[Sks-devel] [Announcement] SKS 1.1.4 Released

[Kristian Fiskerstrand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello,

We are pleased to announce the availability of a new stable SKS
release:  Version 1.1.4.

SKS is an OpenPGP keyserver whose goal is to provide easy to deploy,
decentralized, and highly reliable synchronization. That means that a
key submitted to one SKS server will quickly be distributed to all key
servers, and even wildly out-of-date servers, or servers that experience
spotty connectivity, can fully synchronize with rest of the system.

What's New in 1.1.4
====================
  - Fix X-HKP-Results-Count so that limit=0 returns no results, but
    include the header, to let a client poll for how many results
    exist, without retrieving any. Submitted by Phil Pennock. See:
    http://lists.nongnu.org/archive/html/sks-devel/2010-11/msg00015.html
  - Add UPGRADING document to explain upgrading Berkeley DB without
    rebuilding. System bdb versions often change with new SKS releases
    for .deb and .rpm distros.
  - Cleanup build errors for bdb/bdb_stubs.c. Patch from Mike Doty
  - Update cryptokit from version 1.0 to 1.5 without requiring OASIS
    build system or other additional dependencies
  - build, fastbuild, & pbuild fixed to ignore signals USR1 and USR2
  - common.ml and reconSC.ml were using different values for minumimum
    compatible version. This has been fixed.
  - Added new server mime-types, and trying another default document
    (Issue 6)
    In addition to the new MIME types added in 1.1.[23], the server now
    looks over a list and and serves the first index file that it finds
    Current list: index.html, index.htm, index.xhtml, index.xhtm,
    index.xml.
  - options=mr now works on get as well as (v)index operations. This is
    described in http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
    sections 3.2.1.1. and 5.1.
  - Updated copyright notices in source files
  - Added sksclient tool, similar to old pksclient
  - Add no-cache instructions to HTTP response (in order for reverse
    proxies not to cache the output from SKS)
  - Use unique timestamps for keydb to reduce occurrances of Ptree
    corruption.
  - Added Interface specifications (.mli files) for modules that were
    missing them
  - Yaron pruned some no longer needed source files from the tree.
  - Improved the HTTP status and HTTP error codes returned for various
    situations and added checks for more error conditions.
  - Add a suffix to version (+) indicating non-release or development
    builds
  - Add an option to specify the contact details of the server
    administrator
    that shows in the status page of the server. The information is in
    the form of an OpenPGP KeyID and set by server_contact: in sksconf
  - Add a `sks version` command to provide information on the setup.
  - Added configuration settings for the remaining database table
    files. If no pagesize settings are in sksconf, SKS will use 2048
    bytes for key and 512 for ptree. The remainining files' pagesize
    will be set by BDB based on the filesystem settings, typically this
    is 4096 bytes. See sampleConfig/sksconf.typical for settings
    recommended by db_tuner.
  - Makefile: Added distclean target. Dropped autogenerated file from
    VCS.
  - Allow tuning BDB environment before creation in [fast]build and
    pbuild. If DB_CONFIG exists in basedir, copy it to DB dir before DB
    creation. Preference is given to DB_CONFIG.KDB and DB_CONFIG.PTree
    over DB_CONFIG.
  - Add support for Elliptic Curve Public keys (ECDSA, ECDH)
  - Add check if an upload is a revocation certificate, and if it is,
    produce an error message tailored for this.

Note when upgrading from earlier versions of SKS
====================
The default values for pagesize settings have changed. To continue
using an existing DB without rebuilding, explicit settings have to be
added to the sksconf file.
pagesize:       4
ptree_pagesize: 1

Getting the Software
====================
SKS can be downloaded from
https://bitbucket.org/skskeyserver/sks-keyserver

Prerequisites
====================
There are a few prerequisites to building this code.  You need:
* ocaml-3.10.2 or later.  Get it from <http://www.ocaml.org>
  ocaml-3.12.x is recommended, ocaml-4.x is not recommended at this time
* Berkeley DB version 4.6.* or later, whereby 4.8 or later is
recommended.
  You can find the appropriate versions at

<http://www.oracle.com/technetwork/database/berkeleydb/downloads/index.html>

Verifying the integrity of the download
====================
Releases of SKS are signed using the SKS Keyserver Signing Key
available on public keyservers with the KeyID

    0x41259773973A612A
        
and has a fingerprint of

    C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A.
        
Using GnuPG, verification can be accomplished by, first, retrieving
the signing key using

    gpg --keyserver pool.sks-keyservers.net --recv-key 0x41259773973A612A
        
followed by verifying that you have the correct key

    gpg --keyid-format long --fingerprint 0x41259773973A612A

should produce:

    pub   4096R/41259773973A612A 2012-06-27
    Key fingerprint = C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A
                
A check should also be made that the key is signed by
trustworthy other keys;

    gpg --list-sigs 0x41259773973A612A

and the fingerprint should be verified through other trustworthy sources.
                        
Once you are certain that you have the correct key downloaded, you can
create
a local signature, in order to remember that you have verified the key.

     gpg --lsign-key 0x41259773973A612A

Finally; verifying the downloaded file can be done using

    gpg --keyid-format long --verify sks-x.y.z.tgz.asc

The resulting output should be similar to
        
    gpg: Signature made Wed Jun 27 12:52:39 2012 CEST
    gpg:                using RSA key 41259773973A612A
    gpg: Good signature from "SKS Keyserver Signing Key"

Checksums for sks-1.1.4.tgz
  SHA1:
  d0b3b387653115d106ebbcae13aeda06f0034909

  SHA256:
  baa79be8c1983544518e8a72ccecacb2837d52ae4015dc7cf364cddb53220c76

Thanks
====================
We have to thank all the people who helped with this release, by
discussions on the mailing list, submitting patches, or opening issues
for items that needed our attention.

Happy Hacking,

  The SKS Team (Yaron, John, Kristian, Phil, and the other contributors)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.0-beta90 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCAAGBQJQceT2AAoJEAt/i2Dj7frjr0sP/RatnZ7ynQzJg6jwsHkDxoIw
pSJoUZBcjtCQcj9VjfXCEUusbPHGCZ4UtelAzo2SBakVUBph7H0hYVJ63mUoHvfE
pEpv6Uu84333kIQyUk68KiT0I3rP4lL1NxjHjA9HR6AlTRBPjGm+kOB7wDSKeCvR
nwCZbEfaaVLUsiCGJkk/sp5CIIXG64qIGNN1gCpM4+sF5RgXFSOELjlsxkQ+bG7i
e6LSekL4DuEqlJUW/XeQIrmiTj5OhjDyr5ZiicUu1TDvKFTmnNSNT2aea2jnzPbU
Svxizcf3c0n4+JVlxWRPYKOuiWypP+7dS6Sh5tuk+wUPxI99npNTVhJobMzfV7/m
OHTnRcNzbByqp45hg3y1n1Rajb5QBuRg/sacJnqgS1sf1hNx6Dad9RmWx05/ayx1
6f3MlJWayuqjPPz0IBcgpCcRXNA23rgNGT5YuYeP4jlJNcqgl8ta5OiwQ8DYUKep
NUfDM+OFhXFXvglO2HA7EHWhJudiIVOH6sFFUsTYqA3CBOs01QHwNuXg4SYRi1yj
t7ZgagVXhnH0f2Qhv5Y+a/ILb9aZwOi56aB8q97ViUPGSmw8Mohk2mI0I5PvO+6I
EvPNolfFOw/kjmbppcGMqqGXz6w3SqfG7qxjwb21mJmaQ9oCAqMZb0MsIeAKAcVL
MjUYKe/GQ9nSR0wg1ihF
=plHC
-----END PGP SIGNATURE-----