Skip to content

Instantly share code, notes, and snippets.

@fawkesley

fawkesley/expirybot notes.md

Last active September 15, 2018 17:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save fawkesley/b901428d1702c613531147f7573757fd to your computer and use it in GitHub Desktop.
Save fawkesley/b901428d1702c613531147f7573757fd to your computer and use it in GitHub Desktop.
Download ZIP
Rebuild sks keyserver 1.1.6 on debian
Raw
expirybot notes.md

keyserver-c.expirybot.com

  • AKA keyserver.paulfurley.com

  • running sks-1.1.6

  • running github.com/paulfurley/expirybot via cron

  • only recon port, no public PKS queries

  • peered with other keyservers & keyserver-b.expirybot.com

keyserver-b.expirybot.com

  • running sks-1.1.6
  • running Django app: github.com/paulfurley/expirybot-web
  • only recon port, no public PKS queries
  • peered only with keyserver-c.expirybot.com (IP whitelist)
Raw
rebuild.sh
service monit stop
service sks stop
# obliterate existing database
rm -rf /var/lib/sks/{DB,PTree,berkeley_db.active}
# get dump from generously hosted stueve.us
mkdir ~/keydump && cd ~/keydump
wget -crp -e robots=off -l1 --no-parent --cut-dirs=3 -nH -A pgp,txt http://stueve.us/keydump/
rm -rf /var/lib/sks/dump
mv ~/keydump /var/lib/sks/dump
# run debian's packaged script to build the database
time /usr/lib/sks/sks_build.sh
# choose fastbuild option
echo "set_flags DB_LOG_AUTOREMOVE" > /var/lib/sks/DB/DB_CONFIG
chown -R debian-sks:debian-sks /var/lib/sks/{DB,PTree,dump}
service sks start
service monit start
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment