-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
175 lines (124 loc) · 6.94 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
The following is an incomplete guide to compiling, setting up and using SKS.
The documentation still needs work, but hopefully this is enough to get you
started.
-- Prerequisites --------------------------
There are a few prerequisites to building this code. You need:
* ocaml-3.10.2 or later. Get it from http://www.ocaml.org
* Berkeley DB version 5.1.* or later. You can find the
appropriate versions at
http://www.oracle.com/technetwork/database/berkeleydb/downloads/index.html
-- Compilation and Installation -----------------------------
* Install OCaml and Berkeley DB
When installing ocaml, make sure you do both the "make world" and the
"make opt" steps before installing. The later makes sure you get the
optimizing compilers. (do make opt.opt if you want faster compilation.
You can then set the environment variables OCAMLC, OCAMLOPT and CALMP4O to
ocamlc.opt, ocamlopt.opt and camlp4o.opt respectively.)
If your vendor or porting project supplies prebuilt binaries and libraries
for Berkeley DB, make sure to get the development package as you will need
the correct version include files.
* Copy Makefile.local.unused to Makefile.local, and edit to match your
installation.
* Compile
make cleanall
make dep
make all
make all.bc # if you want the bytecode versions
make install # puts executables in $USRSBINDIR and $USRLIBDIR, as defined
# in Makefile.local
There are some other useful compilation targets, mostly useful for
development.
- make doc
creates a doc directory with ocamldoc-generated documentation of
the individual modules. These are mostly useful as documentation
to the source code, not a user's guide.
- make modules.ps
Creates a ps-file that shows the dependencies between different
modules, and gives you a sense of the overall structure of the
system. For this to work you need to have AT&T's graphviz
installed, as well as python2. The python script that's used
actually requires that python2 be called python2, rather than
python. You can of course edit that script.
-- Setup and Configuration ---------------------
You need to set up a directory for the SKS installation. It will contain the
database files along with configuration and log files.
Configuration options can be passed in on the command-line or put in the
"sksconf" file in the SKS directory. the -basedir option specifies the SKS
directory itself, which defaults to the current working directory.
* sksconf and commandline options
The format of the sksconf file is simply a bunch of lines of the form:
keyword: value
The '#' character is used for comments, and blank lines are ignored. The
keywords are just the command-line flags, minus the initial "-".
The one thing you probably want no matter what is a line that says
logfile: log
which ensures that sks will output messages to recon.log and db.log
respectively.
* membership file
If you want your server to gossip with others, you will need a membership
file which tells the "sks recon" who else to gossip with. The membership
file should look something like:
epidemic.cs.cornell.edu 11370
athos.rutgers.edu 11370
...
This file should be called "membership", and should be stored in the SKS
directory. Note that in order for synchronization to work, both hosts
have to have each other in their membership lists. Send mail to
<[email protected]> to get other SKS administrators to add you to
their membership lsits.
IMPORTANT NOTE: if you include the server itself in the membership file, you
should make sure that you also specify the "hostname" option, and that the
selected hostname is exactly the same string listed in the membership file.
Otherwise, the "sks recon" will try to synchronize with itself and will
deadlock.p
* outgoing PKS synchronization: mailsync file
The mailsync file contains a list of email addresses of PKS keyservers.
This file is important, because it ensures that keys submitted directly to
an SKS keyserver are also forwarded to PKS keyservers.
IMPORTANT: don't add someone to your mailsync file without getting their
permission first!
In order for outgoing email sync's to work, you need to specify a command
to actually send the email out. The default is "sendmail -t -oi", but you
may need something different.
* incoming PKS synchronization
Incoming PKS synchronization is less critical than outgoing, since as long
as some SKS server gets the new data, it will be distributed to all.
Having more hosts receive the incoming PKS syncs does, however, increase
the fault-tolerance of the connection between the two systems.
In order to get incoming mail working, you should pipe the appropriate
incoming mail to the following command via procmail:
"sks_add_mail sks_directory_name"
Here's an example procmail entry:
PATH=/path/of/sks/exectuables
:0
* ^Subject: incremental
| sks_add_mail sks_directory_name
* built-in webserver
You can server up a simple index page directly from the port you're using
for HKP. This is done by creating a subdirectory in your SKS directory
called "web". There, you can put an index file named "index.html",
"index.htm", "index.xhtm", or "index.xhtml", supporting files with
extensions .css, .es, or .js, and some image files with extensions
jpg, jpeg, png or gif. Subdirectories will be ignored, as will filenames
with anything other than alphanumeric characters and the '.' character.
This is particularly useful if you want to run your webserver off of port 80.
This can be done by using the -hkp_port command-line option.
-- Building up the databases -------------------
- First, you need to get a keydump. If you're running a PKS server, you
should be able to convince PKS to generate one for you. If you're
starting from scratch, you'll need to download one from the net. You
should contact the pgp keyserver list <[email protected]>
- in the SKS directory, put in a subdirectory called "dump" which contains
the keydump files from which the database is to be built.
- Run sks_build.sh. That script actually runs three utilities. You
might want to edit sks_build.sh if you want to trade off speed for space
usage. At the current settings, you could run out of ram if you try
this with less then 256 megs of RAM.
DO NOT DELETE THE "dump" DIRECTORY, even after the database is built. The
original keys are not copied to the database, and so the dump must be left in
place.
-- Platform specific issues ----------------
FreeBSD:
On FreeBSD it appears that libdb is named differently than on some other
platforms. For that reason, you need to set the LIBDB environment value
to "-ldb46" instead of "-ldb-4.6" for other platfomrs.