-
Notifications
You must be signed in to change notification settings - Fork 0
/
onak.ini.in
94 lines (88 loc) · 4.07 KB
/
onak.ini.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
;
; Configuration for onak, an OpenPGP compatible keyserver
;
[main]
backend=defaultdb4
backends_dir=@CMAKE_INSTALL_FULL_LIBDIR@/onak/backends
logfile=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/log/onak.log
; Loglevel : 0 is highest debug, default is 3, nothing is 7+
loglevel=3
; Should we use the keyd backend?
use_keyd=false
sock_dir=@CMAKE_INSTALL_FULL_RUNSTATEDIR@/onak
; Maximum number of keys to return in a reply to an index, verbose index or
; get. Setting it to -1 will allow any size of reply.
max_reply_keys=128
; Settings related to key verification options available.
[verification]
; Blacklist certain fingerprints (e.g. EVIL32). One fingerprint per line,
; comment lines start with #
;blacklist=blacklist.txt
; Check the size of packets, dropping overly large UIDs / signature packets
; as per draft-dkg-openpgp-abuse-resistant-keystore 4.1
;check_packet_size=false
; Verify signature hashes - verify that the hash a signature claims to be
; over matches the hash of the data. Does not actually verify the signature.
check_sighash=true
; Drop v3 (and older) keys. These are long considered insecure, so unless there
; is a good reason you should accept this default.
drop_v3=true
; Specify that a key must have a certificate from another key in order for it
; to be accepted. Only valid when verify_signatures is set, meaning new keys
; can only be added if they are certified by keys already present.
;require_other_sig=false
; Only allow keys that already exist to be update; silently drop the addition
; of any key we don't already know about. Useful for allowing updates to
; curated keys without the addition of new keys.
;update_only=false
; Verify signatures, dropping those that cannot or do not validate. Keys/UIDS
; that lack valid self signatures will also be dropped. Note that in order to
; valid a signature the signing key must be present in the key database, so
; multiple passes may be required to import new keyrings fully.
;verify_signatures=false
; Settings related to the email interface to onak.
[mail]
maintainer_email=PGP Key Server Administrator <[email protected]>
mail_dir=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/spool/onak
; Specify the envelope sender address as the -f argument to
; sendmail. This is the address which will receive any bounces.
; If you don't use sendmail, then change this to an equivalent command.
; If you do not want to process mail requests, leave this unset.
mta=/usr/sbin/sendmail -t -oi -fmailer-daemon
; Where the main onak binary lives, so the script that handles incoming
; email knows where to find it.
bin_dir=@BINDIR@
; Email address outgoing incremental messages will come from.
; Needs to match the syncsite entries others sites have for this site.
; Include a syncsite line for each site with which you are exchanging
; incremental requests.
; Database backend configurations below here
[backend:defaultdb4]
; The default DB4 backend. Recommended.
type=db4
location=@CMAKE_INSTALL_FULL_LOCALSTATEDIR@/lib/onak
[backend:examplehkp]
; An example HKP backend; all operations will be done against the
; provided keyserver, with no local storage.
type=hkp
location=hkp://the.earth.li/
[backend:examplestacked]
; A stacked set of backends. All fetch operations will be tried against
; the provided list of backends, from left to right, until one succeeds.
; All store operations are against the first backend.
; If a fetch does not succeed against the first backend, but against a
; later one, then the returned keys are also stored in the first backend.
; This example configuration essentially produces a caching keyserver,
; with any key fetched from the HKP backend being stored in the DB4
; backend.
; Note keys are not expired from the DB4 backend, so without any other
; update mechanism configured this will result in stale data eventually.
type=stacked
location=defaultdb4:examplehkp