Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Tobias Frei]

Hi,

I don't really see why upgrading to the next stable release would make
you a "test-case", but I'm also already running 14.04 on my webserver,
so I might be the wrong person to ask about this. :D

If it helps (maybe the new libc version isn't required), you might
want to download this package too:
http://freiwuppertal.de/libdb5.3_5.3.28-3ubuntu2_amd64.deb

I can also provide other current .deb files on request.


Best regards,
Tobias Frei


Am 06.04.2014 12:49, schrieb Martin Papik:
> 
> I am using the latest stable LTS, unfortunately, ubuntu LTS
> matures slowly and I've been bitten with premature dist-upgrades.
> I'll choose waiting over being a test-case. At least on anything
> that's exposed to the internet.
> 
> # wget http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb #
> dpkg -i sks_1.1.4-2.1ubuntu1_amd64.deb (Reading database ... 97126
> files and directories currently installed.) Preparing to replace
> sks 1.1.1+dpkgv3-7ubuntu0.3 (using sks_1.1.4-2.1ubuntu1_amd64.deb)
> ... Stopping sks daemons: sksrecon.. sksdb.. done. Unpacking
> replacement sks ... dpkg: dependency problems prevent configuration
> of sks: sks depends on libdb5.3; however: Package libdb5.3 is not
> installed. dpkg: error processing sks (--install): dependency
> problems - leaving unconfigured Processing triggers for ureadahead
> ... Processing triggers for man-db ... Errors were encountered
> while processing: sks # cat /etc/lsb-release DISTRIB_ID=Ubuntu 
> DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise 
> DISTRIB_DESCRIPTION="Ubuntu 12.04.4 LTS"
> 
> Doesn't seem to work, I tried adding "deb 
> http://us.archive.ubuntu.com/ubuntu/ trusty main universe" to 
> /etc/apt/sources.list, but just installing sks would replace libc, 
> which basically means I might as well dist-upgrade, which I won't
> do just yet.
> 
> PS in my personal experience with the last ubuntu LTS increment,
> it will be stable enough sometimes next year. Until then, I'm
> afraid I only have three options, compile from sources (headache,
> error prone, extra maintenance), wait for someone to backport 1.1.4
> on 10.4 or 12.4, or just leave it as 1.1.3.
> 
> And my impression is that 1.1.3 is okay, a number of the servers 
> visible on https://sks-keyservers.net/status/ are 1.1.3, and so
> far the only difference I came across is that 1.1.3 doesn't export
> server contact, which doesn't bother me overly. Is there a better
> reason to upgrade?
> 
> Martin
> 
> On 04/06/2014 12:07 PM, Tobias Frei wrote:
>> Hi,
> 
>> if you'd be using the latest Ubuntu, you would probably also have
>>  access to the newest SKS version in the repositories. ;-)
> 
>> Ubuntu 14.04 LTS will come out soon; upgrading to that should
>> give you 1.1.4.
> 
> 
>> If your server is running on amd64, you can use this .deb for
>> now, if you want to: 
>> http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb
> 
> 
> 
>> Best regards, Tobias Frei
> 
> 
>> Am 05.04.2014 16:17, schrieb Martin Papik:
>>> 
>>> Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't 
>>> install that one without an explicit parameter boggles me a
>>> bit. Oh well. Is that sufficient, or will I have to install the
>>> very latest from source?
>>> 
>>> The web server is enabled, there's just no main page in the 
>>> directory yet.
>>> 
>>> I see "Error fetching key from hash **** : Not_found" messages 
>>> in the log though, is this normal? The hashes update, so I'm
>>> not overly worried, just want to know if this is normal.
>>> 
>>> Anyway, thanks again for taking the time to assist me.
>>> 
>>> Martin
>>> 
>>> On 04/05/2014 04:38 PM, BluKeyserver wrote: Hi Martin,
>>> 
>>> Quoting from 
>>> https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
>>> 
>>> 'Versions prior to 1.1.2 have a severe interoperability bug
>>> (POST requests for exchanging keys are HTTP/0.9, does not work
>>> with modern setups having reverse HTTP proxies in front as a
>>> best practice.'
>>> 
>>> Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4
>>>  instead ?
>>> 
>>> Also, I have noticed, that you did not enable the built-in www
>>>  server:
>>> 
>>> 'Page not found: /var/lib/sks/www/index.html'
>>> 
>>> Regards, H.Storm [TheBluProject]
>>> 
>>> On 05/04/2014 07:52, Martin Papik wrote:
>>>>>> Thank you very much Jerzy, however I'm facing some 
>>>>>> problems. I wonder if you have any insight. I'm new to
>>>>>> sks, but it seems to me that there might be an apache
>>>>>> proxy intercepting the connections and interfering
>>>>>> somehow. I don't see my server in 
>>>>>> http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats,
>>>>>>
>>>>>> 
but the sks servers are talking to each other on 11370 so
>>>>>> I'm assuming there's some kind of asymmetric setup.
>>>>>> 
>>>>>> Any help would be appreciated.
>>>>>> 
>>>>>> Martin
>>>>>> 
>>>>>> In the log I see  (after incrementing http_fetch_size to 
>>>>>> 1000 to reduce the number of entries).
>>>>>> 
>>>>>> 2014-04-05 08:43:40 address for 
>>>>>> keyserver.kolosowscy.pl:11370 changed from [] to 
>>>>>> [<ADDR_INET [176.241.243.15]:11370>, <ADDR_INET 
>>>>>> [2002:b0f1:f30f::1]:11370>] 2014-04-05 08:44:06 6064
>>>>>> hashes recovered from <ADDR_INET [176.241.243.15]:11371> 
>>>>>> 2014-04-05 08:44:11 Requesting 1000 missing keys from 
>>>>>> <ADDR_INET [176.241.243.15]:11371>, starting with 
>>>>>> 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET 
>>>>>> [176.241.243.15]:11371>, starting with 
>>>>>> 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET 
>>>>>> [176.241.243.15]:11371>, starting with 
>>>>>> 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET 
>>>>>> [176.241.243.15]:11371>, starting with 
>>>>>> 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET 
>>>>>> [176.241.243.15]:11371>, starting with 
>>>>>> A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>> 08:44:12 Requesting 1000 missing keys from <ADDR_INET 
>>>>>> [176.241.243.15]:11371>, starting with 
>>>>>> D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>> 08:44:12 Requesting 64 missing keys from <ADDR_INET 
>>>>>> [176.241.243.15]:11371>, starting with 
>>>>>> FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">")
>>>>>> 
>>>>>> The tcpdump output contains (looks like HTTP 0.9, no host
>>>>>>  header in the request, no HTTP headers in the
>>>>>> response).
>>>>>> 
>>>>>> Request to 176.241.243.15:11371
>>>>>> 
>>>>>> POST /pks/hashquery content-length: 24
>>>>>> 
>>>>>> Response from 176.241.243.15:11371
>>>>>> 
>>>>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 
>>>>>> <html><head> <title>502 Proxy Error</title> </head><body>
>>>>>>  <h1>Proxy Error</h1> <p>The proxy server received an 
>>>>>> invalid response from an upstream server.<br /> The
>>>>>> proxy server could not handle the request <em><a 
>>>>>> href="/pks/hashquery">POST&nbsp;/pks/hashquery</a></em>.<p>
>>>>>>
>>>>>>
>
>>>>>> 
Reason: <strong>Error reading from remote
>>>>>> server</strong></p></p> <hr> <address>Apache Server at 
>>>>>> keyserver.kolosowscy.pl Port 80</address> </body></html>
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:
>>>>>>> Hi,
>>>>>>> 
>>>>>>> I added your server. My line to add:
>>>>>>> 
>>>>>>> keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski 
>>>>>>> <address@hidden>
>>>>>>> 
>>>>>>> Rgds,
>>>>>>> 
>>>>>>> Jerzy Ko?osowski
>>>>>>> 
>>>>>>> Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik
>>>>>>> pisze:
>>>>>>>> Hi everyone,
>>>>>>>> 
>>>>>>>> I've just configured sks 1.1.1 (default on Ubuntu) on
>>>>>>>>  sks-server.randala.com. The machine has IPv6 but
>>>>>>>> SKS has not yet been assigned an address. I wonder,
>>>>>>>> is there an advantage (e.g. in terms of peering)?
>>>>>>>> The server is located in Germany/EU. For now I'm
>>>>>>>> deploying
>>>>>>> the
>>>>>>>> server for R&D as a proxy for my private server 
>>>>>>>> (behind my ISPs randomized NAT).
>>>>>>>> 
>>>>>>>> You may contact me if you have further questions or 
>>>>>>>> for any issues, operational or otherwise.
>>>>>>>> 
>>>>>>>> Loaded from: http://keys.niif.hu/keydump/
>>>>>>>> [2014-03-31? ... köszönöm] Loaded: 3583821 keys
>>>>>>>> 
>>>>>>>> Line to add to /etc/sks/membership
>>>>>>>> 
>>>>>>>> sks-server.randala.com 11370
>>>>>>>> 
>>>>>>>> Thank you.
>>>>>>>> 
>>>>>>>> Martin
>>>>>>>> 
>>>>>>>> _______________________________________________ 
>>>>>>>> Sks-devel mailing list address@hidden 
>>>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>>>> 
>>>>>>>> 
>>>>>>>> _______________________________________________ 
>>>>>>>> Sks-devel mailing list address@hidden 
>>>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>> 
>>>>>> 
>>>>>> _______________________________________________ Sks-devel
>>>>>>  mailing list address@hidden 
>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>> 
>>>> 
>>>> _______________________________________________ Sks-devel 
>>>> mailing list address@hidden 
>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>> 
>>> 
>>> _______________________________________________ Sks-devel 
>>> mailing list address@hidden 
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>> 
> 
>> _______________________________________________ Sks-devel
>> mailing list address@hidden 
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 
> 
> 
> _______________________________________________ Sks-devel mailing
> list address@hidden 
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>