Re: [cks-devl] ANNC: cks-0.0.5 Released

[V Alex Brennen]

On Tue, 4 Sep 2001, M. Drew Streib wrote:

> On Tue, Sep 04, 2001 at 01:29:06AM -0400, V. Alex Brennen wrote:
> > Version 0.0.5 of the CryptNET (Al-Amin) openPGP Public Keyserver
> > has been released.
>
> Is there any writeup on how the email sync program works? There appears
> to be a hard reference to /home/pgp-keys/data.txt (not something that
> would exist on my system)... and I can't derive usage from the code
> too well. I'd _really_ like to beta test this sync with my current
> production keyserver, so that I could report results.

There's a general write up (the beginnings of technical documentation
in the file: cks-0.0.5/doc/syncing.html

The /home/pgp-keys/data.txt is just an error and status log that I
was using to help in debugging.  I planned to eventually log all
the message to the logs specified in the cks_config data structure
(which is derived from the /etc/cks.conf config file).

You can edit that absolute file path to something else.  The program
will log any errors and will log messages which include the fingerprints
of keys which are added through the mail sync.

Remember though that the parsing code only supports single keys in
ASCII encoded keydata.  pksd mails around ASCII encoded multi-key
keyrings.  I'll add support for these soon, but for right now the
keys in keyrings are just ignored by cks_mail_sync.  This appears
to be about 40% of the incoming keys.

Here's the flow of the program:
 - Read the config info
 - open the error log
 - malloc ~65k for the incoming key
 - malloc a key_result datastructure
 - read the email message from stdin
 - pull out the ASCII encoded PGP key
 - pull out the radix encoded key
 - decode the radix to binary data
 - check the binary checksum against the encoded checksum
 - parse the key into packets in the key_result datastructure
 - exit if there is more than one key in the binary data
 - open a postgres connection
 - Make sure the key's not rejected
 - If the key doesn't exist add it.
 - If the key does exist compare the keys.
 - If it's different merge it
 - If it's the same just continue
 - Free up memory
 - Exit

To install it, I created an account with a /bin/false shell and
made a .forward file that contained a redirection to an executable
copy of cks_mail_sync: "|/home/pgp-keys/cks_mail_sync"
I then created the account on the postgres server and gave it
permissions on the cks tables.


> Sorry if it sounds like I'm sending bitches/complaints to this list.
> Please understand that I realize the incredible work so far, and am just
> trying to contribute what I know best, which is production use.

No problem at all. I was allot more liberal with the cks_email_sync
program, because I expected to be the only one running it.  I'm
currently using it to sync with pgp.net thanks to Francisco.

This is all still early alpha, so everyone on this list should
expect to see allot of complaints and bug reports.  Hopefully,
in the near future I will fold all the CGI programs into the
cksd daemon and stability and quality will improve greatly.

Also, this is my first Unix daemon, so this is very much still
a learning experience for me.  Since I'm kind of new to this,
criticism and suggestions are welcome.  For example, any hints
on a better way to handle error and status logging would be
appreciated - but I'd rather but tax syslog like pksd.


        - VAB
---
V. Alex Brennen  address@hidden
 F A R  B E Y O N D  D R I V E N !
   [ http://www.cryptnet.net/ ]