13 files changed, 452 insertions, 17 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 8adb628cc7f4..58980574a10c 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,10 +1,11 @@
 # Generated by mksrcinfo v8
-# Thu Feb  8 06:23:35 UTC 2018
+# Thu Feb  8 08:02:54 UTC 2018
 pkgbase = sks-local
 	pkgdesc = A modified version of AUR/sks that can be used in tandem to perform localized keydumps
 	pkgver = 1.1.6
-	pkgrel = 1
+	pkgrel = 2
 	url = https://bitbucket.org/skskeyserver/sks-keyserver/
+	install = sks-local.install
 	arch = i686
 	arch = x86_64
 	license = GPL
@@ -12,9 +13,35 @@ pkgbase = sks-local
 	makedepends = db
 	makedepends = camlp4
 	optdepends = sks: for running a public instance (to be peered with)
+	backup = etc/sks-local/sksconf
+	backup = etc/sks-local/forward.exim
+	backup = etc/sks-local/forward.postfix
+	backup = etc/sks-local/mailsync
+	backup = etc/sks-local/membership
+	backup = etc/sks-local/procmail
 	source = https://bitbucket.org/skskeyserver/sks-keyserver/downloads/sks-1.1.6.tgz
+	source = 500_debian_fhs.patch
+	source = sks-db-local.service
+	source = sks-recon-local.service
+	source = cryptokit-1.7-sks-uint32.patch
+	source = debian_eventloopfix.patch
 	source = sks-1.1.6.tgz.sig
+	source = 500_debian_fhs.patch.sig
+	source = sks-db-local.service.sig
+	source = sks-recon-local.service.sig
+	source = cryptokit-1.7-sks-uint32.patch.sig
+	source = debian_eventloopfix.patch.sig
 	sha512sums = f7c54194274834840b9701bf827b81add0f807dd4c6019968a6b0c755c9117519433ebb1161da38d23c465b163dd31a766700023afa13174e4dc82542fa98099
+	sha512sums = 0fd57ccd86f289cf51638995555988a572ee00d6f28f3797092ffda19a0f668ee950be1ef381e94c64301db2dd1ad308834a45b7eaec148e9d8c01ed0a1829bc
+	sha512sums = 41560dd89cb19c482af4352ee5e1c661428e61521e2cdfd307be23af6f3729a4c1a8db266391fba643a7ec0fb6f2ae936b56b889f02c7faf294e40b1ee54d73c
+	sha512sums = 516d3e3ca515bafcf50e20712bebe3dc198cd7ea8e0779ec750220fceffd3deeb20f4113080fda2a168e353d848cf3ee924118195daf0f7415009102e69d969c
+	sha512sums = 6ee333ce8aec0b103a36be376da43a569ed455f554fe853d007afc1d2e3a30d29735f515d22646832a8b4efa1ffdbfadb4a85ec22f2e5159180fc8373252c171
+	sha512sums = 9463538f5668cdd41b25c43e31a2621e1c0953430b8dde84e54be4a45aa3f9ffbfcd270c83583df2a5462163eaf014fee3c3ed49f436faf71db7e87db88626b4
+	sha512sums = SKIP
+	sha512sums = SKIP
+	sha512sums = SKIP
+	sha512sums = SKIP
+	sha512sums = SKIP
 	sha512sums = SKIP
 
 pkgname = sks-local
diff --git a/500_debian_fhs.patch b/500_debian_fhs.patch
new file mode 100644
index 000000000000..23ad44480570
--- /dev/null
+++ b/500_debian_fhs.patch
@@ -0,0 +1,113 @@
+diff -ru sks-1.1.4/common.ml sks-1.1.4.new/common.ml
+--- sks-1.1.4/common.ml	2012-10-07 19:59:39.000000000 +0000
++++ sks-1.1.4.new/common.ml	2013-02-05 14:58:40.000000000 +0000
+@@ -93,7 +93,7 @@
+ 
+ let set_logfile extension =
+   if !Settings.filelog then
+-    let fname = (Filename.concat !Settings.basedir extension) ^ ".log" in
++    let fname = (Filename.concat !Settings.basedir "/var/log/sks/") ^ extension ^ ".log" in
+     stored_logfile_name := Some fname;
+     logfile := open_out_gen [ Open_wronly; Open_creat; Open_append; ]
+       0o600 fname;
+@@ -221,8 +221,8 @@
+ let recon_address = !Settings.recon_address
+ let http_port = !Settings.hkp_port
+ let http_address = !Settings.hkp_address
+-let db_command_name = Filename.concat !Settings.basedir "db_com_sock"
+-let recon_command_name = Filename.concat !Settings.basedir "recon_com_sock"
++let db_command_name = Filename.concat !Settings.basedir "/var/run/sks/db_com_sock"
++let recon_command_name = Filename.concat !Settings.basedir "/var/run/sks/recon_com_sock"
+ 
+ let db_command_addr = Unix.ADDR_UNIX db_command_name
+ let recon_command_addr = Unix.ADDR_UNIX recon_command_name
+diff -ru sks-1.1.4/dbserver.ml sks-1.1.4.new/dbserver.ml
+--- sks-1.1.4/dbserver.ml	2012-10-07 19:59:39.000000000 +0000
++++ sks-1.1.4.new/dbserver.ml	2013-02-05 14:58:40.000000000 +0000
+@@ -406,7 +406,7 @@
+ 
+   let convert_web_fname fname =
+     if verify_web_fname fname then
+-      Filename.concat !Settings.basedir (Filename.concat "web" fname)
++      Filename.concat !Settings.basedir (Filename.concat "/var/lib/sks/www" fname)
+     else raise (Wserver.Misc_error "Malformed requst")
+ 
+   let supported_extensions =
+diff -ru sks-1.1.4/getfileopts.ml sks-1.1.4.new/getfileopts.ml
+--- sks-1.1.4/getfileopts.ml	2012-10-07 19:59:39.000000000 +0000
++++ sks-1.1.4.new/getfileopts.ml	2013-02-05 14:58:40.000000000 +0000
+@@ -110,7 +110,7 @@
+ (**************************************************************)
+ (**************************************************************)
+ 
+-let config_fname = "sksconf"
++let config_fname = "/etc/sks/sksconf"
+ 
+ let parse args =
+   Arg.current := 0;
+diff -ru sks-1.1.4/reconserver.ml sks-1.1.4.new/reconserver.ml
+--- sks-1.1.4/reconserver.ml	2012-10-07 19:59:39.000000000 +0000
++++ sks-1.1.4.new/reconserver.ml	2013-02-05 14:58:40.000000000 +0000
+@@ -192,7 +192,7 @@
+         let elements = ZSet.elements results in
+         let hashes = hashconvert elements in
+         print_hashes (sockaddr_to_string http_addr) hashes;
+-        log_diffs (sprintf "diff-%s.txt" (sockaddr_to_name http_addr)) hashes;
++        log_diffs (sprintf "/var/spool/sks/diff-%s.txt" (sockaddr_to_name http_addr)) hashes;
+         if List.length elements > 0
+         then
+           begin
+@@ -229,7 +229,7 @@
+         plerror 4 "Reconciliation complete";
+         let hashes = hashconvert results in
+         print_hashes (sockaddr_to_string http_addr) hashes;
+-        log_diffs (sprintf "diff-%s.txt" (sockaddr_to_name http_addr)) hashes;
++        log_diffs (sprintf "/var/spool/sks/diff-%s.txt" (sockaddr_to_name http_addr)) hashes;
+         match results with
+             [] -> []
+           | _ ->
+diff -ru sks-1.1.4/settings.ml sks-1.1.4.new/settings.ml
+--- sks-1.1.4/settings.ml	2012-10-07 19:59:39.000000000 +0000
++++ sks-1.1.4.new/settings.ml	2013-02-05 14:58:40.000000000 +0000
+@@ -200,7 +200,7 @@
+ let command_timeout = ref 60
+ let set_command_timeout value = command_timeout := value
+ 
+-let sendmail_cmd = ref "sendmail -t -oi"
++let sendmail_cmd = ref "/usr/lib/sendmail -t -oi"
+ let set_sendmail_cmd value = sendmail_cmd := value
+ 
+ let membership_reload_time = ref (60. *. 60. *. 6.)
+@@ -226,15 +226,15 @@
+ 
+ let use_stdin = ref false
+ 
+-let basedir = ref "."
++let basedir = ref ""
+ 
+-let base_dbdir = "KDB"
+-let base_ptree_dbdir = "PTree"
+-let base_membership_file = "membership"
+-let base_mailsync_file = "mailsync"
+-let base_dumpdir = "dump"
+-let base_msgdir = "messages"
+-let base_failed_msgdir = "failed_messages"
++let base_dbdir = "/var/lib/sks/DB"
++let base_ptree_dbdir = "/var/lib/sks/PTree"
++let base_membership_file = "/etc/sks/membership"
++let base_mailsync_file = "/etc/sks/mailsync"
++let base_dumpdir = "/var/lib/sks/dump"
++let base_msgdir = "/var/spool/sks/messages"
++let base_failed_msgdir = "/var/spool/sks/failed_messages"
+ 
+ let dbdir = lazy (Filename.concat !basedir base_dbdir)
+ let ptree_dbdir = lazy (Filename.concat !basedir base_ptree_dbdir)
+@@ -290,7 +290,7 @@
+     ("-hkp_address",Arg.String set_hkp_address, " Set hkp binding address");
+     ("-use_port_80",Arg.Set use_port_80,
+      " Have the HKP interface listen on port 80, as well as the hkp_port");
+-    ("-basedir", Arg.Set_string basedir, " Base directory");
++    ("-basedir", Arg.Set_string basedir, " Base directory (Take special care if running the Debian package!)");
+     ("-stdoutlog", Arg.Clear filelog,
+      " Send log messages to stdout instead of log file");
+     ("-diskptree", Arg.Set disk_ptree,
diff --git a/500_debian_fhs.patch.sig b/500_debian_fhs.patch.sig
new file mode 100644
index 000000000000..e093e9859d0c
--- /dev/null
+++ b/500_debian_fhs.patch.sig
diff --git a/PKGBUILD b/PKGBUILD
index 44336a040329..86223d0c104e 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,28 +2,95 @@
 validpgpkeys=('748231EBCBD808A14F5E85D28C004C2F93481F6B')
 # Bug reports can be filed at https://bugs.square-r00t.net/index.php?project=3
 # News updates for packages can be followed at https://devblog.square-r00t.net
+# A HUGE THANKS goes to ajdiaz for maintaining the SKS package:
+# https://aur.archlinux.org/packages/sks/
+# The VAST majority of this PKGBUILD is based on his work. Buy him a drink of his choice.
+# 2018-02-08: currently not building due to this bug:
+# https://bitbucket.org/skskeyserver/sks-keyserver/issues/55/unbound-module-nat-in-cryptokit-on-ocaml
 pkgname=sks-local
 pkgver=1.1.6
-pkgrel=1
+pkgrel=2
 pkgdesc="A modified version of AUR/sks that can be used in tandem to perform localized keydumps"
-arch=( 'i686' 'x86_64' )
+arch=('i686' 'x86_64')
 url="https://bitbucket.org/skskeyserver/sks-keyserver/"
-license=( 'GPL' )
-optdepends=( 'sks: for running a public instance (to be peered with)' )
-makedepends=( 'ocaml' 'db' 'camlp4' )
-_pkgname=sks-local
-install=
-changelog=
-noextract=()
-source=("https://bitbucket.org/skskeyserver/sks-keyserver/downloads/sks-1.1.6.tgz"
-        "sks-1.1.6.tgz.sig")
+license=('GPL')
+optdepends=('sks: for running a public instance (to be peered with)')
+makedepends=('ocaml' 'db' 'camlp4')
+_pkgname=sks
+install=sks-local.install
+backup=('etc/sks-local/sksconf'
+        'etc/sks-local/forward.exim'
+        'etc/sks-local/forward.postfix'
+        'etc/sks-local/mailsync'
+        'etc/sks-local/membership'
+        'etc/sks-local/procmail')
+source=("https://bitbucket.org/skskeyserver/sks-keyserver/downloads/${_pkgname}-${pkgver}.tgz"
+	"500_debian_fhs.patch"
+	"sks-db-local.service"
+	"sks-recon-local.service"
+	"cryptokit-1.7-sks-uint32.patch"
+	"debian_eventloopfix.patch"
+        "${_pkgname}-${pkgver}.tgz.sig"
+	"500_debian_fhs.patch.sig"
+	"sks-db-local.service.sig"
+	"sks-recon-local.service.sig"
+	"cryptokit-1.7-sks-uint32.patch.sig"
+	"debian_eventloopfix.patch.sig")
 sha512sums=('f7c54194274834840b9701bf827b81add0f807dd4c6019968a6b0c755c9117519433ebb1161da38d23c465b163dd31a766700023afa13174e4dc82542fa98099'
+	    '0fd57ccd86f289cf51638995555988a572ee00d6f28f3797092ffda19a0f668ee950be1ef381e94c64301db2dd1ad308834a45b7eaec148e9d8c01ed0a1829bc'
+	    '41560dd89cb19c482af4352ee5e1c661428e61521e2cdfd307be23af6f3729a4c1a8db266391fba643a7ec0fb6f2ae936b56b889f02c7faf294e40b1ee54d73c'
+	    '516d3e3ca515bafcf50e20712bebe3dc198cd7ea8e0779ec750220fceffd3deeb20f4113080fda2a168e353d848cf3ee924118195daf0f7415009102e69d969c'
+	    '6ee333ce8aec0b103a36be376da43a569ed455f554fe853d007afc1d2e3a30d29735f515d22646832a8b4efa1ffdbfadb4a85ec22f2e5159180fc8373252c171'
+	    '9463538f5668cdd41b25c43e31a2621e1c0953430b8dde84e54be4a45aa3f9ffbfcd270c83583df2a5462163eaf014fee3c3ed49f436faf71db7e87db88626b4'
+	    'SKIP'
+	    'SKIP'
+	    'SKIP'
+	    'SKIP'
+	    'SKIP'
             'SKIP')
+
+prepare() {
+  cd "${srcdir}/${_pkgname}-${pkgver}"
+  for f in $(find ${srcdir} -maxdepth 1 -type f -name '*.patch');
+  do
+    sed -re 's@/var/lib/sks@/var/lib/sks-local@g' ${f} > ${f}.local
+  done
+  patch -Np1 -i "${srcdir}/500_debian_fhs.patch.local"
+  patch -Np1 -i "${srcdir}/debian_eventloopfix.patch.local"
+  cp Makefile.local.unused Makefile.local
+  echo "OCAMLOPT=ocamlopt -runtime-variant _pic" >> Makefile.local
+  sed -i -e 's#LIBDB=-ldb-4.6#LIBDB=-ldb-5.3#g' Makefile.local
+  sed -i -e "s#/usr/local#${pkgdir}/usr#g" Makefile.local
+  sed -i -e "s#/usr/share/man#${pkgdir}/usr/share/man#g" Makefile.local
+}
+
 build() {
-        cd "${srcdir}/${_pkgname}/src"
-        make prefix=${pkgdir}/usr
+  cd "${srcdir}/${_pkgname}-${pkgver}"
+  unset MAKEFLAGS
+  make dep
+  make "cryptokit-1.7/README.txt"
+  patch -Np0 -i "${srcdir}/cryptokit-1.7-sks-uint32.patch.local"
+  # XXX Parallel compiling not supporting for Bdb module, force -j1 always.
+  make CFLAGS="${CFLAGS} -I`ocamlc -where` -I ." -j1 all
 }
+
 package() {
-        install -D -m755 ${srcdir}/${_pkgname}/src/${_pkgname} ${pkgdir}/usr/bin/${_pkgname}
-        install -D -m644 ${srcdir}/${_pkgname}/docs/README.html.en ${pkgdir}/usr/share/doc/${_pkgname}/README.html
+  cd "${srcdir}/${_pkgname}-${pkgver}"
+  make PREFIX="${pkgdir}/usr" MANDIR="${pkgdir}/usr/share/man" install
+  install -Dm644 "${srcdir}/sks-db-local.service" "${pkgdir}/usr/lib/systemd/system/sks-db-local.service"
+  install -Dm644 "${srcdir}/sks-recon-local.service" "${pkgdir}/usr/lib/systemd/system/sks-recon-local.service"
+  mv ${pkgdir}/usr/bin/${_pkgname} ${pkgdir}/usr/bin/${pkgname}
+  # directories
+  for d in etc/${pkgname} var/run/${pkgname} var/log/${pkgname} var/lib/${pkgname} var/spool/${pkgname};
+  do
+    install -d -m0755 ${pkgdir}/${d}
+  done
+  # tweaks
+  chmod 0775 ${pkgdir}/var/run/${pkgname}
+
+  cp -a ${srcdir}/${_pkgname}-${pkgver}/sampleWeb/OpenPKG "${pkgdir}/var/lib/${pkgname}"
+  cp -a ${srcdir}/${_pkgname}-${pkgver}/sampleConfig/debian "${pkgdir}/etc/${pkgname}"
+
+  sed -i -e 's#/usr/lib/sendmail#/usr/sbin/sendmail#g' "${pkgdir}/etc/${pkgname}/sksconf"
 }
+
diff --git a/cryptokit-1.7-sks-uint32.patch b/cryptokit-1.7-sks-uint32.patch
new file mode 100644
index 000000000000..0f2e18a39eee
--- /dev/null
+++ b/cryptokit-1.7-sks-uint32.patch
@@ -0,0 +1,14 @@
+diff -urN cryptokit-1.7-orig/src/stubs-md5.c cryptokit-1.7/src/stubs-md5.c
+--- cryptokit-1.7-orig/src/stubs-md5.c	2010-08-30 05:53:00.000000000 -0500
++++ cryptokit-1.7/src/stubs-md5.c	2015-08-05 21:35:16.192104184 -0500
+@@ -18,8 +18,8 @@
+ #include <caml/alloc.h>
+ 
+ struct MD5Context {
+-        uint32 buf[4];
+-        uint32 bits[2];
++        uint32_t buf[4];
++        uint32_t bits[2];
+         unsigned char in[64];
+ };
+ 
diff --git a/cryptokit-1.7-sks-uint32.patch.sig b/cryptokit-1.7-sks-uint32.patch.sig
new file mode 100644
index 000000000000..7e3b8e1c0320
--- /dev/null
+++ b/cryptokit-1.7-sks-uint32.patch.sig
diff --git a/debian_eventloopfix.patch b/debian_eventloopfix.patch
new file mode 100644
index 000000000000..e8dbca5296b8
--- /dev/null
+++ b/debian_eventloopfix.patch
@@ -0,0 +1,144 @@
+Description: Fix FTBFS with OCaml 4.05.0
+Author: Stephane Glondu <glondu@debian.org>
+Bug-Debian: https://bugs.debian.org/870150
+Last-Update: 2017-08-01
+
+--- sks-1.1.6.orig/eventloop.ml
++++ sks-1.1.6/eventloop.ml
+@@ -26,6 +26,7 @@ open MoreLabels
+ open Printf
+ open Common
+ open Packet
++let unix_socket = Unix.socket
+ module Unix = UnixLabels
+ open Unix
+ 
+@@ -129,7 +130,7 @@ let create_sock addr =
+     let domain =
+       Unix.domain_of_sockaddr addr in
+     let sock =
+-      socket ~domain ~kind:SOCK_STREAM ~protocol:0 in
++      unix_socket domain SOCK_STREAM 0 in
+     setsockopt sock SO_REUSEADDR true;
+     if domain = PF_INET6 then
+       setsockopt sock IPV6_ONLY true;
+--- sks-1.1.6.orig/reconComm.ml
++++ sks-1.1.6/reconComm.ml
+@@ -26,6 +26,7 @@ open Printf
+ open Common
+ open Packet
+ 
++let unix_socket = Unix.socket
+ module Unix = UnixLabels
+ module Map = PMap.Map
+ 
+@@ -37,10 +38,10 @@ open DbMessages
+ 
+ (** send DbMessages message and wait for response *)
+ let send_dbmsg msg =
+-  let s = Unix.socket
+-            ~domain:(Unix.domain_of_sockaddr db_command_addr)
+-            ~kind:Unix.SOCK_STREAM
+-            ~protocol:0 in
++  let s = unix_socket
++            (Unix.domain_of_sockaddr db_command_addr)
++            Unix.SOCK_STREAM
++            0 in
+   protect ~f:(fun () ->
+                 Unix.connect s ~addr:db_command_addr;
+                 let cin = Channel.sys_in_from_fd s in
+@@ -54,10 +55,10 @@ let send_dbmsg msg =
+ 
+ (** send DbMessages message, don't wait for response *)
+ let send_dbmsg_noreply msg =
+-  let s = Unix.socket
+-            ~domain:(Unix.domain_of_sockaddr db_command_addr)
+-            ~kind:Unix.SOCK_STREAM
+-            ~protocol:0 in
++  let s = unix_socket
++            (Unix.domain_of_sockaddr db_command_addr)
++            Unix.SOCK_STREAM
++            0 in
+   protect ~f:(fun () ->
+                 Unix.connect s ~addr:db_command_addr;
+                 let cout = Channel.sys_out_from_fd s in
+@@ -75,10 +76,10 @@ let is_content_type line =
+ let http_status_ok_regexp = Str.regexp "^HTTP/[0-9]+\\.[0-9]+ 2"
+ 
+ let get_keystrings_via_http addr hashes =
+-  let s = Unix.socket
+-            ~domain:(Unix.domain_of_sockaddr addr)
+-            ~kind:Unix.SOCK_STREAM
+-            ~protocol:0  in
++  let s = unix_socket
++            (Unix.domain_of_sockaddr addr)
++            Unix.SOCK_STREAM
++            0  in
+   protect ~f:(fun () ->
+                 Unix.bind s ~addr:(match_client_recon_addr addr);
+                 Unix.connect s ~addr;
+--- sks-1.1.6.orig/sks_do.ml
++++ sks-1.1.6/sks_do.ml
+@@ -27,6 +27,7 @@ open Printf
+ open Common
+ open Packet
+ open DbMessages
++let unix_socket = Unix.socket
+ module Unix = UnixLabels
+ module PTree = PrefixTree
+ module Map = PMap.Map
+@@ -37,10 +38,10 @@ let fail reason =
+   exit (-1)
+ 
+ let send_dbmsg msg =
+-  let s = Unix.socket
+-            ~domain:(Unix.domain_of_sockaddr db_command_addr)
+-            ~kind:Unix.SOCK_STREAM
+-            ~protocol:0 in
++  let s = unix_socket
++            (Unix.domain_of_sockaddr db_command_addr)
++            Unix.SOCK_STREAM
++            0 in
+   protect ~f:(fun () ->
+                 Unix.connect s ~addr:db_command_addr;
+                 let cin = Channel.sys_in_from_fd s in
+--- sks-1.1.6.orig/tester.ml
++++ sks-1.1.6/tester.ml
+@@ -26,6 +26,7 @@ open Printf
+ open Common
+ open Packet
+ open DbMessages
++let unix_socket = Unix.socket
+ module Unix = UnixLabels
+ 
+ let settings = {
+@@ -46,10 +47,10 @@ module Keydb = Keydb.Safe
+ 
+ 
+ let send_msg addr msg =
+-  let s = Unix.socket
+-            ~domain:(Unix.domain_of_sockaddr addr)
+-            ~kind:Unix.SOCK_STREAM
+-            ~protocol:0 in
++  let s = unix_socket
++            (Unix.domain_of_sockaddr addr)
++            Unix.SOCK_STREAM
++            0 in
+   protect ~f:( fun () ->
+                  Unix.connect s ~addr:addr;
+                  let cin = Channel.sys_in_from_fd s
+@@ -62,10 +63,10 @@ let send_msg addr msg =
+     ~finally:(fun () -> Unix.close s)
+ 
+ let send_msg_noreply addr msg =
+-  let s = Unix.socket
+-            ~domain:(Unix.domain_of_sockaddr addr)
+-            ~kind:Unix.SOCK_STREAM
+-            ~protocol:0 in
++  let s = unix_socket
++            (Unix.domain_of_sockaddr addr)
++            Unix.SOCK_STREAM
++            0 in
+   protect ~f:(fun () ->
+                 Unix.connect s ~addr:addr;
+                 let cout = Channel.sys_out_from_fd s in
diff --git a/debian_eventloopfix.patch.sig b/debian_eventloopfix.patch.sig
new file mode 100644
index 000000000000..55b24035214d
--- /dev/null
+++ b/debian_eventloopfix.patch.sig
diff --git a/sks-db-local.service b/sks-db-local.service
new file mode 100644
index 000000000000..a6bbefe12999
--- /dev/null
+++ b/sks-db-local.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Synchronizing key server db instance (Local sync/dumps)
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=simple
+User=sks
+Group=sks
+PIDFile=/var/run/sks-local/sksdb.pid
+ExecStart=/usr/bin/sks-local db
+RuntimeDirectory=sks-local
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sks-db-local.service.sig b/sks-db-local.service.sig
new file mode 100644
index 000000000000..cf01b2b70d50
--- /dev/null
+++ b/sks-db-local.service.sig
diff --git a/sks-local.install b/sks-local.install
new file mode 100644
index 000000000000..ab20b490aa69
--- /dev/null
+++ b/sks-local.install
@@ -0,0 +1,40 @@
+post_install() {
+  dname='sks-local'
+
+  echo -n "adding sks system group... "
+  getent group sks || groupadd -r sks && echo -n "done."
+  echo
+
+  echo -n "adding sks system user... "
+  getent passwd sks || useradd -c "Synchronizing OpenPGP Key Server" -r -d /var/lib/sks -g sks -s /bin/bash sks && echo -n "done."
+  echo
+
+  # chowns
+  for d in /var/run/${dname} /var/log/${dname} /var/lib/${dname} /var/spool/${dname}
+  do
+	  chown sks:sks ${d}
+  done
+
+  echo "NOTE: sks-db-local needs to have a database imported before it can be started."
+  echo "      Please reference the following documentation:"
+  echo
+  echo "      https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering#!initial-keydump"
+  echo "      https://mirror.square-r00t.net/#dumps-importing"
+}
+
+post_remove() {
+  echo -n -e "\nremoving sks system user (if needed)... "
+  pacman -Q sks > /dev/null 2>&1 || userdel sks && echo "done."
+ 
+  rm -r /var/run/sks-local
+
+  echo "Keeping /var/lib/sks-local, /var/spool/sks-local, and /var/log/sks-local;"
+  echo "Remove them manually if you want."
+}
+
+op=$1
+shift
+
+$op $*
+
+# vim: ft=sh ts=2 sw=2
diff --git a/sks-recon-local.service b/sks-recon-local.service
new file mode 100644
index 000000000000..185514c5996b
--- /dev/null
+++ b/sks-recon-local.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Synchronizing key server recon instance (Local sync/dumps)
+After=network.target remote-fs.target nss-lookup.target
+
+[Service]
+Type=simple
+User=sks
+Group=sks
+PIDFile=/var/run/sks-local/sksrecon.pid
+ExecStart=/usr/bin/sks-local recon
+RuntimeDirectory=sks-local
+RuntimeDirectoryMode=0755
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sks-recon-local.service.sig b/sks-recon-local.service.sig
new file mode 100644
index 000000000000..a1139eb4eb46
--- /dev/null
+++ b/sks-recon-local.service.sig