[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] SKS peering request [sks-server.randala.com]
|
From: |
Martin Papik |
|
Subject: |
Re: [Sks-devel] SKS peering request [sks-server.randala.com] |
|
Date: |
Sun, 06 Apr 2014 13:49:04 +0300 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am using the latest stable LTS, unfortunately, ubuntu LTS matures
slowly and I've been bitten with premature dist-upgrades. I'll choose
waiting over being a test-case. At least on anything that's exposed to
the internet.
# wget http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb
# dpkg -i sks_1.1.4-2.1ubuntu1_amd64.deb
(Reading database ... 97126 files and directories currently installed.)
Preparing to replace sks 1.1.1+dpkgv3-7ubuntu0.3 (using
sks_1.1.4-2.1ubuntu1_amd64.deb) ...
Stopping sks daemons: sksrecon.. sksdb.. done.
Unpacking replacement sks ...
dpkg: dependency problems prevent configuration of sks:
sks depends on libdb5.3; however:
Package libdb5.3 is not installed.
dpkg: error processing sks (--install):
dependency problems - leaving unconfigured
Processing triggers for ureadahead ...
Processing triggers for man-db ...
Errors were encountered while processing:
sks
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04.4 LTS"
Doesn't seem to work, I tried adding "deb
http://us.archive.ubuntu.com/ubuntu/ trusty main universe" to
/etc/apt/sources.list, but just installing sks would replace libc,
which basically means I might as well dist-upgrade, which I won't do
just yet.
PS in my personal experience with the last ubuntu LTS increment, it
will be stable enough sometimes next year. Until then, I'm afraid I
only have three options, compile from sources (headache, error prone,
extra maintenance), wait for someone to backport 1.1.4 on 10.4 or
12.4, or just leave it as 1.1.3.
And my impression is that 1.1.3 is okay, a number of the servers
visible on https://sks-keyservers.net/status/ are 1.1.3, and so far
the only difference I came across is that 1.1.3 doesn't export server
contact, which doesn't bother me overly. Is there a better reason to
upgrade?
Martin
On 04/06/2014 12:07 PM, Tobias Frei wrote:
> Hi,
>
> if you'd be using the latest Ubuntu, you would probably also have
> access to the newest SKS version in the repositories. ;-)
>
> Ubuntu 14.04 LTS will come out soon; upgrading to that should give
> you 1.1.4.
>
>
> If your server is running on amd64, you can use this .deb for now,
> if you want to:
> http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb
>
>
>
> Best regards, Tobias Frei
>
>
> Am 05.04.2014 16:17, schrieb Martin Papik:
>>
>> Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't
>> install that one without an explicit parameter boggles me a bit.
>> Oh well. Is that sufficient, or will I have to install the very
>> latest from source?
>>
>> The web server is enabled, there's just no main page in the
>> directory yet.
>>
>> I see "Error fetching key from hash **** : Not_found" messages
>> in the log though, is this normal? The hashes update, so I'm not
>> overly worried, just want to know if this is normal.
>>
>> Anyway, thanks again for taking the time to assist me.
>>
>> Martin
>>
>> On 04/05/2014 04:38 PM, BluKeyserver wrote: Hi Martin,
>>
>> Quoting from
>> https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
>>
>> 'Versions prior to 1.1.2 have a severe interoperability bug (POST
>> requests for exchanging keys are HTTP/0.9, does not work with
>> modern setups having reverse HTTP proxies in front as a best
>> practice.'
>>
>> Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4
>> instead ?
>>
>> Also, I have noticed, that you did not enable the built-in www
>> server:
>>
>> 'Page not found: /var/lib/sks/www/index.html'
>>
>> Regards, H.Storm [TheBluProject]
>>
>> On 05/04/2014 07:52, Martin Papik wrote:
>>>>> Thank you very much Jerzy, however I'm facing some
>>>>> problems. I wonder if you have any insight. I'm new to sks,
>>>>> but it seems to me that there might be an apache proxy
>>>>> intercepting the connections and interfering somehow. I
>>>>> don't see my server in
>>>>> http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats,
>>>>> but the sks servers are talking to each other on 11370 so
>>>>> I'm assuming there's some kind of asymmetric setup.
>>>>>
>>>>> Any help would be appreciated.
>>>>>
>>>>> Martin
>>>>>
>>>>> In the log I see (after incrementing http_fetch_size to
>>>>> 1000 to reduce the number of entries).
>>>>>
>>>>> 2014-04-05 08:43:40 address for
>>>>> keyserver.kolosowscy.pl:11370 changed from [] to
>>>>> [<ADDR_INET [176.241.243.15]:11370>, <ADDR_INET
>>>>> [2002:b0f1:f30f::1]:11370>] 2014-04-05 08:44:06 6064 hashes
>>>>> recovered from <ADDR_INET [176.241.243.15]:11371>
>>>>> 2014-04-05 08:44:11 Requesting 1000 missing keys from
>>>>> <ADDR_INET [176.241.243.15]:11371>, starting with
>>>>> 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 Error
>>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:11
>>>>> Requesting 1000 missing keys from <ADDR_INET
>>>>> [176.241.243.15]:11371>, starting with
>>>>> 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 Error
>>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:11
>>>>> Requesting 1000 missing keys from <ADDR_INET
>>>>> [176.241.243.15]:11371>, starting with
>>>>> 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11 Error
>>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:11
>>>>> Requesting 1000 missing keys from <ADDR_INET
>>>>> [176.241.243.15]:11371>, starting with
>>>>> 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11 Error
>>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:11
>>>>> Requesting 1000 missing keys from <ADDR_INET
>>>>> [176.241.243.15]:11371>, starting with
>>>>> A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11 Error
>>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:12
>>>>> Requesting 1000 missing keys from <ADDR_INET
>>>>> [176.241.243.15]:11371>, starting with
>>>>> D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12 Error
>>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>>> \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 08:44:12
>>>>> Requesting 64 missing keys from <ADDR_INET
>>>>> [176.241.243.15]:11371>, starting with
>>>>> FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12 Error
>>>>> getting missing keys: Failure("<!DOCTYPE HTML PUBLIC
>>>>> \"-//IETF//DTD HTML 2.0//EN\">")
>>>>>
>>>>> The tcpdump output contains (looks like HTTP 0.9, no host
>>>>> header in the request, no HTTP headers in the response).
>>>>>
>>>>> Request to 176.241.243.15:11371
>>>>>
>>>>> POST /pks/hashquery content-length: 24
>>>>>
>>>>> Response from 176.241.243.15:11371
>>>>>
>>>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>>>>> <html><head> <title>502 Proxy Error</title> </head><body>
>>>>> <h1>Proxy Error</h1> <p>The proxy server received an
>>>>> invalid response from an upstream server.<br /> The proxy
>>>>> server could not handle the request <em><a
>>>>> href="/pks/hashquery">POST /pks/hashquery</a></em>.<p>
>>>>>
>>>>>
Reason: <strong>Error reading from remote
>>>>> server</strong></p></p> <hr> <address>Apache Server at
>>>>> keyserver.kolosowscy.pl Port 80</address> </body></html>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I added your server. My line to add:
>>>>>>
>>>>>> keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski
>>>>>> <address@hidden>
>>>>>>
>>>>>> Rgds,
>>>>>>
>>>>>> Jerzy Ko?osowski
>>>>>>
>>>>>> Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik pisze:
>>>>>>> Hi everyone,
>>>>>>>
>>>>>>> I've just configured sks 1.1.1 (default on Ubuntu) on
>>>>>>> sks-server.randala.com. The machine has IPv6 but SKS
>>>>>>> has not yet been assigned an address. I wonder, is
>>>>>>> there an advantage (e.g. in terms of peering)? The
>>>>>>> server is located in Germany/EU. For now I'm deploying
>>>>>> the
>>>>>>> server for R&D as a proxy for my private server
>>>>>>> (behind my ISPs randomized NAT).
>>>>>>>
>>>>>>> You may contact me if you have further questions or
>>>>>>> for any issues, operational or otherwise.
>>>>>>>
>>>>>>> Loaded from: http://keys.niif.hu/keydump/ [2014-03-31?
>>>>>>> ... köszönöm] Loaded: 3583821 keys
>>>>>>>
>>>>>>> Line to add to /etc/sks/membership
>>>>>>>
>>>>>>> sks-server.randala.com 11370
>>>>>>>
>>>>>>> Thank you.
>>>>>>>
>>>>>>> Martin
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Sks-devel mailing list address@hidden
>>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Sks-devel mailing list address@hidden
>>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>
>>>>>
>>>>> _______________________________________________ Sks-devel
>>>>> mailing list address@hidden
>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>
>>>
>>> _______________________________________________ Sks-devel
>>> mailing list address@hidden
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>
>>
>> _______________________________________________ Sks-devel
>> mailing list address@hidden
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>
>
> _______________________________________________ Sks-devel mailing
> list address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTQTEVAAoJELsEaSRwbVYrCRMP+QGsRxOoH2Cfrsbjj1plOXnP
Sri8CQ0eiUG1OcV3vFIQrqLMuZ6UCQldn36SgcuGqQc18aCVYkefaI/w9BfQb6Hs
4xznuJDHGq1q/VOqqTRL/Xecf8gUquZ07qk+VNJaChYRNNkoA6YXgae2cHUNVfzK
Yl/dsfWOZ7CQSSSIF0u+BT+01CuGzvwFCzaf9bafpK8sdSJ7vZzasj/FIqr6TcCt
nHioG7g9DC1sVGaY1gY+ssAcxC1yBjgOyLKK2MJsHFc0VB5RcTxzPaobyYa2dhYv
Jktnp38/UatQhNABecrDS/wPBdqkxTzMxPFfV8BR7EjgWFtuhiS/BM3ZlJvMqG/6
vEly9Mydk+7rUL1gVm4i1d8lNp/avq9K0Pr/RSsBERHj3PYPcBw1A6pz85FOH3I5
h/XxNeaDRTr4Np27jRTHGaRQVff8lj/YuO1BE1yi1McyVUwb6/Gr7i1Srqd76Bco
RnddAXts7CcEyine8MzmZuprpylvgrhXaazO/zx8iTbswou1GB2jE28S99ggSwDe
82FrTPdXbzqyUpHS5Z3amouxhfbiSPhcIclx/yPbx61vLnv2F9YWRmJhfF6XMZMd
1vO5MZ+UBTCOCkKpTHcZPVRkyD5OW9No9KeyRVwvJjHD1/y4LEBUxWyxYoH40kSJ
WMdm90O9GVxHSkKErnRs
=Zq+L
-----END PGP SIGNATURE-----
- [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/02
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Jerzy Kołosowski, 2014/04/04
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/05
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], BluKeyserver, 2014/04/05
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/05
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Tobias Frei, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com],
Martin Papik <=
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Tobias Frei, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Phil Pennock, 2014/04/07
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Kristian Fiskerstrand, 2014/04/07
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/08
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Kristian Fiskerstrand, 2014/04/09