From: Jonathan McDowell Date: Mon, 16 Sep 2019 18:34:32 +0000 (+0100) Subject: Move docs into their own subdirectory X-Git-Tag: onak-0.6.0~8 X-Git-Url: https://the.earth.li/gitweb/?p=onak.git;a=commitdiff_plain;h=f64729f7ef5bf4fde2e86f2cab93dc26f056fae6 Move docs into their own subdirectory --- diff --git a/BUGS b/BUGS deleted file mode 100644 index df01ac3..0000000 --- a/BUGS +++ /dev/null @@ -1 +0,0 @@ -Nothing that isn't on the TODO list at present. diff --git a/HISTORY b/HISTORY deleted file mode 100644 index b602017..0000000 --- a/HISTORY +++ /dev/null @@ -1,345 +0,0 @@ -0.0.1 - 16th May 2002. - -* First release. -* Merges gpgstats 0.0.2 (never released). - -0.0.2 - 28th May 2002. - -* Added support for subpacket type 0x83 (critical key expiration) -* Fixed bug in parsing of one byte new format packet length. -* Added support for 4 byte old format packet lengths. -* Changed various error statements to output to stderr instead of stdout. -* Fixed bug in deleting keys in Postgres backend. -* Moved code to merge a list of keys to merge.c and changed add.c to use it - rather than just replacing existing keys. -* Added comment & trust packets as known but ignored types. -* Added storage of uids to Postgres backend; this speeds up verbose indexing - and will also allow searching on UIDs. -* Fixed bug in armor handling (didn't like 2 newlines before the armor header). -* Made dearmor gracefully handle non armored input. -* Added support for incoming incremental update mails. -* Added searching on uids to lookup & keydb_pg. -* Changed Postgres backend to use 64 bit keyids instead of 32 bit. -* Made dearmor ignore CRs when looking for 2 blank lines. - -0.0.3 - 2nd July 2002 - -* Added index on keyid for key table in Postgres backend. -* Twiddled transaction support in an attempt to speed up mass key adding. -* Changed putchar_func to take a character count rather than doing one char at - a time (massive speed up in Postgres case). -* Introduced onak binary for general keyserver operations. -* Changed all version number references to use VERSION macro. -* Made lldel free the unused list structure. (pointed out by Simon Huggins) -* Made llfind assert that the cmp function is non NULL. (Simon Huggins again) -* Fixed gpgwww; after the move to 64bit keyids internally it was trying to - compare the 32bit user supplied keyid to the retrieved 64bit one and never - finding paths. -* Various tidying up I've forgotten. -* Fixed bug with removing signed packets while merging. -* Fixed bug with potentially adding an already existing uid to a key when - merging. -* Fixed stupid typo bug in merging keys. - -0.0.4 - 10th November 2002 - -* Made keydb_file backend compile again. -* Changed merging to compare signature keyids rather than packet contents - so we don't add the same signature multiple times. -* Changed keydb_pg backend over to using PQescapeString to escape SQL data. -* Added list of keyids in a path to gpgwww output (suitable for C&P into - a gnupg command line for example). -* Pulled out HTML start/end code to getcgi.c and added a DOCTYPE and charset - of utf8. -* Did some work on getting onak-mail.pl to output incrementals as well as - receiving them. -* Some cleanup in getting signature keyids. -* Made sure we freed more things after we've finished with them. -* Changed maxpath to display the path found. -* Added use of onak_sigs to keydb_pg to speed up retrieval of key sigs. Should - speed up the pathfinder a lot. -* Added llfree for freeing up linked lists. -* Wrote DB3 backend; although much work is still needed it vastly outperforms - the PostgreSQL backend and should hopefully not suffer from the problems of - the DB2 implementation. - -0.1.0 - 13th November 2002 - -* Code cleanup; pull out common character functions. -* Make DB3 backend support proper searching. -* Added config file. -* Fixed ASCII armor bug (we'd output NULLs in the headers/footer). -* Added bidirectional syncing (previously we could receive but wouldn't send). - -0.1.1 - 2nd December 2002 - -* Fixed utf8 content type - should be UTF-8. (Thanks to Simon Huggins) -* Made getfullkeyid not assert if the key isn't found. (Thanks to Simon - Huggins for reporting this.) -* Fixed onak-mail.pl to check the stdout of onak before stderr to prevent - blocking when reading the output update. -* Used ccmalloc to find various memory leaks and fixed them. -* Added display of key subkeys. -* Tightened up table creation SQL a bit. -* Fixed bug with merging keys that have no new content (we'd sometimes stop - processing the incoming stream of keys). -* Updated README to be a bit more useful. -* Code cleanup; removed circular dependencies. -* Added sixdegrees. - -0.1.2 - 15th February 2003 - -* Added fingerprint calculation/display. -* Cleanup sixdegrees binary/object file on make clean. -* Introduced transaction support to DB3 backend, along with deadlock detection. -* Added keydb dumping ability. -* Added logging infrastructure to help more easily track down problems. - -0.2.0 - 8th June 2003 - -* Output multiple paths in gpgwww (thanks to Simon Huggins). -* Allow a keyid on the command line for sixdegrees (Simon Huggins). -* Make db2 backend check for a num_keydb file to know how many db files to use. -* Add 0x to generated URLs as pks needs these. -* Add "Find Reverse Path" link to gpgwww output. -* Checkpoint the db3 database upon clean exit. -* Fix bug with logging where the month was one less than it should have been. -* Fall back to stderr if we can't open the logfile. -* Move dependancy list from Makefile to separate file. -* Checkpoint the DB on clean shutdown. -* First cut at MRHKP support. -* Clean up various compile warnings under gcc 3.3 -* Log a critical error when we can't handle a critical subpacket rather than - asserting. -* Make the Postgres backend compile again. -* First attempt at supporting revoked keys. - -0.2.1 - 11th October 2003 - -* Added support for multiple backend DB3 key files. -* Fixed DB3 database dumping to be outside a transaction (otherwise the - transaction is too big and we run out of memory). -* Change over onak-mail.pl to use the config file more. -* Fix bug where we always read one byte from stdin in rather than allowing - zero. -* Tightened up error checking in a couple of places to allow proper DB cleanup. -* Changed a printf error message over to using logthing. -* Allow read_openpgp_stream to append to an existing packet list. -* Tidy up various character functions into charfuncs.c -* Add splitkeys for spliting up keyrings. -* Various code cleanups to help reduce warnings under C99. -* Add (verbose) index support to onak-mail.pl - -0.3.0 - 14th September 2004 - -* Add the ability to choose a config file at runtime. -* Fix extra LF when the last line of the key is a full line. -* Relax restriction on Type 2/3 keys being RSA - log the fact, but don't error. -* Stop trying to parse a key if we get an unexpected character. -* Make onak-mail.pl only run a single copy of onak at a time. -* Add photoid support; lookup and onak both use this. -* Move db3 backend to db4. -* Move db4 backend to 64bit keyids. -* Add keyfs backend. (Daniel Silverstone) -* Pull MD5/SHA1 implementations from sigcheck as they're more portable. -* Add readonly open mode for DB backends if we're not going to add keys. -* Log assertions before exiting. -* Add man pages for onak and splitkeys. -* autoconf; very basic at present - endianness and file paths. -* Clean up various compiler and preprocessor warnings. With --std=c99 and - -D_BSD_SOURCE=1 we should be almost warning free. -* Fix gpg --search support (it doesn't like uid/sub at the start of the index - lines). -* Let gpgwww return all the key data for the keys listed in the paths. Thanks - to Ian Haywood . -* Add support for searching on subkeys. -* Fix writing packets that are larger than 8k. -* Fix bug with reading new format packet lengths. -* Relax some assertions in mem.c as we can hit them legitimately. -* Initial key cleaning routines; de-dupe key uids. -* Add loglevel setting in the configuration file. -* Add logging for the various CGI interfaces. -* Add stripkey from Daniel Silverstone. -* Add signal catching infrastructure; this is primarily due to db4's fragile - behaviour in the face of abnormal termination. -* Add Apache2 example config info. -* Update mathopd example config to newer version. - -0.3.1 - 23rd October 2004 - -* Add onak-mail.pl man page (Debian bug #276879) -* Add links to HTML index output. (Debian bug #275227) -* Speed up fetch_key_text (use of lladdend/sorted keyid array). -* Cleanup db4 properly if we fail to open it. -* Change buffer_put/fetchchar functions to use memcpy (speed up). -* Add key iteration functionality to keydb backends. -* Move dumpdb to iterate_keys. -* Add keyd backend (persistant database access over Unix socket) -* Cleanup logging in sixdegrees.c -* Fix maxpath to initialise the logging infrastructure. -* Fix sixdegrees to initialise the logging infrastructure. -* Fix transaction around id32 updating in DB4 backend. -* Compile warning cleanup; add missed include file. -* Hard error when db version is < 4. - -0.3.2 - 25th March 2005 - -* Change word split routine to split on punctuation/spaces. (Jason Harris) -* Fix problem parsing empty config lines. (Thanks to Fred Strauss) -* Do some checking before closing stderr in add.c. Fixes an issue seen in - RH by Fred Strauss. -* Make sure we use the configured path to the MTA in sendsync.c -* Support UID revokations. Thanks to Hanna Wallach for reporting this. - -0.3.3 - 4th March 2007 - -* Make onak-mail sequentially processes requests. -* Fix db4 memory leak. -* Add support for dynamic loading of backends. -* Use 64bit key ids for HTML keyindex links and support these in lookup. -* Add support for ADD to onak-mail. -* Fix replyto address bug in onak-mail. -* Gracefully fail when we can't open a db4 db. -* Fix assumption that a signature on a public key is a revocation. -* Document test keys. -* Check signature time as well as keyid for key merges. - -0.3.4 - 29th December 2007 - -* Fix dynamic backends bug involving passing the config to the backend. -* Add an install target to the Makefile. -* Add a man page for keyd. - -0.3.5 - 16th January 2008 - -* Fix dumb mistake with db4 backend. Serves me right for testing with - the file one. - -0.3.6 - 7th June 2008 - -* Make key addition success text more like SKS/PKS. (Thanks to Timothy Legge) -* Allow the use of search text for gets, rather than just keyids. "" -* Fix fetching key by text bug in db4 backend (we'd fetch too many keys). -* Fix lookup display for more than one photo id. (Thanks to Philippe Teuwen) -* "Recognize" some extra critical subpacket types. -* Add support for upgrading db4 DBs built with older DB4 version. -* Various minor code cleanups. - -0.3.7 - 2nd June 2009 - -* Escape colons and similar in MRHKP output. (Debian bug #487284) -* Add support for displaying Elgamal encrypt or sign keys. (deprecated) -* Ensure DB4 backend dbconns memory is initialised to zero. -* Open DB read only for onak lookup function. -* Obey binary flag for "onak get". - -0.3.8 - 29th December 2009 - -* Fix "onak dump" to actually generate multiple output files. -* Limit key dump files to 100,000 keys for "onak dump". -* Correct formatting of some places we output a keyid. (Debian bug #540196) -* Don't add a key to the stats hash if it doesn't have any sigs. (Debian bug - #542187) -* Change PostgreSQL backend to use PQescapeStringConn -* Fix PostgreSQL backend key iteration - -0.4.0 - 19th April 2011 - -* Fix delete_key function in keyd backend -* Send close command when cleaning up keyd backend -* Actually close the socket in keyd/the keyd backend -* Update the copy of my key to my 4096R one -* Update maxpath/sixdegrees to my "new" RSA key -* Add -c option to specify keyd config file on command line -* Make keyd background itself by default -* Add use_keyd config file option to select keyd as the backend -* Clean up remaining uses of %llX for printing keyids -* Fix fs backend compilation/linking -* Configure db4 locks according to maxkeys and actually check maxkeys -* Explicitly use 32 bits for keyd socket commands -* Log when we're doing a clean keyd shutdown -* Add help text for keyd -* Add keydctl for talking to keyd backend -* Add the bzr version number to non release builds -* Allow db4 backend to compile with later versions of Berkeley DB -* Add a stats command to keyd -* Clean up use of PATH_MAX in keydb_fs.c -* Output details of key search after retrieval for pks/lookup - -0.4.1 - 24th April 2012 - -* Add basic testing infrastructure + initial tests -* Change fd_write to use fwrite instead of fputc -* Fix buffer_getchar to only error if we'd exceed the buffer size -* Add support for calculating SKS style key hashes -* Add support for key retrieval by SKS hash -* Add support for displaying/retrieving by SKS hash to lookup and onak CLI -* Add /pks/hashquery -* Cleanup lookup/gpgwww trailers -* Define OpenPGP constants and use them rather than magic numbers -* Clean up file header copyrights -* Add some more subpacket types to the list to ignore -* Clean up "set but not used" GCC warnings -* Use nettle for hashing when available rather than internal MD5/SHA1 routines -* Add AC_PROG_CC_C99 to configure.ac -* Fix display of SHA-1 fingerprints -* Always put a leading 0x on keyids in HTML output links -* Allow retrieval of key by full fingerprint -* Add keyid to DB4 backend deletion error messages - -0.4.2 - 1st October 2013 - -* Add support for RIPEMD160, SHA224, SHA384 & SHA512 when available -* Fix stripkeys to output all the keys at the end rather as it goes along -* Add support for checking signature hashes -* Use Doxygen for some initial code documentation generation -* Cleanup code in preparation for a separate libonak for general PGP bits -* Prevent read_openpgp_stream from returning empty packages + causing crashes -* Allow maxpath + splitkeys to take a -c option to specify the config file -* Add wotsap tool to generate data files for wotsap -* Add HKP backend to allow onak to be used as a proxying keyserver - -0.4.3 - 30th September 2014 - -* Set our user agent in the HKP backend -* Allow keyd to serve multiple clients at once -* Improve HKP backend URL parsing, adding support for HKPS -* Add support for a user specific config file for onak binary -* Make wotsap output tool ignore revoked keys -* Add support for old Elgamal v3 key IDs -* Add support for displaying EC/ECDSA key types + sizes -* Extend database backends to support key fetching by fingerprint -* Remove legacy pksd compatible DB2 backend -* Add SHA1x hash support -* Ignore X509 signatures for signature hash checking -* Code cleanups for issues found using scan-build (llvm) + valgrind -* Extend tests to include retrieval by subkey ID -* Switch DB4 backend to using key fingerprint as primary index -* Sanity check signature data lengths -* Add support for systemd socket activation - -0.4.4 - 30th September 2014 - -* Fix key ID lookups using onak CLI tool on 32 bit platforms - -0.4.5 - 3rd October 2014 - -* Fix for detecting systemd socket support with more recent versions of systemd - -0.4.6 - 25th August 2015 - -* Add additional ECC OIDs (Ed25519/Brainpool/secp256k1/Curve25519) -* Re-order linking for backend plugins to cope with ld --as-needed -* Add de-duplication of subkeys on a key -* Add support for displaying EDDSA keys (type 22) -* Add config file option to specify keyd socket directory - -0.5.0 - 28th August 2016 - -* Use mail_dir for the incoming mail lock file -* Switch to .ini style config file -* Add dumpconfig command to dump running config in .ini format -* Add stacked backend -* Include statistics for fetch by SKS hash in 'keydctl status' -* Pull key updates into keyd protocol rather than using delete/store -* Various robustness cleanups from American Fuzzy Lop testing diff --git a/PERFORMANCE b/PERFORMANCE deleted file mode 100644 index a889b1c..0000000 --- a/PERFORMANCE +++ /dev/null @@ -1,73 +0,0 @@ -Performance of adding 2M key chunks (~ 1700 keys). - -Originally ~ 30 mins with 0.0.2. - -After adding an index on keyid for onak_keys: - Command being timed: "/u2/noodles/onak-0.0.3/onak" - User time (seconds): 75.12 - System time (seconds): 76.08 - Percent of CPU this job got: 3% - Elapsed (wall clock) time (h:mm:ss or m:ss): 1:18:17 - Major (requiring I/O) page faults: 630 - Minor (reclaiming a frame) page faults: 1238 - -Making deletion in the same transaction as readding: - Command being timed: "/u2/noodles/onak-0.0.3/onak" - User time (seconds): 67.28 - System time (seconds): 75.74 - Percent of CPU this job got: 2% - Elapsed (wall clock) time (h:mm:ss or m:ss): 1:22:08 - Major (requiring I/O) page faults: 617 - Minor (reclaiming a frame) page faults: 1241 - -Making merge_keys all one transaction: - Command being timed: "/u2/noodles/onak-0.0.3/onak" - User time (seconds): 74.45 - System time (seconds): 69.82 - Percent of CPU this job got: 2% - Elapsed (wall clock) time (h:mm:ss or m:ss): 1:29:28 - Major (requiring I/O) page faults: 610 - Minor (reclaiming a frame) page faults: 1237 - -Only delete old key if we know it exists: - Command being timed: "/u2/noodles/onak-0.0.3/onak" - User time (seconds): 77.47 - System time (seconds): 75.06 - Percent of CPU this job got: 3% - Elapsed (wall clock) time (h:mm:ss or m:ss): 1:16:41 - Major (requiring I/O) page faults: 610 - Minor (reclaiming a frame) page faults: 1239 - -onak 0.0.4ish with db3 backend; only 1203 keys: - Command being timed: "./onak -b add" - User time (seconds): 0.88 - System time (seconds): 0.21 - Percent of CPU this job got: 80% - Elapsed (wall clock) time (h:mm:ss or m:ss): 0:01.36 - Major (requiring I/O) page faults: 198 - Minor (reclaiming a frame) page faults: 5443 - - -maxpath: - -Orig: - -List of key ids in path: -0x651E4299 0x2213E772 0x1EB2DE66 0x87CD3DBD 0xC02440B8 0xEA1572F1 0xF5C75256 0x6 -8FD549F 0x5B430367 0x8C90A57F 0x316C50AE 0x56ABD303 0x641B6747 0x6B5A209A -real 5m58.355s -user 0m11.110s -sys 0m0.440s - - -After DISTINCT: - -real 5m59.231s -user 0m9.630s -sys 0m0.410s - -With DB3 backend: - -real 0m15.917s -user 0m15.620s -sys 0m0.310s diff --git a/README b/README deleted file mode 100644 index c329b3b..0000000 --- a/README +++ /dev/null @@ -1,152 +0,0 @@ -onak 0.5.0 -Copyright 2003-2016 Jonathan McDowell -http://www.earth.li/projectpurple/progs/onak.html - - -Introduction: - -onak is an OpenPGP compatible keyserver. It's primary purpose is the -storage and retrieval of OpenPGP keys but it also has features that make -use of the stored keys for various other purposes. The most useful of -these is probably the pathfinder. This takes two keys, a & b, and -attempts to find a path of trust from a to b in the key database. I -started work on it because at the time there was no DFSG compliant -server that supported multiple subkeys and could act as a drop in -replacement for pksd, which I was running at the time. - - -Installation: - -onak has been mainly developed under Linux with a bit of work on FreeBSD -at times also. It should run on all architectures, but has only been -tested on i386, AMD64 and PowerPC so far. - -Typing "./configure && make" should produce a version of onak with -support for the DB4 backend. If you want to choose a different backend -(see below for a discussion about the options) you'll need to pass the -appropriate option to ./configure. - -Once make has completed you'll end up with various binaries: - -* onak - This is the main program. It's intended to be run from the command - line and allows the addition, deletion and searching of keys in the - database. - -* onak-mail.pl - The mail processor. Takes incoming mail (usually to - pgp-public-keys@host) and calls onak to do the necessary work. - Currently only supports INCREMENTAL mails for syncing with other - keyservers and INDEX mails from users. - -* add, lookup & gpgwww - The CGI programs. add & lookup are common to all PGP keyservers while - gpgwww is the pathfinder component of onak. To get a keyserver that - clients such as GPG can sync with you'll need to put these in a /pks - directory on a web server running on port 11371. There's an example - mathopd.conf file provided that I used for testing, but I'm now using - Apache for the public test rig as it's already present on the host - running it. - -* splitkeys - Utility to take a keyring and split it up into a bunch of smaller ones. - - -Config: - -I've finally added config file support. onak.ini is an example config; -the main thing to change is the location in the backend section to -whereever you want to put your database files. The configure script allows -you to specific where it should live; by default it'll be PREFIX/etc/onak.ini. - - -Backends: - -Currently there is support for 6 different database backends: - -* file - The original backend. Very simple and ideal for testing. Stores each - key as a separate file. Doesn't support searching based on key text. - -* pg (PostgreSQL) - Once the preferred backend. Use onak.sql to create the tables - necessary to run with this. Unfortunately although suitable for the - keyserver side it was found to be too slow for running the pathfinder - with a large number of keys. This may well be due to my use of it - if - you can help speed it up info would be appreciated. - -* db4 (Berkeley libdb4) - The currently preferred backend. Supports the full range of functions - like the pg backend but is considerably faster. Also easier to setup - assuming you have libdb4 installed; there's no need to have an SQL - database running and configured. - -* fs (file backend) - A fuller featured file based backend. Doesn't need any external - libraries and supports the full range of operations (such as text and - subkey searching). Needs a good filesystem to get good performance - though as it creates many, many files and links. - -* hkp - A proxying backend. No keys are stored locally; all fetch and store - requests are forwarded to the provided keyserver. - - -Other keyservers: - -I'm aware of the following other keyservers. If you know of any more -please let me know and I'll add them. - -* pks - http://sf.net/projects/pks/ - The prodominant keyserver I believe; what I used to run on - wwwkeys.uk.pgp.net. Had a spurt of activity a year or two ago, but - seems to have died off again. The main issue with pks is that it lacks - support for keys with multiple subkeys bound to them and older - versions unfortunately mangle them. - -* CryptNET Keyserver - http://www.cryptnet.net/fsp/cks/ - A GPLed server with support for multiple subkeys, but unfortunately - when I looked at it there was no support for syncing via email which - means it can't replace a pks server to act as part of pgp.net. - -* OpenPKSD - http://openpksd.org/ - Don't really know a lot about this. Primarily Japanese development - AFAICT. - -* SKS - http://sks.sourceforge.net/ - A reasonably new keyserver concentrating more on the whole issue of - syncronization between keyservers. Seems to be gaining in popularity. - - -Contacting the author: - -I can be reached via email as noodles@earth.li. I'm usually on IRC on -OFTC (irc.oftc.net) as Noodles. - -All constructive criticism, bugs reports, patches and ideas are welcome. - - -Obtaining later versions: - -onak lives at: - -http://www.earth.li/projectpurple/progs/onak.html - -Development is carried out using git; you can access the repository -with something like: - -git clone git://the.earth.li/onak.git - -or it can be browsed via gitweb at: - -http://the.earth.li/gitweb/?p=onak.git;a=summary - - -License: - -onak is distributed under the GNU Public License version 2, a copy of -which should have been provided with this archive as LICENSE. diff --git a/THANKS b/THANKS deleted file mode 100644 index 2c83d6f..0000000 --- a/THANKS +++ /dev/null @@ -1,19 +0,0 @@ -Thanks go out to the following people for help and/or comments they've given -during the development of onak. I've probably missed some people off; if this -is you please prod me! - -Moray Allan - Helped with porting to non x86 archs and tracking down key parsing oddities. -Ross Burton - Provided the Debian packaging. -Jason Harris - Several fixes and comments. -Simon Huggins - Various fixes and idea bouncing. -Brett Parker - Wrote the dynamic loading keydb backend, provided an example Apache2 - setup guide and various other ideas. -Daniel Silverstone - Convinced me about arch, wrote the keyfs backend and provided a very useful - sounding board for ideas at DebConf. -Everyone at DebConf4 who fed me odd keys. diff --git a/TODO b/TODO deleted file mode 100644 index af6ec35..0000000 --- a/TODO +++ /dev/null @@ -1,22 +0,0 @@ -* Check keys on import? - * Non self-signed user IDs - * Non self-signed subkeys - * Invalid revocations - * Signatures marked as non-exportable - * PKS subkey damage -* Better signature subpacket parsing (primary UID for example). -* Better merging of signatures; need to compare subpackets on Type 4 packets - and choose which we should use (how? most recent date?) -* Honor no-modify keyserver flag ("Brian M. Carlson" ) -* Better txt2html routine. -* Pathfinder - graphical as well? -* Do pathlengths for similar email addresses to help aide keysigning. - (ie "Find me the keys furthest from mine that end ox.ac.uk'") - Suggested by Jochen Voss . -* Other stats. most signed? signs most? -* DB access modules as a library to allow runtime configuration of it? -* Clean up gcc warnings (`ll' length modifier especially! Also inline & wrong - signedness for lo_read/write) -* Test library? -* Full email interface support (ADD, INDEX etc) -* More comments. diff --git a/apache2 b/apache2 deleted file mode 100644 index 5060867..0000000 --- a/apache2 +++ /dev/null @@ -1,23 +0,0 @@ -Brett's rough guide to onak and Apache2 on Debian: - -1) create a new virtual host for apache2 as the config snippet below in - /etc/apache2/sites-available/keyserver and symlink it in - /etc/apache2/sites-enabled/ -2) edit the /etc/apache2/ports.conf file and add Listen 11371 -3) edit the /etc/apache2/sites-available/default file and change the - NameVirtualHost and VirtualHost directives to only play with - port 80 -4) make sure that suexec is *NOT* enabled in apache2 (remove the - suexec.load symlink from /etc/apache2/mods-enabled/ if it - exists), this is because suexec will not run the cgi scripts - located in the /usr/lib/cgi-bin/pks directory. -5) apache2ctl graceful -6) marvel as it all works. - -Apache2 config snippet: - - DocumentRoot /var/lib/onak - ScriptAlias /pks /usr/lib/cgi-bin/pks - CustomLog /var/log/apache2/keyserver-access.log combined - ErrorLog /var/log/apache2/keyserver-error.log - diff --git a/debian/docs b/debian/docs index bc64abd..1ae825d 100644 --- a/debian/docs +++ b/debian/docs @@ -1,5 +1,5 @@ -BUGS -README -TODO -PERFORMANCE +doc/BUGS +doc/README +doc/TODO +doc/PERFORMANCE keys/noodles.key diff --git a/debian/examples b/debian/examples index 7795dcc..8959914 100644 --- a/debian/examples +++ b/debian/examples @@ -1,2 +1,2 @@ -mathopd.conf -apache2 +doc/mathopd.conf +doc/apache2 diff --git a/doc/BUGS b/doc/BUGS new file mode 100644 index 0000000..df01ac3 --- /dev/null +++ b/doc/BUGS @@ -0,0 +1 @@ +Nothing that isn't on the TODO list at present. diff --git a/doc/HISTORY b/doc/HISTORY new file mode 100644 index 0000000..b602017 --- /dev/null +++ b/doc/HISTORY @@ -0,0 +1,345 @@ +0.0.1 - 16th May 2002. + +* First release. +* Merges gpgstats 0.0.2 (never released). + +0.0.2 - 28th May 2002. + +* Added support for subpacket type 0x83 (critical key expiration) +* Fixed bug in parsing of one byte new format packet length. +* Added support for 4 byte old format packet lengths. +* Changed various error statements to output to stderr instead of stdout. +* Fixed bug in deleting keys in Postgres backend. +* Moved code to merge a list of keys to merge.c and changed add.c to use it + rather than just replacing existing keys. +* Added comment & trust packets as known but ignored types. +* Added storage of uids to Postgres backend; this speeds up verbose indexing + and will also allow searching on UIDs. +* Fixed bug in armor handling (didn't like 2 newlines before the armor header). +* Made dearmor gracefully handle non armored input. +* Added support for incoming incremental update mails. +* Added searching on uids to lookup & keydb_pg. +* Changed Postgres backend to use 64 bit keyids instead of 32 bit. +* Made dearmor ignore CRs when looking for 2 blank lines. + +0.0.3 - 2nd July 2002 + +* Added index on keyid for key table in Postgres backend. +* Twiddled transaction support in an attempt to speed up mass key adding. +* Changed putchar_func to take a character count rather than doing one char at + a time (massive speed up in Postgres case). +* Introduced onak binary for general keyserver operations. +* Changed all version number references to use VERSION macro. +* Made lldel free the unused list structure. (pointed out by Simon Huggins) +* Made llfind assert that the cmp function is non NULL. (Simon Huggins again) +* Fixed gpgwww; after the move to 64bit keyids internally it was trying to + compare the 32bit user supplied keyid to the retrieved 64bit one and never + finding paths. +* Various tidying up I've forgotten. +* Fixed bug with removing signed packets while merging. +* Fixed bug with potentially adding an already existing uid to a key when + merging. +* Fixed stupid typo bug in merging keys. + +0.0.4 - 10th November 2002 + +* Made keydb_file backend compile again. +* Changed merging to compare signature keyids rather than packet contents + so we don't add the same signature multiple times. +* Changed keydb_pg backend over to using PQescapeString to escape SQL data. +* Added list of keyids in a path to gpgwww output (suitable for C&P into + a gnupg command line for example). +* Pulled out HTML start/end code to getcgi.c and added a DOCTYPE and charset + of utf8. +* Did some work on getting onak-mail.pl to output incrementals as well as + receiving them. +* Some cleanup in getting signature keyids. +* Made sure we freed more things after we've finished with them. +* Changed maxpath to display the path found. +* Added use of onak_sigs to keydb_pg to speed up retrieval of key sigs. Should + speed up the pathfinder a lot. +* Added llfree for freeing up linked lists. +* Wrote DB3 backend; although much work is still needed it vastly outperforms + the PostgreSQL backend and should hopefully not suffer from the problems of + the DB2 implementation. + +0.1.0 - 13th November 2002 + +* Code cleanup; pull out common character functions. +* Make DB3 backend support proper searching. +* Added config file. +* Fixed ASCII armor bug (we'd output NULLs in the headers/footer). +* Added bidirectional syncing (previously we could receive but wouldn't send). + +0.1.1 - 2nd December 2002 + +* Fixed utf8 content type - should be UTF-8. (Thanks to Simon Huggins) +* Made getfullkeyid not assert if the key isn't found. (Thanks to Simon + Huggins for reporting this.) +* Fixed onak-mail.pl to check the stdout of onak before stderr to prevent + blocking when reading the output update. +* Used ccmalloc to find various memory leaks and fixed them. +* Added display of key subkeys. +* Tightened up table creation SQL a bit. +* Fixed bug with merging keys that have no new content (we'd sometimes stop + processing the incoming stream of keys). +* Updated README to be a bit more useful. +* Code cleanup; removed circular dependencies. +* Added sixdegrees. + +0.1.2 - 15th February 2003 + +* Added fingerprint calculation/display. +* Cleanup sixdegrees binary/object file on make clean. +* Introduced transaction support to DB3 backend, along with deadlock detection. +* Added keydb dumping ability. +* Added logging infrastructure to help more easily track down problems. + +0.2.0 - 8th June 2003 + +* Output multiple paths in gpgwww (thanks to Simon Huggins). +* Allow a keyid on the command line for sixdegrees (Simon Huggins). +* Make db2 backend check for a num_keydb file to know how many db files to use. +* Add 0x to generated URLs as pks needs these. +* Add "Find Reverse Path" link to gpgwww output. +* Checkpoint the db3 database upon clean exit. +* Fix bug with logging where the month was one less than it should have been. +* Fall back to stderr if we can't open the logfile. +* Move dependancy list from Makefile to separate file. +* Checkpoint the DB on clean shutdown. +* First cut at MRHKP support. +* Clean up various compile warnings under gcc 3.3 +* Log a critical error when we can't handle a critical subpacket rather than + asserting. +* Make the Postgres backend compile again. +* First attempt at supporting revoked keys. + +0.2.1 - 11th October 2003 + +* Added support for multiple backend DB3 key files. +* Fixed DB3 database dumping to be outside a transaction (otherwise the + transaction is too big and we run out of memory). +* Change over onak-mail.pl to use the config file more. +* Fix bug where we always read one byte from stdin in rather than allowing + zero. +* Tightened up error checking in a couple of places to allow proper DB cleanup. +* Changed a printf error message over to using logthing. +* Allow read_openpgp_stream to append to an existing packet list. +* Tidy up various character functions into charfuncs.c +* Add splitkeys for spliting up keyrings. +* Various code cleanups to help reduce warnings under C99. +* Add (verbose) index support to onak-mail.pl + +0.3.0 - 14th September 2004 + +* Add the ability to choose a config file at runtime. +* Fix extra LF when the last line of the key is a full line. +* Relax restriction on Type 2/3 keys being RSA - log the fact, but don't error. +* Stop trying to parse a key if we get an unexpected character. +* Make onak-mail.pl only run a single copy of onak at a time. +* Add photoid support; lookup and onak both use this. +* Move db3 backend to db4. +* Move db4 backend to 64bit keyids. +* Add keyfs backend. (Daniel Silverstone) +* Pull MD5/SHA1 implementations from sigcheck as they're more portable. +* Add readonly open mode for DB backends if we're not going to add keys. +* Log assertions before exiting. +* Add man pages for onak and splitkeys. +* autoconf; very basic at present - endianness and file paths. +* Clean up various compiler and preprocessor warnings. With --std=c99 and + -D_BSD_SOURCE=1 we should be almost warning free. +* Fix gpg --search support (it doesn't like uid/sub at the start of the index + lines). +* Let gpgwww return all the key data for the keys listed in the paths. Thanks + to Ian Haywood . +* Add support for searching on subkeys. +* Fix writing packets that are larger than 8k. +* Fix bug with reading new format packet lengths. +* Relax some assertions in mem.c as we can hit them legitimately. +* Initial key cleaning routines; de-dupe key uids. +* Add loglevel setting in the configuration file. +* Add logging for the various CGI interfaces. +* Add stripkey from Daniel Silverstone. +* Add signal catching infrastructure; this is primarily due to db4's fragile + behaviour in the face of abnormal termination. +* Add Apache2 example config info. +* Update mathopd example config to newer version. + +0.3.1 - 23rd October 2004 + +* Add onak-mail.pl man page (Debian bug #276879) +* Add links to HTML index output. (Debian bug #275227) +* Speed up fetch_key_text (use of lladdend/sorted keyid array). +* Cleanup db4 properly if we fail to open it. +* Change buffer_put/fetchchar functions to use memcpy (speed up). +* Add key iteration functionality to keydb backends. +* Move dumpdb to iterate_keys. +* Add keyd backend (persistant database access over Unix socket) +* Cleanup logging in sixdegrees.c +* Fix maxpath to initialise the logging infrastructure. +* Fix sixdegrees to initialise the logging infrastructure. +* Fix transaction around id32 updating in DB4 backend. +* Compile warning cleanup; add missed include file. +* Hard error when db version is < 4. + +0.3.2 - 25th March 2005 + +* Change word split routine to split on punctuation/spaces. (Jason Harris) +* Fix problem parsing empty config lines. (Thanks to Fred Strauss) +* Do some checking before closing stderr in add.c. Fixes an issue seen in + RH by Fred Strauss. +* Make sure we use the configured path to the MTA in sendsync.c +* Support UID revokations. Thanks to Hanna Wallach for reporting this. + +0.3.3 - 4th March 2007 + +* Make onak-mail sequentially processes requests. +* Fix db4 memory leak. +* Add support for dynamic loading of backends. +* Use 64bit key ids for HTML keyindex links and support these in lookup. +* Add support for ADD to onak-mail. +* Fix replyto address bug in onak-mail. +* Gracefully fail when we can't open a db4 db. +* Fix assumption that a signature on a public key is a revocation. +* Document test keys. +* Check signature time as well as keyid for key merges. + +0.3.4 - 29th December 2007 + +* Fix dynamic backends bug involving passing the config to the backend. +* Add an install target to the Makefile. +* Add a man page for keyd. + +0.3.5 - 16th January 2008 + +* Fix dumb mistake with db4 backend. Serves me right for testing with + the file one. + +0.3.6 - 7th June 2008 + +* Make key addition success text more like SKS/PKS. (Thanks to Timothy Legge) +* Allow the use of search text for gets, rather than just keyids. "" +* Fix fetching key by text bug in db4 backend (we'd fetch too many keys). +* Fix lookup display for more than one photo id. (Thanks to Philippe Teuwen) +* "Recognize" some extra critical subpacket types. +* Add support for upgrading db4 DBs built with older DB4 version. +* Various minor code cleanups. + +0.3.7 - 2nd June 2009 + +* Escape colons and similar in MRHKP output. (Debian bug #487284) +* Add support for displaying Elgamal encrypt or sign keys. (deprecated) +* Ensure DB4 backend dbconns memory is initialised to zero. +* Open DB read only for onak lookup function. +* Obey binary flag for "onak get". + +0.3.8 - 29th December 2009 + +* Fix "onak dump" to actually generate multiple output files. +* Limit key dump files to 100,000 keys for "onak dump". +* Correct formatting of some places we output a keyid. (Debian bug #540196) +* Don't add a key to the stats hash if it doesn't have any sigs. (Debian bug + #542187) +* Change PostgreSQL backend to use PQescapeStringConn +* Fix PostgreSQL backend key iteration + +0.4.0 - 19th April 2011 + +* Fix delete_key function in keyd backend +* Send close command when cleaning up keyd backend +* Actually close the socket in keyd/the keyd backend +* Update the copy of my key to my 4096R one +* Update maxpath/sixdegrees to my "new" RSA key +* Add -c option to specify keyd config file on command line +* Make keyd background itself by default +* Add use_keyd config file option to select keyd as the backend +* Clean up remaining uses of %llX for printing keyids +* Fix fs backend compilation/linking +* Configure db4 locks according to maxkeys and actually check maxkeys +* Explicitly use 32 bits for keyd socket commands +* Log when we're doing a clean keyd shutdown +* Add help text for keyd +* Add keydctl for talking to keyd backend +* Add the bzr version number to non release builds +* Allow db4 backend to compile with later versions of Berkeley DB +* Add a stats command to keyd +* Clean up use of PATH_MAX in keydb_fs.c +* Output details of key search after retrieval for pks/lookup + +0.4.1 - 24th April 2012 + +* Add basic testing infrastructure + initial tests +* Change fd_write to use fwrite instead of fputc +* Fix buffer_getchar to only error if we'd exceed the buffer size +* Add support for calculating SKS style key hashes +* Add support for key retrieval by SKS hash +* Add support for displaying/retrieving by SKS hash to lookup and onak CLI +* Add /pks/hashquery +* Cleanup lookup/gpgwww trailers +* Define OpenPGP constants and use them rather than magic numbers +* Clean up file header copyrights +* Add some more subpacket types to the list to ignore +* Clean up "set but not used" GCC warnings +* Use nettle for hashing when available rather than internal MD5/SHA1 routines +* Add AC_PROG_CC_C99 to configure.ac +* Fix display of SHA-1 fingerprints +* Always put a leading 0x on keyids in HTML output links +* Allow retrieval of key by full fingerprint +* Add keyid to DB4 backend deletion error messages + +0.4.2 - 1st October 2013 + +* Add support for RIPEMD160, SHA224, SHA384 & SHA512 when available +* Fix stripkeys to output all the keys at the end rather as it goes along +* Add support for checking signature hashes +* Use Doxygen for some initial code documentation generation +* Cleanup code in preparation for a separate libonak for general PGP bits +* Prevent read_openpgp_stream from returning empty packages + causing crashes +* Allow maxpath + splitkeys to take a -c option to specify the config file +* Add wotsap tool to generate data files for wotsap +* Add HKP backend to allow onak to be used as a proxying keyserver + +0.4.3 - 30th September 2014 + +* Set our user agent in the HKP backend +* Allow keyd to serve multiple clients at once +* Improve HKP backend URL parsing, adding support for HKPS +* Add support for a user specific config file for onak binary +* Make wotsap output tool ignore revoked keys +* Add support for old Elgamal v3 key IDs +* Add support for displaying EC/ECDSA key types + sizes +* Extend database backends to support key fetching by fingerprint +* Remove legacy pksd compatible DB2 backend +* Add SHA1x hash support +* Ignore X509 signatures for signature hash checking +* Code cleanups for issues found using scan-build (llvm) + valgrind +* Extend tests to include retrieval by subkey ID +* Switch DB4 backend to using key fingerprint as primary index +* Sanity check signature data lengths +* Add support for systemd socket activation + +0.4.4 - 30th September 2014 + +* Fix key ID lookups using onak CLI tool on 32 bit platforms + +0.4.5 - 3rd October 2014 + +* Fix for detecting systemd socket support with more recent versions of systemd + +0.4.6 - 25th August 2015 + +* Add additional ECC OIDs (Ed25519/Brainpool/secp256k1/Curve25519) +* Re-order linking for backend plugins to cope with ld --as-needed +* Add de-duplication of subkeys on a key +* Add support for displaying EDDSA keys (type 22) +* Add config file option to specify keyd socket directory + +0.5.0 - 28th August 2016 + +* Use mail_dir for the incoming mail lock file +* Switch to .ini style config file +* Add dumpconfig command to dump running config in .ini format +* Add stacked backend +* Include statistics for fetch by SKS hash in 'keydctl status' +* Pull key updates into keyd protocol rather than using delete/store +* Various robustness cleanups from American Fuzzy Lop testing diff --git a/doc/PERFORMANCE b/doc/PERFORMANCE new file mode 100644 index 0000000..a889b1c --- /dev/null +++ b/doc/PERFORMANCE @@ -0,0 +1,73 @@ +Performance of adding 2M key chunks (~ 1700 keys). + +Originally ~ 30 mins with 0.0.2. + +After adding an index on keyid for onak_keys: + Command being timed: "/u2/noodles/onak-0.0.3/onak" + User time (seconds): 75.12 + System time (seconds): 76.08 + Percent of CPU this job got: 3% + Elapsed (wall clock) time (h:mm:ss or m:ss): 1:18:17 + Major (requiring I/O) page faults: 630 + Minor (reclaiming a frame) page faults: 1238 + +Making deletion in the same transaction as readding: + Command being timed: "/u2/noodles/onak-0.0.3/onak" + User time (seconds): 67.28 + System time (seconds): 75.74 + Percent of CPU this job got: 2% + Elapsed (wall clock) time (h:mm:ss or m:ss): 1:22:08 + Major (requiring I/O) page faults: 617 + Minor (reclaiming a frame) page faults: 1241 + +Making merge_keys all one transaction: + Command being timed: "/u2/noodles/onak-0.0.3/onak" + User time (seconds): 74.45 + System time (seconds): 69.82 + Percent of CPU this job got: 2% + Elapsed (wall clock) time (h:mm:ss or m:ss): 1:29:28 + Major (requiring I/O) page faults: 610 + Minor (reclaiming a frame) page faults: 1237 + +Only delete old key if we know it exists: + Command being timed: "/u2/noodles/onak-0.0.3/onak" + User time (seconds): 77.47 + System time (seconds): 75.06 + Percent of CPU this job got: 3% + Elapsed (wall clock) time (h:mm:ss or m:ss): 1:16:41 + Major (requiring I/O) page faults: 610 + Minor (reclaiming a frame) page faults: 1239 + +onak 0.0.4ish with db3 backend; only 1203 keys: + Command being timed: "./onak -b add" + User time (seconds): 0.88 + System time (seconds): 0.21 + Percent of CPU this job got: 80% + Elapsed (wall clock) time (h:mm:ss or m:ss): 0:01.36 + Major (requiring I/O) page faults: 198 + Minor (reclaiming a frame) page faults: 5443 + + +maxpath: + +Orig: + +List of key ids in path: +0x651E4299 0x2213E772 0x1EB2DE66 0x87CD3DBD 0xC02440B8 0xEA1572F1 0xF5C75256 0x6 +8FD549F 0x5B430367 0x8C90A57F 0x316C50AE 0x56ABD303 0x641B6747 0x6B5A209A +real 5m58.355s +user 0m11.110s +sys 0m0.440s + + +After DISTINCT: + +real 5m59.231s +user 0m9.630s +sys 0m0.410s + +With DB3 backend: + +real 0m15.917s +user 0m15.620s +sys 0m0.310s diff --git a/doc/README b/doc/README new file mode 100644 index 0000000..c329b3b --- /dev/null +++ b/doc/README @@ -0,0 +1,152 @@ +onak 0.5.0 +Copyright 2003-2016 Jonathan McDowell +http://www.earth.li/projectpurple/progs/onak.html + + +Introduction: + +onak is an OpenPGP compatible keyserver. It's primary purpose is the +storage and retrieval of OpenPGP keys but it also has features that make +use of the stored keys for various other purposes. The most useful of +these is probably the pathfinder. This takes two keys, a & b, and +attempts to find a path of trust from a to b in the key database. I +started work on it because at the time there was no DFSG compliant +server that supported multiple subkeys and could act as a drop in +replacement for pksd, which I was running at the time. + + +Installation: + +onak has been mainly developed under Linux with a bit of work on FreeBSD +at times also. It should run on all architectures, but has only been +tested on i386, AMD64 and PowerPC so far. + +Typing "./configure && make" should produce a version of onak with +support for the DB4 backend. If you want to choose a different backend +(see below for a discussion about the options) you'll need to pass the +appropriate option to ./configure. + +Once make has completed you'll end up with various binaries: + +* onak + This is the main program. It's intended to be run from the command + line and allows the addition, deletion and searching of keys in the + database. + +* onak-mail.pl + The mail processor. Takes incoming mail (usually to + pgp-public-keys@host) and calls onak to do the necessary work. + Currently only supports INCREMENTAL mails for syncing with other + keyservers and INDEX mails from users. + +* add, lookup & gpgwww + The CGI programs. add & lookup are common to all PGP keyservers while + gpgwww is the pathfinder component of onak. To get a keyserver that + clients such as GPG can sync with you'll need to put these in a /pks + directory on a web server running on port 11371. There's an example + mathopd.conf file provided that I used for testing, but I'm now using + Apache for the public test rig as it's already present on the host + running it. + +* splitkeys + Utility to take a keyring and split it up into a bunch of smaller ones. + + +Config: + +I've finally added config file support. onak.ini is an example config; +the main thing to change is the location in the backend section to +whereever you want to put your database files. The configure script allows +you to specific where it should live; by default it'll be PREFIX/etc/onak.ini. + + +Backends: + +Currently there is support for 6 different database backends: + +* file + The original backend. Very simple and ideal for testing. Stores each + key as a separate file. Doesn't support searching based on key text. + +* pg (PostgreSQL) + Once the preferred backend. Use onak.sql to create the tables + necessary to run with this. Unfortunately although suitable for the + keyserver side it was found to be too slow for running the pathfinder + with a large number of keys. This may well be due to my use of it - if + you can help speed it up info would be appreciated. + +* db4 (Berkeley libdb4) + The currently preferred backend. Supports the full range of functions + like the pg backend but is considerably faster. Also easier to setup + assuming you have libdb4 installed; there's no need to have an SQL + database running and configured. + +* fs (file backend) + A fuller featured file based backend. Doesn't need any external + libraries and supports the full range of operations (such as text and + subkey searching). Needs a good filesystem to get good performance + though as it creates many, many files and links. + +* hkp + A proxying backend. No keys are stored locally; all fetch and store + requests are forwarded to the provided keyserver. + + +Other keyservers: + +I'm aware of the following other keyservers. If you know of any more +please let me know and I'll add them. + +* pks + http://sf.net/projects/pks/ + The prodominant keyserver I believe; what I used to run on + wwwkeys.uk.pgp.net. Had a spurt of activity a year or two ago, but + seems to have died off again. The main issue with pks is that it lacks + support for keys with multiple subkeys bound to them and older + versions unfortunately mangle them. + +* CryptNET Keyserver + http://www.cryptnet.net/fsp/cks/ + A GPLed server with support for multiple subkeys, but unfortunately + when I looked at it there was no support for syncing via email which + means it can't replace a pks server to act as part of pgp.net. + +* OpenPKSD + http://openpksd.org/ + Don't really know a lot about this. Primarily Japanese development + AFAICT. + +* SKS + http://sks.sourceforge.net/ + A reasonably new keyserver concentrating more on the whole issue of + syncronization between keyservers. Seems to be gaining in popularity. + + +Contacting the author: + +I can be reached via email as noodles@earth.li. I'm usually on IRC on +OFTC (irc.oftc.net) as Noodles. + +All constructive criticism, bugs reports, patches and ideas are welcome. + + +Obtaining later versions: + +onak lives at: + +http://www.earth.li/projectpurple/progs/onak.html + +Development is carried out using git; you can access the repository +with something like: + +git clone git://the.earth.li/onak.git + +or it can be browsed via gitweb at: + +http://the.earth.li/gitweb/?p=onak.git;a=summary + + +License: + +onak is distributed under the GNU Public License version 2, a copy of +which should have been provided with this archive as LICENSE. diff --git a/doc/THANKS b/doc/THANKS new file mode 100644 index 0000000..2c83d6f --- /dev/null +++ b/doc/THANKS @@ -0,0 +1,19 @@ +Thanks go out to the following people for help and/or comments they've given +during the development of onak. I've probably missed some people off; if this +is you please prod me! + +Moray Allan + Helped with porting to non x86 archs and tracking down key parsing oddities. +Ross Burton + Provided the Debian packaging. +Jason Harris + Several fixes and comments. +Simon Huggins + Various fixes and idea bouncing. +Brett Parker + Wrote the dynamic loading keydb backend, provided an example Apache2 + setup guide and various other ideas. +Daniel Silverstone + Convinced me about arch, wrote the keyfs backend and provided a very useful + sounding board for ideas at DebConf. +Everyone at DebConf4 who fed me odd keys. diff --git a/doc/TODO b/doc/TODO new file mode 100644 index 0000000..af6ec35 --- /dev/null +++ b/doc/TODO @@ -0,0 +1,22 @@ +* Check keys on import? + * Non self-signed user IDs + * Non self-signed subkeys + * Invalid revocations + * Signatures marked as non-exportable + * PKS subkey damage +* Better signature subpacket parsing (primary UID for example). +* Better merging of signatures; need to compare subpackets on Type 4 packets + and choose which we should use (how? most recent date?) +* Honor no-modify keyserver flag ("Brian M. Carlson" ) +* Better txt2html routine. +* Pathfinder - graphical as well? +* Do pathlengths for similar email addresses to help aide keysigning. + (ie "Find me the keys furthest from mine that end ox.ac.uk'") + Suggested by Jochen Voss . +* Other stats. most signed? signs most? +* DB access modules as a library to allow runtime configuration of it? +* Clean up gcc warnings (`ll' length modifier especially! Also inline & wrong + signedness for lo_read/write) +* Test library? +* Full email interface support (ADD, INDEX etc) +* More comments. diff --git a/doc/apache2 b/doc/apache2 new file mode 100644 index 0000000..5060867 --- /dev/null +++ b/doc/apache2 @@ -0,0 +1,23 @@ +Brett's rough guide to onak and Apache2 on Debian: + +1) create a new virtual host for apache2 as the config snippet below in + /etc/apache2/sites-available/keyserver and symlink it in + /etc/apache2/sites-enabled/ +2) edit the /etc/apache2/ports.conf file and add Listen 11371 +3) edit the /etc/apache2/sites-available/default file and change the + NameVirtualHost and VirtualHost directives to only play with + port 80 +4) make sure that suexec is *NOT* enabled in apache2 (remove the + suexec.load symlink from /etc/apache2/mods-enabled/ if it + exists), this is because suexec will not run the cgi scripts + located in the /usr/lib/cgi-bin/pks directory. +5) apache2ctl graceful +6) marvel as it all works. + +Apache2 config snippet: + + DocumentRoot /var/lib/onak + ScriptAlias /pks /usr/lib/cgi-bin/pks + CustomLog /var/log/apache2/keyserver-access.log combined + ErrorLog /var/log/apache2/keyserver-error.log + diff --git a/doc/mathopd.conf b/doc/mathopd.conf new file mode 100644 index 0000000..ea93d66 --- /dev/null +++ b/doc/mathopd.conf @@ -0,0 +1,70 @@ +Umask 026 + +Tuning { + NumConnections 120 + BufSize 12288 +} + +StayRoot On + +PIDFile /home/noodles/pgp/mathopd/pid +Log /home/noodles/pgp/mathopd/log.%Y%m%d +ErrorLog /home/noodles/pgp/mathopd/errors.%Y%m + +Control { + Types { + text/plain { * } + text/css { css } + application/octet-stream { zip gz tgz exe class } + application/futuresplash { spl } + model/vrml { wrl } + application/pdf { pdf } + text/html { html htm } + image/gif { gif } + image/jpeg { jpg } + } + Specials { + Imagemap { map } + CGI { cgi } + Redirect { url } + } + External { + /usr/bin/perl { pl } + } + IndexNames { home.html index.htm index.html redirect.url } +} + +Server { + Port 11371 + + Virtual { + Control { + Alias / + Location /home/noodles/pgp + } + + Control { + Alias /pks + Location /home/noodles/pgp/cgi + Specials { + CGI { * } + } + } + } + + Virtual { + AnyHost + Control { + Alias / + Location /home/noodles/pgp + } + + Control { + Alias /pks + Location /home/noodles/pgp/cgi + Specials { + CGI { * } + } + } + } +} diff --git a/mathopd.conf b/mathopd.conf deleted file mode 100644 index ea93d66..0000000 --- a/mathopd.conf +++ /dev/null @@ -1,70 +0,0 @@ -Umask 026 - -Tuning { - NumConnections 120 - BufSize 12288 -} - -StayRoot On - -PIDFile /home/noodles/pgp/mathopd/pid -Log /home/noodles/pgp/mathopd/log.%Y%m%d -ErrorLog /home/noodles/pgp/mathopd/errors.%Y%m - -Control { - Types { - text/plain { * } - text/css { css } - application/octet-stream { zip gz tgz exe class } - application/futuresplash { spl } - model/vrml { wrl } - application/pdf { pdf } - text/html { html htm } - image/gif { gif } - image/jpeg { jpg } - } - Specials { - Imagemap { map } - CGI { cgi } - Redirect { url } - } - External { - /usr/bin/perl { pl } - } - IndexNames { home.html index.htm index.html redirect.url } -} - -Server { - Port 11371 - - Virtual { - Control { - Alias / - Location /home/noodles/pgp - } - - Control { - Alias /pks - Location /home/noodles/pgp/cgi - Specials { - CGI { * } - } - } - } - - Virtual { - AnyHost - Control { - Alias / - Location /home/noodles/pgp - } - - Control { - Alias /pks - Location /home/noodles/pgp/cgi - Specials { - CGI { * } - } - } - } -}