2.3

Hockeypuck 2.3 is recommended for all users. There are no breaking changes between the 2.2 and 2.3 branches, and SKS sync is supported between 2.2 and 2.3 peers.

The 2.3 release adds support for online reindexing of the database schema, and offline dump-less reloading of the dataset. Reindexing is enabled by default, and will ensure that the schema is always updated to the latest version. Offline dump-less reload is implemented by a separate utility, hockeypuck-reload - see https://hockeypuck.io/upgrading.html#TOC_1.2. for instructions.

Due to changes in the database schema, it is strongly recommended to upgrade to 2.3 as soon as possible. Hockeypuck 2.4 will be released in early 2026, and will require the new schema to support RFC9580 and HKPv2.

2.3 also adds support for PKS-over-email and PKS-over-HTTP unidirectional sync. This is not enabled by default - see https://hockeypuck.io/configuration.html#TOC_1.3.3. for configuration details.

Hockeypuck 2.3 development is kindly supported by NGI Zero Core

🚀 Features & Enhancements

• Populate new table schemas in advance of being used in 2.4 (closes #398) @andrewgdotcom (#408)
• Implement hockeypuck-reload for in-place reload of all key material (closes #339) @andrewgdotcom (#404)
• In-place reindexing of postgres schemas (closes #252) @andrewgdotcom (#393)
• Add PKS support (closes #307) @andrewgdotcom (#392)

🐛 Bug Fixes

• Throw error on encountering null bytes in user IDs (closes #318) @andrewgdotcom (#405)
• Reduce severity of many errors @andrewgdotcom (#410)
• Update HAProxy health check for Hockeypuck @mclueppers (#397)
• [Snyk] Security upgrade debian from bookworm-slim to 13.1-slim @andrewgdotcom (#418)

🔧 Maintenance

• Update Cyberbits dumps in documentation @infertux (#420)
• Password rsync @andrewgdotcom (#417)
• reindex backoff @andrewgdotcom (#423)
• fix reindex timing (#409) @andrewgdotcom (#421)
• Rethink reindex on startup for subkeys, userids @andrewgdotcom (#419)

New contributors

• @infertux made their first contribution in #420

Full changelog: 2.2.4...2.3

2.2.4

This is a final bugfix rollup release for branch-2.2.

• Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /src/hockeypuck @dependabot (#380)
• Bump github.com/justinas/nosurf from 0.0.0-20190416172904-05988550ea18 to 1.1.1 in /src/hockeypuck @dependabot (#379)
• Bump golang.org/x/crypto from 0.17.0 to 0.31.0 in /src/hockeypuck @dependabot (#377)
• Build multi-archi docker image @VanRoy (#375)
• Add some configurable variables to stats page @AstroProfundis (#373)

🐛 Bug Fixes

• re-HUP haproxy until we are sure a worker process survived (closes #366) @andrewgdotcom (#390)
• Add missing call to ParseForm() in Stats() @andrewgdotcom (#369)

New Contributors

• @VanRoy made their first contribution in #375

Full changelog: 2.2.3...2.2.4

2.2.3

This is a bugfix release to fix several minor issues and tidy up the docker-compose deployment scripts.
Note however that there is one cosmetic breaking change IFF custom templates are being used.

BREAKING CHANGE

If you have a custom index template, you should remove any use of the BitLength field from key or subkey listings.
The resolution to #352 includes the bit length in the Algorithm.Name field for algorithms where bit length is meaningful.
Any existing templates will therefore display an extra bit length field.
(See commit 92fa0c9 for the corresponding change in the standard index template)

🚀 Features & Enhancements

• Support OPTIONS on all endpoints, HEAD on files and /pks/{health,stats} (closes #365) @andrewgdotcom (#367)
• also serve stats on /pks/stats (closes #356); DRIVEBY add static /pks/health endpoint @andrewgdotcom (#360)

🐛 Bug Fixes

• fix incompatible BitLength type @andrewgdotcom (#352)
• Recalculate packet lengths in updateMD5() (closes #282) @andrewgdotcom (#350)
• Throw Unprocessable if ValidSelfSigned fails during /pks/add (closes #341) @andrewgdotcom (#349)
• Update PTree with the on-disk digest when KeyNotChanged (closes #347) @andrewgdotcom (#348)
• Update to go-crypto v1.1.3-pgpkeys (closes #220) @andrewgdotcom (#345)

🔧 Maintenance

• Fix missing uppercase @andrewgdotcom (#351)
• Update standalone deployment of hockeypuck @swetha1654 (#354)
• Update sync-sks-dump.bash @swetha1654 (#353)
• Update data-sources.md to point to the right link @swetha1654 (#346)

New Contributors

• @swetha1654 made their first contribution in #346

Full Changelog: 2.2.2...2.2.3

2.2.2

What's Changed

• Fix broken test artifacts by @andrewgdotcom in #323
• [FEATURE] Add return button to stats page by @twofaktor in #328
• Fix non-matching trailing whitespace and add unit test (closes #316) by @andrewgdotcom in #330
• Fix contract of ValidSince(); emit 'r' for revoked keys and/or uids (closes #315) by @andrewgdotcom in #331
• feat: Add Policy URL in search output by @robbat2 in #333
• [CHORE]Add section re personal data to default index.html by @andrewgdotcom in #334
• [FEATURE] handle Partner structs internally instead of ip addresses (closes #292 #258 #98) by @andrewgdotcom in #337

New Contributors

• @twofaktor made their first contribution in #328
• @robbat2 made their first contribution in #333

Full Changelog: 2.2.1...2.2.2

2.2.1

This is a bugfix release to address two issues in the machine-readable index format.

Bugfixes

• Don’t skip revoked keys in MRFormat writer (closes #308) by @andrewgdotcom in #309
• Refactor key expiry calculations to use primary key binding sig (closes #301) by @andrewgdotcom in #311

Housekeeping

• Extend GH workflows for release notes and PR labellers by @mclueppers in #256
• Use vendored logrus instead of fork by @andrewgdotcom in #310

2.2

Features

• Fully stable SKS recon using aggressive normalisation (#198)
• Improved multithreading safety (#170)
• Deletion of personal data from hard-revoked keys (#250)
• Admin deletion of keys via signed submissions
• Detached revocation certificate support (#281)

Bugfixes

• Missing direct key signature validation (#199)
• Missing subkeys with v3 sbinds (#205)
• Missing CORS headers (#226)
• HTTPS binding errors (#295)
• Several cosmetic improvements (#257 #289 #291 ...)

Deprecations

• SKS-keyserver recon compatibility
• UAT image packets
• User deletion and replacement of keys via /pks/delete and /pks/replace endpoints

2.1.2

Bugs closed

#286 Block abusive scraping in haproxy

Other enhancements

#257 Display key version in index view
Bump snapcraft go version

2.1.1

Enhancements in 2.1.1

Sync improvements

• AIMD adaptive request size
• Retry limits
• LRU seen-cache
• Weighted peers
• Ability to disable sync
• Deduplication and length limits in responses

Front end Improvements

• Rate-limiting HAProxy
• JS and CSS optimisation
• Fingerprint search without leading 0x
• Support for http virtual hosts

Backend improvements

• Bulk insertion to DB
• Key search and deletion helper scripts
• Log privacy options
• Improved thread safety
• Data normalisation

Deployment improvements

• Automatic population of build version from git describe
• Simplification of docker-compose/standalone deployment
• Improved systemd script
• Support for non-letsencrypt ACME services
• Key deletion helper script
• Support go templating in configuration file
• Pin to go v1.18

Bugs closed

#95 - Dockerfile build failure
#100 - Missing signatures in UI
#129 - Bad handling of UIDs containing hyphens
#131 - Slow loading of keydumps
#140 - Incorrect display of expiry dates
#160 - Keyword search for bare email UIDs
#187 - Missing UIDs on keys created by openpgp-php
#192 - Missing UID/UAT revocations
#194 - Mac GPG Suite incompatibility
#196 - Inconsistent hashes in UI
#197 - Missing self-sigs on revoked UIDs
#200 - Missing stats history
#205 - Validation of v3 sbinds over v4 subkeys
#212 - Improved error messages
#226 - CORS headers
#260 - Missing content-disposition header

2.1.0

New features in 2.1.0

Full ECC support with ProtonMail's openpgp fork.

All ECC algorithms supported by GnuPG 2.x are now supported by Hockeypuck, courtesy of ProtonMail's improvements to the go.crypto/openpgp package.

Reduced memory footprint

Some conflux improvements to reduce memory footprint. Content blocking also makes a huge difference in memory consumption.

Content blocking options

Content length limits

Configurable limits on overall key and packet lengths. These are now the defaults:

[hockeypuck.openpgp]
maxKeyLength=1048576
maxPacketLength=8192

With these settings, it is possible to run Hockeypuck on an e2-small in Google Cloud (2GB ram, 2 vCPU). Most legitimate content falls below these limits, except a few vandalized keys. See "Authenticated Key Management" below for how to remove signature spam from your keys in 2.1.0 if you've been a target.

Blacklisting

A primary key fingerprint blacklist can be used to block specific keys. For example, these keys seem to have been created without any purpose but to waste keyserver resources:

[hockeypuck.openpgp]
blacklist=[
  "2790943722612cf8d9c2db9213de25eed1bb5151",
  "a490d0f4d311a4153e2bb7cadbb802b258acd84f",
  "5c738727ee58786a777c4f1db5aa3fa3486ed7ad",
  "33d51b5621953173ab74b521bdca9f8e3a6c1785",
]

This feature can also be a useful tool to deal with GDPR "right to be forgotten" type requests. The blacklist will prevent keys from getting re-submitted or re-synced back to the keyserver once they are deleted from the postgres database.

Authenticated Key Management

See HIP-1 for a detailed design spec and examples of usage. Basically, you can replace or delete the contents of your key on the keyserver with new endpoints, /pks/replace and /pks/delete. These endpoints require that you sign the uploaded key material in the request to prove you own the private key for it.

/pks/replace replaces the entire key contents on the keyserver with your copy, removing any missing signatures in the process. This allows someone with a vandalized key containing a large amount of spam to still push updates to their key. It is necessary if the key has been spammed to exceed the keyserver's maximum length limit.

/pks/delete allows deleting your own key contents from the keyserver.

Specialized keyserver queries

Some keyservers only need to support package signatures. For this use case, WoT and keyword search capabilities can be disabled completely, to only allow queries by fingerprint and self-signed content in results. This can further reduce operational overhead.

[hockeypuck.hkp.queries]
selfSignedOnly=true
keywordSearchDisabled=true

CPU and Memory profiling

Give hockeypuck a SIGUSR2 to cause it to dump profiles on top-k CPU calls and heap allocations. Files are written to:

/tmp/hockeypuck-cpu.prof
/tmp/hockeypuck-mem.prof

Bugs closed

#77, Log key sizes

#79, Blocking support

#67, GDPR & right to be forgotten

#62 and #64 fixed by using ProtonMail's openpgp implementation.

EOL

MongoDB support

I have no interest in maintaining the MongoDB backend, so it has been removed.

Travis CI

Replaced with Github Actions.

2.0.15

Release 2.0.15