Package: sks
Version: 1.1.0-4
Severity: normal
We’re running a private keyserver (publicly accessible, but not
synchronised with the keyserver network, and forbidden for search
engines to index via robots.txt, for eMail address privacy) with
the stock Lenny sks package and see occasional database corruption.
Symptoms:
• sks doesn’t start any more
• sks must be killed with -9
• the daily cronjob hangs
After a bit of tricking around, I finally managed to patch the
cronjob do work around some of the issues, mostly by calling
db4.6_recover and SIGKILLing sks if the init script fails to
get it down. This is the diff:
--- /etc/cron.daily/sks 2008-07-22 00:00:00.000000000 +0200
+++ /etc/cron.daily/sks 2010-10-13 09:18:30.000000000 +0200
@@ -22,16 +22,24 @@ clean_directory() {
dir=$1
if [ -d "$dir" ]
then
+ db4.6_recover -h $dir
db4.6_archive -h $dir -d
fi
return 0
}
+(/etc/init.d/sks stop || :)
+for pidfile in /var/run/sks/sksdb.pid /var/run/sks/sksrecon.pid; do
+ [[ -s $pidfile ]] || continue
+ kill -9 $(<$pidfile)
+done
+
# The DB directory holds indexes and keys.
clean_directory /var/lib/sks/DB
# PTree is for the hashes used with the reconciliation algorithm. (I think)
clean_directory /var/lib/sks/PTree
+/etc/init.d/sks start
exit 0
As further difference from the package, the init script was
patched with this, for the sake of completeness, but I under-
stand this has been fixed in later versions:
--- /etc/init.d/sks~ 2008-06-03 00:00:00.000000000 +0200
+++ /etc/init.d/sks 2009-12-22 12:24:41.000000000 +0100
@@ -68,6 +68,9 @@ case "$1" in
exit 0
fi
+ mkdir -p /var/run/sks
+ chown debian-sks:debian-sks /var/run/sks
+
echo -n " sksdb.."
start-stop-daemon --start --quiet --oknodo \
The configuration only sets hostname, hkp_port and dontgossip.
There’s still one more occasional problem: the PTree was
damaged beyond what db4.6_{recover,checkpoint} could do,
but removing it “fixed” the problem. (Luckily the keyring
is backed up by exporting.)
Finally, a minor annoyance, the log is spammed several
times per minute with this message:
2010-10-14 09:27:06 <mail transmit keys> error in callback.: Failure("No
partners specified")
Is running a stand-alone keyserver not supported?
This is more a question whether you know of these problems
or have advice, and to document my attempts to work around
it, as a “real” bugreport, because I have no idea how to
actually reproduce the problems (they do appear on our key-
server relatively often – for DB – and very rarely – for
PTree – though). Any input welcome.
-- System Information:
Debian Release: 5.0.6
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-xen-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/mksh
Versions of packages sks depends on:
ii adduser 3.110 add and remove users and groups
ii db4.6-util 4.6.21-11 Berkeley v4.6 Database Utilities
ii libc6 2.7-18lenny4 GNU C Library: Shared libraries
ii libdb4.6 4.6.21-11 Berkeley v4.6 Database Libraries [
ii logrotate 3.7.1-5 Log rotation utility
ii postfix [mail-transpor 2.5.5-1.1 High-performance mail transport ag
ii procmail 3.22-16 Versatile e-mail processor
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
sks recommends no packages.
sks suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
