Fwd: [Sks-devel] [Announcement] SKS 1.1.4 Released
JPClizbe at gingerbear.net
Mon Oct 8 00:08:49 CEST 2012
Kristain left these groups off the initial email
-------- Original Message --------
Subject: [Sks-devel] [Announcement] SKS 1.1.4 Released
Date: Sun, 07 Oct 2012 22:24:27 +0200
From: Kristian Fiskerstrand <kristian.fiskerstrand at sumptuouscapital.com>
To: sks-devel <sks-devel at nongnu.org>
We are pleased to announce the availability of a new stable SKS
release: Version 1.1.4.
SKS is an OpenPGP keyserver whose goal is to provide easy to deploy,
decentralized, and highly reliable synchronization. That means that a
key submitted to one SKS server will quickly be distributed to all key
servers, and even wildly out-of-date servers, or servers that experience
spotty connectivity, can fully synchronize with rest of the system.
What's New in 1.1.4
- Fix X-HKP-Results-Count so that limit=0 returns no results, but
include the header, to let a client poll for how many results
exist, without retrieving any. Submitted by Phil Pennock. See:
- Add UPGRADING document to explain upgrading Berkeley DB without
rebuilding. System bdb versions often change with new SKS releases
for .deb and .rpm distros.
- Cleanup build errors for bdb/bdb_stubs.c. Patch from Mike Doty
- Update cryptokit from version 1.0 to 1.5 without requiring OASIS
build system or other additional dependencies
- build, fastbuild, & pbuild fixed to ignore signals USR1 and USR2
- common.ml and reconSC.ml were using different values for minumimum
compatible version. This has been fixed.
- Added new server mime-types, and trying another default document
In addition to the new MIME types added in 1.1., the server now
looks over a list and and serves the first index file that it finds
Current list: index.html, index.htm, index.xhtml, index.xhtm,
- options=mr now works on get as well as (v)index operations. This is
described in http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
sections 22.214.171.124. and 5.1.
- Updated copyright notices in source files
- Added sksclient tool, similar to old pksclient
- Add no-cache instructions to HTTP response (in order for reverse
proxies not to cache the output from SKS)
- Use unique timestamps for keydb to reduce occurrances of Ptree
- Added Interface specifications (.mli files) for modules that were
- Yaron pruned some no longer needed source files from the tree.
- Improved the HTTP status and HTTP error codes returned for various
situations and added checks for more error conditions.
- Add a suffix to version (+) indicating non-release or development
- Add an option to specify the contact details of the server
that shows in the status page of the server. The information is in
the form of an OpenPGP KeyID and set by server_contact: in sksconf
- Add a `sks version` command to provide information on the setup.
- Added configuration settings for the remaining database table
files. If no pagesize settings are in sksconf, SKS will use 2048
bytes for key and 512 for ptree. The remainining files' pagesize
will be set by BDB based on the filesystem settings, typically this
is 4096 bytes. See sampleConfig/sksconf.typical for settings
recommended by db_tuner.
- Makefile: Added distclean target. Dropped autogenerated file from
- Allow tuning BDB environment before creation in [fast]build and
pbuild. If DB_CONFIG exists in basedir, copy it to DB dir before DB
creation. Preference is given to DB_CONFIG.KDB and DB_CONFIG.PTree
- Add support for Elliptic Curve Public keys (ECDSA, ECDH)
- Add check if an upload is a revocation certificate, and if it is,
produce an error message tailored for this.
Note when upgrading from earlier versions of SKS
The default values for pagesize settings have changed. To continue
using an existing DB without rebuilding, explicit settings have to be
added to the sksconf file.
Getting the Software
SKS can be downloaded from
There are a few prerequisites to building this code. You need:
* ocaml-3.10.2 or later. Get it from <http://www.ocaml.org>
ocaml-3.12.x is recommended, ocaml-4.x is not recommended at this time
* Berkeley DB version 4.6.* or later, whereby 4.8 or later is
You can find the appropriate versions at
Verifying the integrity of the download
Releases of SKS are signed using the SKS Keyserver Signing Key
available on public keyservers with the KeyID
and has a fingerprint of
C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A.
Using GnuPG, verification can be accomplished by, first, retrieving
the signing key using
gpg --keyserver pool.sks-keyservers.net --recv-key 0x41259773973A612A
followed by verifying that you have the correct key
gpg --keyid-format long --fingerprint 0x41259773973A612A
pub 4096R/41259773973A612A 2012-06-27
Key fingerprint = C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A
A check should also be made that the key is signed by
trustworthy other keys;
gpg --list-sigs 0x41259773973A612A
and the fingerprint should be verified through other trustworthy sources.
Once you are certain that you have the correct key downloaded, you can
a local signature, in order to remember that you have verified the key.
gpg --lsign-key 0x41259773973A612A
Finally; verifying the downloaded file can be done using
gpg --keyid-format long --verify sks-x.y.z.tgz.asc
The resulting output should be similar to
gpg: Signature made Wed Jun 27 12:52:39 2012 CEST
gpg: using RSA key 41259773973A612A
gpg: Good signature from "SKS Keyserver Signing Key"
Checksums for sks-1.1.4.tgz
We have to thank all the people who helped with this release, by
discussions on the mailing list, submitting patches, or opening issues
for items that needed our attention.
The SKS Team (Yaron, John, Kristian, Phil, and the other contributors)
Sks-devel mailing list
Sks-devel at nongnu.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 496 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel