Simple Public Key Server

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: daily

.github/workflows/ci.yaml

@@ -0,0 +1,68 @@
+name: ci
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+    tags:
+      - 'v*.*.*'
+
+jobs:
+  build-and-test:
+    strategy:
+      matrix:
+        platform: [ubuntu-latest]
+        go: ['1.14.x']
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Set up Go
+        uses: actions/setup-go@v1
+        with:
+          go-version: ${{ matrix.go }}
+
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Install golangci-lint
+        run: |
+          wget -q https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh
+          sh install.sh
+
+      - name: Run linter
+        run: ./bin/golangci-lint run ./...
+
+      - name: Build
+        working-directory: ./build
+        run: go run ./mage.go build
+
+      - name: Tests
+        working-directory: ./build
+        run: go run ./mage.go test:integration
+
+  build-docker-release-images:
+    if: ${{ startsWith(github.ref, 'refs/tags/') }}
+    needs: build-and-test
+    # build docker images for tag push only
+    strategy:
+      matrix:
+        platform: [ubuntu-latest]
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Build Docker image
+        env:
+          DOCKERFILE: ./build/docker/Dockerfile
+          DOCKER_CLI_EXPERIMENTAL: enabled
+          REGISTRY_USERNAME: ${{ github.actor }}
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_TOKEN }}
+          REGISTRY: ghcr.io
+          REPOSITORY: ctrliq/spks
+        run: |
+          echo $REGISTRY_PASSWORD | docker login --username $REGISTRY_USERNAME --password-stdin $REGISTRY
+          docker buildx create --use
+          docker buildx build --platform linux/amd64,linux/386,linux/arm,linux/arm64,linux/ppc64le,linux/s390x \
+          -t $REGISTRY/$REPOSITORY:$(basename ${{github.ref}}) \
+          -f $DOCKERFILE \
+          --push .

.gitignore

@@ -0,0 +1,3 @@
+server.yaml
+build/spks
+build/release

.golangci.yml

@@ -0,0 +1,31 @@
+run:
+  timeout: 1m
+
+linters:
+  disable-all: true
+  enable-all: false
+  enable:
+    - deadcode
+    - gofmt
+    - goimports
+    - golint
+    - gosimple
+    - govet
+    - ineffassign
+    - maligned
+    - misspell
+    - nakedret
+    - dupl
+    - staticcheck
+
+linters-settings:
+  gofmt:
+    simplify: true
+  maligned:
+    suggest-new: true
+  misspell:
+    locale: US
+
+issues:
+  max-per-linter: 0
+  max-same-issues: 0

LICENSE.md

@@ -0,0 +1,27 @@
+Copyright (c) 2020-2021, Ctrl IQ, Inc. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from this
+   software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -0,0 +1,49 @@
+![CI](https://github.com/ctrliq/spks/workflows/ci/badge.svg)
+
+# Simple Public Key Server #
+
+Simple PKS allows to store and retrieve user public PGP keys. Unlike traditional public key servers each submitted key goes through a validation process via mail addresses and force users to have a valid identity associated to their public PGP keys.
+
+## Features ##
+
+* Key validation process based on mail addresses and domain filtering
+* Server signing of public PGP keys identity (Web of Trust)
+
+## Restrictions compared to traditional key servers ##
+
+* No synchronization or shared database with a pool of servers
+* Only one identity per key
+
+## Installation ##
+
+```
+git clone https://github.com/ctrliq/spks && cd spks/build
+go run mage.go build
+./spks
+```
+
+## Configuration ##
+
+By default server is searching for a configuration file in `/usr/local/etc/spks/server.yaml`, if not found the server will start with a default configuration which should be pretty limited for your environment.
+
+To see available configuration directives, you can refer to the [configuration](https://github.com/ctrliq/spks/wiki/Configuration) documentation section.
+
+## Documentation ##
+
+You could find the documentation at https://github.com/ctrliq/spks/wiki/Simple-Public-Key-Server.
+
+## Create and install from package ##
+
+* Deb package:
+
+  ```
+  go run mage.go package:deb
+  sudo dpkg -i release/$(git describe|sed 's/^v//')/*.deb
+  ```
+
+* RPM package:
+
+  ```
+  go run mage.go package:rpm
+  sudo rpm -ivh release/$(git describe|sed 's/^v//')/*.rpm
+  ```

build/docker/Dockerfile

@@ -0,0 +1,11 @@
+FROM --platform=$BUILDPLATFORM golang:1.14.6 AS build
+ARG BUILDPLATFORM
+ARG TARGETPLATFORM
+COPY . /spks
+WORKDIR /spks/build
+RUN TARGETPLATFORM=$TARGETPLATFORM go run mage.go build
+
+FROM busybox:1.32.0-musl
+COPY --from=build ./spks/build/spks /usr/local/bin/
+COPY --from=build ./spks/etc/server-example.yaml /usr/local/etc/spks/server.yaml
+CMD ["/usr/local/bin/spks", "/usr/local/etc/spks/server.yaml"]

build/go.mod

@@ -0,0 +1,8 @@
+module github.com/ctrliq/spks/build
+
+go 1.14
+
+require (
+	github.com/ctrliq/gobuild v0.0.0-20210128140709-ea3978b42b19
+	github.com/magefile/mage v1.10.0
+)