Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#43364 - [gnupg] Cannot connect to HKPS keyserver
Attached to Project:
Arch Linux
Opened by Florian Walch (fwalch) - Wednesday, 07 January 2015, 11:56 GMT
Last edited by Gaetan Bisson (vesath) - Thursday, 03 December 2015, 19:49 GMT
Opened by Florian Walch (fwalch) - Wednesday, 07 January 2015, 11:56 GMT
Last edited by Gaetan Bisson (vesath) - Thursday, 03 December 2015, 19:49 GMT
|
DetailsDescription:
Keyservers can't be accessed over HKPS. Other protocols (e.g. HKP) work. Additional info: * gnupg 2.1.1-1 Steps to reproduce: 1. Move old .gnupg directory out of the way: $ mv ~/.gnupg ~/gnupg.backup 2. Create default .gnupg config: $ gpg --list-keys gpg: directory '/home/florian/.gnupg' created gpg: new configuration file '/home/florian/.gnupg/gpg.conf' created gpg: WARNING: options in '/home/florian/.gnupg/gpg.conf' are not yet active during this run gpg: keybox '/home/florian/.gnupg/pubring.kbx' created gpg: /home/florian/.gnupg/trustdb.gpg: trustdb created 3. Comment the default keyserver(s): $ sed -i 's/^keyserver/#keyserver/' ~/.gnupg/gpg.conf 4. Try to retrieve a key: $ gpg --debug 1024 --keyserver hkps://hkps.pool.sks-keyservers.net --search-keys 9741E8AC gpg: reading options from '/home/florian/.gnupg/gpg.conf' gpg: enabled debug flags: extprog assuan gpg: DBG: chan_3 <- # Home: /home/florian/.gnupg gpg: DBG: chan_3 <- # Config: [none] gpg: DBG: chan_3 <- OK Dirmngr 2.1.1 at your service gpg: DBG: connection to the dirmngr established gpg: DBG: chan_3 -> KEYSERVER --clear hkps://hkps.pool.sks-keyservers.net gpg: DBG: chan_3 <- OK gpg: DBG: chan_3 -> KS_SEARCH -- 9741E8AC gpg: DBG: chan_3 <- S PROGRESS tick ? 0 0 gpg: DBG: chan_3 <- S PROGRESS tick ? 0 0 gpg: DBG: chan_3 <- S PROGRESS tick ? 0 0 gpg: DBG: chan_3 <- ERR 1 General error <Unspecified source> gpg: error searching keyserver: General error gpg: keyserver search failed: General error gpg: DBG: chan_3 -> BYE gpg: secmem usage: 0/32768 bytes in 0 blocks 5. HKP works: $ gpg --debug 1024 --keyserver hkp://hkps.pool.sks-keyservers.net --search-keys 9741E8AC Adding a dirmgr.conf with "hkp-cacert /path/to/CA/sks-keyservers.netCA.pem" doesn't change anything. Note that for testing, only one keyserver should be "active" (i.e. in gpg.conf or specified as --keyserver; step 3), since apparently only the last specified one will be used: http://lists.gnupg.org/pipermail/gnupg-devel/2014-December/029219.html Verified these steps on a fresh system using Docker. The Dockerfile (with instructions on how to use it) is attached. BBS topic: https://bbs.archlinux.org/viewtopic.php?id=191564 
Dockerfile
(0.7 KiB)
|
This task depends upon
Closed by Gaetan Bisson (vesath)
Thursday, 03 December 2015, 19:49 GMT
Reason for closing: Works for me
Additional comments about closing: configuration error; see https://bugs.gnupg.org/gnupg/issue2130
Thursday, 03 December 2015, 19:49 GMT
Reason for closing: Works for me
Additional comments about closing: configuration error; see https://bugs.gnupg.org/gnupg/issue2130
Sorry, I should have searched more thoroughly upstream before reporting it here. I guess I just didn't expect a feature such as HKPS to be broken upstream.
I was able to reproduce all 5 steps both with [testing] package and gnupg compiled from git sources. I also rebooted after each reinstall, just in case. hkp:// does work, though.