http://bugs.debian.org/667695 means that squeeze SKS servers currently
don't synchronize well with their peers, especially with their peers
that have adopted reverse HTTP proxies as a mechanism for high
availability (i.e. the peers that are more likely to actually get key
updates).
The fix to #667695 is trivial, already included in the next upstream
version, aand doesn't change the logic of SKS at all.
Since SKS is a network-facing process, it would be good to fix this to
be able to interoperate cleanly with other peers on the network.
I recommend including this fix in the next squeeze point release if it's
ok with the release team and the sks maintainers. A proposed debdiff is
attached; i'm running the resulting package in production on
keys.mayfirst.org, and it allows me to recon from peers that used to
reject my requests.
Please let me know if you'd like me to go ahead with an upload to
squeeze-proposed-updates.
Regards,
--dkg
diff -Nru sks-1.1.1+dpkgv3/debian/changelog sks-1.1.1+dpkgv3/debian/changelog --- sks-1.1.1+dpkgv3/debian/changelog 2010-10-25 12:12:09.000000000 -0400 +++ sks-1.1.1+dpkgv3/debian/changelog 2012-04-05 18:26:12.000000000 -0400 @@ -1,3 +1,9 @@ +sks (1.1.1+dpkgv3-6+squeeze1) squeeze-proposed-updates; urgency=low + + * SKS recon should emit standards-compliant POSTs (Closes: #667695) + + -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Thu, 05 Apr 2012 18:11:22 -0400 + sks (1.1.1+dpkgv3-6) unstable; urgency=high * fix to not really working fix for strip of bytecode (closes: 599029) diff -Nru sks-1.1.1+dpkgv3/debian/patches/520_fix_non-compliant_POST.patch sks-1.1.1+dpkgv3/debian/patches/520_fix_non-compliant_POST.patch --- sks-1.1.1+dpkgv3/debian/patches/520_fix_non-compliant_POST.patch 1969-12-31 19:00:00.000000000 -0500 +++ sks-1.1.1+dpkgv3/debian/patches/520_fix_non-compliant_POST.patch 2012-04-05 18:13:26.000000000 -0400 @@ -0,0 +1,11 @@ +--- sks-1.1.1/reconComm.ml 2009-03-25 22:14:44.000000000 -0400 ++++ sks-1.1.2/reconComm.ml 2011-10-01 08:23:23.000000000 -0400 +@@ -81,7 +81,7 @@ + let sout = Channel.new_buffer_outc 0 in + CMarshal.marshal_list ~f:CMarshal.marshal_string sout hashes; + let msg = sout#contents in +- cout#write_string "POST /pks/hashquery\r\n"; ++ cout#write_string "POST /pks/hashquery HTTP/1.0\r\n"; + cout#write_string (sprintf "content-length: %d\r\n\r\n" + (String.length msg)); + cout#write_string msg; diff -Nru sks-1.1.1+dpkgv3/debian/patches/series sks-1.1.1+dpkgv3/debian/patches/series --- sks-1.1.1+dpkgv3/debian/patches/series 2010-07-05 09:17:24.000000000 -0400 +++ sks-1.1.1+dpkgv3/debian/patches/series 2012-04-05 18:13:53.000000000 -0400 @@ -7,3 +7,4 @@ 509-content-types.patch 510-allowed-chars.patch 511_gcc44.patch +520_fix_non-compliant_POST.patch
Attachment:
pgpSPqf3UZGgy.pgp
Description: PGP signature