Hi dkg, On 05/15/2017 10:04 PM, Daniel Kahn Gillmor wrote: > Hi Stefan-- > > On Fri 2017-05-12 12:37:03 +0200, Stefan Bühler wrote: >> it would be nice to build and have packages for the gpg-wks-* tools. >> >> It seems there was already done some work in >> >> https://anonscm.debian.org/git/pkg-gnupg/gnupg2.git/log/?h=dev/wks >> >> I rebased that commit to the experimental branch, > > thanks for this work! > >> modified some texts and added man pages. > > It'd be great to get these manpages upstream.
There are a lot of manpages in debian/* - so it looks to me like
upstream isn't really interested in maintaining them. If upstream isn't
maintaining them, it might be easier to keep them in debian.
Does upstream know about these at least? I'm not against getting them
upstream, I'm just not sure whether it is worth my time.
>> Upstream install gpg-wks-client to /usr/lib/gnupg/, but I moved it in
>> the package to /usr/bin - I get that it was designed to be a backend
>> tool for MUAs, but right now I guess most people installing it will have
>> to use it manually.
>
> I'm not so sure about diverging from upstream in our first introduction
> of these tools in debian. If we do this, we're effectively committing
> to this divergence forever (someone's going to write scripts that use
> /usr/bin/gpg-wks-* and then get upset when we change it). and it means
> that anyone who writes docs will have to have a different "how to do
> this on debian" section from "how to do this on fedora" or whatever.
>
> would you object to using your packaging but shipping in the
> upstream-approved location? or is it worth convincing upstream to ship
> these tools in /usr/bin instead?
I don't have any other (convincing) arguments, so I reverted the
location to the upstream path.
Now that I actually got it running I added some more infos to the
manpages too.
See attached updated patches, as previously my own changes in:
0001-wks-fix-debian-provide-man-pages-improve-texts.patch
The complete patch (squashed with the dev/wks commit) is:
0001-create-WKS-server-and-client-packages.patch
cheers,
Stefan
From 30dd3225cbbc9e408645b2be17e434dfb87a8daa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20Knau=C3=9F?= <he...@debian.org>
Date: Thu, 27 Oct 2016 19:16:14 +0200
Subject: [PATCH 1/1] Create WKS server and client packages
---
debian/control | 45 ++++++++++
debian/gnupg-wks-client.install | 1 +
debian/gnupg-wks-client.manpages | 1 +
debian/gnupg-wks-server.install | 1 +
debian/gnupg-wks-server.manpages | 1 +
debian/gpg-wks-client.1 | 178 ++++++++++++++++++++++++++++++++++++++
debian/gpg-wks-server.1 | 180 +++++++++++++++++++++++++++++++++++++++
debian/rules | 1 +
8 files changed, 408 insertions(+)
create mode 100644 debian/gnupg-wks-client.install
create mode 100644 debian/gnupg-wks-client.manpages
create mode 100644 debian/gnupg-wks-server.install
create mode 100644 debian/gnupg-wks-server.manpages
create mode 100644 debian/gpg-wks-client.1
create mode 100644 debian/gpg-wks-server.1
diff --git a/debian/control b/debian/control
index ac0b07907..2b9360477 100644
--- a/debian/control
+++ b/debian/control
@@ -72,6 +72,51 @@ Description: GNU privacy guard - cryptographic agent
provides a passphrase cache, which is used by pre-2.1 versions of
GnuPG for OpenPGP operations.
+Package: gnupg-wks-server
+Architecture: any
+Multi-Arch: foreign
+Depends:
+ gnupg (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: GNU privacy guard - Web Key Service server
+ GnuPG is GNU's tool for secure communication and data storage.
+ It can be used to encrypt data and to create digital signatures.
+ It includes an advanced key management facility and is compliant
+ with the proposed OpenPGP Internet standard as described in RFC4880.
+ .
+ This package provides the GnuPG server for the Web Key Service
+ protocol.
+ .
+ A Web Key Service is a service that allows users to upload keys per
+ mail to be verified over https as described in
+ https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
+ .
+ For more information see: https://wiki.gnupg.org/WKS
+
+Package: gnupg-wks-client
+Architecture: any
+Multi-Arch: foreign
+Depends:
+ dirmngr (= ${binary:Version}),
+ gnupg (= ${binary:Version}),
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: GNU privacy guard - Web Key Service client
+ GnuPG is GNU's tool for secure communication and data storage.
+ It can be used to encrypt data and to create digital signatures.
+ It includes an advanced key management facility and is compliant
+ with the proposed OpenPGP Internet standard as described in RFC4880.
+ .
+ This package provides the GnuPG client for the Web Key Service
+ protocol.
+ .
+ A Web Key Service is a service that allows users to upload keys per
+ mail to be verified over https as described in
+ https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
+ .
+ For more information see: https://wiki.gnupg.org/WKS
+
Package: scdaemon
Architecture: any
Multi-Arch: foreign
diff --git a/debian/gnupg-wks-client.install b/debian/gnupg-wks-client.install
new file mode 100644
index 000000000..1b331dd4e
--- /dev/null
+++ b/debian/gnupg-wks-client.install
@@ -0,0 +1 @@
+debian/tmp/usr/lib/gnupg/gpg-wks-client
diff --git a/debian/gnupg-wks-client.manpages b/debian/gnupg-wks-client.manpages
new file mode 100644
index 000000000..d2edd3e69
--- /dev/null
+++ b/debian/gnupg-wks-client.manpages
@@ -0,0 +1 @@
+debian/gpg-wks-client.1
diff --git a/debian/gnupg-wks-server.install b/debian/gnupg-wks-server.install
new file mode 100644
index 000000000..c18c2e7fd
--- /dev/null
+++ b/debian/gnupg-wks-server.install
@@ -0,0 +1 @@
+debian/tmp/usr/bin/gpg-wks-server
diff --git a/debian/gnupg-wks-server.manpages b/debian/gnupg-wks-server.manpages
new file mode 100644
index 000000000..5bd206c91
--- /dev/null
+++ b/debian/gnupg-wks-server.manpages
@@ -0,0 +1 @@
+debian/gpg-wks-server.1
diff --git a/debian/gpg-wks-client.1 b/debian/gpg-wks-client.1
new file mode 100644
index 000000000..5cf48e812
--- /dev/null
+++ b/debian/gpg-wks-client.1
@@ -0,0 +1,178 @@
+.TH GPG\-WKS\-CLIENT "1" "May 2017" "gpg-wks-client (GnuPG) 2.1.20" "User Commands"
+
+.SH NAME
+gpg\-wks\-client \- Client for the Web Key Service
+
+.SH SYNOPSIS
+.B gpg\-wks\-client
+.RB [ COMMAND ]
+.RB [ OPTIONS ]
+.RB [ ARGS ]
+
+.SH DESCRIPTION
+.B gpg\-wks\-client
+is a simple command line client for the Web Key Service. The executable
+is usually located in /usr/lib/gnupg.
+.
+It allows a user to create a publication request and to respond to a
+received confirmation request. Communication with the Web Key Service
+is done via email.
+.
+It also can lookup the fingerprint of a USER\-ID in the Web Key
+Directory.
+
+.SH COMMANDS
+.TP
+.B \-\-supported USER\-ID
+Check whether provider of the given USER\-ID supports the Web Key
+Service protocol, i.e. whether it has a Web Key Directory providing a
+submission address.
+.IP
+Similar to:
+.IP
+.nf
+.RS 12
+gpg\-connect\-agent \-\-dirmngr 'WKD_GET \-\-submission\-address \-\- USER\-ID' /bye
+.RE
+.fi
+.TP
+.B \-\-check USER\-ID
+Check whether a key is available, and whether the listed key is valid
+for the requested USER\-ID.
+.
+You might want to use
+.IP
+.nf
+.RS 12
+gpg \-v \-\-auto\-key\-locate=clear,wkd,nodefault \-\-locate\-key USER\-ID
+.RE
+.fi
+.IP
+instead.
+.TP
+.B \-\-create FINGERPRINT USER\-ID
+Create a publication request for the USER\-ID in the key with the given
+FINGERPRINT. List all possible keys (including the fingerprint) for a
+USER\-ID with:
+.IP
+.nf
+.RS 12
+gpg --list-key USER\-ID
+.RE
+.fi
+.IP
+By default the publication request will be printed to STDOUT. You can
+also write it to a file using the
+.B \-\-output
+option or send it using sendmail with the
+.B \-\-send
+option.
+.TP
+.B \-\-receive
+Receive a MIME confirmation request on STDIN and acknoledge it.
+.IP
+By default the confirmation response will be printed to STDOUT. You can
+also write it to a file using the
+.B \-\-output
+option or send it using sendmail with the
+.B \-\-send
+option.
+.TP
+.B \-\-read
+Receive a plain text confirmation request. Similar to
+.BR \-\-receive ,
+but takes only the message body on STDIN.
+.TP
+.B \-\-version
+Show program version and some meta information.
+.TP
+.BR \-h ", " \-\-help
+Output a short usage information.
+.TP
+.B \-\-warranty
+Print warranty information.
+.TP
+.B \-\-dump-options
+Dump all available options and commands.
+
+.SH OPTIONS
+.TP
+.BR \-v ", " \-\-verbose
+Enable verbose output.
+.TP
+.BR \-q ", " \-\-quiet
+Be somewhat more quiet.
+.TP
+.B \-\-send
+Send the mail using sendmail.
+.TP
+.BR \-o ", " \-\-output " \fIFILE\fR"
+Write the mail to FILE.
+.TP
+.BI \-\-status\-fd " FD"
+Write status info to this FD.
+.TP
+.B \-\-debug
+Set debugging flags. All flags are or-ed and flags may be given in C
+syntax (e.g. 0x0042) or as a comma separated list of flag names. To get
+a list of all supported flags the single word "help" can be used.
+.TP
+.BI \-\-gpg " GPG"
+Use the specified command instead of
+.BR gpg .
+.TP
+.BI \-\-fake\-submission\-addr " MAILADDR"
+Send mail to MAILADDR instead of the submission address queried through
+Web Key Service.
+
+.SH EXAMPLES
+.SS Send a publication request
+First find the fingerprint (a long string of hex digits) of the key you
+want to publish:
+.P
+.nf
+.RS 4
+gpg \-\-list\-key "Alice <al...@example.com>"
+.RE
+.fi
+.P
+Now create and send the publication request:
+.P
+.nf
+.RS 4
+/usr/lib/gnupg/gpg\-wks\-client \-\-create \-\-send 0123456789ABCDEF0123456789ABCDEF01234567 "Alice <al...@example.com>"
+.RE
+.fi
+.P
+Instead of \fI"Alice <al...@example.com>"\fR you can also just give \fial...@example.com\fR.
+.P
+.SS Confirm a confirmation request
+Paste the full mail containing the confirmation request (including
+headers) you got from the Web Key Service on STDIN after starting:
+.P
+.nf
+.RS 4
+/usr/lib/gnupg/gpg\-wks\-client \-\-receive \-\-send
+.RE
+.fi
+
+.SH SEE ALSO
+.IP \(em 4
+Latest draft for the protocol:
+<https://tools.ietf.org/html/draft-koch-openpgp-webkey-service>
+.IP \(em 4
+GnuPG on Web Key Service:
+<https://wiki.gnupg.org/WKS>
+
+.SH BUGS
+Please report bugs to <https://bugs.gnupg.org>.
+
+.SH COPYRIGHT
+Copyright \(co 2017 Free Software Foundation, Inc.
+License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
+
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+This manpage was written by \fBStefan Bühler\fR for the Debian
+distribution (but may be used by others).
diff --git a/debian/gpg-wks-server.1 b/debian/gpg-wks-server.1
new file mode 100644
index 000000000..7b7709d77
--- /dev/null
+++ b/debian/gpg-wks-server.1
@@ -0,0 +1,180 @@
+.TH GPG\-WKS\-SERVER "1" "May 2017" "gpg-wks-server (GnuPG) 2.1.20" "User Commands"
+
+.SH NAME
+gpg\-wks\-server \- Server for the Web Key Service
+
+.SH SYNOPSIS
+.B gpg\-wks\-server
+.RB [ COMMAND ]
+.RB [ OPTIONS ]
+.RB [ ARGS ]
+
+.SH DESCRIPTION
+.B gpg\-wks\-server
+is a server for the Web Key Service. It can handle incoming mails with
+the
+.B \-\-receive
+command.
+.P
+See the EXAMPLES section for procmail and crontab configurations.
+.P
+You also need a webserver configured to alias requests to
+.I /.well\-known/openpgp/
+and below to the
+.I /var/lib/gnupg/wks/<wkd-domain>/
+directory.
+
+.SH COMMANDS
+.TP
+.B \-\-receive
+Receive a submission or confirmation.
+.TP
+.B \-\-cron
+Run regular jobs.
+.TP
+.B \-\-list\-domains
+List configured domains, and checks some file and directory permissions.
+.TP
+.B \-\-version
+Show program version and some meta information.
+.TP
+.BR \-h ", " \-\-help
+Output a short usage information.
+.TP
+.B \-\-warranty
+Print warranty information.
+.TP
+.B \-\-dump-options
+Dump all available options and commands.
+
+.SH OPTIONS
+.TP
+.BR \-v ", " \-\-verbose
+Enable verbose output.
+.TP
+.BR \-q ", " \-\-quiet
+Be somewhat more quiet.
+.TP
+.B \-\-send
+Send the mail using sendmail.
+.TP
+.BR \-o ", " \-\-output " \fIFILE\fR"
+Write the mail to FILE.
+.TP
+.BI \-\-from " ADDR"
+Use ADDR as the default sender.
+.TP
+.BI \-\-header " NAME=VALUE"
+Add "NAME: VALUE" as header to all mails.
+.IP
+Can be used to add a header for loop detections, see procmail example.
+.TP
+.B \-\-debug
+Set debugging flags. All flags are or-ed and flags may be given in C
+syntax (e.g. 0x0042) or as a comma separated list of flag names. To get
+a list of all supported flags the single word "help" can be used.
+.TP
+.BI \-\-gpg " GPG"
+Use the specified command instead of
+.BR gpg .
+
+.SH DIRECTORIES
+.TP
+.B /var/lib/gnupg/wks/
+Contains a subdirectory for each domain to run the server for. Each
+subdirectory is supposed to contain what should show up on
+.BR https://.../.well\-known/openpgp/ .
+.IP
+The user running
+.B gpg\-wks\-server
+needs write access to these subdirectories.
+
+.SH EXAMPLES
+.SS ~/.procmailrc
+Store received emails in
+.B ~/Mail/
+(create it manually first), uses \fIFrom: key\-submiss...@example.com\fR and
+\fIX\-WKS\-Loop: example.com\fR as loop detection:
+.P
+.nf
+.RS 4
+MAILDIR=$HOME/Mail
+LOGFILE=$HOME/Mail/from
+LOCKFILE=$HOME/Mail/.lockmail
+VERBOSE=yes
+
+# filter out FROM_DAEMON mails (bounces, ...) into separate mailbox
+:0
+* ^FROM_DAEMON
+from\-daemon/
+
+# archive (copy!) all "normal" mails
+:0 c
+archive/
+
+# if not in a loop: handle mails with gpg\-wks\-server
+:0 w
+* !^From: key\-submiss...@example.com
+* !^X\-WKS\-Loop: example.com
+|gpg\-wks\-server \-v \-\-receive \\
+ \-\-header X\-WKS\-Loop=example.com \\
+ \-\-from key\-submiss...@example.com \-\-send
+
+# if handling failed: store in separate mailbox
+:0 e
+cruft/
+.RE
+.fi
+
+.SS ~/.forward
+In case procmail is not used automatically the following
+.B ~/.forward
+file might be useful:
+.P
+.nf
+.RS 4
+"|exec /usr/bin/procmail || exit 75"
+.RE
+.fi
+.P
+The double quotes are supposed to be included in the file!
+
+.SS crontab
+You should run the
+.B \-\-cron
+command once a day. Edit the crontab with
+.P
+.nf
+.RS 4
+crontab \-e
+.RE
+.fi
+.P
+and append the following line:
+.P
+.nf
+.RS 4
+42 3 * * * gpg\-wks\-server \-\-cron
+.RE
+.fi
+
+.SH SEE ALSO
+.IP \(em 4
+Latest draft for the Web Key Service protocol:
+<https://tools.ietf.org/html/draft-koch-openpgp-webkey-service>
+.IP \(em 4
+GnuPG on Web Key Service:
+<https://wiki.gnupg.org/WKS>
+
+.SH BUGS
+Please report bugs to <https://bugs.gnupg.org>.
+
+.SH COPYRIGHT
+Copyright \(co 2017 Free Software Foundation, Inc.
+License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
+
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+This manpage was written by \fBStefan Bühler\fR for the Debian
+distribution (but may be used by others).
diff --git a/debian/rules b/debian/rules
index 8a9f76138..51dabdb1a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -35,6 +35,7 @@ override_dh_auto_configure:
$(foreach x, $(GPGV_UDEB_UNNEEDED), --disable-$(x))
dh_auto_configure --builddirectory=build -- --libexecdir=\$${prefix}/lib/gnupg \
--enable-gpg2-is-gpg \
+ --enable-wks-tools \
--enable-symcryptrun --enable-large-secmem
override_dh_auto_build-arch:
--
2.11.0
From 052fbe1faa06a30fab6fca513f50e5732f17f206 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20B=C3=BChler?= <stbueh...@web.de>
Date: Fri, 12 May 2017 12:23:03 +0200
Subject: [PATCH 1/1] [wks] fix debian/, provide man pages, improve texts
---
debian/control | 32 ++--
debian/gnupg-wks-client.install | 1 +
debian/gnupg-wks-client.manpages | 1 +
...wks-server.install => gnupg-wks-server.install} | 0
debian/gnupg-wks-server.manpages | 1 +
debian/gpg-wks-client.1 | 178 ++++++++++++++++++++
debian/gpg-wks-client.install | 1 -
debian/gpg-wks-server.1 | 180 +++++++++++++++++++++
8 files changed, 379 insertions(+), 15 deletions(-)
create mode 100644 debian/gnupg-wks-client.install
create mode 100644 debian/gnupg-wks-client.manpages
rename debian/{gpg-wks-server.install => gnupg-wks-server.install} (100%)
create mode 100644 debian/gnupg-wks-server.manpages
create mode 100644 debian/gpg-wks-client.1
delete mode 100644 debian/gpg-wks-client.install
create mode 100644 debian/gpg-wks-server.1
diff --git a/debian/control b/debian/control
index 970ac6b76..2b9360477 100644
--- a/debian/control
+++ b/debian/control
@@ -79,18 +79,20 @@ Depends:
gnupg (= ${binary:Version}),
${misc:Depends},
${shlibs:Depends},
-Description: GNU privacy guard - Web Key Service Server
+Description: GNU privacy guard - Web Key Service server
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC4880.
.
- This package contains the server of Web Key Service.
- A Web Key Service is a service that allows users to upload keys per mail
- as described in the:
- https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-02.txt
- more informations see:
- https://wiki.gnupg.org/WKS
+ This package provides the GnuPG server for the Web Key Service
+ protocol.
+ .
+ A Web Key Service is a service that allows users to upload keys per
+ mail to be verified over https as described in
+ https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
+ .
+ For more information see: https://wiki.gnupg.org/WKS
Package: gnupg-wks-client
Architecture: any
@@ -100,18 +102,20 @@ Depends:
gnupg (= ${binary:Version}),
${misc:Depends},
${shlibs:Depends},
-Description: GNU privacy guard - Web Key Service Client
+Description: GNU privacy guard - Web Key Service client
GnuPG is GNU's tool for secure communication and data storage.
It can be used to encrypt data and to create digital signatures.
It includes an advanced key management facility and is compliant
with the proposed OpenPGP Internet standard as described in RFC4880.
.
- This package contains the client of Web Key Service.
- A Web Key Service is a service that allows users to upload keys per mail
- as described in the:
- https://tools.ietf.org/id/draft-koch-openpgp-webkey-service-02.txt
- more informations see:
- https://wiki.gnupg.org/WKS
+ This package provides the GnuPG client for the Web Key Service
+ protocol.
+ .
+ A Web Key Service is a service that allows users to upload keys per
+ mail to be verified over https as described in
+ https://tools.ietf.org/html/draft-koch-openpgp-webkey-service
+ .
+ For more information see: https://wiki.gnupg.org/WKS
Package: scdaemon
Architecture: any
diff --git a/debian/gnupg-wks-client.install b/debian/gnupg-wks-client.install
new file mode 100644
index 000000000..1b331dd4e
--- /dev/null
+++ b/debian/gnupg-wks-client.install
@@ -0,0 +1 @@
+debian/tmp/usr/lib/gnupg/gpg-wks-client
diff --git a/debian/gnupg-wks-client.manpages b/debian/gnupg-wks-client.manpages
new file mode 100644
index 000000000..d2edd3e69
--- /dev/null
+++ b/debian/gnupg-wks-client.manpages
@@ -0,0 +1 @@
+debian/gpg-wks-client.1
diff --git a/debian/gpg-wks-server.install b/debian/gnupg-wks-server.install
similarity index 100%
rename from debian/gpg-wks-server.install
rename to debian/gnupg-wks-server.install
diff --git a/debian/gnupg-wks-server.manpages b/debian/gnupg-wks-server.manpages
new file mode 100644
index 000000000..5bd206c91
--- /dev/null
+++ b/debian/gnupg-wks-server.manpages
@@ -0,0 +1 @@
+debian/gpg-wks-server.1
diff --git a/debian/gpg-wks-client.1 b/debian/gpg-wks-client.1
new file mode 100644
index 000000000..5cf48e812
--- /dev/null
+++ b/debian/gpg-wks-client.1
@@ -0,0 +1,178 @@
+.TH GPG\-WKS\-CLIENT "1" "May 2017" "gpg-wks-client (GnuPG) 2.1.20" "User Commands"
+
+.SH NAME
+gpg\-wks\-client \- Client for the Web Key Service
+
+.SH SYNOPSIS
+.B gpg\-wks\-client
+.RB [ COMMAND ]
+.RB [ OPTIONS ]
+.RB [ ARGS ]
+
+.SH DESCRIPTION
+.B gpg\-wks\-client
+is a simple command line client for the Web Key Service. The executable
+is usually located in /usr/lib/gnupg.
+.
+It allows a user to create a publication request and to respond to a
+received confirmation request. Communication with the Web Key Service
+is done via email.
+.
+It also can lookup the fingerprint of a USER\-ID in the Web Key
+Directory.
+
+.SH COMMANDS
+.TP
+.B \-\-supported USER\-ID
+Check whether provider of the given USER\-ID supports the Web Key
+Service protocol, i.e. whether it has a Web Key Directory providing a
+submission address.
+.IP
+Similar to:
+.IP
+.nf
+.RS 12
+gpg\-connect\-agent \-\-dirmngr 'WKD_GET \-\-submission\-address \-\- USER\-ID' /bye
+.RE
+.fi
+.TP
+.B \-\-check USER\-ID
+Check whether a key is available, and whether the listed key is valid
+for the requested USER\-ID.
+.
+You might want to use
+.IP
+.nf
+.RS 12
+gpg \-v \-\-auto\-key\-locate=clear,wkd,nodefault \-\-locate\-key USER\-ID
+.RE
+.fi
+.IP
+instead.
+.TP
+.B \-\-create FINGERPRINT USER\-ID
+Create a publication request for the USER\-ID in the key with the given
+FINGERPRINT. List all possible keys (including the fingerprint) for a
+USER\-ID with:
+.IP
+.nf
+.RS 12
+gpg --list-key USER\-ID
+.RE
+.fi
+.IP
+By default the publication request will be printed to STDOUT. You can
+also write it to a file using the
+.B \-\-output
+option or send it using sendmail with the
+.B \-\-send
+option.
+.TP
+.B \-\-receive
+Receive a MIME confirmation request on STDIN and acknoledge it.
+.IP
+By default the confirmation response will be printed to STDOUT. You can
+also write it to a file using the
+.B \-\-output
+option or send it using sendmail with the
+.B \-\-send
+option.
+.TP
+.B \-\-read
+Receive a plain text confirmation request. Similar to
+.BR \-\-receive ,
+but takes only the message body on STDIN.
+.TP
+.B \-\-version
+Show program version and some meta information.
+.TP
+.BR \-h ", " \-\-help
+Output a short usage information.
+.TP
+.B \-\-warranty
+Print warranty information.
+.TP
+.B \-\-dump-options
+Dump all available options and commands.
+
+.SH OPTIONS
+.TP
+.BR \-v ", " \-\-verbose
+Enable verbose output.
+.TP
+.BR \-q ", " \-\-quiet
+Be somewhat more quiet.
+.TP
+.B \-\-send
+Send the mail using sendmail.
+.TP
+.BR \-o ", " \-\-output " \fIFILE\fR"
+Write the mail to FILE.
+.TP
+.BI \-\-status\-fd " FD"
+Write status info to this FD.
+.TP
+.B \-\-debug
+Set debugging flags. All flags are or-ed and flags may be given in C
+syntax (e.g. 0x0042) or as a comma separated list of flag names. To get
+a list of all supported flags the single word "help" can be used.
+.TP
+.BI \-\-gpg " GPG"
+Use the specified command instead of
+.BR gpg .
+.TP
+.BI \-\-fake\-submission\-addr " MAILADDR"
+Send mail to MAILADDR instead of the submission address queried through
+Web Key Service.
+
+.SH EXAMPLES
+.SS Send a publication request
+First find the fingerprint (a long string of hex digits) of the key you
+want to publish:
+.P
+.nf
+.RS 4
+gpg \-\-list\-key "Alice <al...@example.com>"
+.RE
+.fi
+.P
+Now create and send the publication request:
+.P
+.nf
+.RS 4
+/usr/lib/gnupg/gpg\-wks\-client \-\-create \-\-send 0123456789ABCDEF0123456789ABCDEF01234567 "Alice <al...@example.com>"
+.RE
+.fi
+.P
+Instead of \fI"Alice <al...@example.com>"\fR you can also just give \fial...@example.com\fR.
+.P
+.SS Confirm a confirmation request
+Paste the full mail containing the confirmation request (including
+headers) you got from the Web Key Service on STDIN after starting:
+.P
+.nf
+.RS 4
+/usr/lib/gnupg/gpg\-wks\-client \-\-receive \-\-send
+.RE
+.fi
+
+.SH SEE ALSO
+.IP \(em 4
+Latest draft for the protocol:
+<https://tools.ietf.org/html/draft-koch-openpgp-webkey-service>
+.IP \(em 4
+GnuPG on Web Key Service:
+<https://wiki.gnupg.org/WKS>
+
+.SH BUGS
+Please report bugs to <https://bugs.gnupg.org>.
+
+.SH COPYRIGHT
+Copyright \(co 2017 Free Software Foundation, Inc.
+License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
+
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+This manpage was written by \fBStefan Bühler\fR for the Debian
+distribution (but may be used by others).
diff --git a/debian/gpg-wks-client.install b/debian/gpg-wks-client.install
deleted file mode 100644
index fa0be02e3..000000000
--- a/debian/gpg-wks-client.install
+++ /dev/null
@@ -1 +0,0 @@
-debian/tmp/usr/bin/gpg-wks-client
diff --git a/debian/gpg-wks-server.1 b/debian/gpg-wks-server.1
new file mode 100644
index 000000000..7b7709d77
--- /dev/null
+++ b/debian/gpg-wks-server.1
@@ -0,0 +1,180 @@
+.TH GPG\-WKS\-SERVER "1" "May 2017" "gpg-wks-server (GnuPG) 2.1.20" "User Commands"
+
+.SH NAME
+gpg\-wks\-server \- Server for the Web Key Service
+
+.SH SYNOPSIS
+.B gpg\-wks\-server
+.RB [ COMMAND ]
+.RB [ OPTIONS ]
+.RB [ ARGS ]
+
+.SH DESCRIPTION
+.B gpg\-wks\-server
+is a server for the Web Key Service. It can handle incoming mails with
+the
+.B \-\-receive
+command.
+.P
+See the EXAMPLES section for procmail and crontab configurations.
+.P
+You also need a webserver configured to alias requests to
+.I /.well\-known/openpgp/
+and below to the
+.I /var/lib/gnupg/wks/<wkd-domain>/
+directory.
+
+.SH COMMANDS
+.TP
+.B \-\-receive
+Receive a submission or confirmation.
+.TP
+.B \-\-cron
+Run regular jobs.
+.TP
+.B \-\-list\-domains
+List configured domains, and checks some file and directory permissions.
+.TP
+.B \-\-version
+Show program version and some meta information.
+.TP
+.BR \-h ", " \-\-help
+Output a short usage information.
+.TP
+.B \-\-warranty
+Print warranty information.
+.TP
+.B \-\-dump-options
+Dump all available options and commands.
+
+.SH OPTIONS
+.TP
+.BR \-v ", " \-\-verbose
+Enable verbose output.
+.TP
+.BR \-q ", " \-\-quiet
+Be somewhat more quiet.
+.TP
+.B \-\-send
+Send the mail using sendmail.
+.TP
+.BR \-o ", " \-\-output " \fIFILE\fR"
+Write the mail to FILE.
+.TP
+.BI \-\-from " ADDR"
+Use ADDR as the default sender.
+.TP
+.BI \-\-header " NAME=VALUE"
+Add "NAME: VALUE" as header to all mails.
+.IP
+Can be used to add a header for loop detections, see procmail example.
+.TP
+.B \-\-debug
+Set debugging flags. All flags are or-ed and flags may be given in C
+syntax (e.g. 0x0042) or as a comma separated list of flag names. To get
+a list of all supported flags the single word "help" can be used.
+.TP
+.BI \-\-gpg " GPG"
+Use the specified command instead of
+.BR gpg .
+
+.SH DIRECTORIES
+.TP
+.B /var/lib/gnupg/wks/
+Contains a subdirectory for each domain to run the server for. Each
+subdirectory is supposed to contain what should show up on
+.BR https://.../.well\-known/openpgp/ .
+.IP
+The user running
+.B gpg\-wks\-server
+needs write access to these subdirectories.
+
+.SH EXAMPLES
+.SS ~/.procmailrc
+Store received emails in
+.B ~/Mail/
+(create it manually first), uses \fIFrom: key\-submiss...@example.com\fR and
+\fIX\-WKS\-Loop: example.com\fR as loop detection:
+.P
+.nf
+.RS 4
+MAILDIR=$HOME/Mail
+LOGFILE=$HOME/Mail/from
+LOCKFILE=$HOME/Mail/.lockmail
+VERBOSE=yes
+
+# filter out FROM_DAEMON mails (bounces, ...) into separate mailbox
+:0
+* ^FROM_DAEMON
+from\-daemon/
+
+# archive (copy!) all "normal" mails
+:0 c
+archive/
+
+# if not in a loop: handle mails with gpg\-wks\-server
+:0 w
+* !^From: key\-submiss...@example.com
+* !^X\-WKS\-Loop: example.com
+|gpg\-wks\-server \-v \-\-receive \\
+ \-\-header X\-WKS\-Loop=example.com \\
+ \-\-from key\-submiss...@example.com \-\-send
+
+# if handling failed: store in separate mailbox
+:0 e
+cruft/
+.RE
+.fi
+
+.SS ~/.forward
+In case procmail is not used automatically the following
+.B ~/.forward
+file might be useful:
+.P
+.nf
+.RS 4
+"|exec /usr/bin/procmail || exit 75"
+.RE
+.fi
+.P
+The double quotes are supposed to be included in the file!
+
+.SS crontab
+You should run the
+.B \-\-cron
+command once a day. Edit the crontab with
+.P
+.nf
+.RS 4
+crontab \-e
+.RE
+.fi
+.P
+and append the following line:
+.P
+.nf
+.RS 4
+42 3 * * * gpg\-wks\-server \-\-cron
+.RE
+.fi
+
+.SH SEE ALSO
+.IP \(em 4
+Latest draft for the Web Key Service protocol:
+<https://tools.ietf.org/html/draft-koch-openpgp-webkey-service>
+.IP \(em 4
+GnuPG on Web Key Service:
+<https://wiki.gnupg.org/WKS>
+
+.SH BUGS
+Please report bugs to <https://bugs.gnupg.org>.
+
+.SH COPYRIGHT
+Copyright \(co 2017 Free Software Foundation, Inc.
+License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
+
+This is free software: you are free to change and redistribute it.
+There is NO WARRANTY, to the extent permitted by law.
+
+This manpage was written by \fBStefan Bühler\fR for the Debian
+distribution (but may be used by others).
--
2.11.0
signature.asc
Description: OpenPGP digital signature
