Sunday, September 15, 2013

Introducing OpenPGP keys (launchpad and ubuntu)

An OpenPGP (also called GnuPrivacyGuard) key allows you to sign documents, such as emails or text files, using a digital key.There are two parts to an OpenPGP key: one public that you share with the world and the other private, which you should guard closely. Both are standard text files that make up a digital signature.

In Launchpad, you can use your OpenPGP key to identify yourself when using the bug tracker's email interface, when uploading distribution packages and when signing a code of conduct.

Generating your key in Ubuntu (using Seahorse or others)

Generating an OpenPGP Key

The core package required to start using OpenPGP, gnupg, is installed by default on Ubuntu systems, as is seahorse, a GNOME application for managing keys. It is called "Passwords and Keys" in Ubuntu.
There are several programs which provide a graphical interface to the GnuPG system.
  • Enigmail, an OpenPGP plugin for Mozilla Thunderbird.
    • Enigmail was available in the "Main" repository through Intrepid, but can be found in the "Universe" repository since Jaunty.
sudo apt-get install enigmail
  • GNU Privacy Assistant is a graphical user interface for the GnuPG (GNU Privacy Guard).
    • GPA is available in the "Universe" repository. See Repositories for further information on enabling repositories.
sudo apt-get install gpa
  • Seahorse is a GNOME application for managing encryption keys. It also integrates with nautilus, gedit, and in other places for encryption operations.
    • Seahorse is available in the "Main" repository.
sudo apt-get install seahorse
  • KGPG is a simple, free, open source KDE frontend for gpg.
    • KGPG is available in the "Main" repository since Intrepid, or the "Universe" repository in earlier releases.
sudo apt-get install kgpg
  • Kleopatra is another KDE frontend for gpg that is integrated with the KDE PIM (although you need to install it separately for now).
    • Kleopatra is available in the "Universe" repository and it includes S/MIME backend:
sudo apt-get install kleopatra
You can also generate keys using these programs. Use the section below for recommendations on settings.

Publishing your key

Your key is useful only if other people can verify items that you sign. By publishing your key to a keyserver, which acts as a directory of people's public keys, you can make your public key available to anyone else.
Before you add your key to Launchpad or elswhere, you need to push it to (for exemple) the Ubuntu keyserver.

Using Passwords and Encryption Keys

Step 1 Open Passwords and Encryption Keys.
Step 2 Select the My Personal Keys tab, select your key.
Step 3 Select Remote > Sync and Publish Keys from the menu. Choose the Syncbutton. (You may need to add hkp:// to your key servers if you are not using Ubuntu.)
It can take up to thirty minutes before your key is available to Launchpad. After that time, you're ready to import your new key into Launchpad!
Renewing your keyYou may have set your key to expire. You can update your key and republish it.
Step 1 Open Passwords and Encryption Keys.
Step 2 Select the My Personal Keys tab, select your key, and open the property window by pressing Space Bar our double clicking with your pointer.
Step 3 Set a new expiration date or choose never.
See the Publishing your key section above.
More about GPG
Importing Your PGP Key > at Launchpad Help has more information about using OpenPGP with Launchpad and provides examples using the GPG command found on most Linux distributions. Read the Ubuntu community's guide to OpenPGP keys > to learn about how to other uses.

Friday, September 13, 2013

Virtual user et alis dans postfix

Postfix is a great mailer, but if you're new to administering Postfix, finding your way around can be difficult. For example, just finding information on adding users to a Postfix system can be quite a trial.

Postfix is a great mailer, but if you're new to administering it, finding your way around can be difficult. Here's how to get started.

In part, this is because Postfix can be set up in a number of ways. Some installations use Postfix alone, others use Postfix in conjunction with other apps and store user information in MySQL. You can have users who have actual accounts on a system, or you can have users on virtual domains that don't have a login but still receive mail. Or you might want aliases that include several users, so everybody on the "marketing" list gets mail or all folks in sales, legal or development can receive messages.

For this tip, I'll assume that you've inherited a Postfix domain and want a way to add users or aliases quickly.
Adding Users

The simple way to add a user is to simply add a new account on the system. Postfix will handle the rest. For example, on my server running Ubuntu, I'd just use adduser username, and Postfix would just do the right thing with regard to sending mail to that user, delivered locally.

But what if you don't want to create a system account for the user? You should have a virtual domain set up that is not configured as a mydestination domain. For more on this, be sure to read the Postfix guide on virtual domain hosting.

Users are then added in the form user@domain and then either the mailbox on the system or handed off to Courier or another mail delivery program in the /etc/postfix/vmailbox file.

However, if you don't have a /etc/postfix/vmailbox file, odds are your system was configured to deliver to local accounts. You should check /etc/postfix/ and look for the linemydestination. If it includes the domain you're adding users for, then they're being added as regular users.

Otherwise, in /etc/postfix/vmailbox, add a line like:

You should see some examples already. This will deliver mail to a mailbox called utisateurV in /var/mail/vhosts/ -- assuming your system is set up to deliver mail there. Note, you can store mail in an mdir format instead by adding a slash after the username.

Next, run postmap against the file (/etc/postfix/vmailbox) and postfix reload.

To add an alias, go to /etc/aliases and add the alias like so:

alias: localuser # For a local user mapping
alias2: # For a remote user mapping