• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

contrib/H07-May-2022-1,244901

debian/H07-May-2022-759564

.purifyH A D04-Sep-2002433 1211

ChangeLogH A D12-Mar-200456.6 KiB1,6171,035

EMAILH A D02-May-20222.3 KiB6145

LICENSEH A D28-Feb-20032.1 KiB4435

MRHKPH A D26-Feb-20036 KiB152114

Makefile.inH A D04-Aug-200313.8 KiB456372

NEWSH A D26-Apr-20034.9 KiB10291

READMEH A D04-Aug-20038.3 KiB230163

UPGRADINGH A D26-Feb-20031.3 KiB3424

armor.cH A D28-Feb-200311.7 KiB441303

armor.hH A D28-Feb-20032.1 KiB5311

config.h.inH A D27-Apr-20038 KiB277198

configureH A D03-May-2022314 KiB10,7759,270

configure.inH A D17-Jan-200411.6 KiB366347

database.hH A D05-Mar-20033.8 KiB11557

db_selector.h.inH A D28-Feb-20031.5 KiB3733

globals.cH A D27-Apr-20032 KiB4811

globals.hH A D28-Feb-20032.5 KiB7121

install-shH A D04-Sep-20024.7 KiB239152

kd_add.cH A D01-Mar-200340.9 KiB1,7731,330

kd_delete.cH A D04-Aug-20036.6 KiB285179

kd_disable.cH A D28-Feb-20034.4 KiB192116

kd_generic.cH A D03-May-202218 KiB865649

kd_get.cH A D04-Aug-20035.3 KiB224136

kd_index.cH A D12-Mar-200411.1 KiB502354

kd_internal.hH A D28-Feb-20033 KiB8534

kd_search.cH A D03-May-202237.2 KiB1,7021,251

kd_search.hH A D28-Feb-20032.8 KiB8439

kd_signal.cH A D28-Feb-20032.5 KiB8637

kd_since.cH A D04-Aug-20037.1 KiB308215

kd_types.cH A D01-Mar-20036.1 KiB243152

kd_types.hH A D28-Feb-20033.2 KiB11063

kvcv.cH A D04-Aug-20036.6 KiB287211

kxa.cH A D28-Feb-20033.1 KiB11866

llist.cH A D01-Mar-20036 KiB273171

llist.hH A D28-Feb-20033.5 KiB9528

logging.cH A D27-Apr-20033.2 KiB12371

mail_introH A D31-Jan-2003416 1710

mail_req.cH A D02-Jun-200316.6 KiB639472

mail_req.hH A D28-Feb-20032.2 KiB6219

mail_send.cH A D01-Mar-200313.6 KiB514368

mail_send.hH A D28-Feb-20032.8 KiB7630

mkpksdconf.inH A D03-May-20224.5 KiB9855

mp_signal.cH A D01-Mar-20032.8 KiB10346

multiplex.cH A D01-Mar-20039.2 KiB481329

multiplex.hH A D28-Feb-20032.5 KiB6522

parse.cH A D28-Feb-20033.9 KiB16285

parse.hH A D28-Feb-20032.3 KiB5615

pgpcrc.cH A D28-Feb-20032.6 KiB8539

pgpcrc.hH A D28-Feb-20031.9 KiB508

pgpfile.cH A D03-Mar-20032.8 KiB11969

pgpfile.hH A D28-Feb-20031.9 KiB508

pgpsplit.8H A D25-Feb-200321 21

pgpsplit.cH A D03-Mar-20034.5 KiB221152

pgputil.cH A D30-Apr-200312.2 KiB594447

pgputil.hH A D28-Feb-20032.8 KiB8236

pks-commands.html.deH A D28-Feb-20035.1 KiB126114

pks-commands.html.jaH A D28-Feb-20034.1 KiB8476

pks-commands.phpH A D28-Feb-20038.9 KiB236195

pks-intro.8H A D05-Mar-20035.7 KiB16999

pks-mail.sh.8H A D25-Feb-200321 21

pks-mail.sh.inH A D20-May-20032.2 KiB6321

pks-queue-run.sh.8H A D25-Feb-200321 21

pks-queue-run.sh.inH A D17-Jan-20042.5 KiB7627

pks.initH A D28-Feb-20034.1 KiB190114

pks.specH A D18-Jun-20039 KiB221170

pks_config.cH A D27-Apr-20037.9 KiB281202

pks_config.hH A D14-Apr-20032.6 KiB8532

pks_help.czH A D05-Feb-20038.2 KiB189158

pks_help.deH A D26-Feb-20037.3 KiB170140

pks_help.dkH A D26-Feb-20036.1 KiB141119

pks_help.enH A D26-Feb-20036.6 KiB151126

pks_help.esH A D26-Feb-20037.4 KiB165141

pks_help.fiH A D26-Feb-20036.2 KiB140119

pks_help.frH A D26-Feb-20036.4 KiB143123

pks_help.hrH A D05-Feb-20036.2 KiB139115

pks_help.jaH A D26-Feb-20036.9 KiB153126

pks_help.krH A D26-Feb-20037.3 KiB163136

pks_help.noH A D26-Feb-20036 KiB134115

pks_help.plH A D26-Feb-20037.6 KiB171144

pks_help.ptH A D26-Feb-20037.3 KiB166140

pks_help.seH A D26-Feb-20036.7 KiB162132

pks_help.twH A D26-Feb-20037 KiB166140

pks_incr.cH A D28-Feb-20035.5 KiB196115

pks_incr.hH A D28-Feb-20032.3 KiB6520

pks_socket.cH A D02-Mar-20038.7 KiB371260

pks_socket.hH A D28-Feb-20032 KiB5714

pks_www.cH A D27-Apr-200318.5 KiB719551

pks_www.hH A D14-Apr-20032.1 KiB6219

pkscheck.cH A D04-Aug-20034.9 KiB174111

pksclient.8H A D28-Feb-20037.1 KiB195158

pksclient.cH A D05-Mar-20039.5 KiB420328

pksd.8H A D05-Mar-20034.7 KiB11757

pksd.cH A D27-Apr-20037.9 KiB334246

pksd.conf.5H A D28-Feb-20035.9 KiB163128

pksdctl.8H A D05-Mar-20033.1 KiB9744

pksdctl.cH A D01-Mar-20034.5 KiB191122

pksdump.cH A D28-Feb-20035.1 KiB206138

pkskeydump.cH A D28-Feb-20033.8 KiB15889

pksmailreq.cH A D28-Feb-20033.6 KiB13573

util.cH A D01-Mar-20036.7 KiB324228

util.hH A D28-Feb-20032.9 KiB9241

www.cH A D04-Aug-200319.6 KiB843626

www.hH A D14-Apr-20032.4 KiB6115

wwwtest.cH A D04-Aug-20033 KiB10350

README

1
2
3		 The OpenPGP Public Key Server (PKS)
4
5
6* Dependencies
7
8  PKS requires Berkeley DB 4.1.25 or higher.  If Berkeley DB 4 is
9found in either /usr or /usr/local, it will be used by default.  If
10Berkeley DB 4 is not installed system-wide or is installed in a
11non-standard location, the --with-db option to the configure script
12can be used to specify the location of the files to use.
13
14  PKS requires OpenSSL.  The minimum version of OpenSSL is not known
15at this time.  It is recommended that you use version 0.9.7b or
16later.  If OpenSSL is found in either /usr or /usr/local, it will be
17used by default.  If OpenSSL is not installed system-wide or is
18installed in a non-standard location, the --with-opensll option to
19the configure script can be used to specify the location of the
20files to use.
21
22
23* Building Berkeley DB 4.1.25 (OPTIONAL)
24
25  Alternatively, if Berkeley DB 4 is only going to be used for PKS
26on your system, you may find it easiest to statically link PKS with
27the Berkeley code.  To do so, unpack the db archive into the same
28directory as you unpacked the pks archive into.  Build db without
29installing it.  One file, hmac/sha1.c, may trigger some optimizier
30bugs in GCC.  (Turning off optimization for this file may help.)  The
31following commands will probably work for you:
32
33      cd db-4.1.25/build_unix
34      ../dist/configure
35      make
36      cd ../..
37
38
39* Building OpenSSL 0.9.7b (OPTIONAL)
40
41  Alternatively, if OpenSSL is only going to be used for PKS on your
42system, you may find it easiest to statically link PKS with the
43OpenSSL code.  To do so, unpack the openssl archive into the same
44directory as you unpacked the pks archive into.  Build OpenSSL
45without installing it.  The following commands will probably work for
46you:
47
48      cd openssl-0.9.7b
49      ./configure
50      make
51      cd ..
52
53
54* Installation Choices
55
56  Choose a location to install the software.  The software itself
57takes up very little space.  As the keyserver will be running fairly
58constantly, the code doesn't need to be installed on a local disk if
59installing on a networked drive works better in your situation.  By
60default, PKS is installed under /usr/local.  This directory can be
61changed by the --prefix option to the configure script.  Throughout,
62this directory will be referred to as PREFIX.
63
64  However, the key database can grow very large. If you plan on
65running with a full key database, you should have at least 5 GB free.
66The database is accessed frequently in a fairly random pattern, so it
67should be stored on a local disk.  By default, the database is
68installed in PREFIX/var.  This directory can be changed by the
69--localstatedir option ot the configure script.  Throughout, this
70directory will be referred to as LOCALSTATEDIR.
71
72  Several situations require the software to be installed as root.
73To lessen the impact of a security breach, PKS supports dropping root
74privileges when they are no longer needed.  Also, PKS supports
75running in a chroot() jail.
76
77
78* Building PKS
79
80  In the top level of the PKS source directory run the following
81commands.  These commands do not require root privileges.
82
83      ./configure
84      make
85
86  The configure script accepts several options which can be used to
87customize your installation of PKS.  To see a list of all available
88options, run the following command in the top level of the PKS
89source directory.
90
91      ./configure --help
92
93  Common options for configure include:
94
95      --prefix=PREFIX         Install the software under PREFIX
96      --localstatedir=DIR     Install the database under DIR
97
98      --enable-debug          Enable Debugging Mode
99      --enable-optimizations  Enable Compiler Optimizations
100
101      --with-db=DIR           Use Berkeley DB in DIR
102      --with-ipv6             Enable IPv6 Support
103      --with-libwrap          Use libwrap (TCP Wrappers)
104      --with-openssl=DIR      Use OpenSSL in DIR
105
106
107  On some systems, you may have to use GNU make.  If the build
108process fails, try using GNU make.
109
110
111* Installing PKS
112
113  In the top level of the PKS source directory run the following
114command.  This command will probably require root privileges.
115
116	make install
117
118  You can look in PREFIX/man for more detailed documentation on the
119various programs.  An overview is in pks-intro(8).
120
121
122* Configuring PKS
123
124   After installing pks, the necessary directory hierarchy will be
125created, but there are some things you may need to do yourself.
126Actions marked with [*] may be different for your operating system.
127
128  Create an empty database as follows:
129      cd /home/pksd
130      ./bin/pksclient var/db create 1
131
132  Import keys.  (Repeat for each KEYDUMP file.)
133	./bin/pksclient var/db add /PATH/TO/KEYDUMP -dt
134	./bin/pksclient var/db recover
135
136  NOTE: A full keyring contains over 1.8 million keys.  Importing
137such a large number of keys takes a long time (just under 3 days on
138an idle machine), even with transactions turned off (using -dt flag
139as specified above).  The following log snippets help to illustrate
140this process:
141
142      [Thu Feb 13 23:37:00 2003] kd_open: completed successfully
143      [Thu Feb 13 23:37:00 2003] kd_add: flags=100000
144      [Thu Feb 13 23:37:00 2003] display_new_key: new keyid 1 869B5F7C
145      ...
146      [Sun Feb 16 20:48:49 2003] display_new_key: new keyid 1801882 8A90ADBD
147      [Sun Feb 16 20:48:50 2003] display_new_key: new keyid 1801883 C56B6758
148      [Sun Feb 16 20:49:31 2003] kd_add: pub+1801883 sig+0 sig=0 uid+0 uid=0 rev+0 rev!0
149
150  If you're planning on letting pksd setuid/setgid itself to a
151special pksd uid and/or gid, create the appropriate user and group
152and set the permissions as follows:
153
154      groupadd pksd                                            [*]
155      useradd -g pksd -d /home/pksd -s /sbin/nologin pksd      [*]
156      chown -R pksd:pksd LOCALSTATEDIR/db LOCALSTATEDIR/incoming
157
158  To run PKS inside a chroot() jail, you will need to add an
159additional log socket inside the chroot dir.
160	mkdir /PATH/TO/CHROOT/JAIL/dev
161	kill `cat /var/run/syslogd.pid`
162	syslogd -a /PATH/TO/CHROOT/JAIL/dev/log                [*]
163
164  As a part of the installation, a template configuration file was
165installed in PREFIX/etc/pksd.conf.  This file is fully documented in
166pksd.conf(5).  PKS may not give you useful output unless you
167configure the following options:
168
169      www_readonly
170      max_last
171      max_last_reply_keys
172      max_reply_keys
173
174  The key server uses syslog for logging.  It logs using the local2
175facility (if available), and various priority levels as described in
176pksd(8).  If you want to get any logging, you should add an
177appropriate entry to /etc/syslog.conf on your machine.
178
179  If you have configured the mail server component of the key
180server, there is one more step you need to take so that the server
181can actually handle mail.  In your aliases file (usually one of
182/etc/aliases or /etc/mail/aliases), create the following lines:
183
184      pgp-public-keys: "|PREFIX/bin/pks-mail.sh PREFIX/etc/pksd.conf"
185      pgp: pgp-public-keys
186
187  You might also need to add aliases for the mail addresses you
188configured in pksd.conf.  You will also need to make sure the
189permissions on PREFIX/var/incoming allow both the mailer and whatever
190user the pksd program runs as to insert and delete files.
191
192  By default, PKS installs index.html into the configured
193localstatedir (the location of the database).  The key server does
194not server arbitrary files.  At most, it will serve this index.html
195file.  Tranlated versions of this file are included in the source
196distribution as pks-commands.html.XX, where XX is the ISO language
197code of the translation.
198
199
200* Running PKS
201
202   Before running the server, read and familiarize yourself with the
203information in the DATABASE ADMINISTRATION section of pks-intro(8)
204(PREFIX/man/man8/pks-intro.8), in particular the section on
205checkpointing.
206
207  To have the daemon run when the system boots, you should run the
208following commands in your /etc/rc.local or equivalent file:
209
210      PREFIX/bin/pksd PREFIX/etc/pksd.conf
211      sleep 5
212      PREFIX/bin/pks-queue-run.sh PREFIX/etc/pksd.conf &
213
214   You can always run this command by hand if you want.
215
216  Alternatively, a System V style init script is provided in the
217source distribution as pks.init.
218
219
220* Obtaining Support
221
222  Send an e-mail to pgp-keyserver-folk@flame.org.  This is a public
223listserv dedicated to all keyserver issues, regardless of keyserver
224software. As such, normal listserv etiquette is expected.  Be sure
225to mention that you're running PKS and provide the version number.
226
227
228
229$Id: README,v 1.8 2003/07/31 18:25:09 rlaager Exp $
230