[Pkg-gnupg-commit] [gnupg2] 01/07: Create WKS server and client packages

Fri May 19 00:49:01 UTC 2017

This is an automated email from the git hooks/post-receive script.

dkg pushed a commit to branch experimental
in repository gnupg2.

commit feb7149db879cb16f8d93225ec21fa1e3b70abf5
Author: Stefan Bühler <stbuehler at web.de>
Date:   Thu Oct 27 19:16:14 2016 +0200

    Create WKS server and client packages
    
    This was based off of work by Sandro Knauß <hefee at debian.org>.
---
 debian/control                   |  45 ++++++++++
 debian/gnupg-wks-client.install  |   1 +
 debian/gnupg-wks-client.manpages |   1 +
 debian/gnupg-wks-server.install  |   1 +
 debian/gnupg-wks-server.manpages |   1 +
 debian/gpg-wks-client.1          | 178 ++++++++++++++++++++++++++++++++++++++
 debian/gpg-wks-server.1          | 180 +++++++++++++++++++++++++++++++++++++++
 debian/rules                     |   1 +
 8 files changed, 408 insertions(+)

diff --git a/debian/control b/debian/control
index ac0b079..2b93604 100644
--- a/debian/control
+++ b/debian/control
@@ -72,6 +72,51 @@ Description: GNU privacy guard - cryptographic agent
  provides a passphrase cache, which is used by pre-2.1 versions of
  GnuPG for OpenPGP operations.
 
+Package: gnupg-wks-server
+Architecture: any
+Multi-Arch: foreign
+Depends:
+ gnupg (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: GNU privacy guard - Web Key Service server
+ GnuPG is GNU's tool for secure communication and data storage.
+ It can be used to encrypt data and to create digital signatures.
+ It includes an advanced key management facility and is compliant
+ with the proposed OpenPGP Internet standard as described in RFC4880.
+ .
+ This package provides the GnuPG server for the Web Key Service
+ protocol.
+ .
+ A Web Key Service is a service that allows users to upload keys per
+ mail to be verified over https as described in
+ https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
+ .
+ For more information see: https://wiki.gnupg.org/WKS
+
+Package: gnupg-wks-client
+Architecture: any
+Multi-Arch: foreign
+Depends:
+ dirmngr (= ${binary:Version}),
+ gnupg (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: GNU privacy guard - Web Key Service client
+ GnuPG is GNU's tool for secure communication and data storage.
+ It can be used to encrypt data and to create digital signatures.
+ It includes an advanced key management facility and is compliant
+ with the proposed OpenPGP Internet standard as described in RFC4880.
+ .
+ This package provides the GnuPG client for the Web Key Service
+ protocol.
+ .
+ A Web Key Service is a service that allows users to upload keys per
+ mail to be verified over https as described in
+ https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
+ .
+ For more information see: https://wiki.gnupg.org/WKS
+
 Package: scdaemon
 Architecture: any
 Multi-Arch: foreign
diff --git a/debian/gnupg-wks-client.install b/debian/gnupg-wks-client.install
new file mode 100644
index 0000000..1b331dd
--- /dev/null
+++ b/debian/gnupg-wks-client.install
@@ -0,0 +1 @@
+debian/tmp/usr/lib/gnupg/gpg-wks-client
diff --git a/debian/gnupg-wks-client.manpages b/debian/gnupg-wks-client.manpages
new file mode 100644
index 0000000..d2edd3e
--- /dev/null
+++ b/debian/gnupg-wks-client.manpages
@@ -0,0 +1 @@
+debian/gpg-wks-client.1
diff --git a/debian/gnupg-wks-server.install b/debian/gnupg-wks-server.install
new file mode 100644
index 0000000..c18c2e7
--- /dev/null
+++ b/debian/gnupg-wks-server.install
@@ -0,0 +1 @@
+debian/tmp/usr/bin/gpg-wks-server
diff --git a/debian/gnupg-wks-server.manpages b/debian/gnupg-wks-server.manpages
new file mode 100644
index 0000000..5bd206c
--- /dev/null
+++ b/debian/gnupg-wks-server.manpages
@@ -0,0 +1 @@
+debian/gpg-wks-server.1
diff --git a/debian/gpg-wks-client.1 b/debian/gpg-wks-client.1
new file mode 100644
index 0000000..5cf48e8
--- /dev/null
+++ b/debian/gpg-wks-client.1
@@ -0,0 +1,178 @@
+.TH GPG\-WKS\-CLIENT "1" "May 2017" "gpg-wks-client (GnuPG) 2.1.20" "User Commands"
+
+.SH NAME
+gpg\-wks\-client \- Client for the Web Key Service
+
+.SH SYNOPSIS
+.B gpg\-wks\-client
+.RB [ COMMAND ]
+.RB [ OPTIONS ]
+.RB [ ARGS ]
+
+.SH DESCRIPTION
+.B gpg\-wks\-client
+is a simple command line client for the Web Key Service.  The executable
+is usually located in /usr/lib/gnupg.
+.
+It allows a user to create a publication request and to respond to a
+received confirmation request.  Communication with the Web Key Service
+is done via email.
+.
+It also can lookup the fingerprint of a USER\-ID in the Web Key
+Directory.
+
+.SH COMMANDS
+.TP
+.B \-\-supported USER\-ID
+Check whether provider of the given USER\-ID supports the Web Key
+Service protocol, i.e. whether it has a Web Key Directory providing a
+submission address.
+.IP
+Similar to:
+.IP
+.nf
+.RS 12
+gpg\-connect\-agent \-\-dirmngr 'WKD_GET \-\-submission\-address \-\- USER\-ID' /bye
+.RE
+.fi
+.TP
+.B \-\-check USER\-ID
+Check whether a key is available, and whether the listed key is valid
+for the requested USER\-ID.
+.
+You might want to use
+.IP
+.nf
+.RS 12
+gpg \-v \-\-auto\-key\-locate=clear,wkd,nodefault \-\-locate\-key USER\-ID
+.RE
+.fi
+.IP
+instead.
+.TP
+.B \-\-create FINGERPRINT USER\-ID
+Create a publication request for the USER\-ID in the key with the given
+FINGERPRINT.  List all possible keys (including the fingerprint) for a
+USER\-ID with:
+.IP
+.nf
+.RS 12
+gpg --list-key USER\-ID
+.RE
+.fi
+.IP
+By default the publication request will be printed to STDOUT.  You can
+also write it to a file using the
+.B \-\-output
+option or send it using sendmail with the
+.B \-\-send
+option.
+.TP
+.B \-\-receive
+Receive a MIME confirmation request on STDIN and acknoledge it.
+.IP
+By default the confirmation response will be printed to STDOUT.  You can
+also write it to a file using the
+.B \-\-output
+option or send it using sendmail with the
+.B \-\-send
+option.
+.TP
+.B \-\-read
+Receive a plain text confirmation request. Similar to
+.BR \-\-receive ,
+but takes only the message body on STDIN.
+.TP
+.B \-\-version
+Show program version and some meta information.
+.TP
+.BR \-h ", " \-\-help
+Output a short usage information.
+.TP
+.B \-\-warranty
+Print warranty information.
+.TP
+.B \-\-dump-options
+Dump all available options and commands.
+
+.SH OPTIONS
+.TP
+.BR \-v ", " \-\-verbose
+Enable verbose output.
+.TP
+.BR \-q ", " \-\-quiet
+Be somewhat more quiet.
+.TP
+.B \-\-send
+Send the mail using sendmail.
+.TP
+.BR \-o ", " \-\-output " \fIFILE\fR"
+Write the mail to FILE.
+.TP
+.BI \-\-status\-fd " FD"
+Write status info to this FD.
+.TP
+.B \-\-debug
+Set  debugging  flags.  All flags are or-ed and flags may be given in C
+syntax (e.g. 0x0042) or as a comma separated list of flag names.  To get
+a list of all supported flags the single word "help" can be used.
+.TP
+.BI \-\-gpg " GPG"
+Use the specified command instead of
+.BR gpg .
+.TP
+.BI \-\-fake\-submission\-addr " MAILADDR"
+Send mail to MAILADDR instead of the submission address queried through
+Web Key Service.
+
+.SH EXAMPLES
+.SS Send a publication request
+First find the fingerprint (a long string of hex digits) of the key you
+want to publish:
+.P
+.nf
+.RS 4
+gpg \-\-list\-key "Alice <alice at example.com>"
+.RE
+.fi
+.P
+Now create and send the publication request:
+.P
+.nf
+.RS 4
+/usr/lib/gnupg/gpg\-wks\-client \-\-create \-\-send 0123456789ABCDEF0123456789ABCDEF01234567 "Alice <alice at example.com>"
+.RE
+.fi
+.P
+Instead of \fI"Alice <alice at example.com>"\fR you can also just give \fIalice at example.com\fR.
+.P
+.SS Confirm a confirmation request
+Paste the full mail containing the confirmation request (including
+headers) you got from the Web Key Service on STDIN after starting:
+.P
+.nf
+.RS 4
+/usr/lib/gnupg/gpg\-wks\-client \-\-receive \-\-send
+.RE
+.fi
+
+.SH SEE ALSO
+.IP \(em 4
+Latest draft for the protocol:
+<https://tools.ietf.org/html/draft-koch-openpgp-webkey-service>
+.IP \(em 4
+GnuPG on Web Key Service:
+<https://wiki.gnupg.org/WKS>
+
+.SH BUGS
+Please report bugs to <https://bugs.gnupg.org>.
+
+.SH COPYRIGHT
+Copyright \(co 2017 Free Software Foundation, Inc.
+License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
+
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+This manpage was written by \fBStefan Bühler\fR for the Debian
+distribution (but may be used by others).
diff --git a/debian/gpg-wks-server.1 b/debian/gpg-wks-server.1
new file mode 100644
index 0000000..7b7709d
--- /dev/null
+++ b/debian/gpg-wks-server.1
@@ -0,0 +1,180 @@
+.TH GPG\-WKS\-SERVER "1" "May 2017" "gpg-wks-server (GnuPG) 2.1.20" "User Commands"
+
+.SH NAME
+gpg\-wks\-server \- Server for the Web Key Service
+
+.SH SYNOPSIS
+.B gpg\-wks\-server
+.RB [ COMMAND ]
+.RB [ OPTIONS ]
+.RB [ ARGS ]
+
+.SH DESCRIPTION
+.B gpg\-wks\-server
+is a server for the Web Key Service.  It can handle incoming mails with
+the
+.B \-\-receive
+command.
+.P
+See the EXAMPLES section for procmail and crontab configurations.
+.P
+You also need a webserver configured to alias requests to
+.I /.well\-known/openpgp/
+and below to the
+.I /var/lib/gnupg/wks/<wkd-domain>/
+directory.
+
+.SH COMMANDS
+.TP
+.B \-\-receive
+Receive a submission or confirmation.
+.TP
+.B \-\-cron
+Run regular jobs.
+.TP
+.B \-\-list\-domains
+List configured domains, and checks some file and directory permissions.
+.TP
+.B \-\-version
+Show program version and some meta information.
+.TP
+.BR \-h ", " \-\-help
+Output a short usage information.
+.TP
+.B \-\-warranty
+Print warranty information.
+.TP
+.B \-\-dump-options
+Dump all available options and commands.
+
+.SH OPTIONS
+.TP
+.BR \-v ", " \-\-verbose
+Enable verbose output.
+.TP
+.BR \-q ", " \-\-quiet
+Be somewhat more quiet.
+.TP
+.B \-\-send
+Send the mail using sendmail.
+.TP
+.BR \-o ", " \-\-output " \fIFILE\fR"
+Write the mail to FILE.
+.TP
+.BI \-\-from " ADDR"
+Use ADDR as the default sender.
+.TP
+.BI \-\-header " NAME=VALUE"
+Add "NAME: VALUE" as header to all mails.
+.IP
+Can be used to add a header for loop detections, see procmail example.
+.TP
+.B \-\-debug
+Set  debugging  flags.  All flags are or-ed and flags may be given in C
+syntax (e.g. 0x0042) or as a comma separated list of flag names.  To get
+a list of all supported flags the single word "help" can be used.
+.TP
+.BI \-\-gpg " GPG"
+Use the specified command instead of
+.BR gpg .
+
+.SH DIRECTORIES
+.TP
+.B /var/lib/gnupg/wks/
+Contains a subdirectory for each domain to run the server for.  Each
+subdirectory is supposed to contain what should show up on
+.BR https://.../.well\-known/openpgp/ .
+.IP
+The user running
+.B gpg\-wks\-server
+needs write access to these subdirectories.
+
+.SH EXAMPLES
+.SS ~/.procmailrc
+Store received emails in
+.B ~/Mail/
+(create it manually first), uses \fIFrom: key\-submission at example.com\fR and
+\fIX\-WKS\-Loop: example.com\fR as loop detection:
+.P
+.nf
+.RS 4
+MAILDIR=$HOME/Mail
+LOGFILE=$HOME/Mail/from
+LOCKFILE=$HOME/Mail/.lockmail
+VERBOSE=yes
+
+# filter out FROM_DAEMON mails (bounces, ...) into separate mailbox
+:0
+* ^FROM_DAEMON
+from\-daemon/
+
+# archive (copy!) all "normal" mails
+:0 c
+archive/
+
+# if not in a loop: handle mails with gpg\-wks\-server
+:0 w
+* !^From: key\-submission at example.com
+* !^X\-WKS\-Loop: example.com
+|gpg\-wks\-server \-v \-\-receive \\
+    \-\-header X\-WKS\-Loop=example.com \\
+    \-\-from key\-submission at example.com \-\-send
+
+# if handling failed: store in separate mailbox
+:0 e
+cruft/
+.RE
+.fi
+
+.SS ~/.forward
+In case procmail is not used automatically the following
+.B ~/.forward
+file might be useful:
+.P
+.nf
+.RS 4
+"|exec /usr/bin/procmail || exit 75"
+.RE
+.fi
+.P
+The double quotes are supposed to be included in the file!
+
+.SS crontab
+You should run the
+.B \-\-cron
+command once a day.  Edit the crontab with
+.P
+.nf
+.RS 4
+crontab \-e
+.RE
+.fi
+.P
+and append the following line:
+.P
+.nf
+.RS 4
+42 3 * * * gpg\-wks\-server \-\-cron
+.RE
+.fi
+
+.SH SEE ALSO
+.IP \(em 4
+Latest draft for the Web Key Service protocol:
+<https://tools.ietf.org/html/draft-koch-openpgp-webkey-service>
+.IP \(em 4
+GnuPG on Web Key Service:
+<https://wiki.gnupg.org/WKS>
+
+.SH BUGS
+Please report bugs to <https://bugs.gnupg.org>.
+
+.SH COPYRIGHT
+Copyright \(co 2017 Free Software Foundation, Inc.
+License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
+
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+This manpage was written by \fBStefan Bühler\fR for the Debian
+distribution (but may be used by others).
diff --git a/debian/rules b/debian/rules
index 8a9f761..51dabdb 100755
--- a/debian/rules
+++ b/debian/rules
@@ -35,6 +35,7 @@ override_dh_auto_configure:
 	   	$(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x))
 	dh_auto_configure --builddirectory=build -- --libexecdir=\$${prefix}/lib/gnupg \
 		--enable-gpg2-is-gpg \
+		--enable-wks-tools \
 		--enable-symcryptrun --enable-large-secmem
 
 override_dh_auto_build-arch:

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git

