--- sks-1.1.0.orig/debian/sks.init +++ sks-1.1.0/debian/sks.init @@ -0,0 +1,134 @@ +#!/bin/sh -e +# +### BEGIN INIT INFO +# Provides: sks +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +### END INIT INFO +# +# Start/stops the sks daemons. +# +# + +# Reads config file +[ -r /etc/default/sks ] && . /etc/default/sks + +DAEMON=/usr/sbin/sks +SKSDBPID=/var/run/sks/sksdb.pid +SKSRECONPID=/var/run/sks/sksrecon.pid + +# See if the daemon is there + +test -e $DAEMON || exit 0 + +if [ ! -x $DAEMON ]; then + echo "ERROR: $DAEMON is not executable" + exit 1 +fi + + +wait_for_deaddaemon () { + pidfile=$1 + pid=`cat $pidfile 2>/dev/null` || true + sleep 1 + if test -n "$pid" + then + if kill -0 $pid 2>/dev/null + then + echo -n "." + cnt=0 + while kill -0 $pid 2>/dev/null + do + cnt=`expr $cnt + 1` + if [ $cnt -gt 30 ] + then + echo " FAILED." + return 1 + fi + sleep 2 + echo -n "." + done + rm -f $pidfile + else + rm -f $pidfile + fi + fi + return 0 +} + + +case "$1" in + start) + echo -n "Starting sks daemons:" + + if [ "$initstart" != "yes" ]; then + echo " Not starting sks (as configured in /etc/default/sks)" + exit 0 + fi + + mkdir -p `dirname "$SKSDBPID"` + chown debian-sks `dirname "$SKSDBPID"` + + echo -n " sksdb.." + + start-stop-daemon --start --quiet --oknodo \ + --chuid debian-sks:debian-sks \ + --background \ + --make-pidfile \ + --pidfile $SKSDBPID \ + --exec $DAEMON -- db + + echo -n " sksrecon.." + + start-stop-daemon --start --quiet --oknodo \ + --chuid debian-sks:debian-sks \ + --background \ + --make-pidfile \ + --pidfile $SKSRECONPID \ + --exec $DAEMON -- recon + + echo " done." + + ;; + stop) + echo -n "Stopping sks daemons:" + + echo -n " sksrecon.." + start-stop-daemon --stop --quiet --oknodo --pidfile $SKSRECONPID + wait_for_deaddaemon $SKSRECONPID || exit 1 + + echo -n " sksdb.." + start-stop-daemon --stop --quiet --oknodo --pidfile $SKSDBPID + wait_for_deaddaemon $SKSDBPID || exit 1 + + echo " done." + + ;; + reload) + # Hupping at least reopens logfiles. + # membership and mailsync are regularily read anyway + # not sure about the rest + # -- weasel + echo -n "Reloading sks daemons:" + echo -n " sksrecon.." + start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile $SKSRECONPID + + echo -n " sksdb.." + start-stop-daemon --stop --signal 1 --quiet --oknodo --pidfile $SKSDBPID + + echo " done." + ;; + restart|force-reload) + $0 stop + sleep 1 + $0 start + ;; + *) + echo "Usage: $0 {start|stop|reload|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 --- sks-1.1.0.orig/debian/README.Debian +++ sks-1.1.0/debian/README.Debian @@ -0,0 +1,42 @@ +Some hints to setup your keyserver: + +If you install a new keyserver you might need a fresh keydump to start +with. You can get one e.g. from nynex.net: + + cd /var/lib/sks/dump + wget -q -r -np -nd -A bz2,SHA256,asc http://nynex.net/keydump/ -e robots=off + bunzip2 *bz2 + +To build the database from the keydumps call: + + /usr/lib/sks/sks_build.sh + chown -R debian-sks:debian-sks /var/lib/sks + +To make the server start you have to edit the defaults file: + + vi /etc/default/sks + +If you have an old database from a Berkely DB Version (e.g 4.6) prior to the +current version (at the moment 4.7) you have to do the following in +/var/lib/sks/DB and /var/lib/sks/PTree: + + db4.6_checkpoint -1 + db4.6_recover + db4.7_recover -e + db4.7_checkpoint -1 + db4.7_archive | xargs --no-run-if-empty rm -f + + chown -R debian-sks:debian-sks /var/lib/sks /var/log/sks + +Then you can start the database with /etc/init.d/sks start. + +If you want to connect to the global sks-network, send a mail to +pgp-keyserver-folk@flame.org or sks-devel@nongnu.org and ask for +gossip partners. Include the partners in /etc/sks/membership. + +----- + +Thanks to Peter Palfrader for building the +original Debian package. + + -- Christoph Martin , Tue, 22 Jul 2008 17:28:24 +0200 --- sks-1.1.0.orig/debian/rules +++ sks-1.1.0/debian/rules @@ -0,0 +1,86 @@ +#!/usr/bin/make -f + +TAR_DIR = sks-1.1.0 +# the dbs rules +include /usr/share/dbs/dbs-build.mk + +ifeq (,$(DEB_BUILD_GNU_TYPE)) + include /usr/share/dbs/dpkg-arch.mk +endif + +TMP =$(CURDIR)/debian/sks + +OCAMLABI = $(shell ocamlc -version) +BYTECODE = $(shell [ -x /usr/bin/ocamlopt ] || echo yes) +all = $(if $(BYTECODE),all.bc,all) +install = $(if $(BYTECODE),install.bc,install) +OCAMLRUN = $(if $(BYTECODE),ocaml-base-nox-$(OCAMLABI)) + +DEBCFLAGS = -g +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + DEBCFLAGS += -O0 +else + DEBCFLAGS += -O3 +endif + +debug: + ls -l + +configure: configure-stamp +configure-stamp: $(patched) + dh_testdir + cd $(BUILD_TREE) && make clean dep + touch configure-stamp + +build: debug configure-stamp build-stamp +build-stamp: $(patched) + dh_testdir + #cat /usr/lib/ocaml/*/native-archs + cd $(BUILD_TREE) && $(MAKE) DEBCFLAGS="$(DEBCFLAGS)" $(all) + touch build-stamp + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + dh_installdocs + dh_installchangelogs + + # from upstream + cd $(BUILD_TREE) && $(MAKE) PREFIX="$(TMP)/usr" MANDIR="$(TMP)/usr/share/man" $(install) + #install -m 755 $(BUILD_TREE)/sks debian/sks/usr/sbin/sks + #install -m 755 $(BUILD_TREE)/sks_add_mail debian/sks/usr/lib/sks/sks_add_mail + + # Debian specific + cp -a debian/debcfg/* debian/sks/etc/sks + +binary-arch: install + dh_testdir + dh_testroot + dh_compress + dh_fixperms + if [ -z $(BYTECODE) ]; then \ + dh_strip; \ + fi + dh_shlibdeps + dh_installdebconf + dh_installlogrotate + dh_installinit + dh_installcron + dh_installdeb + dh_gencontrol -- -VF:OCamlRun="$(OCAMLRUN)" + dh_md5sums + dh_builddeb + +binary-indep: + # do nothing + +binary: binary-arch binary-indep + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + rm -rf $(STAMP_DIR) $(SOURCE_DIR) + dh_clean --- sks-1.1.0.orig/debian/compat +++ sks-1.1.0/debian/compat @@ -0,0 +1 @@ +4 --- sks-1.1.0.orig/debian/sks.logrotate +++ sks-1.1.0/debian/sks.logrotate @@ -0,0 +1,11 @@ +/var/log/sks/*.log { + daily + rotate 5 + compress + delaycompress + missingok + notifempty + postrotate + /etc/init.d/sks reload > /dev/null + endscript +} --- sks-1.1.0.orig/debian/sks.docs +++ sks-1.1.0/debian/sks.docs @@ -0,0 +1 @@ +build-tree/*/README --- sks-1.1.0.orig/debian/changelog +++ sks-1.1.0/debian/changelog @@ -0,0 +1,202 @@ +sks (1.1.0-8) unstable; urgency=low + + * Teach dbserver about content-type for .html. + * Allow - in filenames for webserver. + * closes: #505014 + * thanks to Peter Palfrader + + -- Christoph Martin Thu, 16 Jul 2009 23:33:21 +0200 + +sks (1.1.0-7) unstable; urgency=low + + * fix patch for PIDDIR + * link against libdb4.7 + * really include watch file + + -- Christoph Martin Thu, 16 Jul 2009 00:22:06 +0200 + +sks (1.1.0-6) unstable; urgency=low + + * remove Peter Palfrader from Maintainer and Uploaders + * add watch file + * Remove reference to native-arch in old OCaml standard library path + (Thanks to Stephane Glondu ) (Closes: #535267) + + -- Christoph Martin Fri, 10 Jul 2009 23:34:36 +0200 + +sks (1.1.0-5) unstable; urgency=low + + * Check spool directories for existance (Thanks to Filippo Giunchedi + ) (Closes: #493335) + * make PIDDIR on startup to workaround /var/run on a tempfs + + -- Christoph Martin Thu, 18 Jun 2009 16:39:09 +0200 + +sks (1.1.0-4) unstable; urgency=low + + * fix cron.daily to call correct db*_archive and print unwanted messages + (closes #491281) + * fix comment in README.Debian about correcting permissions after + initial database build + + -- Christoph Martin Tue, 22 Jul 2008 17:27:58 +0200 + +sks (1.1.0-3) unstable; urgency=low + + * make separate patches for manpage install for upstream + * patch to correctly build bdb on non native ocaml archs + + -- Christoph Martin Tue, 24 Jun 2008 17:16:49 +0200 + +sks (1.1.0-2) unstable; urgency=low + + * Make sks build on architectures which are non native ocaml archs + (closes: #486847) + * update to standards version 3.8.0 + * some changes to README.Debian + + -- Christoph Martin Tue, 24 Jun 2008 11:01:10 +0200 + +sks (1.1.0-1) unstable; urgency=low + + * First official Debian release (closes: #484785) + * New upstream release + * Update to newest standards version and sid environment + * Change to using db4.6 + * Drop usage of numerix + * Include latest upstream patches + * Install manpage + + -- Christoph Martin Wed, 11 Jun 2008 16:55:15 +0200 + +sks (1.0.10-0.1) UNRELEASED; urgency=low + + * New upstream release. + * Several changes courtesy of Marco Nenciarini . + * Add some comments to etc/sks/{membership,mailsyn,sksconf}. + * New upstream patch incorporates the following patches: + - 212_do_not_export_zerolen_packets + * Update 500_debian_fhs for new log filenames. + * Remove 510_sane_logfile_names. + * Rename logfiles in postinst. + * Forward port rest of 500_debian_fhs. + * Forward port 501_makefile_cflags. + * Remove 511_sys_random, it looks obsolete. + * Add debian/contrib/make_debian_orig script by Marco to build + debian upstream tarballs without the unneeded crap put into the + upstreamtarball. + + -- Peter Palfrader Wed, 24 Aug 2005 18:55:04 +0200 + +sks (1.0.9-0.6) UNRELEASED; urgency=low + + * Add 212_do_not_export_zerolen_packets. + + -- Peter Palfrader Thu, 18 Aug 2005 03:02:48 +0200 + +sks (1.0.9-0.5) UNRELEASED; urgency=low + + * Fix 500_debian_fhs again. + + -- Peter Palfrader Thu, 14 Apr 2005 09:04:42 +0200 + +sks (1.0.9-0.4) UNRELEASED; urgency=low + + * Fix 500_debian_fhs, so that we do not create a thousand + diff-xxx files because client ports in recon are changing + all the time. Upstream got that right, but the patch + reverted that to a (previous? and) broken behaviour. + + -- Peter Palfrader Thu, 20 Jan 2005 17:18:58 +0100 + +sks (1.0.9-0.3) UNRELEASED; urgency=low + + * Changed maintainer to myself. + the debian-sks@mirror address was bouncing. + + -- Peter Palfrader Wed, 5 Jan 2005 19:19:28 +0100 + +sks (1.0.9-0.2) UNRELEASED; urgency=low + + * Make /var/log/sks readable by group adm. + * Fix 500_debian_fhs to also change the other location in the code + where diff-* files are used. + + -- Peter Palfrader Fri, 12 Nov 2004 17:27:41 +0100 + +sks (1.0.9-0.1) UNRELEASED; urgency=low + + * New upstream release. + * New upstream patch incorporates the following patches: + - 208_show_revoked_in_ms + - 209_handle_attribute_uids_in_mr + - 210_only_latest_changetime_in_mr + - 211_content_type_utf8 + * Upstream has a changelog again. + * Upstream shipped manpage as pod, build-depend on perl and perl-doc + so the Makefile can build it. + * The build script reappeared in the upstream tarball, resurrect + 508_build_fastbuild. + + -- Peter Palfrader Tue, 26 Oct 2004 01:42:34 +0200 + +sks (1.0.8-0.1) UNRELEASED; urgency=low + + * New upstream release. + * New upstream patch incorporates the following patches: + - 201_speling + - 202_correct_x_keyserver + - 203_extra_space_in_fpr + - 204_relative_links + - 205_show_peer_when_config_rejected + - 206_also_write_empty_diffs + - 207_log_recovered_hashes_source + * The build script disappeared in the upstream tarball, remove 508_build_fastbuild + * Updated with new pathnames/offsets: + - 209_handle_attribute_uids_in_mr + - 210_only_latest_changetime_in_mr + - 402_separate_keys_with_hr + - 500_debian_fhs + - 501_makefile_cflags + - 509_Slong_Dlong + - 510_sane_logfile_names + * Use UTF8 as charset in html content-types (211_content_type_utf8) + * Correct name of external variable so it works properly with ocaml 3.08 + and nox. + * Update build dependencies to build against ocaml 3.08. Includes changing + from libnums to ocaml-nox. + * Upstream now has a manpage, use that instead of our sks.8. + * Upstream has no changelog right now!! + + -- Peter Palfrader Mon, 18 Oct 2004 23:41:42 +0200 + +sks (1.0.7-0.4) UNRELEASED; urgency=low + + * add 211_content_type_utf8 to have utf8 encoding with tex/html. + + -- Peter Palfrader Mon, 18 Oct 2004 22:17:30 +0200 + +sks (1.0.7-0.3) UNRELEASED; urgency=low + + * add 208_show_revoked_in_ms: show key revoked information in machine + readable output. + * add 209_handle_attribute_uids_in_mr: do print "uat" instead of "uid" and + do not dump binary garbage to the client. + * add 210_only_latest_changetime_in_mr: in machine readable output, do + not show list of create and expiration times, only one. + + -- Peter Palfrader Mon, 2 Aug 2004 11:03:43 +0200 + +sks (1.0.7-0.2) UNRELEASED; urgency=low + + * add 205_show_peer_when_config_rejected: print peername in reject errors. + * add 206_also_write_empty_diffs: also write empty diff-.txt files. + * add 207_log_recovered_hashes_source: show source of keys in recon. + + -- Peter Palfrader Sat, 19 Jun 2004 01:21:14 +0200 + +sks (1.0.7-0.1) UNRELEASED; urgency=low + + * packaging sks. + + -- Peter Palfrader Sun, 14 Mar 2004 01:46:23 +0100 --- sks-1.1.0.orig/debian/watch +++ sks-1.1.0/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://minskyprimus.net/sks/releases/sks-(\d.*)\.tgz --- sks-1.1.0.orig/debian/copyright +++ sks-1.1.0/debian/copyright @@ -0,0 +1,52 @@ + The SKS OpenPGP Key Server for Debian + +Upstream author: Yaron M. Minsky +It was downloaded from: http://www.nongnu.org/sks/ + +SKS has been ported to Debian by: + Fabio M. Di Nitto + Peter Palfrader + +Copyright 2002, 2003 Yaron M. Minsky + +SKS is free software; you can redistribute it and/or modify it under the terms +of the GNU General Public License as published by the Free Software Foundation; +either version 2 of the License, or (at your option) any later version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +PARTICULAR PURPOSE. See the GNU General Public License for more details. + +You should have received a copy of the GNU General Public License along with +this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +On Debian systems the complete text of Version 2 of the General +Public License can be found in /usr/share/common-licenses/GPL. + + + +SKS uses the following additional software: + + cryptokit: + + Copyright 2002 Institut National de Recherche en Informatique et en + Automatique. All rights reserved. This file is distributed + under the terms of the GNU Library General Public License version 2, + with the special exception on linking described here: + + As a special exception to the GNU Library General Public License, you + may link, statically or dynamically, a "work that uses the Library" + with a publicly distributed version of the Library to produce an + executable file containing portions of the Library, and distribute + that executable file under terms of your choice, without any of the + additional requirements listed in clause 6 of the GNU Library General + Public License. By "a publicly distributed version of the Library", + we mean either the unmodified Library as distributed by INRIA, or a + modified version of the Library that is distributed under the + conditions defined in clause 3 of the GNU Library General Public + License. This exception does not however invalidate any other reasons + why the executable file might be covered by the GNU Library General + Public License. + + On Debian systems the complete text of Version 2 of the Library General + Public License can be found in /usr/share/common-licenses/LGPL-2. --- sks-1.1.0.orig/debian/sks.cron.daily +++ sks-1.1.0/debian/sks.cron.daily @@ -0,0 +1,41 @@ +#!/bin/sh + +# daily cron to cleanup DB's log files. + +set -e + +[ -r /etc/sks/cron.conf ] && . /etc/sks/cron.conf + +# First, remove old diff-1.2.3.4.txt files +# those files hold differences discovered during recon +# eventhing that hasn't been touched in the last 2 weeks +# is probably old and the result of a host that changed IP. + +[ -d /var/spool/sks ] || exit 0 + +find /var/spool/sks -type f -name 'diff-*.txt' -mtime +14 | xargs --no-run-if-empty rm -f + +[ -d /var/spool/sks/failed_messages ] || exit 0 + +# Also remove failed messages +find /var/spool/sks/failed_messages -type f -name 'msg-*.ready' -mtime +14 | xargs --no-run-if-empty rm -f + +[ "$REMOVE_DB_LOGS" = "no" ] && exit 0 + +clean_directory() { + dir=$1 + if [ -d "$dir" ] + then + db4.7_archive -h $dir -d + fi + return 0 +} + +# The DB directory holds indexes and keys. +clean_directory /var/lib/sks/DB + +# PTree is for the hashes used with the reconciliation algorithm. (I think) +clean_directory /var/lib/sks/PTree + + +exit 0 --- sks-1.1.0.orig/debian/sks.postinst +++ sks-1.1.0/debian/sks.postinst @@ -0,0 +1,76 @@ +#!/bin/sh -e + +# checking debian-sks account + +uid=`getent passwd debian-sks | cut -d ":" -f 3` +home=`getent passwd debian-sks | cut -d ":" -f 6` + +# if there is the uid the account is there and we can do +# the sanit(ar)y checks otherwise we can safely create it. + +if [ "$uid" ]; then + # guess??? the checks!!! + if [ $uid -ge 100 ] && [ $uid -le 999 ]; then + echo "debian-sks uid check: ok" + else + echo "ERROR: debian-sks account has a non-system uid!" + echo "Please check /usr/share/doc/sks/README.Debian on how to" + echo "correct this problem" + exit 1 + fi + if [ "$home" = "/var/lib/sks" ]; then + echo "debian-sks homedir check: ok" + else + echo "ERROR: debian-sks account has an invalid home directory!" + echo "Please check /usr/share/doc/sks/README.Debian on how to" + echo "correct this problem" + exit 1 + fi +else + # what this might mean?? oh creating a system l^Huser! + adduser --quiet \ + --system \ + --disabled-password \ + --home /var/lib/sks \ + --no-create-home \ + --shell /bin/bash \ + --group \ + debian-sks +fi + +if [ "$2" = "" ]; then + # ch{owning,moding} things around + # note that sks creates files/dirs with 600/700 + # permissions as default. so let's stick with it for the + # installation. We will do nothing across upgrades. + for i in lib log run spool; do + chown -R debian-sks:debian-sks /var/$i/sks + chmod -R 700 /var/$i/sks + find /var/$i/sks -type f -exec chmod 600 '{}' ';' + done + chgrp -R adm /var/log/sks + chmod -R g+rX /var/log/sks + chmod g+s /var/log/sks +else + if [ "$1" = "configure" ]; then + # fix permissions of logs after 1.0.9-0.1 + if dpkg --compare-versions "$2" lt "1.0.9-0.2" ; then + chgrp -R adm /var/log/sks + chmod -R g+rX /var/log/sks + chmod g+s /var/log/sks + fi + # 1.0.10 renamed log files from /var/log/sks/sks.foo.log to /var/log/sks/foo.log, + # so be nice and rename things for the admin. + if dpkg --compare-versions "$2" lt "1.0.10" ; then + for i in `ls -1 /var/log/sks/`; do + if echo "$i" | grep -q '^sks\.'; then + mv /var/log/sks/"$i" /var/log/sks/`echo "$i" | sed -e 's/^sks.//'` + fi + done + fi + fi +fi + +#DEBHELPER# + +exit 0 --- sks-1.1.0.orig/debian/sks.prerm +++ sks-1.1.0/debian/sks.prerm @@ -0,0 +1,5 @@ +#!/bin/sh + +#DEBHELPER# + +exit 0 --- sks-1.1.0.orig/debian/control +++ sks-1.1.0/debian/control @@ -0,0 +1,19 @@ +Source: sks +Section: net +Priority: optional +Standards-Version: 3.8.0 +Maintainer: Christoph Martin +Uploaders: Fabio M. Di Nitto +Build-Depends: ocaml (>= 3.08), camlp4, dbs, libdb-dev, debhelper (>= 4.0), zlib1g-dev, libcryptokit-ocaml-dev (>= 1.2-4), ocaml-nox (>= 1.3-4), perl, perl-doc + +Package: sks +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${F:OCamlRun}, db4.7-util, postfix | mail-transport-agent, procmail, adduser, logrotate +Description: Synchronizing OpenPGP Key Server + SKS is an OpenPGP key server that correctly handles all OpenPGP features + defined in RFC2440 and RFC2440bis, including photoID packages and multiple + subkeys. + . + This key server implementation uses an efficient and reliable reconciliation + algorithm to keep the database in sync with other SKS servers. Additionally + it can both send and receive PKS style sync emails. --- sks-1.1.0.orig/debian/TODO +++ sks-1.1.0/debian/TODO @@ -0,0 +1,60 @@ +commit mail test + +Legend: + - Not done + * Top priority + . Partially done + o Done + D Deferred + X Abandoned + + - Add sks_build.sh to package + +For the first upload: + - put useful conffiles into /etc/sks + - maybe we should just stick ourselves into the default + membership file. + + - Fix dependencies. sks probably needs cryptokit, numerix, and + stuff but there is no dependency right now. + Why do we link statically against cryptokit and numerix? Feature or + bug? + Don't we need a versioned dependency on libgmp3? What about libdb4.1? + X passing CFLAGS to cryptokit and numerix + . now we ship both cryptokit and numerix unpacked also to fix + a libtool <-> ocaml interaction but not everything all the + CFLAGS are the same so we cannot really use a debian standard. + o completing Build-Depends: + o wait for the non-free Nat stuff to get rewritten in ocaml. + Sven says it will be in ocaml 3.08. + o who cleans failed_messages? + if we go for the procmail solution (read below) messages will be + injected immediatly. The failes_messages imho should just be logged + (/var/log/sks/) and rotated since they become useless. + o clean up old diff-1.2.3.4.txt files: + .... 33 Dec 19 22:15 /var/spool/sks/diff-64.175.14.58.txt + o rename logs to foo.log and setup logrotate + o debian fhs needs to be completed + o where are the recon and db sockets? do they still exist in 1.0.5? + they are in /var/run/sks now. + o why the fuck upstream has to force pwd???.. a fucking "." + go figure... + and we should be carefull to the runtime option -basedir! + o dedicated uid, chown all the dirs to that user + o debian-sks: check uid range and homedir + o dedicated group too. + o init script to start sks + o still missing: loop in stop for a few seconds, sks db + is stopping slowly. + o a weekly cron to clean up unused DB log files + + upstream issues: + o common.src.ml is broken and it generates a wrong common.ml in + some cases where make common.ml believes that it is not "done". + The good code is in common.ml + X sks should be able to read sync mails from mboxes and Maildir + folders. Otherwhise we will have to write a small daemon that + feeds mail into sks_add_mail regularily. + o No. We can depends on procmail and install the related files + directly into the user home dir and mark them as configfiles. + X ship crytokit and numerix unpacked --- sks-1.1.0.orig/debian/sks.default +++ sks-1.1.0/debian/sks.default @@ -0,0 +1,3 @@ +# by default we do NOT start sks! +# Set to yes if you want to start it in the init script. +initstart=no --- sks-1.1.0.orig/debian/sks.postrm +++ sks-1.1.0/debian/sks.postrm @@ -0,0 +1,11 @@ +#!/bin/sh -e + +if [ "$1" = "purge" ]; then + # logs has to be removed according to policy. + # not sure about spool/lib stuff + rm -rf /var/log/sks +fi + +#DEBHELPER# + +exit 0 --- sks-1.1.0.orig/debian/README.patches +++ sks-1.1.0/debian/README.patches @@ -0,0 +1,6 @@ +000 - stolen from HEAD +100 - 199 patches that upstream accepted +200 - 399 patches that should go upstream +400 - 499 patches that upstream rejected, but that we want anyway +500 - 899 debian specific patches +900 - 999 security patches --- sks-1.1.0.orig/debian/sks.dirs +++ sks-1.1.0/debian/sks.dirs @@ -0,0 +1,8 @@ +etc/sks +usr/sbin +usr/lib/sks +var/lib/sks/dump +var/log/sks +var/run/sks +var/spool/sks/messages +var/spool/sks/failed_messages --- sks-1.1.0.orig/debian/contrib/make_debian_orig +++ sks-1.1.0/debian/contrib/make_debian_orig @@ -0,0 +1,53 @@ +#!/bin/sh + +# sks_make_debian_orig - make a debian tarball from sks upstream source + +# Copyright (c) 2005 Marco Nenciarini +# Copyright (c) 2005 Peter Palfrader + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +set -e + +trap "echo Error" ERR + +if ! version=$(cat VERSION); then + echo "Not in sks source dir" + exit 255 +fi + +currdir=$(pwd) +tmpdir=$(mktemp -d) +trap "rm -fr $tmpdir" EXIT + +destname=sks-$version +destfile=$(dirname "$currdir")/sks-$version.debian.tar.gz + +mkdir $tmpdir/$destname +cp -R . $tmpdir/$destname + +cd $tmpdir/$destname +rm -fr ,,* {* +rm -f *.tar.gz +rm -fr .arch* + +touch Makefile.local +touch .depend + +make dep + +cd .. +rm -f $destfile +tar czf $destfile $destname --- sks-1.1.0.orig/debian/patches/502_makefile_install +++ sks-1.1.0/debian/patches/502_makefile_install @@ -0,0 +1,34 @@ +diff -ruN sks-1.1.0-old/Makefile sks-1.1.0/Makefile +--- sks-1.1.0-old/Makefile 2008-06-24 17:00:11.000000000 +0200 ++++ sks-1.1.0/Makefile 2008-06-24 17:04:05.000000000 +0200 +@@ -125,14 +125,17 @@ + # Special targets + + install: +- mkdir -p $(PREFIX)/bin +- install sks_build.sh sks sks_add_mail $(PREFIX)/bin ++ mkdir -p $(PREFIX)/sbin $(PREFIX)/lib/sks ++ install sks $(PREFIX)/sbin ++ install sks_build.sh sks_add_mail $(PREFIX)/lib/sks + mkdir -p $(MANDIR)/man8 + install sks.8.gz $(MANDIR)/man8 + + install.bc: +- mkdir -p $(PREFIX)/bin +- install sks_build.bc sks.bc sks_add_mail.bc $(PREFIX)/bin ++ mkdir -p $(PREFIX)/sbin $(PREFIX)/lib/sks ++ install sks.bc $(PREFIX)/sbin/sks ++ install sks_build.sh $(PREFIX)/lib/sks/ ++ install sks_add_mail.bc $(PREFIX)/lib/sks/sks_add_mail + mkdir -p $(MANDIR)/man8 + install sks.8.gz $(MANDIR)/man8 + +@@ -148,7 +151,7 @@ + # Ordinary targets + + sks.8.gz: sks.8 +- gzip -f sks.8 ++ gzip -9 -f sks.8 + + sks.8: sks.pod + pod2man -c "SKS OpenPGP Key server" --section 8 -r 0.1 -name sks sks.pod sks.8 --- sks-1.1.0.orig/debian/patches/510-allowed-chars +++ sks-1.1.0/debian/patches/510-allowed-chars @@ -0,0 +1,12 @@ +diff -ruN sks-1.1.0-old/dbserver.ml sks-1.1.0/dbserver.ml +--- sks-1.1.0-old/dbserver.ml 2008-11-08 16:12:22.376045000 +0000 ++++ sks-1.1.0/dbserver.ml 2008-11-08 16:12:59.014429214 +0000 +@@ -348,7 +348,7 @@ + + let is_safe char = + (char >= 'A' && char <= 'Z') || (char >= 'a' && char <= 'z') || +- (char >= '0' && char <= '9') || (char = '.') ++ (char >= '0' && char <= '9') || (char = '.') || (char = '-') + + + let verify_web_fname fname = --- sks-1.1.0.orig/debian/patches/201_makefile_man +++ sks-1.1.0/debian/patches/201_makefile_man @@ -0,0 +1,22 @@ +diff -ruN sks-1.1.0-old/Makefile sks-1.1.0/Makefile +--- sks-1.1.0-old/Makefile 2008-06-24 16:56:07.000000000 +0200 ++++ sks-1.1.0/Makefile 2008-06-24 16:57:03.000000000 +0200 +@@ -54,8 +54,8 @@ + OCAMLOPTFLAGS=$(COMMONCAMLFLAGS) -inline 40 $(CAMLLIBS:.cma=.cmxa) + + EXE=sks sks_add_mail +-ALL=$(EXE) +-ALL.bc=$(EXE:=.bc) ++ALL=$(EXE) sks.8.gz ++ALL.bc=$(EXE:=.bc) sks.8.gz + + all: $(ALL) + all.bc: $(ALL.bc) +@@ -383,6 +383,7 @@ + clean: mlclean + rm -f *.o + rm -f prepared ++ rm -f sks.8.gz + + cleanall: clean bdbclean + rm -f lib/* --- sks-1.1.0.orig/debian/patches/202_makefile_bytecode +++ sks-1.1.0/debian/patches/202_makefile_bytecode @@ -0,0 +1,24 @@ +diff -ruN sks-1.1.0-old/bdb/Makefile sks-1.1.0/bdb/Makefile +--- sks-1.1.0-old/bdb/Makefile 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/bdb/Makefile 2008-06-24 16:59:21.000000000 +0200 +@@ -35,7 +35,7 @@ + COBJS = bdb_stubs.o + + ocextr: ocextr.ml +- $(OCAMLOPT) -o ocextr ocextr.ml ++ $(OCAMLC) -o ocextr ocextr.ml + + libbdb.a: $(COBJS) + $(MKLIB) -custom -o bdb $(COBJS) +diff -ruN sks-1.1.0-old/Makefile sks-1.1.0/Makefile +--- sks-1.1.0-old/Makefile 2008-06-24 16:57:40.000000000 +0200 ++++ sks-1.1.0/Makefile 2008-06-24 16:57:40.000000000 +0200 +@@ -132,7 +132,7 @@ + + install.bc: + mkdir -p $(PREFIX)/bin +- install sks_build.bc.sh sks.bc sks_add_mail.bc $(PREFIX)/bin ++ install sks_build.bc sks.bc sks_add_mail.bc $(PREFIX)/bin + mkdir -p $(MANDIR)/man8 + install sks.8.gz $(MANDIR)/man8 + --- sks-1.1.0.orig/debian/patches/508_build_fastbuild +++ sks-1.1.0/debian/patches/508_build_fastbuild @@ -0,0 +1,52 @@ +diff -ruN sks-1.1.0-old/sks_build.sh sks-1.1.0/sks_build.sh +--- sks-1.1.0-old/sks_build.sh 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/sks_build.sh 2008-05-30 00:17:07.000000000 +0200 +@@ -5,12 +5,44 @@ + # You might want to edit this file to reduce or increase memory usage + # depending on your system + ++ask_mode() { ++ echo "Please select the mode in which you want to import the keydump:" ++ echo "" ++ echo "1 - fastbuild" ++ echo " only an index of the keydump is created and the keydump cannot be" ++ echo " removed." ++ echo "" ++ echo "2 - normalbuild" ++ echo "" ++ echo " all the keydump will be imported in a new database. It takes longer" ++ echo " time and more disk space, but the server will run faster (depending" ++ echo " from the source/age of the keydump)." ++ echo " The keydump can be removed after the import." ++ echo "" ++ echo -n "Enter enter the mode (1/2): " ++ read ++ case "$REPLY" in ++ 1) ++ mode="fastbuild" ++ ;; ++ 2) ++ mode="build /var/lib/sks/dump/*.pgp" ++ ;; ++ *) ++ echo "Option unknown. bye!" ++ exit 1 ++ ;; ++ esac ++} ++ + fail() { echo Command failed unexpectedly. Bailing out; exit -1; } + +-echo === Running fastbuild... === +-if ! sks fastbuild -n 10 -cache 100; then fail; fi ++ask_mode ++ ++echo "=== Running (fast)build... ===" ++if ! /usr/sbin/sks $mode -n 10 -cache 100; then fail; fi + echo === Cleaning key database... === +-if ! sks cleandb; then fail; fi ++if ! /usr/sbin/sks cleandb; then fail; fi + echo === Building ptree database... === +-if ! sks pbuild -cache 20 -ptree_cache 70; then fail; fi ++if ! /usr/sbin/sks pbuild -cache 20 -ptree_cache 70; then fail; fi + echo === Done! === --- sks-1.1.0.orig/debian/patches/500_debian_fhs +++ sks-1.1.0/debian/patches/500_debian_fhs @@ -0,0 +1,113 @@ +diff -ruN sks-1.1.0-old/common.ml sks-1.1.0/common.ml +--- sks-1.1.0-old/common.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/common.ml 2008-05-30 00:08:38.000000000 +0200 +@@ -82,7 +82,7 @@ + + let set_logfile extension = + if !Settings.filelog then +- let fname = (Filename.concat !Settings.basedir extension) ^ ".log" in ++ let fname = (Filename.concat !Settings.basedir "/var/log/sks/") ^ extension ^ ".log" in + stored_logfile_name := Some fname; + logfile := open_out_gen [ Open_wronly; Open_creat; Open_append; ] + 0o600 fname; +@@ -201,8 +201,8 @@ + let recon_address = !Settings.recon_address + let http_port = !Settings.hkp_port + let http_address = !Settings.hkp_address +-let db_command_name = Filename.concat !Settings.basedir "db_com_sock" +-let recon_command_name = Filename.concat !Settings.basedir "recon_com_sock" ++let db_command_name = Filename.concat !Settings.basedir "/var/run/sks/db_com_sock" ++let recon_command_name = Filename.concat !Settings.basedir "/var/run/sks/recon_com_sock" + + let db_command_addr = Unix.ADDR_UNIX db_command_name + let recon_command_addr = Unix.ADDR_UNIX recon_command_name +diff -ruN sks-1.1.0-old/dbserver.ml sks-1.1.0/dbserver.ml +--- sks-1.1.0-old/dbserver.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/dbserver.ml 2008-05-30 00:08:38.000000000 +0200 +@@ -362,7 +362,7 @@ + + let convert_web_fname fname = + if verify_web_fname fname then +- Filename.concat !Settings.basedir (Filename.concat "web" fname) ++ Filename.concat !Settings.basedir (Filename.concat "/var/lib/sks/www" fname) + else raise (Wserver.Misc_error "Malformed requst") + + let supported_extensions = +diff -ruN sks-1.1.0-old/getfileopts.ml sks-1.1.0/getfileopts.ml +--- sks-1.1.0-old/getfileopts.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/getfileopts.ml 2008-05-30 00:08:38.000000000 +0200 +@@ -106,7 +106,7 @@ + (**************************************************************) + (**************************************************************) + +-let config_fname = "sksconf" ++let config_fname = "/etc/sks/sksconf" + + let parse args = + Arg.current := 0; +diff -ruN sks-1.1.0-old/reconserver.ml sks-1.1.0/reconserver.ml +--- sks-1.1.0-old/reconserver.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/reconserver.ml 2008-05-30 00:08:38.000000000 +0200 +@@ -183,7 +183,7 @@ + let elements = ZSet.elements results in + let hashes = hashconvert elements in + print_hashes (sockaddr_to_string http_addr) hashes; +- log_diffs (sprintf "diff-%s.txt" (sockaddr_to_name http_addr)) hashes; ++ log_diffs (sprintf "/var/spool/sks/diff-%s.txt" (sockaddr_to_name http_addr)) hashes; + if List.length elements > 0 + then + begin +@@ -221,7 +221,7 @@ + plerror 4 "Reconciliation complete"; + let hashes = hashconvert results in + print_hashes (sockaddr_to_string http_addr) hashes; +- log_diffs (sprintf "diff-%s.txt" (sockaddr_to_name http_addr)) hashes; ++ log_diffs (sprintf "/var/spool/sks/diff-%s.txt" (sockaddr_to_name http_addr)) hashes; + match results with + [] -> [] + | _ -> +diff -ruN sks-1.1.0-old/settings.ml sks-1.1.0/settings.ml +--- sks-1.1.0-old/settings.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/settings.ml 2008-05-30 00:08:38.000000000 +0200 +@@ -173,7 +173,7 @@ + let command_timeout = ref 60 + let set_command_timeout value = command_timeout := value + +-let sendmail_cmd = ref "sendmail -t -oi" ++let sendmail_cmd = ref "/usr/lib/sendmail -t -oi" + let set_sendmail_cmd value = sendmail_cmd := value + + let membership_reload_time = ref (60. *. 60. *. 6.) +@@ -197,15 +197,15 @@ + from_addr := Some addr; + addr + +-let basedir = ref "." ++let basedir = ref "" + +-let base_dbdir = "KDB" +-let base_ptree_dbdir = "PTree" +-let base_membership_file = "membership" +-let base_mailsync_file = "mailsync" +-let base_dumpdir = "dump" +-let base_msgdir = "messages" +-let base_failed_msgdir = "failed_messages" ++let base_dbdir = "/var/lib/sks/DB" ++let base_ptree_dbdir = "/var/lib/sks/PTree" ++let base_membership_file = "/etc/sks/membership" ++let base_mailsync_file = "/etc/sks/mailsync" ++let base_dumpdir = "/var/lib/sks/dump" ++let base_msgdir = "/var/spool/sks/messages" ++let base_failed_msgdir = "/var/spool/sks/failed_messages" + + let dbdir = lazy (Filename.concat !basedir base_dbdir) + let ptree_dbdir = lazy (Filename.concat !basedir base_ptree_dbdir) +@@ -252,7 +252,7 @@ + ("-hkp_address",Arg.String set_hkp_address, " Set hkp binding address"); + ("-use_port_80",Arg.Set use_port_80, + " Have the HKP interface listen on port 80, as well as the hkp_port"); +- ("-basedir", Arg.Set_string basedir, " Base directory"); ++ ("-basedir", Arg.Set_string basedir, " Base directory (Take special care if running the Debian package!)"); + ("-stdoutlog", Arg.Clear filelog, + " Send log messages to stdout instead of log file"); + ("-diskptree", Arg.Set disk_ptree, --- sks-1.1.0.orig/debian/patches/509-content-types +++ sks-1.1.0/debian/patches/509-content-types @@ -0,0 +1,11 @@ +diff -ruN sks-1.1.0-old/dbserver.ml sks-1.1.0/dbserver.ml +--- sks-1.1.0-old/dbserver.ml 2008-11-08 15:58:54.803687000 +0000 ++++ sks-1.1.0/dbserver.ml 2008-11-08 15:59:37.333809983 +0000 +@@ -370,6 +370,7 @@ + ".gif", "image/gif"; + ".ico", "image/x-icon"; + ".png", "image/png"; ++ ".html", "text/html"; + ".txt", "text/plain"; + ] + --- sks-1.1.0.orig/debian/patches/501_makefile_cflags +++ sks-1.1.0/debian/patches/501_makefile_cflags @@ -0,0 +1,98 @@ +diff -ruN sks-1.1.0-old/bdb/Makefile sks-1.1.0/bdb/Makefile +--- sks-1.1.0-old/bdb/Makefile 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/bdb/Makefile 2008-06-04 11:15:31.000000000 +0200 +@@ -16,8 +16,8 @@ + CINCLUDES=-I`ocamlc -where` $(BDBINCLUDE) + CC=gcc + CXX=g++ +-CFLAGS=-O3 -Werror-implicit-function-declaration $(CINCLUDES) $(BDBLIB) -I . +-CXXFLAGS=-O3 $(CINCLUDES) $(BDBLIB) -I . ++CFLAGS=$(DEBCFLAGS) -Werror-implicit-function-declaration $(CINCLUDES) $(BDBLIB) -I . ++CXXFLAGS=$(DEBCFLAGS) $(CINCLUDES) $(BDBLIB) -I . + + MKLIB=ocamlmklib + RANLIB=ranlib +diff -ruN sks-1.1.0-old/Makefile sks-1.1.0/Makefile +--- sks-1.1.0-old/Makefile 2008-06-04 11:15:31.000000000 +0200 ++++ sks-1.1.0/Makefile 2008-06-04 11:16:08.000000000 +0200 +@@ -17,8 +17,8 @@ + CINCLUDES=-I`ocamlc -where` + CC=gcc + CXX=g++ +-CFLAGS=-O3 -Werror-implicit-function-declaration $(CINCLUDES) -I . +-CXXFLAGS=-O3 $(CINCLUDES) -I . ++CFLAGS=$(DEBCFLAGS) -Werror-implicit-function-declaration $(CINCLUDES) -I . ++CXXFLAGS=$(DEBCFLAGS) $(CINCLUDES) -I . + + ifndef OCAMLC + OCAMLC=ocamlc +@@ -46,7 +46,7 @@ + endif + + CAMLP4=-pp $(CAMLP4O) +-CAMLINCLUDE= -I lib -I bdb ++CAMLINCLUDE= -I lib -I bdb -I +cryptokit + COMMONCAMLFLAGS=$(CAMLINCLUDE) $(OCAMLLIB) -ccopt -Lbdb -dtypes -ccopt -pthread -warn-error A + OCAMLDEP=ocamldep $(CAMLP4) + CAMLLIBS=unix.cma str.cma bdb.cma nums.cma bigarray.cma cryptokit.cma +@@ -99,7 +99,7 @@ + + EXEOBJS.bc=$(RSERVOBJS.bc) build.cmo fastbuild.cmo dbserver.cmo pdiskTest.cmo + +-LIBS.bc= lib/cryptokit.cma bdb/bdb.cma ++LIBS.bc= bdb/bdb.cma + LIBS=$(LIBS.bc:.cma=.cmxa) + + VERSION := $(shell cat VERSION) +@@ -249,10 +249,10 @@ + ################################## + + bdb/bdb.cmxa: bdb/bdb_stubs.c bdb/bdb_stubs.h +- cd bdb && $(MAKE) bdb.cmxa ++ cd bdb && $(MAKE) DEBCFLAGS="$(DEBCFLAGS)" bdb.cmxa + + bdb/bdb.cma: bdb/bdb_stubs.c bdb/bdb_stubs.h +- cd bdb && $(MAKE) bdb.cma ++ cd bdb && $(MAKE) DEBCFLAGS="$(DEBCFLAGS)" bdb.cma + + bdbclean: + cd bdb && $(MAKE) clean +@@ -267,29 +267,6 @@ + touch prepared + + +-CKDIR=cryptokit-1.0 +- +-$(CKDIR)/README: +- tar xmvfz $(CKDIR).tar.gz +- +-$(CKDIR)/cryptokit.cma: $(CKDIR)/README +- cd $(CKDIR) && $(MAKE) all +- +-$(CKDIR)/cryptokit.cmxa: $(CKDIR)/README +- cd $(CKDIR) && $(MAKE) allopt +- +-lib/cryptokit.cma: $(CKDIR)/cryptokit.cma $(CKDIR)/cryptokit.cmxa prepared +- cp $(CKDIR)/cryptokit.cmi $(CKDIR)/cryptokit.cma \ +- $(CKDIR)/cryptokit.mli lib +- cp $(CKDIR)/libcryptokit.a lib +- if test -f $(CKDIR)/dllcryptokit.so; then \ +- cp $(CKDIR)/dllcryptokit.so lib; fi +- if test -f $(CKDIR)/cryptokit.cmxa; then \ +- cp $(CKDIR)/cryptokit.cmxa $(CKDIR)/cryptokit.cmx \ +- $(CKDIR)/cryptokit.a lib; fi +- +-lib/cryptokit.cmxa: lib/cryptokit.cma +- + ################################ + # old stuff + ################################ +@@ -386,8 +363,6 @@ + + cleanall: clean bdbclean + rm -f lib/* +- rm -rf $(CKDIR) +- rm -rf $(NXDIR) + rm -rf + + # Dependencies --- sks-1.1.0.orig/debian/patches/010_tighten_compiler_errors_warnings +++ sks-1.1.0/debian/patches/010_tighten_compiler_errors_warnings @@ -0,0 +1,293 @@ +diff -ruN sks-1.1.0-old/bitstring.ml sks-1.1.0/bitstring.ml +--- sks-1.1.0-old/bitstring.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/bitstring.ml 2008-06-04 10:54:08.000000000 +0200 +@@ -158,7 +158,7 @@ + let str = String.create bytes in + String.blit ~src:ba.a ~src_pos:0 + ~dst:str ~dst_pos:0 ~len:(String.length ba.a); +- { ba with a = str; bitlength = bitlength } ++ { a = str; bitlength = bitlength } + + (********************************************************************) + (*** Shifting *****************************************************) +diff -ruN sks-1.1.0-old/decode.ml sks-1.1.0/decode.ml +--- sks-1.1.0-old/decode.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/decode.ml 2008-06-04 10:54:57.000000000 +0200 +@@ -134,9 +134,9 @@ + + let rec factor f = + let degree = Poly.degree f in +- if Poly.degree f = 1 ++ if degree = 1 + then ZSet.add (ZZp.neg (Poly.const_coeff f)) ZSet.empty +- else if Poly.degree f = 0 ++ else if degree = 0 + then ZSet.empty + else + let (f1,f2) = rand_split f in +diff -ruN sks-1.1.0-old/index.ml sks-1.1.0/index.ml +--- sks-1.1.0-old/index.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/index.ml 2008-06-04 10:56:11.000000000 +0200 +@@ -99,8 +99,8 @@ + + | 12 -> (* revocation key *) + let cin = new Channel.string_in_channel ssp.ssp_body 0 in +- let revclass = cin#read_int_size 1 in +- let algid = cin#read_int_size 1 in ++ let _revclass = cin#read_int_size 1 in ++ let _algid = cin#read_int_size 1 in + let fingerprint = cin#read_string 20 in + siginfo.revocation_key <- Some fingerprint + +@@ -170,7 +170,7 @@ + let selfsigs = List.filter ~f:(fun si -> is_selfsig ~keyid si) + siginfo_list in + let times = filter_opts +- (List.map siginfo_list ++ (List.map selfsigs + ~f:(function x -> match x.sig_creation_time with + None -> None + | Some time -> Some (Int64.to_float time))) +@@ -364,7 +364,6 @@ + + | _ -> sprintf "uat [contents omitted]" + in +- let creation_string = datestr_of_int64 in + let siginfo_lines = + List.concat + (List.map ~f:(siginfo_to_lines ~get_uid ~key_creation_time +diff -ruN sks-1.1.0-old/keydb.ml sks-1.1.0/keydb.ml +--- sks-1.1.0-old/keydb.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/keydb.ml 2008-06-04 10:56:50.000000000 +0200 +@@ -1261,7 +1261,6 @@ + + (** replace [key1] with [key2] in the database *) + let swap_keys key1 key2 = +- let dbs = get_dbs () in + let txn = txn_begin () in + try + delete_key_txn ?txn key1; +@@ -1281,7 +1280,6 @@ + (**********************************************************) + + let delete_key ?hash key = +- let dbs = get_dbs () in + let txn = txn_begin () in + try + delete_key_txn ?txn key; +diff -ruN sks-1.1.0-old/Makefile sks-1.1.0/Makefile +--- sks-1.1.0-old/Makefile 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/Makefile 2008-06-04 10:53:16.000000000 +0200 +@@ -47,7 +47,7 @@ + + CAMLP4=-pp $(CAMLP4O) + CAMLINCLUDE= -I lib -I bdb +-COMMONCAMLFLAGS=$(CAMLINCLUDE) $(OCAMLLIB) -ccopt -Lbdb -dtypes -ccopt -pthread ++COMMONCAMLFLAGS=$(CAMLINCLUDE) $(OCAMLLIB) -ccopt -Lbdb -dtypes -ccopt -pthread -warn-error A + OCAMLDEP=ocamldep $(CAMLP4) + CAMLLIBS=unix.cma str.cma bdb.cma nums.cma bigarray.cma cryptokit.cma + OCAMLFLAGS=$(COMMONCAMLFLAGS) -g $(CAMLLIBS) +diff -ruN sks-1.1.0-old/parsePGP.ml sks-1.1.0/parsePGP.ml +--- sks-1.1.0-old/parsePGP.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/parsePGP.ml 2008-06-04 10:57:59.000000000 +0200 +@@ -189,9 +189,9 @@ + let version = cin#read_byte in + if version <> 4 then + failwith "Attempt to parse non-v4 signature as v4 signature"; +- let sigtype = cin#read_byte in +- let key_alg = cin#read_byte in +- let hash_alg = cin#read_byte in ++ let _sigtype = cin#read_byte in ++ let _key_alg = cin#read_byte in ++ let _hash_alg = cin#read_byte in + let hashed_subpacket_count = cin#read_int_size 2 in + (* now we can start reading the hashed sub-packets *) + cin#read_string hashed_subpacket_count +@@ -235,7 +235,7 @@ + | 4 -> + let sigtype = cin#read_byte in + let pk_alg = cin#read_byte in +- let hash_alg = cin#read_byte in ++ let _hash_alg = cin#read_byte in + + let hashed_subpacket_bytes = cin#read_int_size 2 in + let hashed_subpackets = read_subpackets cin hashed_subpacket_bytes in +diff -ruN sks-1.1.0-old/pMap.ml sks-1.1.0/pMap.ml +--- sks-1.1.0-old/pMap.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/pMap.ml 2008-06-04 10:57:31.000000000 +0200 +@@ -92,7 +92,7 @@ + let rec add ~key:x ~data = function + Empty -> + Node(Empty, x, data, Empty, 1) +- | Node(l, v, d, r, h) as t -> ++ | Node(l, v, d, r, h) -> + let c = Ord.compare x v in + if c = 0 then + Node(l, x, data, r, h) +@@ -126,7 +126,7 @@ + let rec remove x = function + Empty -> + Empty +- | Node(l, v, d, r, h) as t -> ++ | Node(l, v, d, r, h) -> + let c = Ord.compare x v in + if c = 0 then + merge l r +diff -ruN sks-1.1.0-old/prefixTree.ml sks-1.1.0/prefixTree.ml +--- sks-1.1.0-old/prefixTree.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/prefixTree.ml 2008-06-04 10:59:53.000000000 +0200 +@@ -321,10 +321,7 @@ + (** side-effect-free version of load_child *) + let load_child_sef t children cindex = + match children.(cindex) with +- | OnDisk key -> +- let db = op_unwrap t.db in +- let cnode = load_node t (dbkey_of_key key) in +- cnode ++ | OnDisk key -> load_node t (dbkey_of_key key) + | InMem cnode -> cnode + + (******************************************************************) +diff -ruN sks-1.1.0-old/reconComm.ml sks-1.1.0/reconComm.ml +--- sks-1.1.0-old/reconComm.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/reconComm.ml 2008-06-04 11:02:26.000000000 +0200 +@@ -30,7 +30,6 @@ + + (** send DbMessages message and wait for response *) + let send_dbmsg msg = +- let ctr = ref 0 in + let s = Unix.socket + ~domain:Unix.PF_UNIX + ~kind:Unix.SOCK_STREAM +@@ -54,8 +53,7 @@ + ~protocol:0 in + protect ~f:(fun () -> + Unix.connect s ~addr:db_command_addr; +- let cin = Channel.sys_in_from_fd s +- and cout = Channel.sys_out_from_fd s in ++ let cout = Channel.sys_out_from_fd s in + marshal cout msg ) + ~finally:(fun () -> Unix.close s) + +@@ -87,7 +85,7 @@ + cout#write_string msg; + cout#flush; + ignore (input_line cin#inchan); (* read "HTTP" line *) +- let headers = Wserver.parse_headers Map.empty cin#inchan in ++ let _headers = Wserver.parse_headers Map.empty cin#inchan in + let keystrings = + CMarshal.unmarshal_list ~f:CMarshal.unmarshal_string cin + in +diff -ruN sks-1.1.0-old/rMisc.ml sks-1.1.0/rMisc.ml +--- sks-1.1.0-old/rMisc.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/rMisc.ml 2008-06-04 11:01:37.000000000 +0200 +@@ -48,7 +48,8 @@ + if pos < len then + let steps = + if len - pos > 3 then 3 else len - pos in +- let bits = rfunc () in ++ (* CR yminsky: I think this has the same bug as the function with the same name in Utils *) ++ let _bits = rfunc () in + for i = 0 to steps - 1 do + string.[pos + i] <- + char_of_int (0xFF land ((rfunc ()) lsr (8 * i))) +@@ -101,10 +102,12 @@ + (base_set,diff_set) + *) + ++(* + let print_string_set set = + let list = Set.elements set in + let list= List.sort ~cmp:compare list in +- List.iter ~f:(fun string -> print_string string; print_newline ()) ++ List.iter ~f:(fun string -> print_string string; print_newline ()) ++*) + + let add_sarray ~data sarray = + Array.fold_right ~f:(fun string set -> Set.add string set) +diff -ruN sks-1.1.0-old/server.ml sks-1.1.0/server.ml +--- sks-1.1.0-old/server.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/server.ml 2008-06-04 11:04:26.000000000 +0200 +@@ -45,7 +45,6 @@ + + let solve ~remote_size ~local_size ~remote_samples ~local_samples ~points = + let values = ZZp.mut_array_div remote_samples local_samples in +- let len = Array.length values in + try + let (remote_diff,local_diff) = + Decode.reconcile ~values ~points ~d:(remote_size - local_size) +diff -ruN sks-1.1.0-old/sks_do.ml sks-1.1.0/sks_do.ml +--- sks-1.1.0-old/sks_do.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/sks_do.ml 2008-06-04 11:04:41.000000000 +0200 +@@ -35,7 +35,6 @@ + exit (-1) + + let send_dbmsg msg = +- let ctr = ref 0 in + let s = Unix.socket + ~domain:Unix.PF_UNIX + ~kind:Unix.SOCK_STREAM +diff -ruN sks-1.1.0-old/stats.ml sks-1.1.0/stats.ml +--- sks-1.1.0-old/stats.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/stats.ml 2008-06-04 11:04:53.000000000 +0200 +@@ -171,7 +171,6 @@ + let generate_html_stats_page log size = + let log = Array.of_list log in + let now = Unix.gettimeofday () in +- let tm = Unix.localtime now in + let num_keys = sprintf "

Total number of keys: %d

\n" size in + let title = + sprintf +diff -ruN sks-1.1.0-old/utils.ml sks-1.1.0/utils.ml +--- sks-1.1.0-old/utils.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/utils.ml 2008-06-04 11:06:50.000000000 +0200 +@@ -255,12 +255,15 @@ + if pos < len then + let steps = + if len - pos > 3 then 3 else len - pos in +- let bits = rfunc () in +- for i = 0 to steps - 1 do +- string.[pos + i] <- ++ (* CR yminsky: this is basically a bug. We double-call rfunc for no reason. ++ I'm worried about changing this because there is probably some assumptions about ++ the random generation being deterministic *) ++ let _bits = rfunc () in ++ for i = 0 to steps - 1 do ++ string.[pos + i] <- + char_of_int (0xFF land ((rfunc ()) lsr (8 * i))) +- done; +- fill_random_string rfunc string ~pos:(pos + steps) ~len ++ done; ++ fill_random_string rfunc string ~pos:(pos + steps) ~len + else + () + +diff -ruN sks-1.1.0-old/wserver.ml sks-1.1.0/wserver.ml +--- sks-1.1.0-old/wserver.ml 2008-05-29 23:44:00.000000000 +0200 ++++ sks-1.1.0/wserver.ml 2008-06-04 11:07:36.000000000 +0200 +@@ -254,7 +254,7 @@ + let output = output_chan#contents in + send_result cout ~content_type output + with +- | Eventloop.SigAlarm as e -> ++ | Eventloop.SigAlarm -> + ignore (Unix.alarm recover_timeout); + plerror 2 "request %s timed out" (request_to_string request); + let output = +@@ -301,7 +301,6 @@ + ignore (Unix.alarm recover_timeout); + plerror 2 "Error handling request %s: %s" + (request_to_string request) (Common.err_to_string e); +- let content_type = "text/html; charset=UTF-8" in + let output = + (HtmlTemplates.page ~title:"Error handling request" + ~body:(sprintf "Error handling request. Exception raised: %s" +@@ -310,7 +309,7 @@ + send_result cout ~error_code:500 output + with + | Sys.Break as e -> raise e +- | Eventloop.SigAlarm as e -> ++ | Eventloop.SigAlarm -> + ignore (Unix.alarm recover_timeout); + let output = + HtmlTemplates.page ~title:"Timeout" --- sks-1.1.0.orig/debian/patches/203_db4.7 +++ sks-1.1.0/debian/patches/203_db4.7 @@ -0,0 +1,12 @@ +diff -ruN sks-1.1.0-old/bdb/Makefile sks-1.1.0/bdb/Makefile +--- sks-1.1.0-old/bdb/Makefile 2009-07-15 23:41:52.889448000 +0200 ++++ sks-1.1.0/bdb/Makefile 2009-07-15 23:43:04.008447926 +0200 +@@ -29,7 +29,7 @@ + OCAMLOPTFLAGS=$(COMMONCAMLFLAGS) -inline 40 + + ifndef LIBDB +-LIBDB=-ldb-4.6 ++LIBDB=-ldb-4.7 + endif + + COBJS = bdb_stubs.o --- sks-1.1.0.orig/debian/debcfg/procmail +++ sks-1.1.0/debian/debcfg/procmail @@ -0,0 +1,3 @@ +:0 +* ^Subject: *(incremental|add) +| /usr/lib/sks/sks_add_mail /var/spool/sks --- sks-1.1.0.orig/debian/debcfg/sksconf +++ sks-1.1.0/debian/debcfg/sksconf @@ -0,0 +1,32 @@ +# /etc/sks/sksconf +# +# The configuration file for your SKS server. +# You can find more options in sks(8) manpage. + +# Set server hostname +#hostname: this.server.fdqn + +# Set recon binding address +#recon_address: 0.0.0.0 + +# Set recon port number +#recon_port: 11370 + +# Set hkp binding address +#hkp_address: 0.0.0.0 + +# Set hkp port number +#hkp_port: 11371 + +# Have the HKP interface listen on port 80, as well as the hkp_port +#use_port_80: + +# From address used in synchronization emails used to communicate with PKS +#from_addr: "PGP Key Server Administrator " + +# Command used for sending mail (you can use -f option to specify the +# envelope sender address, if your MTA trusts the sks user) +#sendmail_cmd: /usr/lib/sendmail -t -oi + +# Runs database statistics calculation on boot (time and cpu expensive) +#initial_stat: --- sks-1.1.0.orig/debian/debcfg/forward.postfix +++ sks-1.1.0/debian/debcfg/forward.postfix @@ -0,0 +1 @@ +"|exec /usr/bin/procmail" --- sks-1.1.0.orig/debian/debcfg/mailsync +++ sks-1.1.0/debian/debcfg/mailsync @@ -0,0 +1,16 @@ +# /etc/sks/mailsync +# +# The mailsync should contains a list of email addresses of PKS +# keyservers, one per line. This file is important, because it ensures +# that keys submitted directly to an SKS keyserver are also forwarded +# to PKS keyservers. +# +# Empty lines and whitespace-only lines are ignored, as are lines +# whose first non-whitespace character is a `#'. +# +# IMPORTANT: don't add someone to your mailsync file without getting +# their permission first! +# +# Jason Harris says that having his keyserver's address in the Debian package +# is fine. +pgp-public-keys@keyserver.kjsl.com --- sks-1.1.0.orig/debian/debcfg/membership +++ sks-1.1.0/debian/debcfg/membership @@ -0,0 +1,13 @@ +# /etc/sks/membership +# +# With SKS, two hosts can efficiently compare their databases then +# repair whatever differences are found. In order to set up +# reconciliation, you first need to find other SKS servers that will +# agree to gossip with you. The hostname and port of the server that +# has agreed to do so should be added to this file. +# +# Empty lines and whitespace-only lines are ignored, as are lines +# whose first non-whitespace character is a `#'. +# +# Example: +# keyserver.linux.it 11370 --- sks-1.1.0.orig/debian/debcfg/forward.exim +++ sks-1.1.0/debian/debcfg/forward.exim @@ -0,0 +1 @@ +|/usr/bin/procmail