hockeypuck 0.9 "ringer"

Additional minor fixes in preparation for raring freeze date.

Milestone information

Code name:
Casey Marshall
Release registered:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata


Assigned to you:
No blueprints or bugs assigned to you.
12 Casey Marshall
No blueprints are targeted to this milestone.
12 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon hockeypuck-0.9.0149-linux-amd64.tar.gz (md5, sig) release tarball 22
last downloaded 86 weeks ago
download icon hockeypuck-0.9.0149-linux-386.tar.gz (md5, sig) release tarball 13
last downloaded 86 weeks ago
download icon hockeypuck-0.9.0149-freebsd-amd64.tar.gz (md5, sig) release tarball 12
last downloaded 86 weeks ago
download icon hockeypuck-0.9.0149-freebsd-386.tar.gz (md5, sig) release tarball 13
last downloaded 86 weeks ago
download icon hockeypuck-0.9.0149-darwin-amd64.tar.gz (md5, sig) release tarball 13
last downloaded 3 weeks ago
download icon hockeypuck-0.9.0149-darwin-386.tar.gz (md5, sig) release tarball 13
last downloaded 86 weeks ago
Total downloads: 86

Release notes 

Hockeypuck 0.9 has several important security and stability improvements. It is strongly recommended that you upgrade to 0.9.

New and notable:
- Require valid self-signatures and cross-signatures on all key material.
- Fixed several goroutine leaks.
- Much improved MongoDB query and update performance.
- Fixed UID name/email search, with behavior somewhat comparable to "fulltext" search.
- Sanitize invalid UTF-8 runes in UIDs.
- Display signer UID instead of keyid in op=index, op=vindex
- Add op=stats JSON format to support keyserver spiders.
- Reopen log on SIGHUP for logrotate compatibility.


View the full changelog

hockeypuck (0.9) precise; urgency=low

  [ Casey Marshall ]
  * hkp_types.go, mgo/worker.go, responses.go, server.go,
    status_types.go, worker.go:
    - Added op=stats&options=json response to support spiders.
      LP: #1105592
  * mgo/worker.go, pgp.go, worker.go:
    - Split UID keywords into letter/digit tokens for search.
      LP: #1108416
    - Using $all on search terms in mongo query.
  * scripts/fix-keywords.js:
    - Add script to repair uid keywords in existing Hockeypuck.
  * pgp_types.go, responses.go:
    - Display uat:::: placeholder in machine readable output.
      LP: #1104703
    - Removed debug print statement.
    - Uppercased fingerprint in machine readable output.
  * cmd/hockeypuck-mgo/main.go, mgo/client.go, mgo/keystats.go,
    mgo/pks.go, mgo/worker.go, pgp.go, pgp_types.go, responses.go,
    - Several MongoDB improvements:
      - Leverage reversed fingerprint for long, short keyid lookup
        with regex indexed query, removed indexed on these.
        LP: #1128565
      - Replace map-reduce generated stats with time-bucket
        increments on load. LP: #1128611
    - Remove invalid UTF-8 characters from uid strings.
    - Reversed issuer key ID in signature for faster lookups
      (anchored regex for mongo, prefixed LIKE for RDBMS).
  * instroot/var/lib/hockeypuck/www/templates/pks/index.tmpl,
    mgo/keystats.go, mgo/worker.go, pgp.go, pgp_types.go, responses.go:
    - Require valid UID self-sign to load key material. LP: #1128561
    - Send proper key var to stats channel on insert/update.
    - Get UID of signature keyid in LookupKey(s), display in vindex.
      LP: #1120869
    - Aggregate loading statistics, bulk upsert increments to
      reduce mongodb load. LP: #1128611
  * mgo/worker.go, pgp.go, pgp_test.go, pgp_types.go, responses.go,
    - Link all supported hash algorithms into runtime.
    - Recover from panic due to missing hash algorithm in
      key material verification, return as error.
    - Verify subkey signatures. LP: #1128561
    - Add unit test to catch invalid UID with missing self-sig
      LP: #1128561
    - Remove unused goroutine from checkValidSignatures.
  * mgo/worker.go, pgp.go, pgp_test.go:
    - Verify user attribute packets too. Some unsigned images
      cannot be unseen. LP: #1128561
  * mgo/worker.go, strings.go, strings_test.go:
    - Simplify keyword search, balance between MongoDB performance
      and search term flexibility. LP: #1108416
  * instroot/usr/share/hockeypuck-mgo/scripts/fix-keywords.js:
    - Update fix keyword script to use above simplified approach.
  * mgo/worker.go:
    - Escape regular expression characters from search terms.
  * cmd/hockeypuck-load/main.go, cmd/hockeypuck-mgo/main.go, config.go,
    log.go, mgo/client.go, mgo/keystats.go, mgo/pks.go, mgo/worker.go,
    - Using standard logger, reopen log on SIGHUP/SIGUSR1/SIGUSR2.
      LP: #1121700
  * merge.go, mgo/worker.go, pgp.go, pgp_types.go:
    - Fix goroutine leaks in traverse, reading keys.
  * debian/hockeypuck.logrotate:
    - Add logrotate configuration. LP: #1121700
  * debian/control:
    - Add dependencies recommended for a ready-to-run server.
  * mgo/worker.go:
    - Update with reversed fingerprint.
  * mgo/client.go, mgo/worker.go:
    - Fix typo in modified stats aggregation.
      Make stats timestamp index unique.
  * hkp_types.go, instroot/var/lib/hockeypuck/www/templates/header.tmpl,
    mgo/client.go, mgo/pks.go, mgo/worker.go, pks.go, responses.go,
    server.go, status_types.go, templates.go, worker.go,
    - Change op=status to op=stats. Make distinction between
      "status" and "stats" elsewhere in the codebase while we're at it.
  * responses.go, server.go:
    - Default op=stats HTTP port to 11371, improve Host: parsing.
    - Respond with JSON for mr option if op=stats.
  * debian/copyright:
    - Proper Debian license attribution of all Go library dependencies
      redistributed in source package.
  * pgp.go:
    - Fixed deadlock in ReadValidKeys, defer draining source channels
      in its goroutine.

 -- Casey Marshall <email address hidden> Sat, 09 Mar 2013 23:55:24 -0600

0 blueprints and 12 bugs targeted

Bug report Importance Assignee Status
1126479 #1126479 Keyword search poor performance 2 Critical Casey Marshall  10 Fix Released
1128561 #1128561 Check self-signatures on all packets 2 Critical Casey Marshall  10 Fix Released
1133725 #1133725 Change op=status to op=stats, convention used by SKS & GnuKS 2 Critical Casey Marshall  10 Fix Released
1153292 #1153292 Multiple keys posted into /pks/add causes server to hang 2 Critical Casey Marshall  10 Fix Released
1044770 #1044770 Verify packet signatures 3 High Casey Marshall  10 Fix Released
1105592 #1105592 Support JSON formatted server statistics: op=stats&options=json 3 High Casey Marshall  10 Fix Released
1108416 #1108416 word-based key lookup should be case insensitive 3 High Casey Marshall  10 Fix Released
1120869 #1120869 vindex should display UID instead of key ID 3 High Casey Marshall  10 Fix Released
1121700 #1121700 Log rotation 3 High Casey Marshall  10 Fix Released
1128565 #1128565 Reverse fingerprint storage in database 3 High Casey Marshall  10 Fix Released
1128611 #1128611 Replace map-reduce stats with upsert increments 3 High Casey Marshall  10 Fix Released
1104703 #1104703 Missing user attribute packet information (uat:::) in options=mr output 4 Medium Casey Marshall  10 Fix Released
This milestone contains Public information
Everyone can see this information.