Re: New peers request

2019-11-21 Thread Keith Erekson 
I wrote a systemd service for the sks-recon service (installed from
Debian packages) that uses "Restart=always", and it seems to keep SKS
running well enough for now:

# sks-recon.service
[Unit]
Description=SKS Keyserver Recon
Wants=network.target network-online.target
After=network.target network-online.target

[Service]
Type=simple
Restart=always

ExecStartPre=-/bin/mkdir -p /var/run/sks
ExecStartPre=-/bin/chown debian-sks /var/run/sks
ExecStart=/usr/sbin/sks -stdoutlog recon

User=debian-sks
Group=debian-sks

TimeoutSec=300

[Install]
WantedBy=multi-user.target



On 11/21/19 11:08 AM, PGP wrote:
> Hi Skip,
>
> Why not use https://mmonit.com/monit/ ?
>
> Greetings,
> Melvin
>
> On 21/11/2019 17:04, Skip Carter wrote:
>> Christoph,
>>
>> You can peer with:  keyserver.taygeta.com 11370 #  s...@taygeta.com
>>
>> I have put you in my access list.
>>
>> But I must warn you that "Segmentation fault  /usr/sbin/sks db"
>> is a daily occurrence and I have to manually restart it, so at any
>> specific moment it might be down.  Keep trying, you will eventually
>> connect.
>>
>>
>> On Thu, 2019-11-21 at 09:47 +0100, Christoph Martin wrote:
>>> Hi,
>>>
>>> I got the keyserver pgp.uni-mainz.de up again. But now all my peers
>>> seam
>>> to be down.
>>>
>>> So, who is willing to peer with pgp.uni-mainz.de ?
>>>
>>> pgp.uni-mainz.de 11370  # sys...@uni-mainz.de
>>>
>>> Christoph



signature.asc
Description: OpenPGP digital signature

Re: [Sks-devel] Withdrawal of Service - keys.flanga.io

2018-11-16 Thread Keith Erekson 
Standard "I am not a lawyer" disclaimer applies, but it is my impression
(both from speaking to people who know more than I do about this, and
from reading article 17 of the GDPR) that the "right to be forgotten"
isn't necessarily absolute.

Meaning that if one were to receive such a request, and it is *not
possible* to remove the data, this doesn't automatically mean that the
only recourse is to shut down the service. Specifically, this language
is the part that catches my attention: "the controller, taking account
of available technology and the cost of implementation, shall take
reasonable steps, including technical measures, to inform controllers..."

Perhaps someone who has access to a lawyer could ask for clarification
on this? Speculation about what implications GDPR may or may not have
for the SKS network isn't especially productive, in my opinion. (I say
this as someone who might be shielded from liability by an employer's
legal counsel, however.)

Regarding the resource usage and/or instability of the SKS keyserver
itself, there are some of us who don't need to care about this,
thankfully ;-)

I maintain a keyserver in a VM at work, where its CPU/disk/bandwidth
usage are a proverbial drop in the bucket. As long as it keeps running
with minimal oversight on my part, I'm happy to provide this service.
The same applies to the mirrors that we operate.

Obviously this is a luxury and is not the case for many (most?) admins,
and I would never blame anyone for ceasing to volunteer their
resources/time for a project like this, but it is not necessarily a
problem for *all* of us that these issues have become (more) apparent in
the last year or so.

Just my two cents.

~Keith

On 11/15/18 6:50 PM, Moritz Wirth wrote:
> I asked to be allowed to share some more details, however the request
> was to remove/prevent indexing of 2 keys stored on our keyservers -
> including copies of ID's to verify the request as required by the
> european data protection law. Since it is not possible to prevent the
> indexing of data, I think the only possible way to handle this request
> is to shut them down. I don't see a reason to fight this - it is the
> right of someone to get his/her data removed so we are required to do
> this regardless of how crappy that law might be. If someone decides to
> ignore it, it's up on them.
>
> Am 16.11.18 um 00:31 schrieb Mike:
>
>> Fabian, im sure you can tell that nothings going to change :(
>>
>> But maybe these shutdowns in protest will provoke change, before its too 
>> late?
>>
>> On Thu, 15 Nov 2018 23:23:43 +
>> "Fabian A. Santiago"  wrote:
>>
>>> Wow! I’d love to see that as well.
>>>
>>> I just saw Kristian’s post with his email exchange. It’s a shame the 
>>> situation is going down like this. I do hope a proper solution can be found 
>>> so I and hopefully others can return to contributing to the network, should 
>>> the mode of operation dictate and stay this way.
>>>
>>> --
>>>
>>> Thanks,
>>>
>>> Fabian S.
>>>
>>> OpenPGP:
>>>
>>> 0x643082042DC83E6D94B86C405E3DAA18A1C22D8F
>>>
>>> On Thu, Nov 15, 2018 at 5:58 PM, Georg Faerber  wrote:
>>>
 Hi,

 On 18-11-15 23:56:07, Moritz Wirth wrote:
> keys.flanga.io will cease operation - we received a request to remove
> some keys and since we are unable to do this, we will shutdown all
> keyservers and erase all relevant databases immediately.
 Would it be possible to share this request, omitting sensitive details?

 Cheers,
 Georg
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel


signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] PTree may be corrupted kills recon service

2018-07-17 Thread Keith Erekson 
After the last time I trashed the DB/PTree and rebuilt from a downloaded
dump, I copied the sample "DB_CONFIG" file from the Debian package into
the DB dir, and haven't had any problems since then.

Total disk space used by SKS is ~21GB.

(Sample config is /usr/share/doc/sks/sampleConfig/DB_CONFIG)

~Keith

On 07/17/2018 04:52 AM, André Keller wrote:
> Hi all,
>
>
> On 12.07.2018 17:55, André Keller wrote:
>> On 11.07.2018 20:40, John Zaitseff wrote:
 for a few days I have an issue with the recon process on
 keys.communityrack.org:

 2018-07-02 15:17:53 Raising Sys.Break -- PTree may be corrupted:
 Failure("remove_from_node: attempt to delete non-existant element
 from prefix tree")
 2018-07-02 15:17:53 DB closed
>>> I saw the same thing happen.  I stopped SKS, dumped my existing keys
>>> to the dump directory ("/usr/sbin/sks dump 32768 /var/lib/sks/dump"),
>>> tweaked the /etc/sks/sksconf file to include "pagesize: 32" and
>>> "ptree_pagesize: 16", removed the DB and PTree directories, then
>>> rebuilt both:
>>>
>>>   /usr/sbin/sks build /var/lib/sks/dump/*.pgp -n 1 -cache 100
>>>   /usr/sbin/sks cleandb
>>>   /usr/sbin/sks pbuild -cache 50 -ptree_cache 100
>>>
>>> SKS restarted fine; so far so good!  I'll be keeping an eye on it
>>> over the next few days, so I'll report back as needed.
>> thank you for your reply, I have done that as-well and it is running
>> stable now since a few hours. Let's see for how long :-)
>>
> Unfortunately the issues is still not resolved. Is nobody else
> experiencing this?
>
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] disk full, keys.niif.hu crashed

2018-06-18 Thread Keith Erekson 
Just a heads up for anyone trying to rebuild from the dump on
keyserver.mattrude.com...

Looks like something went wrong with the export, as today's dump is only
4GB, but the day before is 11GB.

Compare the README.txt files:

http://keyserver.mattrude.com/dump/2018-06-17/README.txt

http://keyserver.mattrude.com/dump/2018-06-18/README.txt

~Keith


On 06/18/2018 05:57 AM, Paul M Furley wrote:
> I'm not sure if there's a better way, but I rebuilt. If you've forgotten
> how and you're on debian, the following gist might help you:
>
> https://gist.github.com/paulfurley/b901428d1702c613531147f7573757fd
>
> Kind regards,
>
> Paul
>
> On 18/06/18 10:47, Shengjing Zhu wrote:
>> Hi,
>>
>> My server disk is also fulled with logs.
>> I tried to run db_archive, but the command never returns.
>> So I deleted all the log.* file, now I can't start the sks.
>>
>> Is there anything I can do except rebuilding?
>>
>> Thanks
>> Shengjing Zhu
>>
>> ___
>> Sks-devel mailing list
>> Sks-devel@nongnu.org
>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>
>
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel



signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] disk full, keys.niif.hu crashed

2018-06-15 Thread Keith Erekson 
This has happened to my keyserver twice in the last two days. I assumed
it was some sort of malicious behavior, because it happened quite
suddenly both times and had the effect of a DoS. ;-)

For example, I have over 1700 binary log files like "log.002014",
each 10MB, created in the last 24 hours. (It would have kept going, but
the filesystem filled up.)

The timestamps show that often 30 or 40 of them are created in the same
minute.

~Keith


On 06/14/2018 11:54 PM, Kiss Gabor (Bitman) wrote:
> Yesterday at 18:15 (CEST) keys.niif.hu started to produce tons
> of logs in /var/lib/sks/DB. In less than 2 hours the 40 GB filesystem
> got fulfilled.
> Deleting files and restarting processes did not help:
>
> recon.log:
> 2018-06-15 05:50:09 Opening log
> 2018-06-15 05:50:09 sks_recon, SKS version 1.1.6
> 2018-06-15 05:50:09 Using BerkelyDB version 5.3.28
> 2018-06-15 05:50:09 Copyright Yaron Minsky 2002-2013
> 2018-06-15 05:50:09 Licensed under GPL.  See LICENSE file for details
> 2018-06-15 05:50:09 recon port: 11370
> 2018-06-15 05:50:09 Opening PTree database
> 2018-06-15 05:50:09 Setting up PTree data structure
> 2018-06-15 05:50:09 PTree setup complete
> 2018-06-15 05:50:09 Initiating catchup
> 2018-06-15 05:50:10 DB closed
>
> db.log:
> 2018-06-15 05:50:09 Opening log
> 2018-06-15 05:50:09 sks_db, SKS version 1.1.6
> 2018-06-15 05:50:09 Using BerkelyDB version 5.3.28
> 2018-06-15 05:50:09 Copyright Yaron Minsky 2002, 2003, 2004
> 2018-06-15 05:50:09 Licensed under GPL. See LICENSE file for details
> 2018-06-15 05:50:09 http port: 11371
> 2018-06-15 05:50:09 Membership: (zimmermann.mayfirst.org 11370)[], ... 
> (keys.jpbe.de 11370)[]
> 2018-06-15 05:50:09 address for zimmermann.mayfirst.org:11370 changed from [] 
> to
>  [, ]
> ...
> 2018-06-15 05:50:10 address for keys.jpbe.de:11370 changed from [] to 
> [, ]
> 2018-06-15 05:50:10 Opening KeyDB database
> 2018-06-15 05:50:10 Shutting down database
>
> Unfortunately I cannot work on restoration till Sunday evening.
>
> Gabor
>
> ___
> Sks-devel mailing list
> Sks-devel@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel




signature.asc
Description: OpenPGP digital signature
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

[Sks-devel] seeking peers for pgp.lehigh.edu

2017-05-05 Thread Keith Erekson 
Hi,

I am looking for peers for a new SKS keyserver installation.

I am running SKS version 1.1.6 on pgp.lehigh.edu (hosted at Lehigh
University).
The server is physically located in Pennsylvania (US).

I have loaded a keydump from pgp.key-server.io, dated 2017-05-02.
I see 4661852 keys loaded.

For operational issues, please contact me directly.

pgp.lehigh.edu 11370 # Keith Erekson <ke...@lehigh.edu> 0xC9A3C33D

Thank you,

~Keith




___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel