Big import

.travis.yml

@@ -0,0 +1,8 @@
+sudo: required
+language: bash
+
+services:
+  - docker
+
+script:
+  - make ci-test

Dockerfile

@@ -0,0 +1,21 @@
+FROM alpine:3.6
+
+COPY docker /tmp/
+
+ADD https://bitbucket.org/skskeyserver/sks-keyserver/downloads/sks-1.1.6.tgz /tmp/tgz/sks-1.1.6.tgz
+
+RUN /bin/sh /tmp/build.sh
+
+ENV SKS_HOSTNAME="localhost" \
+    SKS_RECON_ADDR="0.0.0.0" \
+    SKS_RECON_PORT="11370" \
+    SKS_HKP_ADRESS="0.0.0.0" \
+    SKS_HKP_PORT="11371" \
+    SKS_SERVER_CONTACT="" \
+    SKS_NODENAME="keys"
+
+WORKDIR /var/lib/sks/
+
+VOLUME ["/var/lib/sks/"]
+
+ENTRYPOINT ["/bin/run.sh"]

Makefile

@@ -0,0 +1,14 @@
+DOCKER_USER := ogarcia
+DOCKER_ORGANIZATION := connectical
+DOCKER_IMAGE := sks
+
+docker-image:
+	docker build -t $(DOCKER_ORGANIZATION)/$(DOCKER_IMAGE) .
+
+docker-image-test: docker-image
+	docker run --rm $(DOCKER_ORGANIZATION)/$(DOCKER_IMAGE) /usr/bin/sks version
+
+ci-test: docker-image-test
+
+.PHONY: docker-image docker-image-test ci-test
+# vim:ft=make

README.md

@@ -1,2 +1,110 @@
-# docker-sks
-SKS OpenPGP keyserver Docker on Alpine Linux
+# SKS OpenPGP keyserver docker on Alpine Linux [![Build Status](https://travis-ci.org/ogarcia/docker-sks.svg?branch=master)](https://travis-ci.org/ogarcia/docker-sks)
+
+(c) 2017 Óscar García Amor
+
+Redistribution, modifications and pull requests are welcomed under the terms
+of GPLv3 license.
+
+[SKS][1] is an OpenPGP keyserver whose goal is to provide easy to deploy,
+decentralized, and highly reliable synchronization. That means that a key
+submitted to one SKS server will quickly be distributed to all key servers,
+and even wildly out-of-date servers, or servers that experience spotty
+connectivity, can fully synchronize with rest of the system.
+
+This docker packages **SKS**, under [Alpine Linux][2], a lightweight Linux
+distribution.
+
+Visit [Docker Hub][3] to see all available tags.
+
+[1]: https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Home
+[2]: https://alpinelinux.org/
+[3]: https://hub.docker.com/r/connectical/sks/
+
+## Run
+
+To run this container exposing SKS and mounting a permanent volume for sks
+data in `/docker/sks`, run.
+
+```
+/usr/bin/docker run --rm \
+  --network host \
+  --name sks \
+  -e "SKS_SERVER_CONTACT=YOUR_OPENPGP_KEYID" \
+  -v /docker/sks:/var/lib/sks \
+  connectical/sks
+```
+
+Take note that if you dont have a valid SKS database, the server will not
+run. Please, take a look to [dump documentation][4] and [SKS Readme][5] for
+more info.
+
+[4]: https://bitbucket.org/skskeyserver/sks-keyserver/wiki/KeydumpSources
+[5]: https://bitbucket.org/skskeyserver/sks-keyserver/src/tip/README.md
+
+## Executing commands
+
+If you need execute a SKS command, for example `sks_build.sh` for buld
+database, simply call docker with desired command.
+
+```
+/usr/bin/docker run -t -i --rm \
+  -v /docker/sks:/var/lib/sks \
+  connectical/sks sks_build.sh
+```
+
+Take note that if you pass paths to command, these paths will refer to
+inside of docker.
+
+## Configuration via docker variables
+
+The `run.sh` script that lauchs SKS use the following environment variables
+to modify the config file (you can refer to [SKS man page][6] to know more
+about this settings).
+
+| Variable | Default value |
+| --- | --- |
+| SKS_HOSTNAME | localhost |
+| SKS_RECON_ADDR | 0.0.0.0 |
+| SKS_RECON_PORT | 11370 |
+| SKS_HKP_ADRESS | 0.0.0.0 |
+| SKS_HKP_PORT | 11371 |
+| SKS_SERVER_CONTACT |  |
+| SKS_NODENAME | keys |
+
+The config file have more options, you can edit them directly, the `run.sh`
+script only touch those mentioned above.
+
+[6]: https://manpages.debian.org/stretch/sks/sks.8.en.html
+
+## Run with systemd
+
+If you want run this image with systemd you can use the following unit.
+
+```
+[Unit]
+Description=SKS OpenPGP keyserver container
+Requires=docker.service
+After=docker.service
+
+[Service]
+ExecStartPre=-/usr/bin/docker kill sks
+ExecStartPre=-/usr/bin/docker rm sks
+ExecStartPre=/usr/bin/docker pull connectical/sks:VERSION_TAG
+ExecStart=/usr/bin/docker run \
+  --network host \
+  --name sks \
+  -v /docker/sks:/var/lib/sks \
+  -e "SKS_HOSTNAME=your.host.example.com" \
+  -e "SKS_RECON_ADDR=0.0.0.0" \
+  -e "SKS_RECON_PORT=11370" \
+  -e "SKS_HKP_ADRESS=0.0.0.0" \
+  -e "SKS_HKP_PORT=11371" \
+  -e "SKS_SERVER_CONTACT=YOUR_OPENPGP_KEYID" \
+  -e "SKS_NODENAME=keys" \
+  connectical/sks:VERSION_TAG
+ExecStop=/usr/bin/docker stop -t 2 sks
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+```

docker/build.sh

@@ -0,0 +1,44 @@
+#! /bin/sh
+#
+# build.bash
+# Copyright (C) 2017 Óscar García Amor <ogarcia@connectical.com>
+#
+# Distributed under terms of the MIT license.
+#
+
+# install run deps
+apk -U --no-progress add db s6
+
+# install build deps
+apk --no-progress add camlp4 db-dev gcc libc-dev make zlib-dev
+
+# extract software
+# https://github.com/moby/moby/issues/33849
+# Now commented by extract issue, uncomment in next docker version
+#cd /tmp/tgz
+#tar xzf sks-*.tgz
+
+# build sks
+#cd /tmp/tgz/sks-*/ # issue 33849, uncomment in next docker version 
+cd /tmp/tgz/*/sks-*/
+cp Makefile.local.unused Makefile.local
+sed -i 's/PREFIX=\/usr\/local/PREFIX=\/usr/' Makefile.local
+sed -i 's/ldb\-4.6/ldb\-5/' Makefile.local
+sed -i 's/ALL=$(EXE) sks.8.gz/ALL=$(EXE) #sks.8.gz/' Makefile
+sed -i 's/ALL.bc=$(EXE:=.bc) sks.8.gz/ALL.bc=$(EXE:=.bc) #sks.8.gz/' Makefile
+sed -i 's/mkdir -p $(MANDIR)\/man8/#mkdir -p $(MANDIR)\/man8/' Makefile
+sed -i 's/install sks.8.gz $(MANDIR)\/man8/#install sks.8.gz $(MANDIR)\/man8/' Makefile
+make dep && make all # this make stops cause ocaml 4.03 removes uint32
+sed -i 's/uint32/uint32_t/' cryptokit-1.7/src/stubs-md5.c # this line fix uint32 issue
+make all && make install
+sed -i 's/#!\/bin\/bash/#!\/bin\/sh/' /usr/bin/sks_build.sh
+sed -i 's/\/usr\/sbin\/sks/\/usr\/bin\/sks/' /usr/bin/sks_build.sh
+
+# add startup scrips
+chmod +x /tmp/run.sh /tmp/s6/.s6-svscan/finish /tmp/s6/*/run
+mv /tmp/run.sh /bin
+mv /tmp/s6 /etc
+
+# remove build deps
+apk --no-progress del camlp4 db-dev gcc libc-dev make zlib-dev
+rm -rf /tmp/*

docker/run.sh

@@ -0,0 +1,55 @@
+#! /bin/sh
+#
+# run.sh
+# Copyright (C) 2017 Óscar García Amor <ogarcia@connectical.com>
+#
+# Distributed under terms of the MIT license.
+#
+
+# Make config file
+if ! test -f /var/lib/sks/sksconf; then
+cat > /var/lib/sks/sksconf << EOF
+hostname: ${SKS_HOSTNAME}
+recon_address: ${SKS_RECON_ADDR}
+recon_port: ${SKS_RECON_PORT}
+hkp_address: ${SKS_HKP_ADRESS}
+hkp_port: ${SKS_HKP_PORT}
+initial_stat:
+pagesize: 16
+ptree_pagesize: 16
+nodename: ${SKS_NODENAME}
+disable_mailsync:
+debuglevel: 5
+membership_reload_interval: 1
+stat_hour: 17
+server_contact: ${SKS_SERVER_CONTACT}
+EOF
+else
+sed -i "\
+  s/hostname:.*/hostname: ${SKS_HOSTNAME}/g; \
+  s/recon_address:.*/recon_address: ${SKS_RECON_ADDR}/g; \
+  s/recon_port:.*/recon_port: ${SKS_RECON_PORT}/g; \
+  s/hkp_address:.*/hkp_address: ${SKS_HKP_ADRESS}/g; \
+  s/hkp_port:.*/hkp_port: ${SKS_HKP_PORT}/g; \
+  s/nodename:.*/nodename: ${SKS_NODENAME}/g; \
+  s/server_contact:.*/server_contact: ${SKS_SERVER_CONTACT}/g; \
+  " sksconf
+fi
+
+# Make empty membership file
+if ! test -f /var/lib/sks/membership; then
+  touch /var/lib/sks/membership
+fi
+
+# Make empty web
+if ! test -d /var/lib/sks/web; then
+  mkdir -p /var/lib/sks/web
+  touch /var/lib/sks/web/index.html
+fi
+
+# Start daemons
+if [ $# -gt 0 ];then
+  exec "$@"
+else
+  exec /bin/s6-svscan /etc/s6/
+fi

docker/s6/.s6-svscan/finish

@@ -0,0 +1,2 @@
+#! /bin/sh
+exec /bin/true

docker/s6/sksdb/run

@@ -0,0 +1,4 @@
+#! /bin/sh
+
+cd /var/lib/sks
+sks db

docker/s6/sksrecon/run

@@ -0,0 +1,4 @@
+#! /bin/sh
+
+cd /var/lib/sks
+sks recon