Hi Marcel, Thanks for the fast reply. Right now I’m stuck in this issue https://github.com/hockeypuck/hockeypuck/issues/156. I tried to ask help from the contributors, but as you can see they closed the issue without giving a solution. For the installation process did you use the procedure in the readMe file (under contrib/docker-compose/standalone/README.md) on github? Because I followed precisely all those steps in my attempt and they give me these problems.
I’m planning to test the attack locally, that is the reason why I’m trying to deploy hockeyPuck directly on my machine. -Michele ________________________________ Da: Marcel Waldvogel <marcel.waldvo...@trifence.ch> Inviato: Monday, October 25, 2021 3:45:35 PM A: Michele Marazzi <michele1.mara...@mail.polimi.it>; sks-devel@nongnu.org <sks-devel@nongnu.org> Oggetto: Re: HockeyPuck deployment problems Michele, it is great to hear about your interest in computer security and I am sorry to hear that you do have problems with Hockeypuck in Docker. I am running two Hockeypucks under Docker and have had some problems in the beginning, but I hoped that what I learned during that process had been reflected in the hockeypuck.io documentation. Can you tell us more about your problems, i.e., what is your current setup and what does and does not work and what you already tried to diagnose these problems or even fix them? -Marcel PS: How do you plan to check for the split-world behavior? (And I hope you will not use this against the global keyserver network… BTW: Contributions for how to avoid this are welcome.) PPS: At some point, it may be useful to take the discussion off-list. But right now, the information might still be relevant to the original goal of the list, contribute to the development and operation of (SKS[-protcol] based) OpenPGP keyservers. Am Montag, dem 25.10.2021 um 10:00 +0000 schrieb Michele Marazzi: Hi, I’m a student of the Politecnico di Milano university and I’m proceeding in my road to the master degree in computer science and engineering. I have inserted in my academic plan a course called “Cryptography and architectures for computer security” in which the teacher proposed some projects concerning the argument of the course. In particular one project is about HockeyPuck and this captured the interests of me and a colleague of mine. This is the draft of the project: “HockeyPuck (https://hockeypuck.io/) is a recent reimplementation of the traditional SKS keyserver software, employed to build a distributed storage for openPGP certificates. The synchronization mechanism between keyservers may lead to split-world scenarios if a malicious upload is performed. The purpose of this project is to test the resilience of HockeyPuck against this attack.” We have tried many times to install and configure HockeyPuck in our machines and cloud machines, but never succeed. As recommended by some contributors, we used Docker for the installation process, and the scripts associated to that also deal with the automatic configuration and installation of Postgresql, Nginx and Prometheus. So we did no more than running all the scripts correctly and then using docker compose (after having downloaded the keys). We also tried with the snap in the snap store, but never succeed also with that. We used mainly Virtualbox with Ubuntu installed (we used at first the last version, then we tried also with 20.04), but never succeed. We have followed the documentation on Github and on the old HockeyPuck page made by Casey Marshall (no more maintained), but the results never changed. We wrote also issues on the Github repo, but the answers were not useful to complete the deployment. Our teacher have recommended to wrote you an email, since you are the community referencing to HockeyPuck, to ask some help for the configuration process, in particular we are searching for some detailed guidelines (and also updated sources, if needed) both for the installation and the usage. I cordially thank you in advance for the help. Best Regards. Michele Marazzi
