;
[main]
backend=defaultdb4
-backends_dir=@LIBDIR@/onak/backends
-logfile=@STATEDIR@/log/onak.log
+backends_dir=@CMAKE_INSTALL_FULL_LIBDIR@/onak/backends
+logfile=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/onak.log
; Loglevel : 0 is highest debug, default is 3, nothing is 7+
loglevel=3
; Should we use the keyd backend?
use_keyd=false
-sock_dir=@RUNDIR@
+sock_dir=@CMAKE_INSTALL_FULL_RUNSTATEDIR@
; Maximum number of keys to return in a reply to an index, verbose index or
; get. Setting it to -1 will allow any size of reply.
max_reply_keys=128
; Settings related to key verification options available.
[verification]
+; Blacklist certain fingerprints (e.g. EVIL32). One fingerprint per line,
+; comment lines start with #
+;blacklist=blacklist.txt
; Verify signature hashes - verify that the hash a signature claims to be
; over matches the hash of the data. Does not actually verify the signature.
check_sighash=true
+; Drop v3 (and older) keys. These are long considered insecure, so unless there
+; is a good reason you should accept this default.
+drop_v3=true
+; Only allow keys that already exist to be update; silently drop the addition
+; of any key we don't already know about. Useful for allowing updates to
+; curated keys without the addition of new keys.
+;update_only=false
; Settings related to the email interface to onak.
[mail]
maintainer_email=PGP Key Server Administrator <pgp-keyserver-admin@the.earth.li>
-mail_dir=@STATEDIR@/spool/onak
+mail_dir=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/spool/onak
; Specify the envelope sender address as the -f argument to
; sendmail. This is the address which will receive any bounces.
; If you don't use sendmail, then change this to an equivalent command.
[backend:defaultdb4]
; The default DB4 backend. Recommended.
type=db4
-location=@STATEDIR@/lib/onak
+location=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/onak
[backend:examplehkp]
; An example HKP backend; all operations will be done against the
projects / onak.git / blobdiff