Re: [Sks-devel] SKS peering request [sks-server.randala.com]

[Martin Papik]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



This is why libc is required, I've tried to use sks-1.1.4 from trusty
already, same set of dependencies. And as before, if I'm going to
update libc, I might as well do a full dist upgrade.

# dpkg -i libdb5.3_5.3.28-3ubuntu2_amd64.deb
(Reading database ... 97168 files and directories currently installed.)
Preparing to replace libdb5.3 5.3.28-3ubuntu2 (using
libdb5.3_5.3.28-3ubuntu2_amd64.deb) ...
Unpacking replacement libdb5.3 ...
dpkg: dependency problems prevent configuration of libdb5.3:
 libdb5.3 depends on libc6 (>= 2.17); however:
  Version of libc6 on system is 2.15-0ubuntu10.5.
dpkg: error processing libdb5.3 (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 libdb5.3

https://help.ubuntu.com/ -- stable is 13.10, stable LTS is 12.04,
14.04 is devel, meaning not stable :-)

And as I said, my prior experiences are full of grief with premature
dist-upgrades. And I read somewhere on the internets that dist-upgrade
isn't supposed to be "stable" until about 14.04.1.

So, yeah, I may play with 14.04, but not on production machines.
Unless there is a compelling reason. Is there? Is there a really good
reason to move from 1.1.3 to 1.1.4?

Martin

On 04/06/2014 03:26 PM, Tobias Frei wrote:
> Hi,
> 
> I don't really see why upgrading to the next stable release would
> make you a "test-case", but I'm also already running 14.04 on my
> webserver, so I might be the wrong person to ask about this. :D
> 
> If it helps (maybe the new libc version isn't required), you might 
> want to download this package too: 
> http://freiwuppertal.de/libdb5.3_5.3.28-3ubuntu2_amd64.deb
> 
> I can also provide other current .deb files on request.
> 
> 
> Best regards, Tobias Frei
> 
> 
> Am 06.04.2014 12:49, schrieb Martin Papik:
>> 
>> I am using the latest stable LTS, unfortunately, ubuntu LTS 
>> matures slowly and I've been bitten with premature
>> dist-upgrades. I'll choose waiting over being a test-case. At
>> least on anything that's exposed to the internet.
>> 
>> # wget http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb # 
>> dpkg -i sks_1.1.4-2.1ubuntu1_amd64.deb (Reading database ...
>> 97126 files and directories currently installed.) Preparing to
>> replace sks 1.1.1+dpkgv3-7ubuntu0.3 (using
>> sks_1.1.4-2.1ubuntu1_amd64.deb) ... Stopping sks daemons:
>> sksrecon.. sksdb.. done. Unpacking replacement sks ... dpkg:
>> dependency problems prevent configuration of sks: sks depends on
>> libdb5.3; however: Package libdb5.3 is not installed. dpkg: error
>> processing sks (--install): dependency problems - leaving
>> unconfigured Processing triggers for ureadahead ... Processing
>> triggers for man-db ... Errors were encountered while processing:
>> sks # cat /etc/lsb-release DISTRIB_ID=Ubuntu 
>> DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise 
>> DISTRIB_DESCRIPTION="Ubuntu 12.04.4 LTS"
>> 
>> Doesn't seem to work, I tried adding "deb 
>> http://us.archive.ubuntu.com/ubuntu/ trusty main universe" to 
>> /etc/apt/sources.list, but just installing sks would replace
>> libc, which basically means I might as well dist-upgrade, which I
>> won't do just yet.
>> 
>> PS in my personal experience with the last ubuntu LTS increment, 
>> it will be stable enough sometimes next year. Until then, I'm 
>> afraid I only have three options, compile from sources
>> (headache, error prone, extra maintenance), wait for someone to
>> backport 1.1.4 on 10.4 or 12.4, or just leave it as 1.1.3.
>> 
>> And my impression is that 1.1.3 is okay, a number of the servers
>>  visible on https://sks-keyservers.net/status/ are 1.1.3, and so 
>> far the only difference I came across is that 1.1.3 doesn't
>> export server contact, which doesn't bother me overly. Is there a
>> better reason to upgrade?
>> 
>> Martin
>> 
>> On 04/06/2014 12:07 PM, Tobias Frei wrote:
>>> Hi,
>> 
>>> if you'd be using the latest Ubuntu, you would probably also
>>> have access to the newest SKS version in the repositories. ;-)
>> 
>>> Ubuntu 14.04 LTS will come out soon; upgrading to that should 
>>> give you 1.1.4.
>> 
>> 
>>> If your server is running on amd64, you can use this .deb for 
>>> now, if you want to: 
>>> http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb
>> 
>> 
>> 
>>> Best regards, Tobias Frei
>> 
>> 
>>> Am 05.04.2014 16:17, schrieb Martin Papik:
>>>> 
>>>> Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't
>>>>  install that one without an explicit parameter boggles me a 
>>>> bit. Oh well. Is that sufficient, or will I have to install
>>>> the very latest from source?
>>>> 
>>>> The web server is enabled, there's just no main page in the 
>>>> directory yet.
>>>> 
>>>> I see "Error fetching key from hash **** : Not_found"
>>>> messages in the log though, is this normal? The hashes
>>>> update, so I'm not overly worried, just want to know if this
>>>> is normal.
>>>> 
>>>> Anyway, thanks again for taking the time to assist me.
>>>> 
>>>> Martin
>>>> 
>>>> On 04/05/2014 04:38 PM, BluKeyserver wrote: Hi Martin,
>>>> 
>>>> Quoting from 
>>>> https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
>>>>
>>>>
>>>> 
'Versions prior to 1.1.2 have a severe interoperability bug
>>>> (POST requests for exchanging keys are HTTP/0.9, does not
>>>> work with modern setups having reverse HTTP proxies in front
>>>> as a best practice.'
>>>> 
>>>> Perhaps it's a time to ditch the 1.1.1 and try to compile
>>>> 1.1.4 instead ?
>>>> 
>>>> Also, I have noticed, that you did not enable the built-in
>>>> www server:
>>>> 
>>>> 'Page not found: /var/lib/sks/www/index.html'
>>>> 
>>>> Regards, H.Storm [TheBluProject]
>>>> 
>>>> On 05/04/2014 07:52, Martin Papik wrote:
>>>>>>> Thank you very much Jerzy, however I'm facing some 
>>>>>>> problems. I wonder if you have any insight. I'm new to 
>>>>>>> sks, but it seems to me that there might be an apache 
>>>>>>> proxy intercepting the connections and interfering 
>>>>>>> somehow. I don't see my server in 
>>>>>>> http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats,
>>>>>>>
>>>>>>>
>
>>>>>>> 
but the sks servers are talking to each other on 11370 so
>>>>>>> I'm assuming there's some kind of asymmetric setup.
>>>>>>> 
>>>>>>> Any help would be appreciated.
>>>>>>> 
>>>>>>> Martin
>>>>>>> 
>>>>>>> In the log I see  (after incrementing http_fetch_size
>>>>>>> to 1000 to reduce the number of entries).
>>>>>>> 
>>>>>>> 2014-04-05 08:43:40 address for 
>>>>>>> keyserver.kolosowscy.pl:11370 changed from [] to 
>>>>>>> [<ADDR_INET [176.241.243.15]:11370>, <ADDR_INET 
>>>>>>> [2002:b0f1:f30f::1]:11370>] 2014-04-05 08:44:06 6064 
>>>>>>> hashes recovered from <ADDR_INET
>>>>>>> [176.241.243.15]:11371> 2014-04-05 08:44:11 Requesting
>>>>>>> 1000 missing keys from <ADDR_INET
>>>>>>> [176.241.243.15]:11371>, starting with 
>>>>>>> 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11 
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML 
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 
>>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET 
>>>>>>> [176.241.243.15]:11371>, starting with 
>>>>>>> 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11 
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML 
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 
>>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET 
>>>>>>> [176.241.243.15]:11371>, starting with 
>>>>>>> 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11 
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML 
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 
>>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET 
>>>>>>> [176.241.243.15]:11371>, starting with 
>>>>>>> 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11 
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML 
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 
>>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET 
>>>>>>> [176.241.243.15]:11371>, starting with 
>>>>>>> A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11 
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML 
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 
>>>>>>> 08:44:12 Requesting 1000 missing keys from <ADDR_INET 
>>>>>>> [176.241.243.15]:11371>, starting with 
>>>>>>> D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12 
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML 
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05 
>>>>>>> 08:44:12 Requesting 64 missing keys from <ADDR_INET 
>>>>>>> [176.241.243.15]:11371>, starting with 
>>>>>>> FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12 
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML 
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">")
>>>>>>> 
>>>>>>> The tcpdump output contains (looks like HTTP 0.9, no
>>>>>>> host header in the request, no HTTP headers in the 
>>>>>>> response).
>>>>>>> 
>>>>>>> Request to 176.241.243.15:11371
>>>>>>> 
>>>>>>> POST /pks/hashquery content-length: 24
>>>>>>> 
>>>>>>> Response from 176.241.243.15:11371
>>>>>>> 
>>>>>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 
>>>>>>> <html><head> <title>502 Proxy Error</title>
>>>>>>> </head><body> <h1>Proxy Error</h1> <p>The proxy server
>>>>>>> received an invalid response from an upstream
>>>>>>> server.<br /> The proxy server could not handle the
>>>>>>> request <em><a 
>>>>>>> href="/pks/hashquery">POST&nbsp;/pks/hashquery</a></em>.<p>
>>>>>>>
>>>>>>>
>>
>>>>>>>
>
>>>>>>> 
Reason: <strong>Error reading from remote
>>>>>>> server</strong></p></p> <hr> <address>Apache Server at
>>>>>>>  keyserver.kolosowscy.pl Port 80</address>
>>>>>>> </body></html>
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:
>>>>>>>> Hi,
>>>>>>>> 
>>>>>>>> I added your server. My line to add:
>>>>>>>> 
>>>>>>>> keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski 
>>>>>>>> <address@hidden>
>>>>>>>> 
>>>>>>>> Rgds,
>>>>>>>> 
>>>>>>>> Jerzy Ko?osowski
>>>>>>>> 
>>>>>>>> Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik 
>>>>>>>> pisze:
>>>>>>>>> Hi everyone,
>>>>>>>>> 
>>>>>>>>> I've just configured sks 1.1.1 (default on Ubuntu)
>>>>>>>>> on sks-server.randala.com. The machine has IPv6
>>>>>>>>> but SKS has not yet been assigned an address. I
>>>>>>>>> wonder, is there an advantage (e.g. in terms of
>>>>>>>>> peering)? The server is located in Germany/EU. For
>>>>>>>>> now I'm deploying
>>>>>>>> the
>>>>>>>>> server for R&D as a proxy for my private server 
>>>>>>>>> (behind my ISPs randomized NAT).
>>>>>>>>> 
>>>>>>>>> You may contact me if you have further questions or
>>>>>>>>>  for any issues, operational or otherwise.
>>>>>>>>> 
>>>>>>>>> Loaded from: http://keys.niif.hu/keydump/ 
>>>>>>>>> [2014-03-31? ... köszönöm] Loaded: 3583821 keys
>>>>>>>>> 
>>>>>>>>> Line to add to /etc/sks/membership
>>>>>>>>> 
>>>>>>>>> sks-server.randala.com 11370
>>>>>>>>> 
>>>>>>>>> Thank you.
>>>>>>>>> 
>>>>>>>>> Martin
>>>>>>>>> 
>>>>>>>>> _______________________________________________ 
>>>>>>>>> Sks-devel mailing list address@hidden 
>>>>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> 
_______________________________________________
>>>>>>>>> Sks-devel mailing list address@hidden 
>>>>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>> 
_______________________________________________ Sks-devel
>>>>>>> mailing list address@hidden 
>>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>>> 
>>>>> 
>>>>> _______________________________________________ Sks-devel 
>>>>> mailing list address@hidden 
>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>> 
>>>> 
>>>> _______________________________________________ Sks-devel 
>>>> mailing list address@hidden 
>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>> 
>> 
>>> _______________________________________________ Sks-devel 
>>> mailing list address@hidden 
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>> 
>> 
>> 
>> _______________________________________________ Sks-devel
>> mailing list address@hidden 
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>> 
> 
> _______________________________________________ Sks-devel mailing
> list address@hidden 
> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTQVFHAAoJELsEaSRwbVYreEgP/2IPCUvwaDC6RbREInoXLUSw
csQh7EpiC9Y9px8qs9K+8HsS4AWEhumB/0STsCUjVDUydZgTGAkhVZg3dSSjRlmK
CdmAtU7+lCd1kjQDw7yWFrwKzptJIstzCyQKGsbb14rtMG+sG2fZ2zr/NHgQqaIE
H4XYwk/WI0XLAHpqO9nEfs+NR5vnyTTVx11tvGprHDBfWkVmJ9RVejqM0Cwd1FXN
g30Q4wj6y0HmkIZQb3BwdwUYcdA5V7cJrinbRHAE28q4ZjmyhayiCyWurTnUfJ8A
reAvyV+KfcyDsIutXPi+y8UINYVMjsC7OItSUNQouDrG97loi4Mx/FdDQjH5XQf0
3q2O7QaXchNlh2p1u2qn7A0A9UUdKrLp09SSYfGa4+ncYYTv+xZhGoB5mvoZRe6J
WQJ0bXNDMwRw3lG4660AqyaZHKTj334oBEmaveodU8L44JW7tJiSM+j7YjcfTdgy
VYtc8qGbLD5O3nH9hanbTsJq+43GXOX5Yv2d9aLvY757etYT0ayK4ebqnzUwV152
IOLeFHqT5jbGbyoaVcidyhHVilq+h8d9CTGzXf0wkcMIQo4n0wUhn3v5Z7oXnaNu
662wRyGEhJPeGzVkFRX0pW5rXZ3gnR1IyGBWk6abHprfxsl1rNxqDY3TlduY96T1
/ec2mwPyGRq1It+42/KB
=fSwK
-----END PGP SIGNATURE-----