Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID fr

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID fr

From:	Phil Pennock
Subject:	Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG
Date:	Tue, 24 Mar 2009 14:55:17 -0700

On 2009-03-24 at 11:57 -0400, Daniel Kahn Gillmor wrote:
> Are these scripts published? (this is out of curiosity more than
> anything else)

Well, since it's just curiosity, I'll pipe in with something roughly
equivalent to the IP generation side:

  http://sks.spodhuis.org/sks-peers/ip-valid

No DNS integration, but it provides the data in a format which should be
easy to script into DNS zonefiles.  The "no more than 500 behind" value
is chosen to match that of sks-keyservers.net, but the reference value
is derived with some fast and loose stats, instead of being the local
value.  Search for "def handle_ip_valid" in the script.

This is generated by the attached Python 2.6 script, launched from
Apache/mod_wsgi with:
  <IfModule mod_wsgi.c>
    WSGIDaemonProcess   sks.spodhuis.org user=sks display-name=%{GROUP}
    WSGIProcessGroup    sks.spodhuis.org

    WSGIScriptAlias     /sks-peers 
"/www/sites/sks.spodhuis.org/wsgi/sks_peers.py"
  </IfModule>

This is a script/module rooted at 'sks-peers'; you'll want to change the
first few kCONSTANTS in the script for local values -- especially to
grant yourself, not me, privileged access to the tool (to see
internals).  /sks-peers/helpz will give you links to the various admin
URLs; they're read-only views of the data, except for rescanz.

You can invoke it without mod_wsgi, just invoke as:
  ./sks_peers.py standalone
and look at http://localhost:8080/ip-valid instead.

I think the Python 2.6-isms are fairly few, but they're there
(numbers.Integral, etc).  You need some non-standard Python modules, all
in easy reach with easy_install; they're the secnd batch of imports and
the only one whose name isn't just the import's top-level module name
has a comment indicating the name.

The script will then on first retrieval go gather data and report back
"no data yet"; it's persistent past the first retrieval, setting up a
data gathering thread to periodically re-poll, and reloading when
the 'membership' file changes.

After about 30 seconds (when the bad server URL retrievals time out)
you'll have data.  /sks-peers is a table view in HTML with links, etc.
It's ugly as I'm not a UI designer.  /sks-peers/ip-valid reports data in
a format that should be fairly comprehensible:
  status line, including a count
  one IP address per line; number of lines given by count in first line
  a line containing just "."

Working output starts:
  IP-Gen/1: status=COMPLETE count=29 tags=skip_1010
and non-working might be:
  IP-Gen/1: status=INVALID count=0 reason=first_scan

Feel free to adapt for your own use (but credit nice); no warranties,
etc etc.  At your own risk.

-Phil

sks_peers.py
Description: Text Data

pgpXxxwCYxuFD.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG, (continued)

Prev by Date: Re: [Sks-devel] problems with SKS 1.0.10 when searching by key ID from GnuPG
Next by Date: Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG
Previous by thread: Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG
Next by thread: Re: [Sks-devel] Re: problems with SKS 1.0.10 when searching by key ID from GnuPG
Index(es):
- Date
- Thread