[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] SKS peering request [sks-server.randala.com]
From: |
Martin Papik |
Subject: |
Re: [Sks-devel] SKS peering request [sks-server.randala.com] |
Date: |
Sun, 06 Apr 2014 16:06:31 +0300 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is why libc is required, I've tried to use sks-1.1.4 from trusty
already, same set of dependencies. And as before, if I'm going to
update libc, I might as well do a full dist upgrade.
# dpkg -i libdb5.3_5.3.28-3ubuntu2_amd64.deb
(Reading database ... 97168 files and directories currently installed.)
Preparing to replace libdb5.3 5.3.28-3ubuntu2 (using
libdb5.3_5.3.28-3ubuntu2_amd64.deb) ...
Unpacking replacement libdb5.3 ...
dpkg: dependency problems prevent configuration of libdb5.3:
libdb5.3 depends on libc6 (>= 2.17); however:
Version of libc6 on system is 2.15-0ubuntu10.5.
dpkg: error processing libdb5.3 (--install):
dependency problems - leaving unconfigured
Errors were encountered while processing:
libdb5.3
https://help.ubuntu.com/ -- stable is 13.10, stable LTS is 12.04,
14.04 is devel, meaning not stable :-)
And as I said, my prior experiences are full of grief with premature
dist-upgrades. And I read somewhere on the internets that dist-upgrade
isn't supposed to be "stable" until about 14.04.1.
So, yeah, I may play with 14.04, but not on production machines.
Unless there is a compelling reason. Is there? Is there a really good
reason to move from 1.1.3 to 1.1.4?
Martin
On 04/06/2014 03:26 PM, Tobias Frei wrote:
> Hi,
>
> I don't really see why upgrading to the next stable release would
> make you a "test-case", but I'm also already running 14.04 on my
> webserver, so I might be the wrong person to ask about this. :D
>
> If it helps (maybe the new libc version isn't required), you might
> want to download this package too:
> http://freiwuppertal.de/libdb5.3_5.3.28-3ubuntu2_amd64.deb
>
> I can also provide other current .deb files on request.
>
>
> Best regards, Tobias Frei
>
>
> Am 06.04.2014 12:49, schrieb Martin Papik:
>>
>> I am using the latest stable LTS, unfortunately, ubuntu LTS
>> matures slowly and I've been bitten with premature
>> dist-upgrades. I'll choose waiting over being a test-case. At
>> least on anything that's exposed to the internet.
>>
>> # wget http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb #
>> dpkg -i sks_1.1.4-2.1ubuntu1_amd64.deb (Reading database ...
>> 97126 files and directories currently installed.) Preparing to
>> replace sks 1.1.1+dpkgv3-7ubuntu0.3 (using
>> sks_1.1.4-2.1ubuntu1_amd64.deb) ... Stopping sks daemons:
>> sksrecon.. sksdb.. done. Unpacking replacement sks ... dpkg:
>> dependency problems prevent configuration of sks: sks depends on
>> libdb5.3; however: Package libdb5.3 is not installed. dpkg: error
>> processing sks (--install): dependency problems - leaving
>> unconfigured Processing triggers for ureadahead ... Processing
>> triggers for man-db ... Errors were encountered while processing:
>> sks # cat /etc/lsb-release DISTRIB_ID=Ubuntu
>> DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise
>> DISTRIB_DESCRIPTION="Ubuntu 12.04.4 LTS"
>>
>> Doesn't seem to work, I tried adding "deb
>> http://us.archive.ubuntu.com/ubuntu/ trusty main universe" to
>> /etc/apt/sources.list, but just installing sks would replace
>> libc, which basically means I might as well dist-upgrade, which I
>> won't do just yet.
>>
>> PS in my personal experience with the last ubuntu LTS increment,
>> it will be stable enough sometimes next year. Until then, I'm
>> afraid I only have three options, compile from sources
>> (headache, error prone, extra maintenance), wait for someone to
>> backport 1.1.4 on 10.4 or 12.4, or just leave it as 1.1.3.
>>
>> And my impression is that 1.1.3 is okay, a number of the servers
>> visible on https://sks-keyservers.net/status/ are 1.1.3, and so
>> far the only difference I came across is that 1.1.3 doesn't
>> export server contact, which doesn't bother me overly. Is there a
>> better reason to upgrade?
>>
>> Martin
>>
>> On 04/06/2014 12:07 PM, Tobias Frei wrote:
>>> Hi,
>>
>>> if you'd be using the latest Ubuntu, you would probably also
>>> have access to the newest SKS version in the repositories. ;-)
>>
>>> Ubuntu 14.04 LTS will come out soon; upgrading to that should
>>> give you 1.1.4.
>>
>>
>>> If your server is running on amd64, you can use this .deb for
>>> now, if you want to:
>>> http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb
>>
>>
>>
>>> Best regards, Tobias Frei
>>
>>
>>> Am 05.04.2014 16:17, schrieb Martin Papik:
>>>>
>>>> Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't
>>>> install that one without an explicit parameter boggles me a
>>>> bit. Oh well. Is that sufficient, or will I have to install
>>>> the very latest from source?
>>>>
>>>> The web server is enabled, there's just no main page in the
>>>> directory yet.
>>>>
>>>> I see "Error fetching key from hash **** : Not_found"
>>>> messages in the log though, is this normal? The hashes
>>>> update, so I'm not overly worried, just want to know if this
>>>> is normal.
>>>>
>>>> Anyway, thanks again for taking the time to assist me.
>>>>
>>>> Martin
>>>>
>>>> On 04/05/2014 04:38 PM, BluKeyserver wrote: Hi Martin,
>>>>
>>>> Quoting from
>>>> https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
>>>>
>>>>
>>>>
'Versions prior to 1.1.2 have a severe interoperability bug
>>>> (POST requests for exchanging keys are HTTP/0.9, does not
>>>> work with modern setups having reverse HTTP proxies in front
>>>> as a best practice.'
>>>>
>>>> Perhaps it's a time to ditch the 1.1.1 and try to compile
>>>> 1.1.4 instead ?
>>>>
>>>> Also, I have noticed, that you did not enable the built-in
>>>> www server:
>>>>
>>>> 'Page not found: /var/lib/sks/www/index.html'
>>>>
>>>> Regards, H.Storm [TheBluProject]
>>>>
>>>> On 05/04/2014 07:52, Martin Papik wrote:
>>>>>>> Thank you very much Jerzy, however I'm facing some
>>>>>>> problems. I wonder if you have any insight. I'm new to
>>>>>>> sks, but it seems to me that there might be an apache
>>>>>>> proxy intercepting the connections and interfering
>>>>>>> somehow. I don't see my server in
>>>>>>> http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats,
>>>>>>>
>>>>>>>
>
>>>>>>>
but the sks servers are talking to each other on 11370 so
>>>>>>> I'm assuming there's some kind of asymmetric setup.
>>>>>>>
>>>>>>> Any help would be appreciated.
>>>>>>>
>>>>>>> Martin
>>>>>>>
>>>>>>> In the log I see (after incrementing http_fetch_size
>>>>>>> to 1000 to reduce the number of entries).
>>>>>>>
>>>>>>> 2014-04-05 08:43:40 address for
>>>>>>> keyserver.kolosowscy.pl:11370 changed from [] to
>>>>>>> [<ADDR_INET [176.241.243.15]:11370>, <ADDR_INET
>>>>>>> [2002:b0f1:f30f::1]:11370>] 2014-04-05 08:44:06 6064
>>>>>>> hashes recovered from <ADDR_INET
>>>>>>> [176.241.243.15]:11371> 2014-04-05 08:44:11 Requesting
>>>>>>> 1000 missing keys from <ADDR_INET
>>>>>>> [176.241.243.15]:11371>, starting with
>>>>>>> 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET
>>>>>>> [176.241.243.15]:11371>, starting with
>>>>>>> 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET
>>>>>>> [176.241.243.15]:11371>, starting with
>>>>>>> 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET
>>>>>>> [176.241.243.15]:11371>, starting with
>>>>>>> 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET
>>>>>>> [176.241.243.15]:11371>, starting with
>>>>>>> A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>>> 08:44:12 Requesting 1000 missing keys from <ADDR_INET
>>>>>>> [176.241.243.15]:11371>, starting with
>>>>>>> D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>>> 08:44:12 Requesting 64 missing keys from <ADDR_INET
>>>>>>> [176.241.243.15]:11371>, starting with
>>>>>>> FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12
>>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">")
>>>>>>>
>>>>>>> The tcpdump output contains (looks like HTTP 0.9, no
>>>>>>> host header in the request, no HTTP headers in the
>>>>>>> response).
>>>>>>>
>>>>>>> Request to 176.241.243.15:11371
>>>>>>>
>>>>>>> POST /pks/hashquery content-length: 24
>>>>>>>
>>>>>>> Response from 176.241.243.15:11371
>>>>>>>
>>>>>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>>>>>>> <html><head> <title>502 Proxy Error</title>
>>>>>>> </head><body> <h1>Proxy Error</h1> <p>The proxy server
>>>>>>> received an invalid response from an upstream
>>>>>>> server.<br /> The proxy server could not handle the
>>>>>>> request <em><a
>>>>>>> href="/pks/hashquery">POST /pks/hashquery</a></em>.<p>
>>>>>>>
>>>>>>>
>>
>>>>>>>
>
>>>>>>>
Reason: <strong>Error reading from remote
>>>>>>> server</strong></p></p> <hr> <address>Apache Server at
>>>>>>> keyserver.kolosowscy.pl Port 80</address>
>>>>>>> </body></html>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I added your server. My line to add:
>>>>>>>>
>>>>>>>> keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski
>>>>>>>> <address@hidden>
>>>>>>>>
>>>>>>>> Rgds,
>>>>>>>>
>>>>>>>> Jerzy Ko?osowski
>>>>>>>>
>>>>>>>> Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik
>>>>>>>> pisze:
>>>>>>>>> Hi everyone,
>>>>>>>>>
>>>>>>>>> I've just configured sks 1.1.1 (default on Ubuntu)
>>>>>>>>> on sks-server.randala.com. The machine has IPv6
>>>>>>>>> but SKS has not yet been assigned an address. I
>>>>>>>>> wonder, is there an advantage (e.g. in terms of
>>>>>>>>> peering)? The server is located in Germany/EU. For
>>>>>>>>> now I'm deploying
>>>>>>>> the
>>>>>>>>> server for R&D as a proxy for my private server
>>>>>>>>> (behind my ISPs randomized NAT).
>>>>>>>>>
>>>>>>>>> You may contact me if you have further questions or
>>>>>>>>> for any issues, operational or otherwise.
>>>>>>>>>
>>>>>>>>> Loaded from: http://keys.niif.hu/keydump/
>>>>>>>>> [2014-03-31? ... köszönöm] Loaded: 3583821 keys
>>>>>>>>>
>>>>>>>>> Line to add to /etc/sks/membership
>>>>>>>>>
>>>>>>>>> sks-server.randala.com 11370
>>>>>>>>>
>>>>>>>>> Thank you.
>>>>>>>>>
>>>>>>>>> Martin
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Sks-devel mailing list address@hidden
>>>>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
_______________________________________________
>>>>>>>>> Sks-devel mailing list address@hidden
>>>>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>>
_______________________________________________ Sks-devel
>>>>>>> mailing list address@hidden
>>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>>>
>>>>>
>>>>> _______________________________________________ Sks-devel
>>>>> mailing list address@hidden
>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>
>>>>
>>>> _______________________________________________ Sks-devel
>>>> mailing list address@hidden
>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>
>>
>>> _______________________________________________ Sks-devel
>>> mailing list address@hidden
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>
>>
>>
>> _______________________________________________ Sks-devel
>> mailing list address@hidden
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>
>
> _______________________________________________ Sks-devel mailing
> list address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTQVFHAAoJELsEaSRwbVYreEgP/2IPCUvwaDC6RbREInoXLUSw
csQh7EpiC9Y9px8qs9K+8HsS4AWEhumB/0STsCUjVDUydZgTGAkhVZg3dSSjRlmK
CdmAtU7+lCd1kjQDw7yWFrwKzptJIstzCyQKGsbb14rtMG+sG2fZ2zr/NHgQqaIE
H4XYwk/WI0XLAHpqO9nEfs+NR5vnyTTVx11tvGprHDBfWkVmJ9RVejqM0Cwd1FXN
g30Q4wj6y0HmkIZQb3BwdwUYcdA5V7cJrinbRHAE28q4ZjmyhayiCyWurTnUfJ8A
reAvyV+KfcyDsIutXPi+y8UINYVMjsC7OItSUNQouDrG97loi4Mx/FdDQjH5XQf0
3q2O7QaXchNlh2p1u2qn7A0A9UUdKrLp09SSYfGa4+ncYYTv+xZhGoB5mvoZRe6J
WQJ0bXNDMwRw3lG4660AqyaZHKTj334oBEmaveodU8L44JW7tJiSM+j7YjcfTdgy
VYtc8qGbLD5O3nH9hanbTsJq+43GXOX5Yv2d9aLvY757etYT0ayK4ebqnzUwV152
IOLeFHqT5jbGbyoaVcidyhHVilq+h8d9CTGzXf0wkcMIQo4n0wUhn3v5Z7oXnaNu
662wRyGEhJPeGzVkFRX0pW5rXZ3gnR1IyGBWk6abHprfxsl1rNxqDY3TlduY96T1
/ec2mwPyGRq1It+42/KB
=fSwK
-----END PGP SIGNATURE-----
- [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/02
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Jerzy Kołosowski, 2014/04/04
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/05
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], BluKeyserver, 2014/04/05
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/05
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Tobias Frei, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Tobias Frei, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com],
Martin Papik <=
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Phil Pennock, 2014/04/07
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Kristian Fiskerstrand, 2014/04/07
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/08
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Kristian Fiskerstrand, 2014/04/09