This commit is contained in:
parent
fd7437b673
commit
57b7de2bc5
|
@ -1,35 +0,0 @@
|
||||||
Hagrid is owned by the [p≡p foundation] and licensed under the
|
|
||||||
terms of the AGPLv3+.
|
|
||||||
|
|
||||||
[p≡p foundation]: https://pep.foundation/
|
|
||||||
|
|
||||||
To finance its mission, privacy by default, the [p≡p foundation]
|
|
||||||
allows third parties (currently only [p≡p security]) to relicense its
|
|
||||||
software. Consistent with the rules of a foundation, the money
|
|
||||||
collected by the foundation in this manner is fully reinvested in the
|
|
||||||
foundation's mission, which includes further development of Hagrid.
|
|
||||||
|
|
||||||
[p≡p security]: https://www.pep.security/
|
|
||||||
|
|
||||||
To do this, the [p≡p foundation] needs permission from all
|
|
||||||
contributors to relicense their changes. In return, the
|
|
||||||
[p≡p foundation] guarantees that *all* releases of Hagrid (and
|
|
||||||
any other software it owns) will also be released under a GNU-approved
|
|
||||||
license. That is, even if Foo Corp is granted a license to use
|
|
||||||
Hagrid in a proprietary product, the exact code that Foo Corp
|
|
||||||
uses will also be licensed under a GNU-approved license.
|
|
||||||
|
|
||||||
If you want to contribute to Hagrid, and you agree to the above,
|
|
||||||
please sign the [p≡p foundation]'s [CLA]. This is an electronic
|
|
||||||
assignment; no paper work is required. You'll need to provide a valid
|
|
||||||
email address. After clicking on a link to verify your email address,
|
|
||||||
you'll receive a second email, which contains the contract between you
|
|
||||||
and the [p≡p foundation]. Be sure to keep it for future reference.
|
|
||||||
The maintainers of Hagrid will also receive a notification. At
|
|
||||||
that point, we can merge patches from you into Hagrid.
|
|
||||||
|
|
||||||
[CLA]: https://contribution.pep.foundation/contribute/
|
|
||||||
|
|
||||||
Please direct questions regarding the CLA to [contribution@pep.foundation].
|
|
||||||
|
|
||||||
[contribution@pep.foundation]: mailto:contribution@pep.foundation
|
|
82
README.md
82
README.md
|
@ -1,11 +1,10 @@
|
||||||
Hagrid
|
Hagrid
|
||||||
======
|
======
|
||||||
|
|
||||||
Hagrid is a verifying OpenPGP key server. When a new key is uploaded a
|
Hagrid is a verifying OpenPGP key server.
|
||||||
token is sent to each user ID via email. This token can be used to verify the
|
|
||||||
user ID. Keys can be queried by their verified user IDs (exact match) and their
|
You can find general instructions and an API documentation at the running
|
||||||
primary keys fingerprint. Keys can be deleted by clicking a link send to all
|
instance at [https://keys.openpgp.org](keys.openpgp.org).
|
||||||
user IDs.
|
|
||||||
|
|
||||||
License
|
License
|
||||||
-------
|
-------
|
||||||
|
@ -27,79 +26,36 @@ License along with Hagrid. If not, see
|
||||||
Quick Start
|
Quick Start
|
||||||
-----------
|
-----------
|
||||||
|
|
||||||
Building Hagrid required a working [Rust _nightly_
|
|
||||||
toolchain](https://rust-lang.org). The key server uses the filesystem to store
|
|
||||||
keys, user IDs and tokens. To run it, supply the absolute path to where you
|
|
||||||
want the database to live and the absolute path to the template directory.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
cp Rocket.toml.dist Rocket.toml
|
|
||||||
cargo run --bin hagrid
|
|
||||||
```
|
|
||||||
|
|
||||||
This will spawn a web server listening on port 8080.
|
|
||||||
|
|
||||||
Hagrid uses `sendmail` for mailing, so you also need a working local mailer
|
|
||||||
setup.
|
|
||||||
|
|
||||||
Usage
|
|
||||||
-----
|
|
||||||
|
|
||||||
You can find instructions and API documentation at the running instance at
|
|
||||||
[https://keys.openpgp.org](keys.openpgp.org).
|
|
||||||
|
|
||||||
Building
|
|
||||||
--------
|
|
||||||
|
|
||||||
Building Hagrid requires a working nightly Rust toolchain. The
|
Building Hagrid requires a working nightly Rust toolchain. The
|
||||||
easiest way to get the toolchain is to download [rustup](https://rustup.rs).
|
easiest way to get the toolchain is to download [rustup](https://rustup.rs).
|
||||||
After rustup is installed, get the nightly compiler and tools:
|
After rustup is installed, get the nightly compiler and tools, copy the
|
||||||
|
config file, and simply compile and run:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cd hagrid
|
cd hagrid
|
||||||
rustup override set nightly
|
rustup override set nightly
|
||||||
|
cp Rocket.toml.dist Rocket.toml
|
||||||
|
cargo run
|
||||||
```
|
```
|
||||||
|
|
||||||
The web server can now be built with the cargo command:
|
This will spawn a web server listening on port 8080.
|
||||||
|
|
||||||
```bash
|
For deployment, a release build should be used (`cargo build --release`). This
|
||||||
cargo build --release
|
will be statically built, and can be copied anywhere. You will also need to
|
||||||
```
|
adjust `Rocket.toml` accordingly. Hagrid uses `sendmail` for mailing, so you
|
||||||
|
also need a working local mailer setup.
|
||||||
After compilation a binary is placed in `target/release/` called
|
|
||||||
`hagrid`. The binary is linked statically and can be copied everywhere.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
cp target/release/hagrid /usr/local/bin
|
|
||||||
```
|
|
||||||
|
|
||||||
To deploy the key server copy all directories under `dist/` to a
|
|
||||||
writable location, and create a suitable configuration file.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
mkdir /var/lib/hagrid
|
|
||||||
cp -R dist/* /var/lib/hagrid
|
|
||||||
cp Rocket.toml.dist /var/lib/hagrid/Rocket.toml
|
|
||||||
$EDITOR /var/lib/hagrid/Rocket.toml
|
|
||||||
/usr/bin/env --chdir=/var/lib/hagrid ROCKET_ENV=production hagrid
|
|
||||||
```
|
|
||||||
|
|
||||||
This will spawn the server in foreground. The server will put all
|
|
||||||
keys and runtime data under the base folder (`/var/lib/hagrid` in the
|
|
||||||
above example).
|
|
||||||
|
|
||||||
Reverse Proxy
|
Reverse Proxy
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
Hagrid is designed to defer lookups to reverse proxy server like Nginx
|
Hagrid is designed to defer lookups to reverse proxy server like Nginx
|
||||||
and Apache. The key database is a set of 3 directories with static
|
and Apache. Lookups via `/vks/v1/by-finingerprint`, `/vks/v1/by-keyid`, and
|
||||||
files in them. The directory structure reflects Hagrids URL
|
`/vks/v1/by-email` can be handled by a robust and performant HTTP server. A
|
||||||
scheme. This way, lookups via `/vks/v1/by-finingerprint`,
|
sample configuration for nginx is part of the repository (`nginx.conf`,
|
||||||
`/vks/v1/by-keyid`, and `/vks/v1/by-email` can be handled by (multiple)
|
`hagrid-routes.conf`).
|
||||||
simple HTTP server(s). A sample configuration for Nginx is part of the
|
|
||||||
repository (`nginx.conf`).
|
|
||||||
|
|
||||||
Community
|
Community
|
||||||
---------
|
---------
|
||||||
|
|
||||||
We're in `##hagrid` on Freenode.
|
We're in `#hagrid` on Freenode IRC, also reachable via Matrix as
|
||||||
|
`#hagrid:stratum0.org`.
|
||||||
|
|
|
@ -75,7 +75,7 @@
|
||||||
|
|
||||||
<p>
|
<p>
|
||||||
Technically, <tt>keys.openpgp.org</tt> runs on the
|
Technically, <tt>keys.openpgp.org</tt> runs on the
|
||||||
<a href="https://gitlab.com/sequoia-pgp/hagrid" target="_blank">Hagrid</a>
|
<a href="https://gitlab.com/hagrid-keyserver/hagrid" target="_blank">Hagrid</a>
|
||||||
keyserver software, which is based on
|
keyserver software, which is based on
|
||||||
<a href="https://sequoia-pgp.org">Sequoia-PGP</a>. We are hosted on the
|
<a href="https://sequoia-pgp.org">Sequoia-PGP</a>. We are hosted on the
|
||||||
<a href="https://eclips.is" target="_blank">eclips.is</a> platform,
|
<a href="https://eclips.is" target="_blank">eclips.is</a> platform,
|
||||||
|
|
Loading…
Reference in New Issue