Bug#667695: fixing #667695 for squeeze?

[Daniel Kahn Gillmor]

http://bugs.debian.org/667695 means that squeeze SKS servers currently
don't synchronize well with their peers, especially with their peers
that have adopted reverse HTTP proxies as a mechanism for high
availability (i.e. the peers that are more likely to actually get key
updates).

The fix to #667695 is trivial, already included in the next upstream
version, aand doesn't change the logic of SKS at all.

Since SKS is a network-facing process, it would be good to fix this to
be able to interoperate cleanly with other peers on the network.

I recommend including this fix in the next squeeze point release if it's
ok with the release team and the sks maintainers.  A proposed debdiff is
attached; i'm running the resulting package in production on
keys.mayfirst.org, and it allows me to recon from peers that used to
reject my requests.

Please let me know if you'd like me to go ahead with an upload to
squeeze-proposed-updates.

Regards,

        --dkg


diff -Nru sks-1.1.1+dpkgv3/debian/changelog sks-1.1.1+dpkgv3/debian/changelog
--- sks-1.1.1+dpkgv3/debian/changelog	2010-10-25 12:12:09.000000000 -0400
+++ sks-1.1.1+dpkgv3/debian/changelog	2012-04-05 18:26:12.000000000 -0400
@@ -1,3 +1,9 @@
+sks (1.1.1+dpkgv3-6+squeeze1) squeeze-proposed-updates; urgency=low
+
+  * SKS recon should emit standards-compliant POSTs (Closes: #667695)
+
+ -- Daniel Kahn Gillmor <d...@fifthhorseman.net>  Thu, 05 Apr 2012 18:11:22 -0400
+
 sks (1.1.1+dpkgv3-6) unstable; urgency=high
 
   * fix to not really working fix for strip of bytecode (closes: 599029)
diff -Nru sks-1.1.1+dpkgv3/debian/patches/520_fix_non-compliant_POST.patch sks-1.1.1+dpkgv3/debian/patches/520_fix_non-compliant_POST.patch
--- sks-1.1.1+dpkgv3/debian/patches/520_fix_non-compliant_POST.patch	1969-12-31 19:00:00.000000000 -0500
+++ sks-1.1.1+dpkgv3/debian/patches/520_fix_non-compliant_POST.patch	2012-04-05 18:13:26.000000000 -0400
@@ -0,0 +1,11 @@
+--- sks-1.1.1/reconComm.ml	2009-03-25 22:14:44.000000000 -0400
++++ sks-1.1.2/reconComm.ml	2011-10-01 08:23:23.000000000 -0400
+@@ -81,7 +81,7 @@
+ 		let sout = Channel.new_buffer_outc 0 in
+ 		CMarshal.marshal_list ~f:CMarshal.marshal_string sout hashes;
+ 		let msg = sout#contents in
+-		cout#write_string "POST /pks/hashquery\r\n";
++		cout#write_string "POST /pks/hashquery HTTP/1.0\r\n";
+ 		cout#write_string (sprintf "content-length: %d\r\n\r\n" 
+ 				     (String.length msg));
+ 		cout#write_string msg;
diff -Nru sks-1.1.1+dpkgv3/debian/patches/series sks-1.1.1+dpkgv3/debian/patches/series
--- sks-1.1.1+dpkgv3/debian/patches/series	2010-07-05 09:17:24.000000000 -0400
+++ sks-1.1.1+dpkgv3/debian/patches/series	2012-04-05 18:13:53.000000000 -0400
@@ -7,3 +7,4 @@
 509-content-types.patch 
 510-allowed-chars.patch 
 511_gcc44.patch 
+520_fix_non-compliant_POST.patch

pgpeoZCVPky7k.pgp
Description: PGP signature