You need at least the following programs:
MySQL database
GNU Privacy Guard
various CPAN modules
Get MySQL from http://www.mysql.com or one of it's mirrors. Install it as described.
I personally run Mysql with "--skip-grant-tables --skip-networking". I have modified my /etc/rc.d/init.d/mysql script accordingly. Because of this, I don't have to bother about MySQL permissions.
GNU Privacy Guard from http://www.gnupg.org is a fine OpenPGP compatible public-key encryptor/decryptor. It can nicely communicate with PGP, but is freeware. Make sure to also the idea.c and rsa.c files if you have to communicate with PGP2 users.
CPAN is the Comprehensive Perl Archive Network. It has it available via http://www.cpan.org, but Perl also comes with it's own command line client for it.
To start with it, you call Perl with the command "perl -MCPAN -eshell". Then you see some complaints about missing modules and hints what you should install first. We comply to the suggestion and start with the command
install Bundle::CPAN
If you do this the very first time it asks you a whole bunch of questions. I'm not going to explain all of this in detail, visit the CPAN web page if you have questions.
Once Bundle::CPAN is install, quite the installer and restart it. Then install the next perl module:
install MIME::Base64
Again quit the beast and restart it. Continue with installing this modules:
install CGI
install IO
install Test
install Tie::Handle
install DBI
install DBD::mysql
install IO::Scalar
install MIME::Parser
install Mail::Internet
install Pod::ParserThe installation of DBI complains about a missing RPC::pClient. This is okay, we don't use it. You don't need to install it.
Have you got the CVS version? Then simply run "autogen.sh". You can also specify any parameter that configure understands (e.g. "--help").
Or do you have the .tar.gz version? Extract all files from the archive and go into the newly created directory. Then execute "configure" with the usual parameters.
Now you execute "make" -- but wait, you see an output like this:
The site configuration has changed. Please check the file '/usr/pgpforwarder-0.9.1/bin/siteconfig' for changes in the following variables:
$RootDir $BinDir $HomeDir $QueueDir $DocDir $TempDir $GPGDir $PidFile $RevAlias $GroupId $ShellProg $DbTable $DbUser $DbPasswd $GPGUserId $PGPUserId $KeyServer $KeyServerPort $SendmailHost $Signature $MaxCmdErrors @TabooSenders %TabooHeaders $MyDomain $MyName %OurNames
after this, make stops.
However, this is nothing to worry about. During the make process the program "checksetup.pl" get's executed. This is a very versatile perl script that contains all the complex details of setting up the PGP Forwarding Server. For example, it can create the needed MySQL tables for you. It's actually the same concept of the checksetup.pl file in Bugzilla --- but this is not a wonder, it has been written by the same author :-)
The message above told you that in some "siteconfig" file variables have been changed. This file contains all the settings for the PGP Forwarding Server. It will never be overwritten by a new version of the software. However, when "checksetup.pl" detects that some new variable has been needed, then it adds this variable with some default value, stops and let you review the "siteconfig" file. That is very handy during installation and even more helpful when you upgrade from CVS.
So, please check the settings in "siteconfig". If all is well, re-execute "make". It will finish the remaining tasks.
The PGP Forwarding Server comes with two standard keys out of the box. They are to be used for demonstration purposes, not for any real work.
So I suggest that you create your own keys or import them. To do so, you could use the command
export GNUPGHOME=<pgpserver-root>/gnupg gpg --gen-key
Don't specify a pass phrase when you create the key for a piece of software. You would have to store the passphrase into the software (in our case into "siteconfig" and anyone could see it anyway. It's better to have the secret key without a password, but in a secured directory. This is why export the environment variable GNUPGHOME. This directory has already been created and protected by "checksetup.pl".
Creating your own PGP2 key is a little bit more tricky. You have to install pgp2 first. Then use "pgp2 -kg" to generate your key. Export both the public and secret key into two ascii armored text files. Then import them into GNU Privacy Guard. This works only when you successfully compiled the "rsa.c" and "idea.c" files, but this is assumed anyway.
The software comes without any default user or group out of the box. You have to create them all manually. You can use the interactive setup tool:
cd /usr/pgpforwarder/bin ./admin Cmd: addgroup Test Cmd: adduser johndoe test Cmd: addadmin johndoe test
This would create a user "JohnDoe" in group "Test". Note that althought the group was specified in lowercase, the correct capitalization (as used in addgroup) would be used. Then we make this user an administrator.
Incoming e-mail to the command hub must be routed into the spooler. Therefore, you have to manually add an entry to your sendmail alias file. Try this:
hub: "|/usr/pgpforwarder/bin/secspooler hub"
Many newer versions of Sendmail come with a restricted execution utility called "smrsh", which limits the executables that sendmail can use as mail filter programs. You need to explicitly allow Mailman's wrapper program to be used with smrsh before it will work. If mail is not getting delivered to Mailman's wrapper program and you're getting an "operating system error" in your mail syslog, this could be your problem.
One good way of doing this is to:
cd into "/etc/smrsh" (or where ever it happens to reside on your system, such as "/var/smrsh" or "/usr/local/smrsh").
create a symbolic link to the "spooler" program
in "/etc/aliases" and run "newaliases" afterwards. Now send a message to hub. The message should end up in "/usr/pgpserver/spool". "Display the message. It should start with something like this:
To hub
From holger@secret.org Fri Jul 16 09:57:44 1999
Received: (from holger@localhost)
by secret.org (8.9.3/8.9.3) id JAA01450
for hub@public.org; Fri, 16 Jul 1999 09:57:44 +0200
Date: Fri, 16 Jul 1999 09:57:44 +0200
From: Holger Schurig <holger@secret.org>
To: hub@public.org
...Not lets look what the PGP Forwarding Server will do with your mail:
cd /usr/pgpforwarder/bin
./forwarder