mirror of https://github.com/ogarcia/docker-sks
Big import
parent
eade4bc7a3
commit
a44c39292b
@ -0,0 +1,8 @@
|
|||||||
|
sudo: required
|
||||||
|
language: bash
|
||||||
|
|
||||||
|
services:
|
||||||
|
- docker
|
||||||
|
|
||||||
|
script:
|
||||||
|
- make ci-test
|
@ -0,0 +1,21 @@
|
|||||||
|
FROM alpine:3.6
|
||||||
|
|
||||||
|
COPY docker /tmp/
|
||||||
|
|
||||||
|
ADD https://bitbucket.org/skskeyserver/sks-keyserver/downloads/sks-1.1.6.tgz /tmp/tgz/sks-1.1.6.tgz
|
||||||
|
|
||||||
|
RUN /bin/sh /tmp/build.sh
|
||||||
|
|
||||||
|
ENV SKS_HOSTNAME="localhost" \
|
||||||
|
SKS_RECON_ADDR="0.0.0.0" \
|
||||||
|
SKS_RECON_PORT="11370" \
|
||||||
|
SKS_HKP_ADRESS="0.0.0.0" \
|
||||||
|
SKS_HKP_PORT="11371" \
|
||||||
|
SKS_SERVER_CONTACT="" \
|
||||||
|
SKS_NODENAME="keys"
|
||||||
|
|
||||||
|
WORKDIR /var/lib/sks/
|
||||||
|
|
||||||
|
VOLUME ["/var/lib/sks/"]
|
||||||
|
|
||||||
|
ENTRYPOINT ["/bin/run.sh"]
|
@ -0,0 +1,14 @@
|
|||||||
|
DOCKER_USER := ogarcia
|
||||||
|
DOCKER_ORGANIZATION := connectical
|
||||||
|
DOCKER_IMAGE := sks
|
||||||
|
|
||||||
|
docker-image:
|
||||||
|
docker build -t $(DOCKER_ORGANIZATION)/$(DOCKER_IMAGE) .
|
||||||
|
|
||||||
|
docker-image-test: docker-image
|
||||||
|
docker run --rm $(DOCKER_ORGANIZATION)/$(DOCKER_IMAGE) /usr/bin/sks version
|
||||||
|
|
||||||
|
ci-test: docker-image-test
|
||||||
|
|
||||||
|
.PHONY: docker-image docker-image-test ci-test
|
||||||
|
# vim:ft=make
|
@ -1,2 +1,110 @@
|
|||||||
# docker-sks
|
# SKS OpenPGP keyserver docker on Alpine Linux [![Build Status](https://travis-ci.org/ogarcia/docker-sks.svg?branch=master)](https://travis-ci.org/ogarcia/docker-sks)
|
||||||
SKS OpenPGP keyserver Docker on Alpine Linux
|
|
||||||
|
(c) 2017 Óscar García Amor
|
||||||
|
|
||||||
|
Redistribution, modifications and pull requests are welcomed under the terms
|
||||||
|
of GPLv3 license.
|
||||||
|
|
||||||
|
[SKS][1] is an OpenPGP keyserver whose goal is to provide easy to deploy,
|
||||||
|
decentralized, and highly reliable synchronization. That means that a key
|
||||||
|
submitted to one SKS server will quickly be distributed to all key servers,
|
||||||
|
and even wildly out-of-date servers, or servers that experience spotty
|
||||||
|
connectivity, can fully synchronize with rest of the system.
|
||||||
|
|
||||||
|
This docker packages **SKS**, under [Alpine Linux][2], a lightweight Linux
|
||||||
|
distribution.
|
||||||
|
|
||||||
|
Visit [Docker Hub][3] to see all available tags.
|
||||||
|
|
||||||
|
[1]: https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Home
|
||||||
|
[2]: https://alpinelinux.org/
|
||||||
|
[3]: https://hub.docker.com/r/connectical/sks/
|
||||||
|
|
||||||
|
## Run
|
||||||
|
|
||||||
|
To run this container exposing SKS and mounting a permanent volume for sks
|
||||||
|
data in `/docker/sks`, run.
|
||||||
|
|
||||||
|
```
|
||||||
|
/usr/bin/docker run --rm \
|
||||||
|
--network host \
|
||||||
|
--name sks \
|
||||||
|
-e "SKS_SERVER_CONTACT=YOUR_OPENPGP_KEYID" \
|
||||||
|
-v /docker/sks:/var/lib/sks \
|
||||||
|
connectical/sks
|
||||||
|
```
|
||||||
|
|
||||||
|
Take note that if you dont have a valid SKS database, the server will not
|
||||||
|
run. Please, take a look to [dump documentation][4] and [SKS Readme][5] for
|
||||||
|
more info.
|
||||||
|
|
||||||
|
[4]: https://bitbucket.org/skskeyserver/sks-keyserver/wiki/KeydumpSources
|
||||||
|
[5]: https://bitbucket.org/skskeyserver/sks-keyserver/src/tip/README.md
|
||||||
|
|
||||||
|
## Executing commands
|
||||||
|
|
||||||
|
If you need execute a SKS command, for example `sks_build.sh` for buld
|
||||||
|
database, simply call docker with desired command.
|
||||||
|
|
||||||
|
```
|
||||||
|
/usr/bin/docker run -t -i --rm \
|
||||||
|
-v /docker/sks:/var/lib/sks \
|
||||||
|
connectical/sks sks_build.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
Take note that if you pass paths to command, these paths will refer to
|
||||||
|
inside of docker.
|
||||||
|
|
||||||
|
## Configuration via docker variables
|
||||||
|
|
||||||
|
The `run.sh` script that lauchs SKS use the following environment variables
|
||||||
|
to modify the config file (you can refer to [SKS man page][6] to know more
|
||||||
|
about this settings).
|
||||||
|
|
||||||
|
| Variable | Default value |
|
||||||
|
| --- | --- |
|
||||||
|
| SKS_HOSTNAME | localhost |
|
||||||
|
| SKS_RECON_ADDR | 0.0.0.0 |
|
||||||
|
| SKS_RECON_PORT | 11370 |
|
||||||
|
| SKS_HKP_ADRESS | 0.0.0.0 |
|
||||||
|
| SKS_HKP_PORT | 11371 |
|
||||||
|
| SKS_SERVER_CONTACT | |
|
||||||
|
| SKS_NODENAME | keys |
|
||||||
|
|
||||||
|
The config file have more options, you can edit them directly, the `run.sh`
|
||||||
|
script only touch those mentioned above.
|
||||||
|
|
||||||
|
[6]: https://manpages.debian.org/stretch/sks/sks.8.en.html
|
||||||
|
|
||||||
|
## Run with systemd
|
||||||
|
|
||||||
|
If you want run this image with systemd you can use the following unit.
|
||||||
|
|
||||||
|
```
|
||||||
|
[Unit]
|
||||||
|
Description=SKS OpenPGP keyserver container
|
||||||
|
Requires=docker.service
|
||||||
|
After=docker.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStartPre=-/usr/bin/docker kill sks
|
||||||
|
ExecStartPre=-/usr/bin/docker rm sks
|
||||||
|
ExecStartPre=/usr/bin/docker pull connectical/sks:VERSION_TAG
|
||||||
|
ExecStart=/usr/bin/docker run \
|
||||||
|
--network host \
|
||||||
|
--name sks \
|
||||||
|
-v /docker/sks:/var/lib/sks \
|
||||||
|
-e "SKS_HOSTNAME=your.host.example.com" \
|
||||||
|
-e "SKS_RECON_ADDR=0.0.0.0" \
|
||||||
|
-e "SKS_RECON_PORT=11370" \
|
||||||
|
-e "SKS_HKP_ADRESS=0.0.0.0" \
|
||||||
|
-e "SKS_HKP_PORT=11371" \
|
||||||
|
-e "SKS_SERVER_CONTACT=YOUR_OPENPGP_KEYID" \
|
||||||
|
-e "SKS_NODENAME=keys" \
|
||||||
|
connectical/sks:VERSION_TAG
|
||||||
|
ExecStop=/usr/bin/docker stop -t 2 sks
|
||||||
|
Restart=always
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
```
|
||||||
|
@ -0,0 +1,44 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
#
|
||||||
|
# build.bash
|
||||||
|
# Copyright (C) 2017 Óscar García Amor <ogarcia@connectical.com>
|
||||||
|
#
|
||||||
|
# Distributed under terms of the MIT license.
|
||||||
|
#
|
||||||
|
|
||||||
|
# install run deps
|
||||||
|
apk -U --no-progress add db s6
|
||||||
|
|
||||||
|
# install build deps
|
||||||
|
apk --no-progress add camlp4 db-dev gcc libc-dev make zlib-dev
|
||||||
|
|
||||||
|
# extract software
|
||||||
|
# https://github.com/moby/moby/issues/33849
|
||||||
|
# Now commented by extract issue, uncomment in next docker version
|
||||||
|
#cd /tmp/tgz
|
||||||
|
#tar xzf sks-*.tgz
|
||||||
|
|
||||||
|
# build sks
|
||||||
|
#cd /tmp/tgz/sks-*/ # issue 33849, uncomment in next docker version
|
||||||
|
cd /tmp/tgz/*/sks-*/
|
||||||
|
cp Makefile.local.unused Makefile.local
|
||||||
|
sed -i 's/PREFIX=\/usr\/local/PREFIX=\/usr/' Makefile.local
|
||||||
|
sed -i 's/ldb\-4.6/ldb\-5/' Makefile.local
|
||||||
|
sed -i 's/ALL=$(EXE) sks.8.gz/ALL=$(EXE) #sks.8.gz/' Makefile
|
||||||
|
sed -i 's/ALL.bc=$(EXE:=.bc) sks.8.gz/ALL.bc=$(EXE:=.bc) #sks.8.gz/' Makefile
|
||||||
|
sed -i 's/mkdir -p $(MANDIR)\/man8/#mkdir -p $(MANDIR)\/man8/' Makefile
|
||||||
|
sed -i 's/install sks.8.gz $(MANDIR)\/man8/#install sks.8.gz $(MANDIR)\/man8/' Makefile
|
||||||
|
make dep && make all # this make stops cause ocaml 4.03 removes uint32
|
||||||
|
sed -i 's/uint32/uint32_t/' cryptokit-1.7/src/stubs-md5.c # this line fix uint32 issue
|
||||||
|
make all && make install
|
||||||
|
sed -i 's/#!\/bin\/bash/#!\/bin\/sh/' /usr/bin/sks_build.sh
|
||||||
|
sed -i 's/\/usr\/sbin\/sks/\/usr\/bin\/sks/' /usr/bin/sks_build.sh
|
||||||
|
|
||||||
|
# add startup scrips
|
||||||
|
chmod +x /tmp/run.sh /tmp/s6/.s6-svscan/finish /tmp/s6/*/run
|
||||||
|
mv /tmp/run.sh /bin
|
||||||
|
mv /tmp/s6 /etc
|
||||||
|
|
||||||
|
# remove build deps
|
||||||
|
apk --no-progress del camlp4 db-dev gcc libc-dev make zlib-dev
|
||||||
|
rm -rf /tmp/*
|
@ -0,0 +1,55 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
#
|
||||||
|
# run.sh
|
||||||
|
# Copyright (C) 2017 Óscar García Amor <ogarcia@connectical.com>
|
||||||
|
#
|
||||||
|
# Distributed under terms of the MIT license.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Make config file
|
||||||
|
if ! test -f /var/lib/sks/sksconf; then
|
||||||
|
cat > /var/lib/sks/sksconf << EOF
|
||||||
|
hostname: ${SKS_HOSTNAME}
|
||||||
|
recon_address: ${SKS_RECON_ADDR}
|
||||||
|
recon_port: ${SKS_RECON_PORT}
|
||||||
|
hkp_address: ${SKS_HKP_ADRESS}
|
||||||
|
hkp_port: ${SKS_HKP_PORT}
|
||||||
|
initial_stat:
|
||||||
|
pagesize: 16
|
||||||
|
ptree_pagesize: 16
|
||||||
|
nodename: ${SKS_NODENAME}
|
||||||
|
disable_mailsync:
|
||||||
|
debuglevel: 5
|
||||||
|
membership_reload_interval: 1
|
||||||
|
stat_hour: 17
|
||||||
|
server_contact: ${SKS_SERVER_CONTACT}
|
||||||
|
EOF
|
||||||
|
else
|
||||||
|
sed -i "\
|
||||||
|
s/hostname:.*/hostname: ${SKS_HOSTNAME}/g; \
|
||||||
|
s/recon_address:.*/recon_address: ${SKS_RECON_ADDR}/g; \
|
||||||
|
s/recon_port:.*/recon_port: ${SKS_RECON_PORT}/g; \
|
||||||
|
s/hkp_address:.*/hkp_address: ${SKS_HKP_ADRESS}/g; \
|
||||||
|
s/hkp_port:.*/hkp_port: ${SKS_HKP_PORT}/g; \
|
||||||
|
s/nodename:.*/nodename: ${SKS_NODENAME}/g; \
|
||||||
|
s/server_contact:.*/server_contact: ${SKS_SERVER_CONTACT}/g; \
|
||||||
|
" sksconf
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Make empty membership file
|
||||||
|
if ! test -f /var/lib/sks/membership; then
|
||||||
|
touch /var/lib/sks/membership
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Make empty web
|
||||||
|
if ! test -d /var/lib/sks/web; then
|
||||||
|
mkdir -p /var/lib/sks/web
|
||||||
|
touch /var/lib/sks/web/index.html
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Start daemons
|
||||||
|
if [ $# -gt 0 ];then
|
||||||
|
exec "$@"
|
||||||
|
else
|
||||||
|
exec /bin/s6-svscan /etc/s6/
|
||||||
|
fi
|
@ -0,0 +1,2 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
exec /bin/true
|
@ -0,0 +1,4 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
cd /var/lib/sks
|
||||||
|
sks db
|
@ -0,0 +1,4 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
cd /var/lib/sks
|
||||||
|
sks recon
|
Loading…
Reference in New Issue