James Cloos | 3 Aug 16:59 2015
Face

Hockeypuck pg dump ?

Is anyone who runs hockeypuck with postgress willing to provide a
pg_dump of the hockeypuck db?

I'd like to see how resource-intensive it is, from the db perspective.

If so, please use the --create (and perhaps --clean) option(s) when
running pg_dump.

And --format and and compression will do.

Thanks,

-JimC
--

-- 
James Cloos <cloos@...>         OpenPGP: 0x997A9F17ED7DAEA6

Daniel Roesler | 3 Aug 06:57 2015
Picon

Syncing Keybase to SKS


Howdy all,

I have been working on project to sync Keybase and the SKS
keyserver pool. As I'm sure many of you know, Keybase has
seen a fair amount of adoption, and I'd like to make sure
those users' public keys are available to be found when you
run gpg --recv-key. Hopefully, the result will be to keep the
the user-friendliness of Keybase while still making their
public keys backward compatible and available to gpg.

Luckily, Keybase uses a merkel tree, so it will be fairly
straightforward to scan the tree and find the public keys
that are missing from the keyserver pool. There's about
47k total public keys, and I'm assuming about half will be
new keys to sks (will post again with exact figures once
my script is fully operational).

My question is how should I insert the missing keys into
the pool? Should I submit them to my keyserver and let
them spread over gossip, or should I just POST them to
the round robin domain to spread the inserting around?
How long of a period of time should I take to insert ~20k
public keys?

After the intial sync, it shouldn't be hard to update in
an ongoing basis. I plan on doing the initial sync
sometime later this fall or early winter.

Hooray for more user-friendly public key infrastructure!
(Continue reading)

Brian Minton | 3 Aug 00:44 2015

pgp.kama.gs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I've been seeing some gossip traffic from pgp.kama.gs.  I don't mind
peering with them (in fact I've added them to my membership file), but
they don't seem to be synchronizing to the network.

thanks,
Brian Minton

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (NetBSD)

iF4EAREIAAYFAlW+nQsACgkQa46zoGXPuqmQ5wD8Dg92SGKH5EVWGLW9XVMPDqVn
IKSfcFE1WTSBHUc24a4A/3z0NmkYcsvo+IAkFFCDHzV4zd8+XPAWQ8ZqmfVtFw+C
=cbLF
-----END PGP SIGNATURE-----

<div><div dir="ltr">
<div>-----BEGIN PGP SIGNED MESSAGE-----</div>
<div>Hash: SHA256</div>
<div><br></div>
<div>I've been seeing some gossip traffic from <a href="http://pgp.kama.gs">pgp.kama.gs</a>.&nbsp; I don't mind</div>
<div>peering with them (in fact I've added them to my membership file), but</div>
<div>they don't seem to be synchronizing to the network.</div>
<div><br></div>
<div>thanks,</div>
<div>Brian Minton</div>
<div><br></div>
<div>-----BEGIN PGP SIGNATURE-----</div>
<div>Version: GnuPG v1.4.12 (NetBSD)</div>
<div><br></div>
<div>iF4EAREIAAYFAlW+nQsACgkQa46zoGXPuqmQ5wD8Dg92SGKH5EVWGLW9XVMPDqVn</div>
<div>IKSfcFE1WTSBHUc24a4A/3z0NmkYcsvo+IAkFFCDHzV4zd8+XPAWQ8ZqmfVtFw+C</div>
<div>=cbLF</div>
<div>-----END PGP SIGNATURE-----</div>
<div><br></div>
</div></div>
malte | 2 Aug 21:33 2015

Re: keys.enteig.net up again


> If you're interested in peering with my hockeypuck setup, I'd love to 
> peer
> with you. The address is keyserver2.brian.minton.name port 11370 for 
> recon
> and port 11371 for hkp traffic. The only requirement is that my 
> server is
> ipv6 only, so you have to have ipv6.
>
> I'm using hockeypuck 2 with the PostgreSQL database and so far, I've 
> been
> really happy with it.

Just the fact, that it has a nice looking web interface and Postgres 
makes it for me.

I added you to my hockeypuck.conf. Do you know how to reload the server 
config without stopping it? Are there systemd unit files out there?

Sincerely,

Malte

malte | 2 Aug 15:08 2015

keys.enteig.net (not really) up again

hi,

after the usb stick witch the database died (who would have seen that 
coming) it took me some time to get everything into place again.

I'm running hockeypuck with PostgreSQL now and the HKP part works fine.

But gossiping does not work.

The errors I get:

ERRO[0381] recon with 198.98.52.48:11370 failed          
error=[{/home/hockeypuck/packaging/src/gopkg.in/hockeypuck/conflux.v2/recon/gossip.go:115: 
} 
{/home/hockeypuck/packaging/src/gopkg.in/hockeypuck/conflux.v2/recon/peer.go:473: 
} {filters do not match.
         local filters: [ yminsky.dedup yminsky.merge ]
         remote filters: [ yminsky.dedup ]} {remote rejected 
configuration}] label=gossip :11370

My hockeypuck.conf:

[hockeypuck]
contact="0x0CC576E9703E1DDC"
hostname="keys.enteig.net"
logfile="/home/hockeypuck/hockeypuck.log"
loglevel="INFO"
indexTemplate="/home/hockeypuck/packaging/instroot/var/lib/hockeypuck/templates/index.html.tmpl"
vindexTemplate="/home/hockeypuck/packaging/instroot/var/lib/hockeypuck/templates/index.html.tmpl"
statsTemplate="/home/hockeypuck/packaging/instroot/var/lib/hockeypuck/templates/stats.html.tmpl"
webroot="/home/hockeypuck/packaging/instroot/var/lib/hockeypuck/www"

[hockeypuck.hkp]
bind=":11371"

[hockeypuck.openpgp.db]
driver="postgres-jsonb"
dsn="dbname=hockeypuckdb host=/var/run/postgresql port=5432 
user=hockeypuckuser sslmode=disable"

[hockeypuck.conflux.recon]
httpAddr=":11371"
reconAddr=":11370"
filters=["yminsky.dedup"]

[hockeypuck.conflux.recon.leveldb]

path="/home/hockeypuck/tree"

[hockeypuck.conflux.recon.partner.peer1]
httpAddr="keyserver.brian.minton.name:11371"
reconAddr="keyserver.brian.minton.name:11370"

[hockeypuck.conflux.recon.partner.peer2]
httpAddr="keys.nerds.lu:11371"
reconAddr="keys.nerds.lu:11370"

[and so on...]

Any ideas how to fix that?

Sincerely,

Malte

Pascal Levasseur | 31 Jul 18:45 2015
Picon

Keyserver Stats Hourly Histogram upgrade cycle and cut hour

Hello,

It seems to me that the 'Hourly Histogram' displayed in the stats HTML
web page (/pks/lookup?op=stats) of the SKS server (1.1.5, Debian 8) is
updated only once in a day.

Is it a feature or a bug ?

Is the cut hour for the update of the 'Hourly Histogram' adjustable
somewhere in a conf file ?

For example :

- The 'Hourly Histogram' of my SKS server
(http://keyserver.bonus-communis-bibliotheca.eu:11371/pks/lookup?op=stats)
is updated only once in a day around 03:00 (UTC + 2)

- The 'Hourly Histogram' of the Fedora project SKS server
(keys.fedoraproject.org/pks/lookup?op=stats) is updated only once in a
day around 02:00 (UTC + 2)

Regards.

Pascal Levasseur

Hello,

It seems to me that the 'Hourly Histogram' displayed in the stats HTML
web page (/pks/lookup?op=stats) of the SKS server (1.1.5, Debian 8) is
updated only once in a day.

Is it a feature or a bug ?

Is the cut hour for the update of the 'Hourly Histogram' adjustable
somewhere in a conf file ?

For example :

- The 'Hourly Histogram' of my SKS server
(http://keyserver.bonus-communis-bibliotheca.eu:11371/pks/lookup?op=stats)
is updated only once in a day around 03:00 (UTC + 2)

- The 'Hourly Histogram' of the Fedora project SKS server
(keys.fedoraproject.org/pks/lookup?op=stats) is updated only once in a
day around 02:00 (UTC + 2)

Regards.

Pascal Levasseur

Mike Forbes | 31 Jul 01:05 2015
Picon

HKPS + ssl + nginx


Hi,

We've managed to get an HKPS cert from Kristian (thanks!)

So now begins the task of trying to make HKPS and SSL and SKS all work
together.

Currently we're serving up our main pgp pages with our own SSL cert
(https://pgp.net.nz)

If we were to serve this using the HKPS cert I imagine it would throw
a certificate warning for most people who haven't imported the
hkps.pool.sks-keyservers.net CA.

My question is, how have other people managed to get HKPS working
together with their own SSL certs?

Our nginx config pushes all requests on port 80 to 443, then has a
location section for /pks that points to the locally running sks
daemon on 127.0.0.1:11371

I'd love to hear how others have managed this.

Cheers,
--

-- 
Mike Forbes
System Administrator

NZRS Ltd.
M +64 21 999 416
P +64 4 555 0125

PGP: A2BB DF0B 311C 3C8F E1D7  5EEB DA03 46C0 D68F BF2E
Andrew Gallagher | 29 Jul 19:16 2015

peering request

Hi, all.

I'm setting up a new sks server at skspub.ward.ie and looking for peers.
This is a semi-experimental machine for the moment, but it promises to
behave (any experiments will break it, not you!).

It is running the packaged sks 1.1.5-3 from jessie. I have today's
mattrude.info dump loading into it now, and should be ready to go
tomorrow or Friday at the latest (depending on our DNS provider getting
around to the ticket in time, they're not very fast...).

skspub.ward.ie 11370 # Andrew Gallagher <andrewg@...>
0xFB73E21AF1163937

Thanks in advance.

Andrew.

Hi, all.

I'm setting up a new sks server at skspub.ward.ie and looking for peers.
This is a semi-experimental machine for the moment, but it promises to
behave (any experiments will break it, not you!).

It is running the packaged sks 1.1.5-3 from jessie. I have today's
mattrude.info dump loading into it now, and should be ready to go
tomorrow or Friday at the latest (depending on our DNS provider getting
around to the ticket in time, they're not very fast...).

skspub.ward.ie 11370 # Andrew Gallagher <andrewg@...>
0xFB73E21AF1163937

Thanks in advance.

Andrew.

Pascal Levasseur | 19 Jul 17:30 2015
Picon

Monit and Munin script for sks server

Hello all,

I would like first thanks Brian and Ramón for the help they provide to
me to set up my first SKS server.

I use to monitor my servers with both monit <https://mmonit.com/monit/>
and munin <http://munin-monitoring.org/>.

I searched in the list and on the Net and did not found control files
(monit) or plugins (munin) to monitor an sks server.

So I wrote a 3 lines quick and dirty control file for monit to start.

But before to reinvent the 'sks munin' wheel I would to know if some of
you have control files or scripts to share.

Best regards.

Pascal Levasseur

Hello all,

I would like first thanks Brian and Ramón for the help they provide to
me to set up my first SKS server.

I use to monitor my servers with both monit <https://mmonit.com/monit/>
and munin <http://munin-monitoring.org/>.

I searched in the list and on the Net and did not found control files
(monit) or plugins (munin) to monitor an sks server.

So I wrote a 3 lines quick and dirty control file for monit to start.

But before to reinvent the 'sks munin' wheel I would to know if some of
you have control files or scripts to share.

Best regards.

Pascal Levasseur

Christian Reiss | 13 Jul 22:50 2015
Picon

sks.alpha-labs.net

Hey folks,

I am currently migrating to a new OS and during that time
sks.alpha-labs.net will be DOWN. I expect it to be back up tomorrow.
Dear sync peers, have patience :)

Once the issue is resolved I will reply here.

-Christian.

-- 
 Christian Reiss - email@...         /"\  ASCII Ribbon
                   christian@...              \ /    Campaign
                                                     X   against HTML
 XMPP chris@...                          / \   in eMails
 WEB  christian-reiss.de, reiss.nrw

 GPG Retrieval http://gpg.christian-reiss.de
 GPG ID ABCD43C5, 0x44E29126ABCD43C5
 GPG fingerprint = 9549 F537 2596 86BA 733C  A4ED 44E2 9126 ABCD 43C5

 "It's better to reign in hell than to serve in heaven.",
                                          John Milton, Paradise lost.

Hey folks,

I am currently migrating to a new OS and during that time
sks.alpha-labs.net will be DOWN. I expect it to be back up tomorrow.
Dear sync peers, have patience :)

Once the issue is resolved I will reply here.

-Christian.

--

-- 
 Christian Reiss - email@...         /"\  ASCII Ribbon
                   christian@...              \ /    Campaign
                                                     X   against HTML
 XMPP chris@...                          / \   in eMails
 WEB  christian-reiss.de, reiss.nrw

 GPG Retrieval http://gpg.christian-reiss.de
 GPG ID ABCD43C5, 0x44E29126ABCD43C5
 GPG fingerprint = 9549 F537 2596 86BA 733C  A4ED 44E2 9126 ABCD 43C5

 "It's better to reign in hell than to serve in heaven.",
                                          John Milton, Paradise lost.

Michael Sinatra | 11 Jul 06:25 2015
Picon

sks.es.net down for the weekend

Hi,

I meant to send this earlier but I have been ill.

sks.es.net will is down for the weekend due to power work in the area in
which it resides.  It should be back up mid-day Sunday (US/Pacific time).

michael


Gmane