[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] SKS peering request [sks-server.randala.com]
From: |
Tobias Frei |
Subject: |
Re: [Sks-devel] SKS peering request [sks-server.randala.com] |
Date: |
Sun, 06 Apr 2014 14:26:57 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 |
Hi,
I don't really see why upgrading to the next stable release would make
you a "test-case", but I'm also already running 14.04 on my webserver,
so I might be the wrong person to ask about this. :D
If it helps (maybe the new libc version isn't required), you might
want to download this package too:
http://freiwuppertal.de/libdb5.3_5.3.28-3ubuntu2_amd64.deb
I can also provide other current .deb files on request.
Best regards,
Tobias Frei
Am 06.04.2014 12:49, schrieb Martin Papik:
>
> I am using the latest stable LTS, unfortunately, ubuntu LTS
> matures slowly and I've been bitten with premature dist-upgrades.
> I'll choose waiting over being a test-case. At least on anything
> that's exposed to the internet.
>
> # wget http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb #
> dpkg -i sks_1.1.4-2.1ubuntu1_amd64.deb (Reading database ... 97126
> files and directories currently installed.) Preparing to replace
> sks 1.1.1+dpkgv3-7ubuntu0.3 (using sks_1.1.4-2.1ubuntu1_amd64.deb)
> ... Stopping sks daemons: sksrecon.. sksdb.. done. Unpacking
> replacement sks ... dpkg: dependency problems prevent configuration
> of sks: sks depends on libdb5.3; however: Package libdb5.3 is not
> installed. dpkg: error processing sks (--install): dependency
> problems - leaving unconfigured Processing triggers for ureadahead
> ... Processing triggers for man-db ... Errors were encountered
> while processing: sks # cat /etc/lsb-release DISTRIB_ID=Ubuntu
> DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise
> DISTRIB_DESCRIPTION="Ubuntu 12.04.4 LTS"
>
> Doesn't seem to work, I tried adding "deb
> http://us.archive.ubuntu.com/ubuntu/ trusty main universe" to
> /etc/apt/sources.list, but just installing sks would replace libc,
> which basically means I might as well dist-upgrade, which I won't
> do just yet.
>
> PS in my personal experience with the last ubuntu LTS increment,
> it will be stable enough sometimes next year. Until then, I'm
> afraid I only have three options, compile from sources (headache,
> error prone, extra maintenance), wait for someone to backport 1.1.4
> on 10.4 or 12.4, or just leave it as 1.1.3.
>
> And my impression is that 1.1.3 is okay, a number of the servers
> visible on https://sks-keyservers.net/status/ are 1.1.3, and so
> far the only difference I came across is that 1.1.3 doesn't export
> server contact, which doesn't bother me overly. Is there a better
> reason to upgrade?
>
> Martin
>
> On 04/06/2014 12:07 PM, Tobias Frei wrote:
>> Hi,
>
>> if you'd be using the latest Ubuntu, you would probably also have
>> access to the newest SKS version in the repositories. ;-)
>
>> Ubuntu 14.04 LTS will come out soon; upgrading to that should
>> give you 1.1.4.
>
>
>> If your server is running on amd64, you can use this .deb for
>> now, if you want to:
>> http://freiwuppertal.de/sks_1.1.4-2.1ubuntu1_amd64.deb
>
>
>
>> Best regards, Tobias Frei
>
>
>> Am 05.04.2014 16:17, schrieb Martin Papik:
>>>
>>> Thank you, I've upgraded to 1.1.3, although why Ubuntu didn't
>>> install that one without an explicit parameter boggles me a
>>> bit. Oh well. Is that sufficient, or will I have to install the
>>> very latest from source?
>>>
>>> The web server is enabled, there's just no main page in the
>>> directory yet.
>>>
>>> I see "Error fetching key from hash **** : Not_found" messages
>>> in the log though, is this normal? The hashes update, so I'm
>>> not overly worried, just want to know if this is normal.
>>>
>>> Anyway, thanks again for taking the time to assist me.
>>>
>>> Martin
>>>
>>> On 04/05/2014 04:38 PM, BluKeyserver wrote: Hi Martin,
>>>
>>> Quoting from
>>> https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
>>>
>>> 'Versions prior to 1.1.2 have a severe interoperability bug
>>> (POST requests for exchanging keys are HTTP/0.9, does not work
>>> with modern setups having reverse HTTP proxies in front as a
>>> best practice.'
>>>
>>> Perhaps it's a time to ditch the 1.1.1 and try to compile 1.1.4
>>> instead ?
>>>
>>> Also, I have noticed, that you did not enable the built-in www
>>> server:
>>>
>>> 'Page not found: /var/lib/sks/www/index.html'
>>>
>>> Regards, H.Storm [TheBluProject]
>>>
>>> On 05/04/2014 07:52, Martin Papik wrote:
>>>>>> Thank you very much Jerzy, however I'm facing some
>>>>>> problems. I wonder if you have any insight. I'm new to
>>>>>> sks, but it seems to me that there might be an apache
>>>>>> proxy intercepting the connections and interfering
>>>>>> somehow. I don't see my server in
>>>>>> http://keyserver.kolosowscy.pl:11371/pks/lookup?op=stats,
>>>>>>
>>>>>>
but the sks servers are talking to each other on 11370 so
>>>>>> I'm assuming there's some kind of asymmetric setup.
>>>>>>
>>>>>> Any help would be appreciated.
>>>>>>
>>>>>> Martin
>>>>>>
>>>>>> In the log I see (after incrementing http_fetch_size to
>>>>>> 1000 to reduce the number of entries).
>>>>>>
>>>>>> 2014-04-05 08:43:40 address for
>>>>>> keyserver.kolosowscy.pl:11370 changed from [] to
>>>>>> [<ADDR_INET [176.241.243.15]:11370>, <ADDR_INET
>>>>>> [2002:b0f1:f30f::1]:11370>] 2014-04-05 08:44:06 6064
>>>>>> hashes recovered from <ADDR_INET [176.241.243.15]:11371>
>>>>>> 2014-04-05 08:44:11 Requesting 1000 missing keys from
>>>>>> <ADDR_INET [176.241.243.15]:11371>, starting with
>>>>>> 0005AB14802673F046EC31CC93AC36DC 2014-04-05 08:44:11
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET
>>>>>> [176.241.243.15]:11371>, starting with
>>>>>> 29DF15D7EF250667DE9012CDF6891CE7 2014-04-05 08:44:11
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET
>>>>>> [176.241.243.15]:11371>, starting with
>>>>>> 54ABD9C187E4555DB2377ABFCD29D8B8 2014-04-05 08:44:11
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET
>>>>>> [176.241.243.15]:11371>, starting with
>>>>>> 7E819BE55160DDBD06E480F74F1D6017 2014-04-05 08:44:11
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>> 08:44:11 Requesting 1000 missing keys from <ADDR_INET
>>>>>> [176.241.243.15]:11371>, starting with
>>>>>> A7E5518397DB6A961E9FB8B59C1391D6 2014-04-05 08:44:11
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>> 08:44:12 Requesting 1000 missing keys from <ADDR_INET
>>>>>> [176.241.243.15]:11371>, starting with
>>>>>> D348A85B40F5C08C3CA2E9AB09EF2CB0 2014-04-05 08:44:12
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">") 2014-04-05
>>>>>> 08:44:12 Requesting 64 missing keys from <ADDR_INET
>>>>>> [176.241.243.15]:11371>, starting with
>>>>>> FD40B34ECD8971CFCECF9E79D48772F0 2014-04-05 08:44:12
>>>>>> Error getting missing keys: Failure("<!DOCTYPE HTML
>>>>>> PUBLIC \"-//IETF//DTD HTML 2.0//EN\">")
>>>>>>
>>>>>> The tcpdump output contains (looks like HTTP 0.9, no host
>>>>>> header in the request, no HTTP headers in the
>>>>>> response).
>>>>>>
>>>>>> Request to 176.241.243.15:11371
>>>>>>
>>>>>> POST /pks/hashquery content-length: 24
>>>>>>
>>>>>> Response from 176.241.243.15:11371
>>>>>>
>>>>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>>>>>> <html><head> <title>502 Proxy Error</title> </head><body>
>>>>>> <h1>Proxy Error</h1> <p>The proxy server received an
>>>>>> invalid response from an upstream server.<br /> The
>>>>>> proxy server could not handle the request <em><a
>>>>>> href="/pks/hashquery">POST /pks/hashquery</a></em>.<p>
>>>>>>
>>>>>>
>
>>>>>>
Reason: <strong>Error reading from remote
>>>>>> server</strong></p></p> <hr> <address>Apache Server at
>>>>>> keyserver.kolosowscy.pl Port 80</address> </body></html>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 04/05/2014 04:21 AM, Jerzy Ko?osowski wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I added your server. My line to add:
>>>>>>>
>>>>>>> keyserver.kolosowscy.pl 11370 # Jerzy Kolosowski
>>>>>>> <address@hidden>
>>>>>>>
>>>>>>> Rgds,
>>>>>>>
>>>>>>> Jerzy Ko?osowski
>>>>>>>
>>>>>>> Dnia ?roda, 2 kwietnia 2014 05:50:52 Martin Papik
>>>>>>> pisze:
>>>>>>>> Hi everyone,
>>>>>>>>
>>>>>>>> I've just configured sks 1.1.1 (default on Ubuntu) on
>>>>>>>> sks-server.randala.com. The machine has IPv6 but
>>>>>>>> SKS has not yet been assigned an address. I wonder,
>>>>>>>> is there an advantage (e.g. in terms of peering)?
>>>>>>>> The server is located in Germany/EU. For now I'm
>>>>>>>> deploying
>>>>>>> the
>>>>>>>> server for R&D as a proxy for my private server
>>>>>>>> (behind my ISPs randomized NAT).
>>>>>>>>
>>>>>>>> You may contact me if you have further questions or
>>>>>>>> for any issues, operational or otherwise.
>>>>>>>>
>>>>>>>> Loaded from: http://keys.niif.hu/keydump/
>>>>>>>> [2014-03-31? ... köszönöm] Loaded: 3583821 keys
>>>>>>>>
>>>>>>>> Line to add to /etc/sks/membership
>>>>>>>>
>>>>>>>> sks-server.randala.com 11370
>>>>>>>>
>>>>>>>> Thank you.
>>>>>>>>
>>>>>>>> Martin
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Sks-devel mailing list address@hidden
>>>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Sks-devel mailing list address@hidden
>>>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>>
>>>>>>
>>>>>> _______________________________________________ Sks-devel
>>>>>> mailing list address@hidden
>>>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>>>>
>>>>
>>>> _______________________________________________ Sks-devel
>>>> mailing list address@hidden
>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>
>>>
>>> _______________________________________________ Sks-devel
>>> mailing list address@hidden
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>
>
>> _______________________________________________ Sks-devel
>> mailing list address@hidden
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
>
>
> _______________________________________________ Sks-devel mailing
> list address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>
- [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/02
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Jerzy Kołosowski, 2014/04/04
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/05
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], BluKeyserver, 2014/04/05
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/05
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Tobias Frei, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com],
Tobias Frei <=
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Phil Pennock, 2014/04/07
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/06
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Kristian Fiskerstrand, 2014/04/07
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Martin Papik, 2014/04/08
- Re: [Sks-devel] SKS peering request [sks-server.randala.com], Kristian Fiskerstrand, 2014/04/09