0.3/onak"
- User time (seconds): 77.47
- System time (seconds): 75.06
- Percent of CPU this job got: 3%
- Elapsed (wall clock) time (h:mm:ss or m:ss): 1:16:41
- Major (requiring I/O) page faults: 610
- Minor (reclaiming a frame) page faults: 1239
-
-onak 0.0.4ish with db3 backend; only 1203 keys:
- Command being timed: "./onak -b add"
- User time (seconds): 0.88
- System time (seconds): 0.21
- Percent of CPU this job got: 80%
- Elapsed (wall clock) time (h:mm:ss or m:ss): 0:01.36
- Major (requiring I/O) page faults: 198
- Minor (reclaiming a frame) page faults: 5443
-
-
-maxpath:
-
-Orig:
-
-List of key ids in path:
-0x651E4299 0x2213E772 0x1EB2DE66 0x87CD3DBD 0xC02440B8 0xEA1572F1 0xF5C75256 0x6
-8FD549F 0x5B430367 0x8C90A57F 0x316C50AE 0x56ABD303 0x641B6747 0x6B5A209A
-real 5m58.355s
-user 0m11.110s
-sys 0m0.440s
-
-
-After DISTINCT:
-
-real 5m59.231s
-user 0m9.630s
-sys 0m0.410s
-
-With DB3 backend:
-
-real 0m15.917s
-user 0m15.620s
-sys 0m0.310s
+++ /dev/null
-onak 0.5.0
-Copyright 2003-2016 Jonathan McDowell
-http://www.earth.li/projectpurple/progs/onak.html
-
-
-Introduction:
-
-onak is an OpenPGP compatible keyserver. It's primary purpose is the
-storage and retrieval of OpenPGP keys but it also has features that make
-use of the stored keys for various other purposes. The most useful of
-these is probably the pathfinder. This takes two keys, a & b, and
-attempts to find a path of trust from a to b in the key database. I
-started work on it because at the time there was no DFSG compliant
-server that supported multiple subkeys and could act as a drop in
-replacement for pksd, which I was running at the time.
-
-
-Installation:
-
-onak has been mainly developed under Linux with a bit of work on FreeBSD
-at times also. It should run on all architectures, but has only been
-tested on i386, AMD64 and PowerPC so far.
-
-Typing "./configure && make" should produce a version of onak with
-support for the DB4 backend. If you want to choose a different backend
-(see below for a discussion about the options) you'll need to pass the
-appropriate option to ./configure.
-
-Once make has completed you'll end up with various binaries:
-
-* onak
- This is the main program. It's intended to be run from the command
- line and allows the addition, deletion and searching of keys in the
- database.
-
-* onak-mail.pl
- The mail processor. Takes incoming mail (usually to
- pgp-public-keys@host) and calls onak to do the necessary work.
- Currently only supports INCREMENTAL mails for syncing with other
- keyservers and INDEX mails from users.
-
-* add, lookup & gpgwww
- The CGI programs. add & lookup are common to all PGP keyservers while
- gpgwww is the pathfinder component of onak. To get a keyserver that
- clients such as GPG can sync with you'll need to put these in a /pks
- directory on a web server running on port 11371. There's an example
- mathopd.conf file provided that I used for testing, but I'm now using
- Apache for the public test rig as it's already present on the host
- running it.
-
-* splitkeys
- Utility to take a keyring and split it up into a bunch of smaller ones.
-
-
-Config:
-
-I've finally added config file support. onak.ini is an example config;
-the main thing to change is the location in the backend section to
-whereever you want to put your database files. The configure script allows
-you to specific where it should live; by default it'll be PREFIX/etc/onak.ini.
-
-
-Backends:
-
-Currently there is support for 6 different database backends:
-
-* file
- The original backend. Very simple and ideal for testing. Stores each
- key as a separate file. Doesn't support searching based on key text.
-
-* pg (PostgreSQL)
- Once the preferred backend. Use onak.sql to create the tables
- necessary to run with this. Unfortunately although suitable for the
- keyserver side it was found to be too slow for running the pathfinder
- with a large number of keys. This may well be due to my use of it - if
- you can help speed it up info would be appreciated.
-
-* db4 (Berkeley libdb4)
- The currently preferred backend. Supports the full range of functions
- like the pg backend but is considerably faster. Also easier to setup
- assuming you have libdb4 installed; there's no need to have an SQL
- database running and configured.
-
-* fs (file backend)
- A fuller featured file based backend. Doesn't need any external
- libraries and supports the full range of operations (such as text and
- subkey searching). Needs a good filesystem to get good performance
- though as it creates many, many files and links.
-
-* hkp
- A proxying backend. No keys are stored locally; all fetch and store
- requests are forwarded to the provided keyserver.
-
-
-Other keyservers:
-
-I'm aware of the following other keyservers. If you know of any more
-please let me know and I'll add them.
-
-* pks
- http://sf.net/projects/pks/
- The prodominant keyserver I believe; what I used to run on
- wwwkeys.uk.pgp.net. Had a spurt of activity a year or two ago, but
- seems to have died off again. The main issue with pks is that it lacks
- support for keys with multiple subkeys bound to them and older
- versions unfortunately mangle them.
-
-* CryptNET Keyserver
- http://www.cryptnet.net/fsp/cks/
- A GPLed server with support for multiple subkeys, but unfortunately
- when I looked at it there was no support for syncing via email which
- means it can't replace a pks server to act as part of pgp.net.
-
-* OpenPKSD
- http://openpksd.org/
- Don't really know a lot about this. Primarily Japanese development
- AFAICT.
-
-* SKS
- http://sks.sourceforge.net/
- A reasonably new keyserver concentrating more on the whole issue of
- syncronization between keyservers. Seems to be gaining in popularity.
-
-
-Contacting the author:
-
-I can be reached via email as noodles@earth.li. I'm usually on IRC on
-OFTC (irc.oftc.net) as Noodles.
-
-All constructive criticism, bugs reports, patches and ideas are welcome.
-
-
-Obtaining later versions:
-
-onak lives at:
-
-http://www.earth.li/projectpurple/progs/onak.html
-
-Development is carried out using git; you can access the repository
-with something like:
-
-git clone git://the.earth.li/onak.git
-
-or it can be browsed via gitweb at:
-
-http://the.earth.li/gitweb/?p=onak.git;a=summary
-
-
-License:
-
-onak is distributed under the GNU Public License version 2, a copy of
-which should have been provided with this archive as LICENSE.
+++ /dev/null
-Thanks go out to the following people for help and/or comments they've given
-during the development of onak. I've probably missed some people off; if this
-is you please prod me!
-
-Moray Allan
- Helped with porting to non x86 archs and tracking down key parsing oddities.
-Ross Burton
- Provided the Debian packaging.
-Jason Harris
- Several fixes and comments.
-Simon Huggins
- Various fixes and idea bouncing.
-Brett Parker
- Wrote the dynamic loading keydb backend, provided an example Apache2
- setup guide and various other ideas.
-Daniel Silverstone
- Convinced me about arch, wrote the keyfs backend and provided a very useful
- sounding board for ideas at DebConf.
-Everyone at DebConf4 who fed me odd keys.
+++ /dev/null
-* Check keys on import?
- * Non self-signed user IDs
- * Non self-signed subkeys
- * Invalid revocations
- * Signatures marked as non-exportable
- * PKS subkey damage
-* Better signature subpacket parsing (primary UID for example).
-* Better merging of signatures; need to compare subpackets on Type 4 packets
- and choose which we should use (how? most recent date?)
-* Honor no-modify keyserver flag ("Brian M. Carlson" <karlsson@hal-pc.org>)
-* Better txt2html routine.
-* Pathfinder - graphical as well?
-* Do pathlengths for similar email addresses to help aide keysigning.
- (ie "Find me the keys furthest from mine that end ox.ac.uk'")
- Suggested by Jochen Voss <voss@mathematik.uni-kl.de>.
-* Other stats. most signed? signs most?
-* DB access modules as a library to allow runtime configuration of it?
-* Clean up gcc warnings (`ll' length modifier especially! Also inline & wrong
- signedness for lo_read/write)
-* Test library?
-* Full email interface support (ADD, INDEX etc)
-* More comments.
+++ /dev/null
-Brett's rough guide to onak and Apache2 on Debian:
-
-1) create a new virtual host for apache2 as the config snippet below in
- /etc/apache2/sites-available/keyserver and symlink it in
- /etc/apache2/sites-enabled/
-2) edit the /etc/apache2/ports.conf file and add Listen 11371
-3) edit the /etc/apache2/sites-available/default file and change the
- NameVirtualHost and VirtualHost directives to only play with
- port 80
-4) make sure that suexec is *NOT* enabled in apache2 (remove the
- suexec.load symlink from /etc/apache2/mods-enabled/ if it
- exists), this is because suexec will not run the cgi scripts
- located in the /usr/lib/cgi-bin/pks directory.
-5) apache2ctl graceful
-6) marvel as it all works.
-
-Apache2 config snippet:
- <VirtualHost *:11371>
- DocumentRoot /var/lib/onak
- ScriptAlias /pks /usr/lib/cgi-bin/pks
- CustomLog /var/log/apache2/keyserver-access.log combined
- ErrorLog /var/log/apache2/keyserver-error.log
- </VirtualHost>
-BUGS
-README
-TODO
-PERFORMANCE
+doc/BUGS
+doc/README
+doc/TODO
+doc/PERFORMANCE
keys/noodles.key
-mathopd.conf
-apache2
+doc/mathopd.conf
+doc/apache2
--- /dev/null
+Nothing that isn't on the TODO list at present.
--- /dev/null
+0.0.1 - 16th May 2002.
+
+* First release.
+* Merges gpgstats 0.0.2 (never released).
+
+0.0.2 - 28th May 2002.
+
+* Added support for subpacket type 0x83 (critical key expiration)
+* Fixed bug in parsing of one byte new format packet length.
+* Added support for 4 byte old format packet lengths.
+* Changed various error statements to output to stderr instead of stdout.
+* Fixed bug in deleting keys in Postgres backend.
+* Moved code to merge a list of keys to merge.c and changed add.c to use it
+ rather than just replacing existing keys.
+* Added comment & trust packets as known but ignored types.
+* Added storage of uids to Postgres backend; this speeds up verbose indexing
+ and will also allow searching on UIDs.
+* Fixed bug in armor handling (didn't like 2 newlines before the armor header).
+* Made dearmor gracefully handle non armored input.
+* Added support for incoming incremental update mails.
+* Added searching on uids to lookup & keydb_pg.
+* Changed Postgres backend to use 64 bit keyids instead of 32 bit.
+* Made dearmor ignore CRs when looking for 2 blank lines.
+
+0.0.3 - 2nd July 2002
+
+* Added index on keyid for key table in Postgres backend.
+* Twiddled transaction support in an attempt to speed up mass key adding.
+* Changed putchar_func to take a character count rather than doing one char at
+ a time (massive speed up in Postgres case).
+* Introduced onak binary for general keyserver operations.
+* Changed all version number references to use VERSION macro.
+* Made lldel free the unused list structure. (pointed out by Simon Huggins)
+* Made llfind assert that the cmp function is non NULL. (Simon Huggins again)
+* Fixed gpgwww; after the move to 64bit keyids internally it was trying to
+ compare the 32bit user supplied keyid to the retrieved 64bit one and never
+ finding paths.
+* Various tidying up I've forgotten.
+* Fixed bug with removing signed packets while merging.
+* Fixed bug with potentially adding an already existing uid to a key when
+ merging.
+* Fixed stupid typo bug in merging keys.
+
+0.0.4 - 10th November 2002
+
+* Made keydb_file backend compile again.
+* Changed merging to compare signature keyids rather than packet contents
+ so we don't add the same signature multiple times.
+* Changed keydb_pg backend over to using PQescapeString to escape SQL data.
+* Added list of keyids in a path to gpgwww output (suitable for C&P into
+ a gnupg command line for example).
+* Pulled out HTML start/end code to getcgi.c and added a DOCTYPE and charset
+ of utf8.
+* Did some work on getting onak-mail.pl to output incrementals as well as
+ receiving them.
+* Some cleanup in getting signature keyids.
+* Made sure we freed more things after we've finished with them.
+* Changed maxpath to display the path found.
+* Added use of onak_sigs to keydb_pg to speed up retrieval of key sigs. Should
+ speed up the pathfinder a lot.
+* Added llfree for freeing up linked lists.
+* Wrote DB3 backend; although much work is still needed it vastly outperforms
+ the PostgreSQL backend and should hopefully not suffer from the problems of
+ the DB2 implementation.
+
+0.1.0 - 13th November 2002
+
+* Code cleanup; pull out common character functions.
+* Make DB3 backend support proper searching.
+* Added config file.
+* Fixed ASCII armor bug (we'd output NULLs in the headers/footer).
+* Added bidirectional syncing (previously we could receive but wouldn't send).
+
+0.1.1 - 2nd December 2002
+
+* Fixed utf8 content type - should be UTF-8. (Thanks to Simon Huggins)
+* Made getfullkeyid not assert if the key isn't found. (Thanks to Simon
+ Huggins for reporting this.)
+* Fixed onak-mail.pl to check the stdout of onak before stderr to prevent
+ blocking when reading the output update.
+* Used ccmalloc to find various memory leaks and fixed them.
+* Added display of key subkeys.
+* Tightened up table creation SQL a bit.
+* Fixed bug with merging keys that have no new content (we'd sometimes stop
+ processing the incoming stream of keys).
+* Updated README to be a bit more useful.
+* Code cleanup; removed circular dependencies.
+* Added sixdegrees.
+
+0.1.2 - 15th February 2003
+
+* Added fingerprint calculation/display.
+* Cleanup sixdegrees binary/object file on make clean.
+* Introduced transaction support to DB3 backend, along with deadlock detection.
+* Added keydb dumping ability.
+* Added logging infrastructure to help more easily track down problems.
+
+0.2.0 - 8th June 2003
+
+* Output multiple paths in gpgwww (thanks to Simon Huggins).
+* Allow a keyid on the command line for sixdegrees (Simon Huggins).
+* Make db2 backend check for a num_keydb file to know how many db files to use.
+* Add 0x to generated URLs as pks needs these.
+* Add "Find Reverse Path" link to gpgwww output.
+* Checkpoint the db3 database upon clean exit.
+* Fix bug with logging where the month was one less than it should have been.
+* Fall back to stderr if we can't open the logfile.
+* Move dependancy list from Makefile to separate file.
+* Checkpoint the DB on clean shutdown.
+* First cut at MRHKP support.
+* Clean up various compile warnings under gcc 3.3
+* Log a critical error when we can't handle a critical subpacket rather than
+ asserting.
+* Make the Postgres backend compile again.
+* First attempt at supporting revoked keys.
+
+0.2.1 - 11th October 2003
+
+* Added support for multiple backend DB3 key files.
+* Fixed DB3 database dumping to be outside a transaction (otherwise the
+ transaction is too big and we run out of memory).
+* Change over onak-mail.pl to use the config file more.
+* Fix bug where we always read one byte from stdin in rather than allowing
+ zero.
+* Tightened up error checking in a couple of places to allow proper DB cleanup.
+* Changed a printf error message over to using logthing.
+* Allow read_openpgp_stream to append to an existing packet list.
+* Tidy up various character functions into charfuncs.c
+* Add splitkeys for spliting up keyrings.
+* Various code cleanups to help reduce warnings under C99.
+* Add (verbose) index support to onak-mail.pl
+
+0.3.0 - 14th September 2004
+
+* Add the ability to choose a config file at runtime.
+* Fix extra LF when the last line of the key is a full line.
+* Relax restriction on Type 2/3 keys being RSA - log the fact, but don't error.
+* Stop trying to parse a key if we get an unexpected character.
+* Make onak-mail.pl only run a single copy of onak at a time.
+* Add photoid support; lookup and onak both use this.
+* Move db3 backend to db4.
+* Move db4 backend to 64bit keyids.
+* Add keyfs backend. (Daniel Silverstone)
+* Pull MD5/SHA1 implementations from sigcheck as they're more portable.
+* Add readonly open mode for DB backends if we're not going to add keys.
+* Log assertions before exiting.
+* Add man pages for onak and splitkeys.
+* autoconf; very basic at present - endianness and file paths.
+* Clean up various compiler and preprocessor warnings. With --std=c99 and
+ -D_BSD_SOURCE=1 we should be almost warning free.
+* Fix gpg --search support (it doesn't like uid/sub at the start of the index
+ lines).
+* Let gpgwww return all the key data for the keys listed in the paths. Thanks
+ to Ian Haywood <ihaywood@gnu.org>.
+* Add support for searching on subkeys.
+* Fix writing packets that are larger than 8k.
+* Fix bug with reading new format packet lengths.
+* Relax some assertions in mem.c as we can hit them legitimately.
+* Initial key cleaning routines; de-dupe key uids.
+* Add loglevel setting in the configuration file.
+* Add logging for the various CGI interfaces.
+* Add stripkey from Daniel Silverstone.
+* Add signal catching infrastructure; this is primarily due to db4's fragile
+ behaviour in the face of abnormal termination.
+* Add Apache2 example config info.
+* Update mathopd example config to newer version.
+
+0.3.1 - 23rd October 2004
+
+* Add onak-mail.pl man page (Debian bug #276879)
+* Add links to HTML index output. (Debian bug #275227)
+* Speed up fetch_key_text (use of lladdend/sorted keyid array).
+* Cleanup db4 properly if we fail to open it.
+* Change buffer_put/fetchchar functions to use memcpy (speed up).
+* Add key iteration functionality to keydb backends.
+* Move dumpdb to iterate_keys.
+* Add keyd backend (persistant database access over Unix socket)
+* Cleanup logging in sixdegrees.c
+* Fix maxpath to initialise the logging infrastructure.
+* Fix sixdegrees to initialise the logging infrastructure.
+* Fix transaction around id32 updating in DB4 backend.
+* Compile warning cleanup; add missed include file.
+* Hard error when db version is < 4.
+
+0.3.2 - 25th March 2005
+
+* Change word split routine to split on punctuation/spaces. (Jason Harris)
+* Fix problem parsing empty config lines. (Thanks to Fred Strauss)
+* Do some checking before closing stderr in add.c. Fixes an issue seen in
+ RH by Fred Strauss.
+* Make sure we use the configured path to the MTA in sendsync.c
+* Support UID revokations. Thanks to Hanna Wallach for reporting this.
+
+0.3.3 - 4th March 2007
+
+* Make onak-mail sequentially processes requests.
+* Fix db4 memory leak.
+* Add support for dynamic loading of backends.
+* Use 64bit key ids for HTML keyindex links and support these in lookup.
+* Add support for ADD to onak-mail.
+* Fix replyto address bug in onak-mail.
+* Gracefully fail when we can't open a db4 db.
+* Fix assumption that a signature on a public key is a revocation.
+* Document test keys.
+* Check signature time as well as keyid for key merges.
+
+0.3.4 - 29th December 2007
+
+* Fix dynamic backends bug involving passing the config to the backend.
+* Add an install target to the Makefile.
+* Add a man page for keyd.
+
+0.3.5 - 16th January 2008
+
+* Fix dumb mistake with db4 backend. Serves me right for testing with
+ the file one.
+
+0.3.6 - 7th June 2008
+
+* Make key addition success text more like SKS/PKS. (Thanks to Timothy Legge)
+* Allow the use of search text for gets, rather than just keyids. ""
+* Fix fetching key by text bug in db4 backend (we'd fetch too many keys).
+* Fix lookup display for more than one photo id. (Thanks to Philippe Teuwen)
+* "Recognize" some extra critical subpacket types.
+* Add support for upgrading db4 DBs built with older DB4 version.
+* Various minor code cleanups.
+
+0.3.7 - 2nd June 2009
+
+* Escape colons and similar in MRHKP output. (Debian bug #487284)
+* Add support for displaying Elgamal encrypt or sign keys. (deprecated)
+* Ensure DB4 backend dbconns memory is initialised to zero.
+* Open DB read only for onak lookup function.
+* Obey binary flag for "onak get".
+
+0.3.8 - 29th December 2009
+
+* Fix "onak dump" to actually generate multiple output files.
+* Limit key dump files to 100,000 keys for "onak dump".
+* Correct formatting of some places we output a keyid. (Debian bug #540196)
+* Don't add a key to the stats hash if it doesn't have any sigs. (Debian bug
+ #542187)
+* Change PostgreSQL backend to use PQescapeStringConn
+* Fix PostgreSQL backend key iteration
+
+0.4.0 - 19th April 2011
+
+* Fix delete_key function in keyd backend
+* Send close command when cleaning up keyd backend
+* Actually close the socket in keyd/the keyd backend
+* Update the copy of my key to my 4096R one
+* Update maxpath/sixdegrees to my "new" RSA key
+* Add -c option to specify keyd config file on command line
+* Make keyd background itself by default
+* Add use_keyd config file option to select keyd as the backend
+* Clean up remaining uses of %llX for printing keyids
+* Fix fs backend compilation/linking
+* Configure db4 locks according to maxkeys and actually check maxkeys
+* Explicitly use 32 bits for keyd socket commands
+* Log when we're doing a clean keyd shutdown
+* Add help text for keyd
+* Add keydctl for talking to keyd backend
+* Add the bzr version number to non release builds
+* Allow db4 backend to compile with later versions of Berkeley DB
+* Add a stats command to keyd
+* Clean up use of PATH_MAX in keydb_fs.c
+* Output details of key search after retrieval for pks/lookup
+
+0.4.1 - 24th April 2012
+
+* Add basic testing infrastructure + initial tests
+* Change fd_write to use fwrite instead of fputc
+* Fix buffer_getchar to only error if we'd exceed the buffer size
+* Add support for calculating SKS style key hashes
+* Add support for key retrieval by SKS hash
+* Add support for displaying/retrieving by SKS hash to lookup and onak CLI
+* Add /pks/hashquery
+* Cleanup lookup/gpgwww trailers
+* Define OpenPGP constants and use them rather than magic numbers
+* Clean up file header copyrights
+* Add some more subpacket types to the list to ignore
+* Clean up "set but not used" GCC warnings
+* Use nettle for hashing when available rather than internal MD5/SHA1 routines
+* Add AC_PROG_CC_C99 to configure.ac
+* Fix display of SHA-1 fingerprints
+* Always put a leading 0x on keyids in HTML output links
+* Allow retrieval of key by full fingerprint
+* Add keyid to DB4 backend deletion error messages
+
+0.4.2 - 1st October 2013
+
+* Add support for RIPEMD160, SHA224, SHA384 & SHA512 when available
+* Fix stripkeys to output all the keys at the end rather as it goes along
+* Add support for checking signature hashes
+* Use Doxygen for some initial code documentation generation
+* Cleanup code in preparation for a separate libonak for general PGP bits
+* Prevent read_openpgp_stream from returning empty packages + causing crashes
+* Allow maxpath + splitkeys to take a -c option to specify the config file
+* Add wotsap tool to generate data files for wotsap
+* Add HKP backend to allow onak to be used as a proxying keyserver
+
+0.4.3 - 30th September 2014
+
+* Set our user agent in the HKP backend
+* Allow keyd to serve multiple clients at once
+* Improve HKP backend URL parsing, adding support for HKPS
+* Add support for a user specific config file for onak binary
+* Make wotsap output tool ignore revoked keys
+* Add support for old Elgamal v3 key IDs
+* Add support for displaying EC/ECDSA key types + sizes
+* Extend database backends to support key fetching by fingerprint
+* Remove legacy pksd compatible DB2 backend
+* Add SHA1x hash support
+* Ignore X509 signatures for signature hash checking
+* Code cleanups for issues found using scan-build (llvm) + valgrind
+* Extend tests to include retrieval by subkey ID
+* Switch DB4 backend to using key fingerprint as primary index
+* Sanity check signature data lengths
+* Add support for systemd socket activation
+
+0.4.4 - 30th September 2014
+
+* Fix key ID lookups using onak CLI tool on 32 bit platforms
+
+0.4.5 - 3rd October 2014
+
+* Fix for detecting systemd socket support with more recent versions of systemd
+
+0.4.6 - 25th August 2015
+
+* Add additional ECC OIDs (Ed25519/Brainpool/secp256k1/Curve25519)
+* Re-order linking for backend plugins to cope with ld --as-needed
+* Add de-duplication of subkeys on a key
+* Add support for displaying EDDSA keys (type 22)
+* Add config file option to specify keyd socket directory
+
+0.5.0 - 28th August 2016
+
+* Use mail_dir for the incoming mail lock file
+* Switch to .ini style config file
+* Add dumpconfig command to dump running config in .ini format
+* Add stacked backend
+* Include statistics for fetch by SKS hash in 'keydctl status'
+* Pull key updates into keyd protocol rather than using delete/store
+* Various robustness cleanups from American Fuzzy Lop testing
--- /dev/null
+Performance of adding 2M key chunks (~ 1700 keys).
+
+Originally ~ 30 mins with 0.0.2.
+
+After adding an index on keyid for onak_keys:
+ Command being timed: "/u2/noodles/onak-0.0.3/onak"
+ User time (seconds): 75.12
+ System time (seconds): 76.08
+ Percent of CPU this job got: 3%
+ Elapsed (wall clock) time (h:mm:ss or m:ss): 1:18:17
+ Major (requiring I/O) page faults: 630
+ Minor (reclaiming a frame) page faults: 1238
+
+Making deletion in the same transaction as readding:
+ Command being timed: "/u2/noodles/onak-0.0.3/onak"
+ User time (seconds): 67.28
+ System time (seconds): 75.74
+ Percent of CPU this job got: 2%
+ Elapsed (wall clock) time (h:mm:ss or m:ss): 1:22:08
+ Major (requiring I/O) page faults: 617
+ Minor (reclaiming a frame) page faults: 1241
+
+Making merge_keys all one transaction:
+ Command being timed: "/u2/noodles/onak-0.0.3/onak"
+ User time (seconds): 74.45
+ System time (seconds): 69.82
+ Percent of CPU this job got: 2%
+ Elapsed (wall clock) time (h:mm:ss or m:ss): 1:29:28
+ Major (requiring I/O) page faults: 610
+ Minor (reclaiming a frame) page faults: 1237
+
+Only delete old key if we know it exists:
+ Command being timed: "/u2/noodles/onak-0.0.3/onak"
+ User time (seconds): 77.47
+ System time (seconds): 75.06
+ Percent of CPU this job got: 3%
+ Elapsed (wall clock) time (h:mm:ss or m:ss): 1:16:41
+ Major (requiring I/O) page faults: 610
+ Minor (reclaiming a frame) page faults: 1239
+
+onak 0.0.4ish with db3 backend; only 1203 keys:
+ Command being timed: "./onak -b add"
+ User time (seconds): 0.88
+ System time (seconds): 0.21
+ Percent of CPU this job got: 80%
+ Elapsed (wall clock) time (h:mm:ss or m:ss): 0:01.36
+ Major (requiring I/O) page faults: 198
+ Minor (reclaiming a frame) page faults: 5443
+
+
+maxpath:
+
+Orig:
+
+List of key ids in path:
+0x651E4299 0x2213E772 0x1EB2DE66 0x87CD3DBD 0xC02440B8 0xEA1572F1 0xF5C75256 0x6
+8FD549F 0x5B430367 0x8C90A57F 0x316C50AE 0x56ABD303 0x641B6747 0x6B5A209A
+real 5m58.355s
+user 0m11.110s
+sys 0m0.440s
+
+
+After DISTINCT:
+
+real 5m59.231s
+user 0m9.630s
+sys 0m0.410s
+
+With DB3 backend:
+
+real 0m15.917s
+user 0m15.620s
+sys 0m0.310s
--- /dev/null
+onak 0.5.0
+Copyright 2003-2016 Jonathan McDowell
+http://www.earth.li/projectpurple/progs/onak.html
+
+
+Introduction:
+
+onak is an OpenPGP compatible keyserver. It's primary purpose is the
+storage and retrieval of OpenPGP keys but it also has features that make
+use of the stored keys for various other purposes. The most useful of
+these is probably the pathfinder. This takes two keys, a & b, and
+attempts to find a path of trust from a to b in the key database. I
+started work on it because at the time there was no DFSG compliant
+server that supported multiple subkeys and could act as a drop in
+replacement for pksd, which I was running at the time.
+
+
+Installation:
+
+onak has been mainly developed under Linux with a bit of work on FreeBSD
+at times also. It should run on all architectures, but has only been
+tested on i386, AMD64 and PowerPC so far.
+
+Typing "./configure && make" should produce a version of onak with
+support for the DB4 backend. If you want to choose a different backend
+(see below for a discussion about the options) you'll need to pass the
+appropriate option to ./configure.
+
+Once make has completed you'll end up with various binaries:
+
+* onak
+ This is the main program. It's intended to be run from the command
+ line and allows the addition, deletion and searching of keys in the
+ database.
+
+* onak-mail.pl
+ The mail processor. Takes incoming mail (usually to
+ pgp-public-keys@host) and calls onak to do the necessary work.
+ Currently only supports INCREMENTAL mails for syncing with other
+ keyservers and INDEX mails from users.
+
+* add, lookup & gpgwww
+ The CGI programs. add & lookup are common to all PGP keyservers while
+ gpgwww is the pathfinder component of onak. To get a keyserver that
+ clients such as GPG can sync with you'll need to put these in a /pks
+ directory on a web server running on port 11371. There's an example
+ mathopd.conf file provided that I used for testing, but I'm now using
+ Apache for the public test rig as it's already present on the host
+ running it.
+
+* splitkeys
+ Utility to take a keyring and split it up into a bunch of smaller ones.
+
+
+Config:
+
+I've finally added config file support. onak.ini is an example config;
+the main thing to change is the location in the backend section to
+whereever you want to put your database files. The configure script allows
+you to specific where it should live; by default it'll be PREFIX/etc/onak.ini.
+
+
+Backends:
+
+Currently there is support for 6 different database backends:
+
+* file
+ The original backend. Very simple and ideal for testing. Stores each
+ key as a separate file. Doesn't support searching based on key text.
+
+* pg (PostgreSQL)
+ Once the preferred backend. Use onak.sql to create the tables
+ necessary to run with this. Unfortunately although suitable for the
+ keyserver side it was found to be too slow for running the pathfinder
+ with a large number of keys. This may well be due to my use of it - if
+ you can help speed it up info would be appreciated.
+
+* db4 (Berkeley libdb4)
+ The currently preferred backend. Supports the full range of functions
+ like the pg backend but is considerably faster. Also easier to setup
+ assuming you have libdb4 installed; there's no need to have an SQL
+ database running and configured.
+
+* fs (file backend)
+ A fuller featured file based backend. Doesn't need any external
+ libraries and supports the full range of operations (such as text and
+ subkey searching). Needs a good filesystem to get good performance
+ though as it creates many, many files and links.
+
+* hkp
+ A proxying backend. No keys are stored locally; all fetch and store
+ requests are forwarded to the provided keyserver.
+
+
+Other keyservers:
+
+I'm aware of the following other keyservers. If you know of any more
+please let me know and I'll add them.
+
+* pks
+ http://sf.net/projects/pks/
+ The prodominant keyserver I believe; what I used to run on
+ wwwkeys.uk.pgp.net. Had a spurt of activity a year or two ago, but
+ seems to have died off again. The main issue with pks is that it lacks
+ support for keys with multiple subkeys bound to them and older
+ versions unfortunately mangle them.
+
+* CryptNET Keyserver
+ http://www.cryptnet.net/fsp/cks/
+ A GPLed server with support for multiple subkeys, but unfortunately
+ when I looked at it there was no support for syncing via email which
+ means it can't replace a pks server to act as part of pgp.net.
+
+* OpenPKSD
+ http://openpksd.org/
+ Don't really know a lot about this. Primarily Japanese development
+ AFAICT.
+
+* SKS
+ http://sks.sourceforge.net/
+ A reasonably new keyserver concentrating more on the whole issue of
+ syncronization between keyservers. Seems to be gaining in popularity.
+
+
+Contacting the author:
+
+I can be reached via email as noodles@earth.li. I'm usually on IRC on
+OFTC (irc.oftc.net) as Noodles.
+
+All constructive criticism, bugs reports, patches and ideas are welcome.
+
+
+Obtaining later versions:
+
+onak lives at:
+
+http://www.earth.li/projectpurple/progs/onak.html
+
+Development is carried out using git; you can access the repository
+with something like:
+
+git clone git://the.earth.li/onak.git
+
+or it can be browsed via gitweb at:
+
+http://the.earth.li/gitweb/?p=onak.git;a=summary
+
+
+License:
+
+onak is distributed under the GNU Public License version 2, a copy of
+which should have been provided with this archive as LICENSE.
--- /dev/null
+Thanks go out to the following people for help and/or comments they've given
+during the development of onak. I've probably missed some people off; if this
+is you please prod me!
+
+Moray Allan
+ Helped with porting to non x86 archs and tracking down key parsing oddities.
+Ross Burton
+ Provided the Debian packaging.
+Jason Harris
+ Several fixes and comments.
+Simon Huggins
+ Various fixes and idea bouncing.
+Brett Parker
+ Wrote the dynamic loading keydb backend, provided an example Apache2
+ setup guide and various other ideas.
+Daniel Silverstone
+ Convinced me about arch, wrote the keyfs backend and provided a very useful
+ sounding board for ideas at DebConf.
+Everyone at DebConf4 who fed me odd keys.
--- /dev/null
+* Check keys on import?
+ * Non self-signed user IDs
+ * Non self-signed subkeys
+ * Invalid revocations
+ * Signatures marked as non-exportable
+ * PKS subkey damage
+* Better signature subpacket parsing (primary UID for example).
+* Better merging of signatures; need to compare subpackets on Type 4 packets
+ and choose which we should use (how? most recent date?)
+* Honor no-modify keyserver flag ("Brian M. Carlson" <karlsson@hal-pc.org>)
+* Better txt2html routine.
+* Pathfinder - graphical as well?
+* Do pathlengths for similar email addresses to help aide keysigning.
+ (ie "Find me the keys furthest from mine that end ox.ac.uk'")
+ Suggested by Jochen Voss <voss@mathematik.uni-kl.de>.
+* Other stats. most signed? signs most?
+* DB access modules as a library to allow runtime configuration of it?
+* Clean up gcc warnings (`ll' length modifier especially! Also inline & wrong
+ signedness for lo_read/write)
+* Test library?
+* Full email interface support (ADD, INDEX etc)
+* More comments.
--- /dev/null
+Brett's rough guide to onak and Apache2 on Debian:
+
+1) create a new virtual host for apache2 as the config snippet below in
+ /etc/apache2/sites-available/keyserver and symlink it in
+ /etc/apache2/sites-enabled/
+2) edit the /etc/apache2/ports.conf file and add Listen 11371
+3) edit the /etc/apache2/sites-available/default file and change the
+ NameVirtualHost and VirtualHost directives to only play with
+ port 80
+4) make sure that suexec is *NOT* enabled in apache2 (remove the
+ suexec.load symlink from /etc/apache2/mods-enabled/ if it
+ exists), this is because suexec will not run the cgi scripts
+ located in the /usr/lib/cgi-bin/pks directory.
+5) apache2ctl graceful
+6) marvel as it all works.
+
+Apache2 config snippet:
+ <VirtualHost *:11371>
+ DocumentRoot /var/lib/onak
+ ScriptAlias /pks /usr/lib/cgi-bin/pks
+ CustomLog /var/log/apache2/keyserver-access.log combined
+ ErrorLog /var/log/apache2/keyserver-error.log
+ </VirtualHost>
--- /dev/null
+Umask 026
+
+Tuning {
+ NumConnections 120
+ BufSize 12288
+}
+
+StayRoot On
+
+PIDFile /home/noodles/pgp/mathopd/pid
+Log /home/noodles/pgp/mathopd/log.%Y%m%d
+ErrorLog /home/noodles/pgp/mathopd/errors.%Y%m
+
+Control {
+ Types {
+ text/plain { * }
+ text/css { css }
+ application/octet-stream { zip gz tgz exe class }
+ application/futuresplash { spl }
+ model/vrml { wrl }
+ application/pdf { pdf }
+ text/html { html htm }
+ image/gif { gif }
+ image/jpeg { jpg }
+ }
+ Specials {
+ Imagemap { map }
+ CGI { cgi }
+ Redirect { url }
+ }
+ External {
+ /usr/bin/perl { pl }
+ }
+ IndexNames { home.html index.htm index.html redirect.url }
+}
+
+Server {
+ Port 11371
+
+ Virtual {
+ Control {
+ Alias /
+ Location /home/noodles/pgp
+ }
+
+ Control {
+ Alias /pks
+ Location /home/noodles/pgp/cgi
+ Specials {
+ CGI { * }
+ }
+ }
+ }
+
+ Virtual {
+ AnyHost
+ Control {
+ Alias /
+ Location /home/noodles/pgp
+ }
+
+ Control {
+ Alias /pks
+ Location /home/noodles/pgp/cgi
+ Specials {
+ CGI { * }
+ }
+ }
+ }
+}
+++ /dev/null
-Umask 026
-
-Tuning {
- NumConnections 120
- BufSize 12288
-}
-
-StayRoot On
-
-PIDFile /home/noodles/pgp/mathopd/pid
-Log /home/noodles/pgp/mathopd/log.%Y%m%d
-ErrorLog /home/noodles/pgp/mathopd/errors.%Y%m
-
-Control {
- Types {
- text/plain { * }
- text/css { css }
- application/octet-stream { zip gz tgz exe class }
- application/futuresplash { spl }
- model/vrml { wrl }
- application/pdf { pdf }
- text/html { html htm }
- image/gif { gif }
- image/jpeg { jpg }
- }
- Specials {
- Imagemap { map }
- CGI { cgi }
- Redirect { url }
- }
- External {
- /usr/bin/perl { pl }
- }
- IndexNames { home.html index.htm index.html redirect.url }
-}
-
-Server {
- Port 11371
-
- Virtual {
- Control {
- Alias /
- Location /home/noodles/pgp
- }
-
- Control {
- Alias /pks
- Location /home/noodles/pgp/cgi
- Specials {
- CGI { * }
- }
- }
- }
-
- Virtual {
- AnyHost
- Control {
- Alias /
- Location /home/noodles/pgp
- }
-
- Control {
- Alias /pks
- Location /home/noodles/pgp/cgi
- Specials {
- CGI { * }
- }
- }
- }
-}
projects / onak.git / commitdiff