new package: sks 1.0.10 (OpenPGP Key Server)

sks/rc.sks

@@ -0,0 +1,102 @@
+#!@l_prefix@/bin/openpkg rc
+##
+##  rc.sks -- Run-Commands
+##
+
+%config
+    sks_enable="$openpkg_rc_def"
+    sks_db_hostname="keyserver.example.com"
+    sks_db_bind="127.0.0.1"
+    sks_db_port="11371"
+    sks_db_debuglevel="5"
+    sks_db_flags=""
+    sks_recon_hostname="keyserver.example.com"
+    sks_recon_bind="127.0.0.1"
+    sks_recon_port="11370"
+    sks_recon_debuglevel="5"
+    sks_recon_flags=""
+    sks_log_prolog="true"
+    sks_log_epilog="true"
+    sks_log_numfiles="10"
+    sks_log_minsize="1M"
+    sks_log_complevel="9"
+
+%common
+    sks_db_rundir="@l_prefix@/var/sks"
+    sks_db_logfile="@l_prefix@/var/sks/db.log"
+    sks_db_pidfile="@l_prefix@/var/sks/db.pid"
+    sks_db_signal () {
+        [ -f $sks_db_pidfile ] && kill -$1 `cat $sks_db_pidfile`
+    }
+    sks_recon_rundir="@l_prefix@/var/sks"
+    sks_recon_logfile="@l_prefix@/var/sks/recon.log"
+    sks_recon_pidfile="@l_prefix@/var/sks/recon.pid"
+    sks_recon_signal () {
+        [ -f $sks_recon_pidfile ] && kill -$1 `cat $sks_recon_pidfile`
+    }
+
+%status -u @l_rusr@ -o
+    sks_usable="unknown"
+    sks_active="no"
+    rcService sks enable yes && \
+        sks_db_signal 0 && sks_recon_signal 0 && sks_active="yes"
+    echo "sks_enable=\"$sks_enable\""
+    echo "sks_usable=\"$sks_usable\""
+    echo "sks_active=\"$sks_active\""
+
+%start -u @l_rusr@
+    rcService sks enable yes || exit 0
+    rcService sks active yes && exit 0
+    ( cd $sks_db_rundir || exit $?
+      cmd="@l_prefix@/sbin/sks"
+      cmd="$cmd -hostname \"$sks_db_hostname\""
+      cmd="$cmd -hkp_address \"$sks_db_bind\""
+      cmd="$cmd -hkp_port \"$sks_db_port\""
+      cmd="$cmd -debug -debuglevel \"$sks_db_debuglevel\""
+      cmd="$cmd $sks_db_flags"
+      cmd="$cmd db"
+      eval "nohup $cmd </dev/null >/dev/null 2>&1 &"
+      echo $! >$sks_db_pidfile
+    ) >/dev/null 2>&1
+    sleep 1
+    ( cd $sks_recon_rundir || exit $?
+      cmd="@l_prefix@/sbin/sks"
+      cmd="$cmd -hostname \"$sks_recon_hostname\""
+      cmd="$cmd -recon_address \"$sks_recon_bind\""
+      cmd="$cmd -recon_port \"$sks_recon_port\""
+      cmd="$cmd -debug -debuglevel \"$sks_recon_debuglevel\""
+      cmd="$cmd $sks_recon_flags"
+      cmd="$cmd recon"
+      eval "nohup $cmd </dev/null >/dev/null 2>&1 &"
+      echo $! >$sks_recon_pidfile
+    ) >/dev/null 2>&1
+
+%stop -u @l_rusr@
+    rcService sks enable yes || exit 0
+    rcService sks active no  && exit 0
+    sks_db_signal    TERM
+    sks_recon_signal TERM
+    sleep 2
+    rm -f $sks_db_pidfile    >/dev/null 2>&1 || true
+    rm -f $sks_recon_pidfile >/dev/null 2>&1 || true
+
+%restart -u @l_rusr@
+    rcService sks enable yes || exit 0
+    rcService sks active no  && exit 0
+    rc sks stop start
+
+%daily -u @l_susr@
+    rcService sks enable yes || exit 0
+    shtool rotate -f \
+        -n ${sks_log_numfiles} -s ${sks_log_minsize} -d \
+        -z ${sks_log_complevel} -m 664 -o @l_rusr@ -g @l_rgrp@ \
+        -P "${sks_log_prolog}" \
+        -E "${sks_log_epilog}; rc sks restart" \
+        $sks_db_logfile
+    shtool rotate -f \
+        -n ${sks_log_numfiles} -s ${sks_log_minsize} -d \
+        -z ${sks_log_complevel} -m 664 -o @l_rusr@ -g @l_rgrp@ \
+        -P "${sks_log_prolog}" \
+        -E "${sks_log_epilog}; rc sks restart" \
+        $sks_recon_logfile
+

sks/sks-load

@@ -0,0 +1,32 @@
+#!@l_prefix@/lib/openpkg/bash
+
+#   enter the SKS run-time directory as all
+#   other SKS commands work relatively to it
+cd @l_prefix@/var/sks || exit $?
+
+#   create dumps directory
+test -d dumps || mkdir dumps
+
+#   fetch and load the latest dumps
+url_root="http://ftp.prato.linux.it/pub/keyring/dump-latest/"
+i=0
+while true; do
+    dump_file=`printf "sks-dump-%04d.pgp" $i`
+    dump_url="$url_root$dump_file"
+    echo "++ downloading $dump_url"
+    @l_prefix@/lib/openpkg/curl -s -k -R -o dumps/$dump_file $dump_url
+    if [ $# -ne 0 ]; then
+        rm -f dumps/$dump_file*
+        exit 0
+    fi
+    echo "++ merging into KDB $dump_file"
+    @l_prefix@/sbin/sks merge dumps/$dump_file
+    if [ $# -ne 0 ]; then
+        echo "$0:ERROR: failed to merge dump file"
+        rm -f dumps/$dump_file*
+        exit 1
+    fi
+    rm -f dumps/$dump_file*
+    i=$[$i + 1]
+done
+

sks/sks-setup

@@ -0,0 +1,39 @@
+#!/bin/sh
+
+#   enter the SKS run-time directory as all
+#   other SKS commands work relatively to it
+cd @l_prefix@/var/sks || exit $?
+
+#   create an initial SKS key database (KGB)
+echo "++ creating initial SKS key database"
+@l_prefix@/sbin/sks fastbuild -n 10 -cache 100
+
+#   import at least the OpenPKG OpenPGP keys
+#   into the key database as SKS cleandb and
+#   pbuild commands require some content anyway
+echo "++ load OpenPKG OpenPGP keys into SKS key database"
+( HOME=`pwd`
+  rm -rf $HOME/.gnupg
+  @l_prefix@/bin/gpg --import @l_prefix@/etc/openpkg/openpkg.*.pgp
+  @l_prefix@/bin/gpg --export -o openpkg.pgp
+  rm -rf $HOME/.gnupg
+) >/dev/null 2>&1 || exit $?
+@l_prefix@/sbin/sks merge openpkg.pgp
+rm -f openpkg.pgp
+
+#   finalize the key database
+echo "++ cleaning up SKS key database"
+@l_prefix@/sbin/sks cleandb
+
+#   generate prefix-tree index
+echo "++ generating SKS prefix-tree index"
+@l_prefix@/sbin/sks pbuild -cache 20 -ptree_cache 70
+
+#   cleanup
+rm -f fastbuild.log merge.log clean.log pbuild.log
+
+#   generate top-level web page
+echo "++ generating SKS top-level web form"
+mkdir web
+cp @l_prefix@/share/sks/sks.html web/index.html
+

sks/sks.html

@@ -0,0 +1,52 @@
+<?xml version="1.0"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <title>SKS OpenPGP Public Key Server</title>
+  </head>
+  <body>
+  <h1>SKS OpenPGP Public Key Server</h1>
+  <hr />
+  <h2>
+  <a id="extract" name="extract">Extracting a OpenPGP Key</a>
+  </h2>
+  <form action="/pks/lookup" method="get">
+    <p>Index: 
+    <input type="radio" name="op" value="index" />
+     Verbose Index: 
+    <input type="radio" name="op" value="vindex" checked="checked" />
+    </p>
+    <p>Search String: 
+    <input name="search" size="40" value="openpkg" />
+    </p>
+    <p>
+    <input type="checkbox" name="fingerprint" checked="checked" />
+     Show OpenPGP &quot;fingerprints&quot; for keys</p>
+    <p>
+    <input type="checkbox" name="exact" />
+     Only return exact matches</p>
+    <p>
+    <input type="reset" value="Reset" />
+     
+    <input type="submit" value="Search!" />
+    </p>
+  </form>
+  <hr />
+  <h2>
+  <a id="submit" name="submit">Submitting a new OpenPGP Key</a>
+  </h2>
+  <form action="/pks/add" method="post">
+    <p>Enter ASCII-armored OpenPGP key here:</p>
+    <p>
+    <textarea name="keytext" rows="20" cols="66"></textarea>
+    </p>
+    <p>
+    <input type="reset" value="Reset" />
+     
+    <input type="submit" value="Submit!" />
+    </p>
+  </form>
+  <hr />
+  </body>
+</html>

sks/sks.patch

@@ -0,0 +1,90 @@
+Index: Makefile
+--- Makefile.orig	2005-08-14 03:33:51 +0200
++++ Makefile	2006-10-31 21:32:31 +0100
+@@ -304,6 +304,7 @@
+ 
+ $(NXDIR)/READ.ME:
+ 	tar xvmfz $(NXDIR).tar.gz
++	patch -p0 <sks.numerix.patch
+ 
+ $(NXDIR)/config.status: $(NXDIR)/READ.ME
+ 	cd $(NXDIR) && \
+Index: bdb/bdb_stubs.c
+--- bdb/bdb_stubs.c.orig	2005-01-18 00:42:51 +0100
++++ bdb/bdb_stubs.c	2006-10-31 21:33:20 +0100
+@@ -206,7 +206,7 @@
+ // calls to DB->err and DBENV->err lead to exceptions.
+ 
+ // FIX: currently, prefix is ignored.  Should be concatenated.
+-void raise_db_cb(const char *prefix, char *msg) { raise_db(msg); }
++void raise_db_cb(const DB_ENV *env, const char *prefix, const char *msg) { raise_db(msg); }
+ 
+ 
+ // #############################################################
+@@ -238,7 +238,7 @@
+ //+     | LOCKDOWN | PRIVATE | SYSTEM_MEM | THREAD
+ 
+ static int dbenv_verbose_flags[] = {
+-  DB_VERB_CHKPOINT, DB_VERB_DEADLOCK, DB_VERB_RECOVERY, DB_VERB_WAITSFOR
++  DB_VERB_DEADLOCK, DB_VERB_RECOVERY, DB_VERB_WAITSFOR
+ };
+ 
+ //+ 
+@@ -681,7 +681,7 @@
+   int size;
+ 
+   test_db_closed(db);
+-  err = UW_db(db)->stat(UW_db(db),&stat,0);
++  err = UW_db(db)->stat(UW_db(db),NULL,&stat,0);
+   if (err != 0) { UW_db(db)->err(UW_db(db),err,"caml_db_get_size"); }
+   switch (*(u_int32_t*)stat) {
+   case DB_BTREEMAGIC:
+Index: number.ml
+--- number.ml.orig	2004-04-25 03:06:34 +0200
++++ number.ml	2006-10-31 21:32:31 +0100
+@@ -18,7 +18,7 @@
+ (** Basic operations and definitions for multi-precistion integers. *)
+ 
+ (* Change to Dlong for non x86 platforms *)
+-module Nx = Numerix.Slong
++module Nx = Numerix.Clong
+ 
+ let two = Nx.of_int 2
+ let one = Nx.of_int 1
+Index: sks.numerix.patch
+--- /dev/null	2006-10-31 21:33:00 +0100
++++ sks.numerix.patch	2006-10-31 21:32:31 +0100
+@@ -0,0 +1,33 @@
++Index: numerix-0.19c/config/config.sub
++--- numerix-0.19c/config/config.sub.orig	2006-10-31 08:34:18 +0100
+++++ numerix-0.19c/config/config.sub	2006-10-31 08:34:18 +0100
++@@ -155,7 +155,7 @@
++ 		| alpha | alphaev5 | alphaev56 | we32k | ns16k | clipper \
++ 		| i370 | sh | powerpc | powerpcle | 1750a | dsp16xx | pdp11 \
++ 		| mips64 | mipsel | mips64el | mips64orion | mips64orionel \
++-		| mipstx39 | mipstx39el \
+++		| mipstx39 | mipstx39el | amd64 | ia64 \
++ 		| sparc | sparclet | sparclite | sparc64 | v850)
++ 		basic_machine=$basic_machine-unknown
++ 		;;
++@@ -181,7 +181,7 @@
++ 	      | sparclite-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \
++ 	      | sparc64-* | mips64-* | mipsel-* \
++ 	      | mips64el-* | mips64orion-* | mips64orionel-*  \
++-	      | mipstx39-* | mipstx39el-* \
+++	      | mipstx39-* | mipstx39el-* | amd64-* | ia64-* \
++ 	      | f301-*)
++ 		;;
++ 	# Recognize the various machine names and aliases which stand
++Index: numerix-0.19c/configure
++--- numerix-0.19c/configure.orig	2006-10-31 08:34:18 +0100
+++++ numerix-0.19c/configure	2006-10-31 08:59:26 +0100
++@@ -3883,7 +3883,7 @@
++ then
++   echo "$as_me:$LINENO: result: yes" >&5
++ echo "${ECHO_T}yes" >&6
++-  bsd_assembler=1
++ else
++   echo "$as_me:$LINENO: result: no" >&5
++ echo "${ECHO_T}no" >&6

sks/sks.spec

@@ -0,0 +1,149 @@
+##
+##  sks.spec -- OpenPKG RPM Package Specification
+##  Copyright (c) 2000-2006 OpenPKG Foundation e.V. <http://openpkg.net/>
+##  Copyright (c) 2000-2006 Ralf S. Engelschall <http://engelschall.com/>
+##
+##  Permission to use, copy, modify, and distribute this software for
+##  any purpose with or without fee is hereby granted, provided that
+##  the above copyright notice and this permission notice appear in all
+##  copies.
+##
+##  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+##  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+##  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+##  IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
+##  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+##  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+##  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+##  USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+##  ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+##  OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+##  OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+##  SUCH DAMAGE.
+##
+
+#   package information
+Name:         sks
+Summary:      OpenPGP Key Server
+URL:          http://www.nongnu.org/sks/
+Vendor:       Yaron Minsky
+Packager:     OpenPKG Foundation e.V.
+Distribution: OpenPKG Community
+Class:        EVAL
+Group:        Cryptography
+License:      GPL
+Version:      1.0.10
+Release:      20061101
+
+#   list of sources
+Source0:      http://download.savannah.gnu.org/releases/sks/sks-%{version}.tgz
+Source1:      rc.sks
+Source2:      sks-setup
+Source3:      sks-load
+Source4:      sks.html
+Patch0:       sks.patch
+
+#   build information
+Prefix:       %{l_prefix}
+BuildRoot:    %{l_buildroot}
+BuildPreReq:  OpenPKG, openpkg >= 20040130, ocaml, gcc, make, perl
+PreReq:       OpenPKG, openpkg >= 20040130
+BuildPreReq:  db
+PreReq:       db
+AutoReq:      no
+AutoReqProv:  no
+
+%description
+    SKS is a new OpenPGP keyserver whose goal is to provide easy
+    to deploy, decentralized, and highly reliable synchronization.
+    That means that a key submitted to one SKS server will quickly
+    be distributed to all key servers, and even wildly out-of-date
+    servers, or servers that experience spotty connectivity, can fully
+    synchronize with rest of the system.
+
+    SKS uses a highly efficient and reliable reconciliation algorithm;
+    follows RFC2440 and RFC2440bis carefully, supports (unlike PKS)
+    new and old style packets, photoID packets, multiple subkeys, and
+    pretty much everything allowed by the RFCs; is fully compatible with
+    the PKS system (can both send and receive syncs from PKS servers,
+    ensuring seamless connectivity), provides a simple configuration:
+    each host just needs a (partial) list of the other participating key
+    servers; and supports HKP/web-based querying.
+
+%track
+    prog sks = {
+        version   = %{version}
+        url       = http://download.savannah.gnu.org/releases/sks/
+        regex     = sks-(__VER__)\.tgz
+    }
+
+%prep
+    %setup -q
+    %patch -p0
+
+%build
+    %{l_make} %{l_mflags} \
+        BDBINCLUDE="%{l_cppflags}" \
+        BDBLIB="%{l_ldflags}" \
+        LIBDB="-ldb" \
+        MANDIR="%{l_prefix}/man"
+
+%install
+    rm -rf $RPM_BUILD_ROOT
+    %{l_shtool} mkdir -f -p -m 755 \
+        $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \
+        $RPM_BUILD_ROOT%{l_prefix}/sbin \
+        $RPM_BUILD_ROOT%{l_prefix}/share/sks \
+        $RPM_BUILD_ROOT%{l_prefix}/var/sks
+    %{l_shtool} install -c -s -m 755 \
+        sks sks_add_mail $RPM_BUILD_ROOT%{l_prefix}/sbin/
+    %{l_shtool} install -c -m 755 %{l_value -s -a} \
+        %{SOURCE sks-setup} %{SOURCE sks-load} \
+        $RPM_BUILD_ROOT%{l_prefix}/sbin/
+    %{l_shtool} install -c -m 755 \
+        -e 's;/bin/bash;%{l_bash};g' \
+        -e 's; sks ; %{l_prefix}/sbin/sks ;g' \
+        sks_build.sh $RPM_BUILD_ROOT%{l_prefix}/sbin/sks_build
+    %{l_shtool} install -c -m 755 %{l_value -s -a} \
+        %{SOURCE rc.sks} $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d/
+    %{l_shtool} install -c -m 755 %{l_value -s -a} \
+        %{SOURCE sks.html} $RPM_BUILD_ROOT%{l_prefix}/share/sks/
+    %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
+        %{l_files_std} \
+        '%attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/sks'
+
+%files -f files
+
+%clean
+    rm -rf $RPM_BUILD_ROOT
+
+%post
+    #   on initial install, create database
+    if [ $1 -eq 1 ]; then
+        su %{l_rusr} -c "$RPM_INSTALL_PREFIX/sbin/sks-setup"
+        ( echo "SKS database initialized. Now you can startup SKS with"
+          echo "    \$ $RPM_INSTALL_PREFIX/bin/openpkg rc sks start"
+          echo "and for instance lookup the OpenPKG OpenPGP keys under"
+          echo "    http://localhost:11371/pks/lookup?op=index&search=openpkg"
+          echo "or access the SKS internal statistic page under"
+          echo "    http://localhost:11371/pks/lookup?op=stats"
+          echo "If you want to load a full dump of all keys in the existing"
+          echo "SKS key servers, run the following command to download and"
+          echo "merge all their latest dumps into your local database:"
+          echo "    su %{l_rusr} -c $RPM_INSTALL_PREFIX/sbin/sks-load"
+        ) | %{l_rpmtool} msg -b -t notice
+    fi
+
+    #   after upgrade, restart service
+    [ $1 -eq 2 ] || exit 0
+    eval `%{l_rc} sks status 2>/dev/null`
+    [ ".$sks_active" = .yes ] && %{l_rc} sks restart
+    exit 0
+
+%preun
+    #   before erase, stop service and remove log files
+    [ $1 -eq 0 ] || exit 0
+    %{l_rc} sks stop 2>/dev/null
+    rm -rf $RPM_INSTALL_PREFIX/var/sks/* >/dev/null 2>&1 || true
+    exit 0
+