Hi, everyone,
Here is a quick script I wrote to help me rebuild SKS databases if
(when?) they become corrupt. You might like to use it too. Patches
welcome!
I also run cron job to check the status of SKS on a daily basis; I'm
including that script too for your perusal. I'm sure you already do
something like this, but if not, well, now you can :-)
Both files are officially released into the public domain.
Yours truly,
John Zaitseff
--
John Zaitseff ,--_|\ The ZAP Group
Phone: +61 2 9643 7737 / \ Sydney, Australia
E-mail: j.zaits...@zap.org.au \_,--._* http://www.zap.org.au/
v
#!/bin/bash
# Rebuild the SKS keyserver databases
# [JNZ] Modified 08-Sep-2018
set -e
SKSUSER=${SKSUSER:-debian-sks}
SKSHOME=${SKSHOME:-/var/lib/sks}
SKSBIN=${SKSBIN:-/usr/sbin/sks}
SKSETC=${SKSETC:-/etc/sks}
SKSCONF=$SKSETC/sksconf
SKSDBCONFIG=$SKSETC/DB_CONFIG
function run_as_sks () {
su $SKSUSER -c "$*"
}
# Process command line options
if [ "$1" == "--help" ]; then
cat <<EOF
Usage: $0 [-n] WHICHKEYS
Rebuild the SKS keyserver databases.
Options:
-n - dry run only
WHICHKEYS is one of:
local - use existing keys database
mattrude - use key dump from keyserver.mattrude.com
EOF
exit 0
fi
if [ "$1" == "-n" ]; then
DRYRUN="echo DRYRUN:"
shift
else
DRYRUN=
fi
if [ $# -ne 1 ]; then
echo "$0: incorrect number of arguments" 1>&2
exit 1
fi
WHICHKEYS="$1"
case "$WHICHKEYS" in
local)
LOCALKEYS=true
;;
mattrude)
LOCALKEYS=false
REMOTEHOST=keyserver.mattrude.com
WGETPARAMS="-m -nH --cut-dirs=3 ftp://keyserver.mattrude.com/current";
;;
*)
echo "$0: unknown value for WHICHKEYS parameter" 1>&2
exit 1
;;
esac
# Preliminary checks
if [ $(id -u) != 0 ]; then
echo "$0: must run as root" 1>&2
exit 1
fi
if [ ! -f $SKSCONF ]; then
echo "$0: $SKSCONF: no such file" 1>&2
exit 1
fi
if [ ! -d $SKSHOME ]; then
echo "$0: $SKSHOME: no such directory" 1>&2
exit 1
fi
# Rebuild the SKS databases
echo "**** Stopping SKS keyserver"
$DRYRUN systemctl stop sks.service sks-recon.service
echo "**** Checking SKS configuration files"
if ! grep -q -P '^pagesize:\s*32\b' $SKSCONF; then
echo " Changing the pagesize parameter"
$DRYRUN sed -e 's/^pagesize:.*$/pagesize: 32/' $SKSCONF >$SKSCONF.new
$DRYRUN mv $SKSCONF.new $SKSCONF
fi
if ! grep -q -P '^ptree_pagesize:\s*16\b' $SKSCONF; then
echo " Changing the ptree_pagesize parameter"
$DRYRUN sed -e 's/^ptree_pagesize:.*$/ptree_pagesize: 16/' $SKSCONF
>$SKSCONF.new
$DRYRUN mv $SKSCONF.new $SKSCONF
fi
if [ ! -f $SKSDBCONFIG ]; then
echo " Creating $SKSDBCONFIG"
$DRYRUN cat <<EOF >$SKSDBCONFIG
set_flags DB_LOG_AUTOREMOVE
EOF
fi
if [ $LOCALKEYS = true ]; then
echo "**** Dumping existing keys database"
run_as_sks $DRYRUN rm -f $SKSHOME/dump/*
run_as_sks $DRYRUN $SKSBIN dump 32768 $SKSHOME/dump
else
echo "**** Downloading key dump from $REMOTEHOST"
run_as_sks $DRYRUN rm -f $SKSHOME/dump/*
run_as_sks "$DRYRUN wget -P $SKSHOME/dump $WGETPARAMS"
fi
echo "**** Preserving old database directories"
run_as_sks $DRYRUN rm -f $SKSHOME/DB.old $SKSHOME/PTree.old
run_as_sks $DRYRUN mv $SKSHOME/DB $SKSHOME/DB.old
run_as_sks $DRYRUN mv $SKSHOME/PTree $SKSHOME/PTree.old
echo "**** Building new keys (DB) database"
run_as_sks $DRYRUN $SKSBIN build $SKSHOME/dump/*.pgp -n 1 -cache 100
run_as_sks $DRYRUN ln -s $SKSDBCONFIG $SKSHOME/DB/DB_CONFIG
echo "**** Cleaning keys database"
run_as_sks $DRYRUN $SKSBIN cleandb
echo "**** Building new PTree database"
run_as_sks $DRYRUN $SKSBIN pbuild -cache 50 -ptree_cache 100
run_as_sks $DRYRUN ln -s $SKSDBCONFIG $SKSHOME/PTree/DB_CONFIG
echo "**** Starting SKS keyserver"
$DRYRUN systemctl start sks.service
#!/bin/bash
# Check the status of the SKS keyserver daemons
# [JNZ] Modified 07-Sep-2018 for keyserver.zap.org.au
MAILADDR="r...@zap.org.au"
HOSTNAME="keyserver.zap.org.au"
sks_activestate=$(systemctl show --property=ActiveState sks.service)
sks_substate=$(systemctl show --property=SubState sks.service)
sksrecon_activestate=$(systemctl show --property=ActiveState sks-recon.service)
sksrecon_substate=$(systemctl show --property=SubState sks-recon.service)
FAILED=false
if [ "$sks_activestate" != "ActiveState=active" ]; then
FAILED=true
elif [ "$sks_substate" != "SubState=running" ]; then
FAILED=true
elif [ "$sksrecon_activestate" != "ActiveState=active" ]; then
FAILED=true
elif [ "$sksrecon_substate" != "SubState=running" ]; then
FAILED=true
fi
if [ "$FAILED" = "true" ]; then
MAILFILE=$(mktemp -t check-sks.XXXXXXXXXX) || exit 1
cat >>$MAILFILE <<EOF
WARNING: The SKS keyserver daemons are not running correctly. One or
more daemons have failed with the following status:
* sks.service: $sks_activestate $sks_substate
* sks-recon.service: $sksrecon_activestate $sksrecon_substate
Status from systemctl
---------------------
EOF
systemctl status sks.service sks-recon.service >>$MAILFILE
cat >>$MAILFILE <<EOF
DB log file
-----------
EOF
tail /var/log/sks/db.log >>$MAILFILE
cat >>$MAILFILE <<EOF
Recon log file
--------------
EOF
tail /var/log/sks/recon.log >>$MAILFILE
cat >>$MAILFILE <<EOF
Please investigate and take appropriate action.
--
An automated email from root@$HOSTNAME
Please contact John Zaitseff <j.zaits...@zap.org.au> for more information.
EOF
mail -s "SKS keyserver status on $HOSTNAME" "$MAILADDR" <$MAILFILE
rm -f $MAILFILE
fi
_______________________________________________
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel
