debian/0000755000000000000000000000000012256140742007171 5ustar debian/README.patches0000644000000000000000000000035512134245061011475 0ustar 000 - stolen from HEAD 100 - 199 patches that upstream accepted 200 - 399 patches that should go upstream 400 - 499 patches that upstream rejected, but that we want anyway 500 - 899 debian specific patches 900 - 999 security patches debian/sks.dirs0000644000000000000000000000017712134245061010654 0ustar etc/sks usr/sbin usr/lib/sks var/lib/sks/dump var/lib/sks/www var/log/sks var/spool/sks/messages var/spool/sks/failed_messages debian/debcfg/0000755000000000000000000000000012134245061010376 5ustar debian/debcfg/forward.exim0000644000000000000000000000002312134245061012721 0ustar |/usr/bin/procmail debian/debcfg/procmail0000644000000000000000000000011512134245061012124 0ustar :0 * ^Subject: *(incremental|add) | /usr/lib/sks/sks_add_mail /var/spool/sks debian/debcfg/membership0000644000000000000000000000076312134245061012462 0ustar # /etc/sks/membership # # With SKS, two hosts can efficiently compare their databases then # repair whatever differences are found. In order to set up # reconciliation, you first need to find other SKS servers that will # agree to gossip with you. The hostname and port of the server that # has agreed to do so should be added to this file. # # Empty lines and whitespace-only lines are ignored, as are lines # whose first non-whitespace character is a `#'. # # Example: # keyserver.linux.it 11370 debian/debcfg/forward.postfix0000644000000000000000000000003212134245061013453 0ustar "|exec /usr/bin/procmail" debian/debcfg/sksconf0000644000000000000000000000221112134245061011763 0ustar # /etc/sks/sksconf # # The configuration file for your SKS server. # You can find more options in sks(8) manpage. # Set server hostname #hostname: this.server.fdqn # Set recon binding address #recon_address: 0.0.0.0 # Set recon port number #recon_port: 11370 # Set hkp binding address #hkp_address: 0.0.0.0 # Set hkp port number #hkp_port: 11371 # Have the HKP interface listen on port 80, as well as the hkp_port #use_port_80: # From address used in synchronization emails used to communicate with PKS #from_addr: "PGP Key Server Administrator " # Command used for sending mail (you can use -f option to specify the # envelope sender address, if your MTA trusts the sks user) #sendmail_cmd: /usr/lib/sendmail -t -oi # Runs database statistics calculation on boot (time and cpu expensive) #initial_stat: # bdb's db_tune program suggests a pagesize of 65536 for [K]DB/key. In practice # this caused page deadlocks. I found 8K (16) and 16K (32) to be better values pagesize: 16 # # The tuner recommended 4096 (8) for the pagesize for PTree/ptree. I have had # very good results with 8196 ptree_pagesize: 16 debian/debcfg/mailsync0000644000000000000000000000115212134245061012137 0ustar # /etc/sks/mailsync # # The mailsync should contains a list of email addresses of PKS # keyservers, one per line. This file is important, because it ensures # that keys submitted directly to an SKS keyserver are also forwarded # to PKS keyservers. # # Empty lines and whitespace-only lines are ignored, as are lines # whose first non-whitespace character is a `#'. # # IMPORTANT: don't add someone to your mailsync file without getting # their permission first! # # Jonathan McDowell says that having # his keyserver's address in the Debian package is fine. pgp-public-keys@the.earth.li debian/sks.postrm0000755000000000000000000000026112134245061011234 0ustar #!/bin/sh -e if [ "$1" = "purge" ]; then # logs has to be removed according to policy. # not sure about spool/lib stuff rm -rf /var/log/sks fi #DEBHELPER# exit 0 debian/sks.cron.daily0000755000000000000000000000170712134245061011760 0ustar #!/bin/sh # daily cron to cleanup DB's log files. set -e [ -r /etc/sks/cron.conf ] && . /etc/sks/cron.conf # First, remove old diff-1.2.3.4.txt files # those files hold differences discovered during recon # eventhing that hasn't been touched in the last 2 weeks # is probably old and the result of a host that changed IP. [ -d /var/spool/sks ] || exit 0 find /var/spool/sks -type f -name 'diff-*.txt' -mtime +14 | xargs --no-run-if-empty rm -f [ -d /var/spool/sks/failed_messages ] || exit 0 # Also remove failed messages find /var/spool/sks/failed_messages -type f -name 'msg-*.ready' -mtime +14 | xargs --no-run-if-empty rm -f [ "$REMOVE_DB_LOGS" = "no" ] && exit 0 clean_directory() { dir=$1 if [ -d "$dir" ] then db_archive -h $dir -d fi return 0 } # The DB directory holds indexes and keys. clean_directory /var/lib/sks/DB # PTree is for the hashes used with the reconciliation algorithm. (I think) clean_directory /var/lib/sks/PTree exit 0 debian/copyright0000644000000000000000000000470112134245061011121 0ustar The SKS OpenPGP Key Server for Debian Upstream author: Yaron M. Minsky It was downloaded from: http://www.nongnu.org/sks/ SKS has been ported to Debian by: Fabio M. Di Nitto Peter Palfrader Copyright 2002, 2003 Yaron M. Minsky SKS is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. On Debian systems the complete text of Version 2 of the General Public License can be found in /usr/share/common-licenses/GPL. SKS uses the following additional software: cryptokit: Copyright 2002 Institut National de Recherche en Informatique et en Automatique. All rights reserved. This file is distributed under the terms of the GNU Library General Public License version 2, with the special exception on linking described here: As a special exception to the GNU Library General Public License, you may link, statically or dynamically, a "work that uses the Library" with a publicly distributed version of the Library to produce an executable file containing portions of the Library, and distribute that executable file under terms of your choice, without any of the additional requirements listed in clause 6 of the GNU Library General Public License. By "a publicly distributed version of the Library", we mean either the unmodified Library as distributed by INRIA, or a modified version of the Library that is distributed under the conditions defined in clause 3 of the GNU Library General Public License. This exception does not however invalidate any other reasons why the executable file might be covered by the GNU Library General Public License. On Debian systems the complete text of Version 2 of the Library General Public License can be found in /usr/share/common-licenses/LGPL-2. debian/sks.default0000644000000000000000000000015012134245061011326 0ustar # by default we do NOT start sks! # Set to yes if you want to start it in the init script. initstart=no debian/changelog0000644000000000000000000003654412256140713011055 0ustar sks (1.1.4-2.1ubuntu1) trusty; urgency=medium * Merge with Debian; remaining changes: - debian/sks.postinst: Provide OLD_BDB versions for Ubuntu. -- Matthias Klose Mon, 23 Dec 2013 23:03:20 +0000 sks (1.1.4-2.1) unstable; urgency=high * Non-maintainer upload. * Fix compilation with OCaml 4.01.0 (Closes: #731584) -- Stéphane Glondu Tue, 10 Dec 2013 07:18:02 +0100 sks (1.1.4-2ubuntu2) trusty; urgency=medium * Rebuild for ocaml-4.01. -- Matthias Klose Mon, 23 Dec 2013 20:28:21 +0000 sks (1.1.4-2ubuntu1) trusty; urgency=low * Merge from Debian unstable. (LP: #1247908, #1096116) Remaining changes: - debian/sks.postinst: Provide OLD_BDB versions for Ubuntu. * Dropped change, already applied in Debian: - Look for ^.i not ^ii in libdbX.Y-dev packages for BDB_VERSION and assert that we have a value. -- Artur Rona Mon, 04 Nov 2013 17:50:37 +0100 sks (1.1.4-2) unstable; urgency=low * move to unstable * 1.1.4 stops creating gmon.out (Closes: #699847) -- Daniel Kahn Gillmor Thu, 01 Aug 2013 23:04:12 -0400 sks (1.1.4-1) experimental; urgency=low * New Upstream Release (Closes: #690135) * added myself to Uploaders. * convert to dh 9 * Standards-Version: bump to 3.9.4 (no changes needed) * debian/rules: clean up * refresh and clean up debian/patches * switch packaging vcs to git * avoid trying to upgrade DB_CONFIG (Closes: #709322) -- Daniel Kahn Gillmor Thu, 27 Jun 2013 16:39:02 -0400 sks (1.1.3-3) UNRELEASED; urgency=low [ Christoph Martin ] * merge Ubuntu changes * Look for ^.i not ^ii in libdbX.Y-dev packages for BDB_VERSION. And assert that we have a value (LP: #1021650) * Create /var/lib/sks/berkeley_db.active even when we aren't upgrading BDB versions. [ Daniel Kahn Gillmor ] * avoid trying to upgrade DB_CONFIG (Closes: #709322) * switch to git * adding myself to uploaders * use debhelper 9 -- Daniel Kahn Gillmor Fri, 28 Jun 2013 18:10:07 -0400 sks (1.1.3-2ubuntu2) trusty; urgency=low * No change rebuild against db 5.3. -- Dmitrijs Ledkovs Sat, 02 Nov 2013 19:08:26 +0000 sks (1.1.3-2ubuntu1) raring; urgency=low * Merge from Debian unstable. Remaining changes: - debian/rules: Look for ^.i not ^ii in libdbX.Y-dev packages for BDB_VERSION and assert that we have a value. - debian/sks.postinst: Provide OLD_BDB versions for Ubuntu. * Dropped changes: - Include pagesize and ptree_pagesize in sksconf so that importing a dump won't hang (a similar change was made in Debian). -- Logan Rosen Sun, 24 Mar 2013 01:21:06 -0400 sks (1.1.3-2) unstable; urgency=high * add Vcs tags to control file * fix watch file because of upstream move * add Homepage tag to control file * add db parameter to sksconf to fix db build deadlocks (closes: #699848) -- Christoph Martin Mon, 11 Mar 2013 16:48:16 +0100 sks (1.1.3-1ubuntu3) quantal; urgency=low * debian/sks.postinst: LP: #1061769 - detect if Ubuntu system, even if dpkg-vendor is not available -- Dustin Kirkland Thu, 04 Oct 2012 12:44:23 -0500 sks (1.1.3-1ubuntu2) quantal; urgency=low * Look for ^.i not ^ii in libdbX.Y-dev packages for BDB_VERSION. And assert that we have a value (LP: #1021650) -- Stefano Rivera Fri, 06 Jul 2012 22:30:42 +0200 sks (1.1.3-1ubuntu1) quantal; urgency=low * Provide OLD_BDB versions for Ubuntu (LP: #1020034) * Create /var/lib/sks/berkeley_db.active even when we aren't upgrading BDB versions. * Include pagesize and ptree_pagesize in sksconf, so that importing a dump won't hang (LP: #1019756) -- Stefano Rivera Mon, 02 Jul 2012 12:50:53 +0200 sks (1.1.3-1) unstable; urgency=low * New upstream release (closes: #663757) * change patches to work with new release * include sample config and web * include default index.html and robots.txt (closes: #600008) -- Christoph Martin Wed, 20 Jun 2012 11:58:47 +0200 sks (1.1.1+dpkgv3-8) unstable; urgency=low * fix debian/watch * drop recommends on db4.7-utils (closes: 664768) Hopyfully you have the db-utils from you old db version installed. But it should also work without that. * change default mailsync server (closes: 599919) * change init script to not background sks too early to see error messages (closes: 651843) * bump Standards-Version to 3.9.1 (no changes) -- Christoph Martin Fri, 11 May 2012 17:15:08 +0200 sks (1.1.1+dpkgv3-7.1) unstable; urgency=low * Non-Maintainer Upload. * emit proper HTTP 1.0 POSTs from recon process (Closes: #667695) -- Daniel Kahn Gillmor Fri, 06 Apr 2012 10:36:48 -0400 sks (1.1.1+dpkgv3-7) unstable; urgency=low * remove default mailsync entry to prevent sks from sending email syncs per default (Thanks to Graham Dunn for the hint) * fix sks.daily to not depend on db4.7 (closes: #627767) * fix sks.postinst to only upgrade the db if the version changes -- Christoph Martin Tue, 31 May 2011 17:05:32 +0200 sks (1.1.1+dpkgv3-6.2) unstable; urgency=low * Non-maintainer upload. * Handle gracefully missing db directory, which can happen if: + sks was not enabled and didn't create PTree directory + keys haven't been imported to the package * Update instructions for retrieving keydump (Closes: #605454) * Install README from source directory (Closes: #599868) * Use dh_ocaml >= 0.9 (Closes: #599579) * Add hints to run commands as debian-sks user as suggested in the BTS -- Ondřej Surý Thu, 19 May 2011 11:56:33 +0200 sks (1.1.1+dpkgv3-6.1) unstable; urgency=low * Non-maintainer upload. * Remove XA environment usage (patch from upstream) and use generic -ldb library to link with (Closes: #621384) * Add automagick upgrade of Berkeley DB databases (Closes: #606183) * Change db4.7-util to Recommends: db4.7-util and Depends: db-util -- Ondřej Surý Fri, 13 May 2011 12:33:13 +0200 sks (1.1.1+dpkgv3-6) unstable; urgency=high * fix to not really working fix for strip of bytecode (closes: 599029) -- Christoph Martin Mon, 25 Oct 2010 18:11:37 +0200 sks (1.1.1+dpkgv3-5) unstable; urgency=high * add nostrip to DEB_BUILD_OPTIONS on architectures with ocaml bytecode. (closes: 599029) * don't depend on mta etc., as mailsync is now mostly obsolete (closes: 599280) -- Christoph Martin Thu, 07 Oct 2010 20:49:13 +0200 sks (1.1.1+dpkgv3-4) unstable; urgency=low * remove pramberger.at from README.Debian, because it is no longer availlable (closes: #597818) -- Christoph Martin Mon, 27 Sep 2010 12:09:03 +0200 sks (1.1.1+dpkgv3-3) unstable; urgency=low * fix typo in control to include correct ocaml-base-nox dependency (closes: #596563) -- Christoph Martin Sun, 12 Sep 2010 21:14:26 +0200 sks (1.1.1+dpkgv3-2) unstable; urgency=low * fix build and install to work on plattforms which don't have the native ocaml compile (closes: #594557) -- Christoph Martin Fri, 27 Aug 2010 12:09:33 +0200 sks (1.1.1+dpkgv3-1) unstable; urgency=high * include NEWS file to inform about db update (closes: #594103) * fix README.Debian to include a working download URL for a fresh keydump (closes: 593852) * 511_gcc4.4_prototypes: Don't redefine bzero(3), fixes FTBFS (Thanks to Daniel T Chen ) * convert to source format 3 with quilt patches (closes: #576057) -- Christoph Martin Wed, 25 Aug 2010 18:11:26 +0200 sks (1.1.1-2) unstable; urgency=low * don't chown PIDDIR in postinst, since we do it in init (Closes: #566922) -- Christoph Martin Mon, 08 Feb 2010 15:00:34 +0100 sks (1.1.1-1) unstable; urgency=low * New upstream * fix watchfile * fix some lintian errors/warnings -- Christoph Martin Sat, 28 Nov 2009 15:38:39 +0100 sks (1.1.0-9) unstable; urgency=low * Explicitly require libdb4.7, 4.8 is not supported (Closes: #549798). -- Christoph Martin Wed, 04 Nov 2009 21:40:36 +0100 sks (1.1.0-8) unstable; urgency=low * Teach dbserver about content-type for .html. * Allow - in filenames for webserver. * closes: #505014 * thanks to Peter Palfrader -- Christoph Martin Thu, 16 Jul 2009 23:33:21 +0200 sks (1.1.0-7) unstable; urgency=low * fix patch for PIDDIR * link against libdb4.7 * really include watch file -- Christoph Martin Thu, 16 Jul 2009 00:22:06 +0200 sks (1.1.0-6) unstable; urgency=low * remove Peter Palfrader from Maintainer and Uploaders * add watch file * Remove reference to native-arch in old OCaml standard library path (Thanks to Stephane Glondu ) (Closes: #535267) -- Christoph Martin Fri, 10 Jul 2009 23:34:36 +0200 sks (1.1.0-5) unstable; urgency=low * Check spool directories for existance (Thanks to Filippo Giunchedi ) (Closes: #493335) * make PIDDIR on startup to workaround /var/run on a tempfs -- Christoph Martin Thu, 18 Jun 2009 16:39:09 +0200 sks (1.1.0-4) unstable; urgency=low * fix cron.daily to call correct db*_archive and print unwanted messages (closes #491281) * fix comment in README.Debian about correcting permissions after initial database build -- Christoph Martin Tue, 22 Jul 2008 17:27:58 +0200 sks (1.1.0-3) unstable; urgency=low * make separate patches for manpage install for upstream * patch to correctly build bdb on non native ocaml archs -- Christoph Martin Tue, 24 Jun 2008 17:16:49 +0200 sks (1.1.0-2) unstable; urgency=low * Make sks build on architectures which are non native ocaml archs (closes: #486847) * update to standards version 3.8.0 * some changes to README.Debian -- Christoph Martin Tue, 24 Jun 2008 11:01:10 +0200 sks (1.1.0-1) unstable; urgency=low * First official Debian release (closes: #484785) * New upstream release * Update to newest standards version and sid environment * Change to using db4.6 * Drop usage of numerix * Include latest upstream patches * Install manpage -- Christoph Martin Wed, 11 Jun 2008 16:55:15 +0200 sks (1.0.10-0.1) UNRELEASED; urgency=low * New upstream release. * Several changes courtesy of Marco Nenciarini . * Add some comments to etc/sks/{membership,mailsyn,sksconf}. * New upstream patch incorporates the following patches: - 212_do_not_export_zerolen_packets * Update 500_debian_fhs for new log filenames. * Remove 510_sane_logfile_names. * Rename logfiles in postinst. * Forward port rest of 500_debian_fhs. * Forward port 501_makefile_cflags. * Remove 511_sys_random, it looks obsolete. * Add debian/contrib/make_debian_orig script by Marco to build debian upstream tarballs without the unneeded crap put into the upstreamtarball. -- Peter Palfrader Wed, 24 Aug 2005 18:55:04 +0200 sks (1.0.9-0.6) UNRELEASED; urgency=low * Add 212_do_not_export_zerolen_packets. -- Peter Palfrader Thu, 18 Aug 2005 03:02:48 +0200 sks (1.0.9-0.5) UNRELEASED; urgency=low * Fix 500_debian_fhs again. -- Peter Palfrader Thu, 14 Apr 2005 09:04:42 +0200 sks (1.0.9-0.4) UNRELEASED; urgency=low * Fix 500_debian_fhs, so that we do not create a thousand diff-xxx files because client ports in recon are changing all the time. Upstream got that right, but the patch reverted that to a (previous? and) broken behaviour. -- Peter Palfrader Thu, 20 Jan 2005 17:18:58 +0100 sks (1.0.9-0.3) UNRELEASED; urgency=low * Changed maintainer to myself. the debian-sks@mirror address was bouncing. -- Peter Palfrader Wed, 5 Jan 2005 19:19:28 +0100 sks (1.0.9-0.2) UNRELEASED; urgency=low * Make /var/log/sks readable by group adm. * Fix 500_debian_fhs to also change the other location in the code where diff-* files are used. -- Peter Palfrader Fri, 12 Nov 2004 17:27:41 +0100 sks (1.0.9-0.1) UNRELEASED; urgency=low * New upstream release. * New upstream patch incorporates the following patches: - 208_show_revoked_in_ms - 209_handle_attribute_uids_in_mr - 210_only_latest_changetime_in_mr - 211_content_type_utf8 * Upstream has a changelog again. * Upstream shipped manpage as pod, build-depend on perl and perl-doc so the Makefile can build it. * The build script reappeared in the upstream tarball, resurrect 508_build_fastbuild. -- Peter Palfrader Tue, 26 Oct 2004 01:42:34 +0200 sks (1.0.8-0.1) UNRELEASED; urgency=low * New upstream release. * New upstream patch incorporates the following patches: - 201_speling - 202_correct_x_keyserver - 203_extra_space_in_fpr - 204_relative_links - 205_show_peer_when_config_rejected - 206_also_write_empty_diffs - 207_log_recovered_hashes_source * The build script disappeared in the upstream tarball, remove 508_build_fastbuild * Updated with new pathnames/offsets: - 209_handle_attribute_uids_in_mr - 210_only_latest_changetime_in_mr - 402_separate_keys_with_hr - 500_debian_fhs - 501_makefile_cflags - 509_Slong_Dlong - 510_sane_logfile_names * Use UTF8 as charset in html content-types (211_content_type_utf8) * Correct name of external variable so it works properly with ocaml 3.08 and nox. * Update build dependencies to build against ocaml 3.08. Includes changing from libnums to ocaml-nox. * Upstream now has a manpage, use that instead of our sks.8. * Upstream has no changelog right now!! -- Peter Palfrader Mon, 18 Oct 2004 23:41:42 +0200 sks (1.0.7-0.4) UNRELEASED; urgency=low * add 211_content_type_utf8 to have utf8 encoding with tex/html. -- Peter Palfrader Mon, 18 Oct 2004 22:17:30 +0200 sks (1.0.7-0.3) UNRELEASED; urgency=low * add 208_show_revoked_in_ms: show key revoked information in machine readable output. * add 209_handle_attribute_uids_in_mr: do print "uat" instead of "uid" and do not dump binary garbage to the client. * add 210_only_latest_changetime_in_mr: in machine readable output, do not show list of create and expiration times, only one. -- Peter Palfrader Mon, 2 Aug 2004 11:03:43 +0200 sks (1.0.7-0.2) UNRELEASED; urgency=low * add 205_show_peer_when_config_rejected: print peername in reject errors. * add 206_also_write_empty_diffs: also write empty diff-.txt files. * add 207_log_recovered_hashes_source: show source of keys in recon. -- Peter Palfrader Sat, 19 Jun 2004 01:21:14 +0200 sks (1.0.7-0.1) UNRELEASED; urgency=low * packaging sks. -- Peter Palfrader Sun, 14 Mar 2004 01:46:23 +0100 debian/sks.prerm0000755000000000000000000000004212134245061011032 0ustar #!/bin/sh -e #DEBHELPER# exit 0 debian/NEWS0000644000000000000000000000115712134245061007667 0ustar sks (1.1.1+dpkgv3-6.1) unstable; urgency=low sks now uses a Berkeley DB version 5.1 without XA environment. The postinst script should upgrade the database automatically. There will be backup in /var/backups/sks in case something went wrong. -- Ondřej Surý Fri, 13 May 2011 12:38:29 +0200 sks (1.1.1+dpkgv3-1) unstable; urgency=high *** NOTE *** sks now uses a different BerkelyDB version. You need to upgrade your database prior to starting sks. Please read README.Debian for instructions -- Christoph Martin Wed, 25 Aug 2010 17:55:07 +0200 debian/sks.docs0000644000000000000000000000004112213703325010631 0ustar README.md sampleConfig sampleWeb debian/sks.logrotate0000644000000000000000000000022412134245061011704 0ustar /var/log/sks/*.log { daily rotate 5 compress delaycompress missingok notifempty postrotate /etc/init.d/sks reload > /dev/null endscript } debian/clean0000644000000000000000000000001712163405621010171 0ustar Makefile.local debian/TODO0000644000000000000000000000453112134245061007657 0ustar commit mail test Legend: - Not done * Top priority . Partially done o Done D Deferred X Abandoned - Add sks_build.sh to package For the first upload: - put useful conffiles into /etc/sks - maybe we should just stick ourselves into the default membership file. - Fix dependencies. sks probably needs cryptokit, numerix, and stuff but there is no dependency right now. Why do we link statically against cryptokit and numerix? Feature or bug? Don't we need a versioned dependency on libgmp3? What about libdb4.1? X passing CFLAGS to cryptokit and numerix . now we ship both cryptokit and numerix unpacked also to fix a libtool <-> ocaml interaction but not everything all the CFLAGS are the same so we cannot really use a debian standard. o completing Build-Depends: o wait for the non-free Nat stuff to get rewritten in ocaml. Sven says it will be in ocaml 3.08. o who cleans failed_messages? if we go for the procmail solution (read below) messages will be injected immediatly. The failes_messages imho should just be logged (/var/log/sks/) and rotated since they become useless. o clean up old diff-1.2.3.4.txt files: .... 33 Dec 19 22:15 /var/spool/sks/diff-64.175.14.58.txt o rename logs to foo.log and setup logrotate o debian fhs needs to be completed o where are the recon and db sockets? do they still exist in 1.0.5? they are in /var/run/sks now. o why the fuck upstream has to force pwd???.. a fucking "." go figure... and we should be carefull to the runtime option -basedir! o dedicated uid, chown all the dirs to that user o debian-sks: check uid range and homedir o dedicated group too. o init script to start sks o still missing: loop in stop for a few seconds, sks db is stopping slowly. o a weekly cron to clean up unused DB log files upstream issues: o common.src.ml is broken and it generates a wrong common.ml in some cases where make common.ml believes that it is not "done". The good code is in common.ml X sks should be able to read sync mails from mboxes and Maildir folders. Otherwhise we will have to write a small daemon that feeds mail into sks_add_mail regularily. o No. We can depends on procmail and install the related files directly into the user home dir and mark them as configfiles. X ship crytokit and numerix unpacked debian/compat0000644000000000000000000000000212163405560010366 0ustar 9 debian/patches/0000755000000000000000000000000012256140652010620 5ustar debian/patches/202_makefile_bytecode.patch0000644000000000000000000000076012213703325015655 0ustar --- a/bdb/Makefile +++ b/bdb/Makefile @@ -36,7 +36,7 @@ COBJS = bdb_stubs.o ocextr: ocextr.ml - $(OCAMLOPT) -o ocextr ocextr.ml + $(OCAMLC) -o ocextr ocextr.ml libbdb.a: $(COBJS) $(MKLIB) -custom -o bdb $(COBJS) --- a/Makefile +++ b/Makefile @@ -133,7 +133,7 @@ install.bc: mkdir -p $(PREFIX)/bin - install sks_build.bc.sh sks.bc sks_add_mail.bc $(PREFIX)/bin + install sks_build.bc sks.bc sks_add_mail.bc $(PREFIX)/bin mkdir -p $(MANDIR)/man8 install sks.8.gz $(MANDIR)/man8 debian/patches/500_debian_fhs.patch0000644000000000000000000001015012213703325014277 0ustar --- a/common.ml +++ b/common.ml @@ -93,7 +93,7 @@ let set_logfile extension = if !Settings.filelog then - let fname = (Filename.concat !Settings.basedir extension) ^ ".log" in + let fname = (Filename.concat !Settings.basedir "/var/log/sks/") ^ extension ^ ".log" in stored_logfile_name := Some fname; logfile := open_out_gen [ Open_wronly; Open_creat; Open_append; ] 0o600 fname; @@ -221,8 +221,8 @@ let recon_address = !Settings.recon_address let http_port = !Settings.hkp_port let http_address = !Settings.hkp_address -let db_command_name = Filename.concat !Settings.basedir "db_com_sock" -let recon_command_name = Filename.concat !Settings.basedir "recon_com_sock" +let db_command_name = Filename.concat !Settings.basedir "/var/run/sks/db_com_sock" +let recon_command_name = Filename.concat !Settings.basedir "/var/run/sks/recon_com_sock" let db_command_addr = Unix.ADDR_UNIX db_command_name let recon_command_addr = Unix.ADDR_UNIX recon_command_name --- a/dbserver.ml +++ b/dbserver.ml @@ -406,7 +406,7 @@ let convert_web_fname fname = if verify_web_fname fname then - Filename.concat !Settings.basedir (Filename.concat "web" fname) + Filename.concat !Settings.basedir (Filename.concat "/var/lib/sks/www" fname) else raise (Wserver.Misc_error "Malformed requst") let supported_extensions = --- a/getfileopts.ml +++ b/getfileopts.ml @@ -110,7 +110,7 @@ (**************************************************************) (**************************************************************) -let config_fname = "sksconf" +let config_fname = "/etc/sks/sksconf" let parse args = Arg.current := 0; --- a/reconserver.ml +++ b/reconserver.ml @@ -192,7 +192,7 @@ let elements = ZSet.elements results in let hashes = hashconvert elements in print_hashes (sockaddr_to_string http_addr) hashes; - log_diffs (sprintf "diff-%s.txt" (sockaddr_to_name http_addr)) hashes; + log_diffs (sprintf "/var/spool/sks/diff-%s.txt" (sockaddr_to_name http_addr)) hashes; if List.length elements > 0 then begin @@ -229,7 +229,7 @@ plerror 4 "Reconciliation complete"; let hashes = hashconvert results in print_hashes (sockaddr_to_string http_addr) hashes; - log_diffs (sprintf "diff-%s.txt" (sockaddr_to_name http_addr)) hashes; + log_diffs (sprintf "/var/spool/sks/diff-%s.txt" (sockaddr_to_name http_addr)) hashes; match results with [] -> [] | _ -> --- a/settings.ml +++ b/settings.ml @@ -200,7 +200,7 @@ let command_timeout = ref 60 let set_command_timeout value = command_timeout := value -let sendmail_cmd = ref "sendmail -t -oi" +let sendmail_cmd = ref "/usr/lib/sendmail -t -oi" let set_sendmail_cmd value = sendmail_cmd := value let membership_reload_time = ref (60. *. 60. *. 6.) @@ -226,15 +226,15 @@ let use_stdin = ref false -let basedir = ref "." +let basedir = ref "" -let base_dbdir = "KDB" -let base_ptree_dbdir = "PTree" -let base_membership_file = "membership" -let base_mailsync_file = "mailsync" -let base_dumpdir = "dump" -let base_msgdir = "messages" -let base_failed_msgdir = "failed_messages" +let base_dbdir = "/var/lib/sks/DB" +let base_ptree_dbdir = "/var/lib/sks/PTree" +let base_membership_file = "/etc/sks/membership" +let base_mailsync_file = "/etc/sks/mailsync" +let base_dumpdir = "/var/lib/sks/dump" +let base_msgdir = "/var/spool/sks/messages" +let base_failed_msgdir = "/var/spool/sks/failed_messages" let dbdir = lazy (Filename.concat !basedir base_dbdir) let ptree_dbdir = lazy (Filename.concat !basedir base_ptree_dbdir) @@ -290,7 +290,7 @@ ("-hkp_address",Arg.String set_hkp_address, " Set hkp binding address"); ("-use_port_80",Arg.Set use_port_80, " Have the HKP interface listen on port 80, as well as the hkp_port"); - ("-basedir", Arg.Set_string basedir, " Base directory"); + ("-basedir", Arg.Set_string basedir, " Base directory (Take special care if running the Debian package!)"); ("-stdoutlog", Arg.Clear filelog, " Send log messages to stdout instead of log file"); ("-diskptree", Arg.Set disk_ptree, debian/patches/501_makefile_cflags.patch0000644000000000000000000000505012213703325015315 0ustar --- a/bdb/Makefile +++ b/bdb/Makefile @@ -17,8 +17,8 @@ CINCLUDES=-I`ocamlc -where` $(BDBINCLUDE) CC=gcc CXX=g++ -CFLAGS=-O3 -Werror-implicit-function-declaration $(CINCLUDES) $(BDBLIB) -I . -CXXFLAGS=-O3 $(CINCLUDES) $(BDBLIB) -I . +CFLAGS=$(DEBCFLAGS) -Werror-implicit-function-declaration $(CINCLUDES) $(BDBLIB) -I . +CXXFLAGS=$(DEBCFLAGS) $(CINCLUDES) $(BDBLIB) -I . MKLIB=ocamlmklib RANLIB=ranlib --- a/Makefile +++ b/Makefile @@ -17,8 +17,8 @@ CINCLUDES=-I`ocamlc -where` CC=gcc CXX=g++ -CFLAGS=-O3 -Werror-implicit-function-declaration $(CINCLUDES) -I . -CXXFLAGS=-O3 $(CINCLUDES) -I . +CFLAGS=$(DEBCFLAGS) -Werror-implicit-function-declaration $(CINCLUDES) -I . +CXXFLAGS=$(DEBCFLAGS) $(CINCLUDES) -I . ifndef OCAMLC OCAMLC=ocamlc @@ -46,7 +46,7 @@ endif CAMLP4=-pp $(CAMLP4O) -CAMLINCLUDE= -I lib -I bdb +CAMLINCLUDE= -I lib -I bdb -I +cryptokit COMMONCAMLFLAGS=$(CAMLINCLUDE) $(OCAMLLIB) -ccopt -Lbdb -dtypes -warn-error A OCAMLDEP=ocamldep $(CAMLP4) CAMLLIBS=unix.cma str.cma bdb.cma nums.cma bigarray.cma cryptokit.cma @@ -100,7 +100,7 @@ EXEOBJS.bc=$(RSERVOBJS.bc) build.cmo fastbuild.cmo dbserver.cmo pdiskTest.cmo -LIBS.bc= lib/cryptokit.cma bdb/bdb.cma +LIBS.bc= bdb/bdb.cma LIBS=$(LIBS.bc:.cma=.cmxa) VERSION := $(shell cat VERSION) @@ -262,10 +262,10 @@ ################################## bdb/bdb.cmxa: bdb/bdb_stubs.c bdb/bdb_stubs.h - cd bdb && $(MAKE) bdb.cmxa + cd bdb && $(MAKE) DEBCFLAGS="$(DEBCFLAGS)" bdb.cmxa bdb/bdb.cma: bdb/bdb_stubs.c bdb/bdb_stubs.h - cd bdb && $(MAKE) bdb.cma + cd bdb && $(MAKE) DEBCFLAGS="$(DEBCFLAGS)" bdb.cma bdbclean: cd bdb && $(MAKE) clean @@ -280,30 +280,6 @@ touch prepared -CKVER=cryptokit-1.5 -CKDIR=$(CKVER)/src - -$(CKVER)/README.txt: - tar xmvfz $(CKVER).tar.gz - -$(CKDIR)/cryptokit.cma: $(CKVER)/README.txt - cd $(CKDIR) && $(MAKE) all - -$(CKDIR)/cryptokit.cmxa: $(CKVER)/README.txt - cd $(CKDIR) && $(MAKE) allopt - -lib/cryptokit.cma: $(CKDIR)/cryptokit.cma $(CKDIR)/cryptokit.cmxa prepared - cp $(CKDIR)/cryptokit.cmi $(CKDIR)/cryptokit.cma \ - $(CKDIR)/cryptokit.mli lib - cp $(CKDIR)/libcryptokit.a lib - if test -f $(CKDIR)/dllcryptokit.so; then \ - cp $(CKDIR)/dllcryptokit.so lib; fi - if test -f $(CKDIR)/cryptokit.cmxa; then \ - cp $(CKDIR)/cryptokit.cmxa $(CKDIR)/cryptokit.cmx \ - $(CKDIR)/cryptokit.a lib; fi - -lib/cryptokit.cmxa: lib/cryptokit.cma - ################################ # old stuff ################################ @@ -402,7 +378,6 @@ cleanall: clean bdbclean rm -f lib/* - rm -rf $(CKVER) distclean: cleanall rm -rf Makefile.local debian/patches/100_deprecated_operators.patch0000644000000000000000000000164712256140652016427 0ustar Description: Do not use operators deprecated in OCaml 4.01.0 Author: Stéphane Glondu Bug-Debian: http://bugs.debian.org/731584 Forwarded: no Last-Update: 2013-12-10 --- sks-1.1.4.orig/prime.ml +++ sks-1.1.4/prime.ml @@ -87,7 +87,7 @@ let miller_rabin rfunc n t = let test () = let a = randrange rfunc two (n -! one) in let y = Number.powmod a r n in - if y =! one or y =! neg_one then Prime + if y =! one || y =! neg_one then Prime else let rec loop y j = if y =! neg_one then Prime --- sks-1.1.4.orig/mArray.ml +++ sks-1.1.4/mArray.ml @@ -57,7 +57,7 @@ let for_all ~f:test array = Array.fold_left ~f:(fun a b -> a && (test b)) ~init:true array let exists ~f:test array = - Array.fold_left ~f:(fun a b -> a or (test b)) ~init:false array + Array.fold_left ~f:(fun a b -> a || (test b)) ~init:false array let mem el array = let length = Array.length array in debian/patches/203_db.patch0000644000000000000000000000025712213703325012611 0ustar --- a/bdb/Makefile +++ b/bdb/Makefile @@ -30,7 +30,7 @@ OCAMLOPTFLAGS=$(COMMONCAMLFLAGS) -inline 40 ifndef LIBDB -LIBDB=-ldb-4.6 +LIBDB=-ldb endif COBJS = bdb_stubs.o debian/patches/series0000644000000000000000000000022712256140652012036 0ustar 202_makefile_bytecode.patch 203_db.patch 500_debian_fhs.patch 501_makefile_cflags.patch 502_makefile_install.patch 100_deprecated_operators.patch debian/patches/502_makefile_install.patch0000644000000000000000000000156312213703325015532 0ustar --- a/Makefile +++ b/Makefile @@ -126,14 +126,17 @@ # Special targets install: - mkdir -p $(PREFIX)/bin - install sks_build.sh sks sks_add_mail $(PREFIX)/bin + mkdir -p $(PREFIX)/sbin $(PREFIX)/lib/sks + install sks $(PREFIX)/sbin + install sks_build.sh sks_add_mail $(PREFIX)/lib/sks mkdir -p $(MANDIR)/man8 install sks.8.gz $(MANDIR)/man8 install.bc: - mkdir -p $(PREFIX)/bin - install sks_build.bc sks.bc sks_add_mail.bc $(PREFIX)/bin + mkdir -p $(PREFIX)/sbin $(PREFIX)/lib/sks + install sks.bc $(PREFIX)/sbin/sks + install sks_build.sh $(PREFIX)/lib/sks/ + install sks_add_mail.bc $(PREFIX)/lib/sks/sks_add_mail mkdir -p $(MANDIR)/man8 install sks.8.gz $(MANDIR)/man8 @@ -149,7 +152,7 @@ # Ordinary targets sks.8.gz: sks.8 - gzip -f sks.8 + gzip -9 -f sks.8 sks.8: sks.pod pod2man -c "SKS OpenPGP Key server" --section 8 -r 0.1 -name sks sks.pod sks.8 debian/README.Debian0000644000000000000000000000205412134245061011226 0ustar Some hints to setup your keyserver: If you install a new keyserver you might need a fresh keydump to start with. At the time of this writing you could get one from http://ftp.prato.linux.it/pub/keyring/dump-latest/ If you don't find one feel free to ask on the SKS mailing list. You can retrieve the keydump by executing following commands as the root user (or just su to debian-sks user)): cd /var/lib/sks/dump su debian-sks -c "wget -q -r -np -nd -A pgp http://ftp.prato.linux.it/pub/keyring/dump-latest/ -e robots=off" To build the database from the keydumps call: su debian-sks -c "/usr/lib/sks/sks_build.sh" To make the server start you have to edit the defaults file: vi /etc/default/sks If you want to connect to the global sks-network, send a mail to pgp-keyserver-folk@flame.org or sks-devel@nongnu.org and ask for gossip partners. Include the partners in /etc/sks/membership. ----- Thanks to Peter Palfrader for building the original Debian package. -- Ondřej Surý , Thu, 19 May 2011 11:55:48 +0200 debian/control0000644000000000000000000000245712236672355010614 0ustar Source: sks Section: net Priority: optional Standards-Version: 3.9.4 Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Christoph Martin Uploaders: Fabio M. Di Nitto , Daniel Kahn Gillmor Build-Depends: ocaml (>= 3.08), camlp4, libdb-dev, debhelper (>= 9), zlib1g-dev, libcryptokit-ocaml-dev (>= 1.2-4), ocaml-nox (>= 1.3-4), perl, perl-doc, dh-ocaml (>= 0.9~) Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-sks/pkg-sks.git Vcs-Git: git://anonscm.debian.org/pkg-sks/pkg-sks.git Package: sks Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, ${ocaml:Depends}, db-util, adduser, logrotate Provides: ${ocaml:Provides} Suggests: postfix | mail-transport-agent, procmail Description: Synchronizing OpenPGP Key Server SKS is an OpenPGP key server that correctly handles all OpenPGP features defined in RFC2440 and RFC2440bis, including photoID packages and multiple subkeys. . This key server implementation uses an efficient and reliable reconciliation algorithm to keep the database in sync with other SKS servers. Additionally it can both send and receive PKS style sync emails. Homepage: https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Home debian/sks.init0000755000000000000000000000472612213704101010656 0ustar #!/bin/sh -e # ### BEGIN INIT INFO # Provides: sks # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 ### END INIT INFO # # Start/stops the sks daemons. # # # Reads config file [ -r /etc/default/sks ] && . /etc/default/sks DAEMON=/usr/sbin/sks SKSDBPID=/var/run/sks/sksdb.pid SKSRECONPID=/var/run/sks/sksrecon.pid # See if the daemon is there test -e $DAEMON || exit 0 if [ ! -x $DAEMON ]; then echo "ERROR: $DAEMON is not executable" exit 1 fi . /lib/lsb/init-functions wait_for_deaddaemon () { pidfile=$1 pid=`cat $pidfile 2>/dev/null` || true sleep 1 if test -n "$pid" then if kill -0 $pid 2>/dev/null then echo -n "." cnt=0 while kill -0 $pid 2>/dev/null do cnt=`expr $cnt + 1` if [ $cnt -gt 30 ] then echo " FAILED." return 1 fi sleep 2 echo -n "." done rm -f $pidfile else rm -f $pidfile fi fi return 0 } case "$1" in start) echo -n "Starting sks daemons:" if [ "$initstart" != "yes" ]; then echo " Not starting sks (as configured in /etc/default/sks)" exit 0 fi mkdir -p `dirname "$SKSDBPID"` chown debian-sks `dirname "$SKSDBPID"` echo -n " sksdb.." start-stop-daemon --start --quiet --oknodo \ --chuid debian-sks:debian-sks \ --make-pidfile \ --pidfile $SKSDBPID \ --exec $DAEMON -- db & echo -n " sksrecon.." start-stop-daemon --start --quiet --oknodo \ --chuid debian-sks:debian-sks \ --make-pidfile \ --pidfile $SKSRECONPID \ --exec $DAEMON -- recon & echo " done." ;; stop) echo -n "Stopping sks daemons:" echo -n " sksrecon.." start-stop-daemon --stop --quiet --oknodo --pidfile $SKSRECONPID wait_for_deaddaemon $SKSRECONPID || exit 1 echo -n " sksdb.." start-stop-daemon --stop --quiet --oknodo --pidfile $SKSDBPID wait_for_deaddaemon $SKSDBPID || exit 1 echo " done." ;; reload) # Hupping at least reopens logfiles. # membership and mailsync are regularily read anyway # not sure about the rest # -- weasel echo -n "Reloading sks daemons:" echo -n " sksrecon.." start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile $SKSRECONPID echo -n " sksdb.." start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile $SKSDBPID echo " done." ;; restart|force-reload) $0 stop sleep 1 $0 start ;; *) echo "Usage: $0 {start|stop|reload|restart|force-reload}" exit 1 ;; esac exit 0 debian/rules0000755000000000000000000000210712213703472010247 0ustar #!/usr/bin/make -f TMP =$(CURDIR)/debian/sks OCAMLABI = $(shell ocamlc -version) BYTECODE = $(shell [ -x /usr/bin/ocamlopt ] || echo yes) all = $(if $(BYTECODE),all.bc,all) install = $(if $(BYTECODE),install.bc,install) OCAMLRUN = $(if $(BYTECODE),ocaml-base-nox-$(OCAMLABI)) export DEB_BUILD_OPTIONS += $(if $(BYTECODE)," nostrip",) BDB_VERSION ?= $(shell LC_ALL=C dpkg-query -l 'libdb[45].[0-9]-dev' | grep ^.i | sed -e 's|.*\s\libdb\([45]\.[0-9]\)-dev\s.*|\1|') %: dh $@ --with=ocaml override_dh_auto_clean: touch Makefile.local dh_auto_clean touch .depend override_dh_auto_build: touch Makefile.local make dep dh_auto_build -v -- $(all) override_dh_auto_install: # dh_auto_install -v -- PREFIX="$(TMP)/usr" MANDIR="$(TMP)/usr/share/man" $(install) $(MAKE) PREFIX="$(TMP)/usr" MANDIR="$(TMP)/usr/share/man" $(install) # Debian specific cp -a debian/debcfg/* debian/sks/etc/sks # Check that we have a value for BDB_VERSION [ -n "$(BDB_VERSION)" ] echo $(BDB_VERSION) > debian/sks/usr/lib/sks/berkeley_db.txt cp -a sampleWeb/OpenPKG/* debian/sks/var/lib/sks/www/ debian/source/0000755000000000000000000000000012134245061010464 5ustar debian/source/format0000644000000000000000000000001412134245061011672 0ustar 3.0 (quilt) debian/watch0000644000000000000000000000020312134245061010210 0ustar version=3 https://bitbucket.org/skskeyserver/sks-keyserver/downloads/sks-(\d[\d.]*)\.(?:zip|tgz|tbz2|txz|tar\.gz|tar\.bz2|tar\.xz) debian/sks.postinst0000755000000000000000000001162612236672355011617 0ustar #!/bin/sh -e # checking debian-sks account uid=`getent passwd debian-sks | cut -d ":" -f 3` home=`getent passwd debian-sks | cut -d ":" -f 6` # if there is the uid the account is there and we can do # the sanit(ar)y checks otherwise we can safely create it. if [ "$uid" ]; then # guess??? the checks!!! if [ $uid -ge 100 ] && [ $uid -le 999 ]; then echo "debian-sks uid check: ok" else echo "ERROR: debian-sks account has a non-system uid!" echo "Please check /usr/share/doc/sks/README.Debian on how to" echo "correct this problem" exit 1 fi if [ "$home" = "/var/lib/sks" ]; then echo "debian-sks homedir check: ok" else echo "ERROR: debian-sks account has an invalid home directory!" echo "Please check /usr/share/doc/sks/README.Debian on how to" echo "correct this problem" exit 1 fi else # what this might mean?? oh creating a system l^Huser! adduser --quiet \ --system \ --disabled-password \ --home /var/lib/sks \ --no-create-home \ --shell /bin/bash \ --group \ debian-sks fi if [ "$2" = "" ]; then # ch{owning,moding} things around # note that sks creates files/dirs with 600/700 # permissions as default. so let's stick with it for the # installation. We will do nothing across upgrades. for i in lib log spool; do chown -R debian-sks:debian-sks /var/$i/sks chmod -R 700 /var/$i/sks find /var/$i/sks -type f -exec chmod 600 '{}' ';' done chgrp -R adm /var/log/sks chmod -R g+rX /var/log/sks chmod g+s /var/log/sks else if [ "$1" = "configure" ]; then # fix permissions of logs after 1.0.9-0.1 if dpkg --compare-versions "$2" lt "1.0.9-0.2" ; then chgrp -R adm /var/log/sks chmod -R g+rX /var/log/sks chmod g+s /var/log/sks fi # 1.0.10 renamed log files from /var/log/sks/sks.foo.log to /var/log/sks/foo.log, # so be nice and rename things for the admin. if dpkg --compare-versions "$2" lt "1.0.10" ; then for i in `ls -1 /var/log/sks/`; do if echo "$i" | grep -q '^sks\.'; then mv /var/log/sks/"$i" /var/log/sks/`echo "$i" | sed -e 's/^sks.//'` fi done fi # Read the active Berkeley DB version, fall back to 4.7 if not found if [ -r /var/lib/sks/berkeley_db.active ]; then OLD_BDB=$(cat /var/lib/sks/berkeley_db.active) else if (type dpkg-vendor >/dev/null && dpkg-vendor --derives-from Ubuntu) || \ [ -e /etc/dpkg/origins/ubuntu ]; then if dpkg --compare-versions "$2" lt "1.1.1+dpkgv3-6.1"; then OLD_BDB=4.7 else OLD_BDB=5.1 fi else # Debian if dpkg --compare-versions "$2" lt "1.1.1+dpkgv3-1"; then OLD_BDB=4.6 elif dpkg --compare-versions "$2" lt "1.1.1+dpkgv3-6.1"; then OLD_BDB=4.7 else OLD_BDB=4.7 fi fi fi # Read the compiled-in Berkeley DB version NEW_BDB=$(cat /usr/lib/sks/berkeley_db.txt) if [ "$OLD_BDB" != "$NEW_BDB" ]; then # Upgrade Berkeley DB in place BACKUP_DIR=/var/backup/sks/$(date +%Y%m%d-%H%M%S) SKS_DIR=/var/lib/sks mkdir -p $BACKUP_DIR chown debian-sks:debian-sks ${BACKUP_DIR} for DBHOME in DB PTree; do # Don't run if the database directory doesn't exist [ ! -d ${SKS_DIR}/${DBHOME} ] && continue # Create backup directory mkdir -p ${BACKUP_DIR}/${DBHOME} chown debian-sks:debian-sks ${BACKUP_DIR}/${DBHOME} # Make sure we own the files chown debian-sks:debian-sks -R ${SKS_DIR}/${DBHOME} if [ -x /usr/bin/db${OLD_BDB}_recover ]; then # Run recover with old tools su debian-sks -c "db${OLD_BDB}_recover -h ${SKS_DIR}/${DBHOME}" # Backup needed log files LOG_FILES=$(su debian-sks -c "db${OLD_BDB}_archive -h ${SKS_DIR}/${DBHOME} -l") else # If we don't have the Berkeley DB tools then backup all log files LOG_FILES=$(cd ${SKS_DIR}/${DBHOME}; ls -1 | grep -E "^log\.") fi # Backup log files for log_file in ${LOG_FILES}; do cp -a ${SKS_DIR}/${DBHOME}/$log_file ${BACKUP_DIR}/${DBHOME}/ done if [ -e "${SKS_DIR}/${DBHOME}/DB_CONFIG" ]; then cp -a ${SKS_DIR}/${DBHOME}/DB_CONFIG ${BACKUP_DIR}/${DBHOME}/ fi # Backup & upgrade database files for db in $(cd ${SKS_DIR}/${DBHOME}; ls -1 | grep -Ev "^(__|log\.|DB_CONFIG$)"); do # Backup database file su debian-sks -c "cp ${SKS_DIR}/${DBHOME}/${db} ${BACKUP_DIR}/${DBHOME}/" # Upgrade database file su debian-sks -c "db${NEW_BDB}_upgrade -h ${SKS_DIR}/${DBHOME} ${SKS_DIR}/${DBHOME}/$db"; done # Set checkpoint and delete old logfiles su debian-sks -c "db${NEW_BDB}_checkpoint -h ${SKS_DIR}/${DBHOME} -1" su debian-sks -c "db${NEW_BDB}_archive -h ${SKS_DIR}/${DBHOME} -d" done # Note the active Berkeley DB version cp -f /usr/lib/sks/berkeley_db.txt /var/lib/sks/berkeley_db.active elif [ ! -e /var/lib/sks/berkeley_db.active ]; then cp -f /usr/lib/sks/berkeley_db.txt /var/lib/sks/berkeley_db.active fi fi fi #DEBHELPER# exit 0 debian/contrib/0000755000000000000000000000000012134245061010624 5ustar debian/contrib/make_debian_orig0000755000000000000000000000254312134245061014015 0ustar #!/bin/sh # sks_make_debian_orig - make a debian tarball from sks upstream source # Copyright (c) 2005 Marco Nenciarini # Copyright (c) 2005 Peter Palfrader # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA set -e trap "echo Error" ERR if ! version=$(cat VERSION); then echo "Not in sks source dir" exit 255 fi currdir=$(pwd) tmpdir=$(mktemp -d) trap "rm -fr $tmpdir" EXIT destname=sks-$version destfile=$(dirname "$currdir")/sks-$version.debian.tar.gz mkdir $tmpdir/$destname cp -R . $tmpdir/$destname cd $tmpdir/$destname rm -fr ,,* {* rm -f *.tar.gz rm -fr .arch* touch Makefile.local touch .depend make dep cd .. rm -f $destfile tar czf $destfile $destname