FS#53070 : [gnupg] Unable to connect to keyserver without "standard-resolver" option

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#53070 - [gnupg] Unable to connect to keyserver without "standard-resolver" option

Attached to Project: Arch Linux
Opened by Dennis Anderson (walkingrobot) - Thursday, 23 February 2017, 22:56 GMT
Last edited by Gaetan Bisson (vesath) - Saturday, 18 March 2017, 09:12 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	Gaetan Bisson (vesath)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

GnuPG 2.1.18-1

When I try any function involving a keyserver I get "connection refused" unless I include the "standard-resolver" option in dirmngr.conf.

I have attached a dirmngr debug log.

nsswitch.conf is stock.

Steps to reproduce:
remove standard-resolver from dirmngr.conf
pkill dirmngr
search for a key

dirmngr.log.2.1.18 (3.1 KiB)

This task depends upon

Closed by Gaetan Bisson (vesath)
Saturday, 18 March 2017, 09:12 GMT
Reason for closing: Works for me

Comments (6)
Related Tasks (0/0)

Comment by Gaetan Bisson (vesath) - Saturday, 25 February 2017, 08:31 GMT

I've got not dirmngr.conf and it works just fine for me.

Could you please post your dirmngr.conf and nsswitch.conf?

Comment by Dennis Anderson (walkingrobot) - Wednesday, 01 March 2017, 10:31 GMT

# Begin /etc/nsswitch.conf

passwd: compat mymachines systemd
group: compat mymachines systemd
shadow: compat

publickey: files

hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
networks: files

protocols: files
services: files
ethers: files
rpc: files

netgroup: files

# End /etc/nsswitch.conf
dirmngr.conf
# If exactly two keyservers are configured and only one is a Tor hidden
# service, Dirmngr selects the keyserver to use depending on whether
# Tor is locally running or not (on a per session base).
standard-resolver
#keyserver hkp://jirk5u4osbsr34t5.onion
#keyserver hkp://pgp.mit.edu:11371
#keyserver hkp://keys.gnupg.net
keyserver hkps://hkps.pool.sks-keyservers.net
hkp-cacert /usr/local/etc/ssl/certs/sks-keyservers.netCA.pem

Comment by Gaetan Bisson (vesath) - Wednesday, 01 March 2017, 16:46 GMT

So if you remove your dirmngr.conf lookups still fail? Can you reproduce this deterministically? If you can I suggest you report this problem upstream at: https://bugs.gnupg.org/gnupg/index

Comment by Dennis Anderson (walkingrobot) - Saturday, 04 March 2017, 02:43 GMT

Fails without dirmngr.conf. Yes I can reproduce at will. I opened bug report upstream Issue 2986.

Comment by Gaetan Bisson (vesath) - Saturday, 04 March 2017, 04:57 GMT

For reference, here's the upstream link: https://bugs.gnupg.org/gnupg/issue2986

Comment by Dennis Anderson (walkingrobot) - Saturday, 18 March 2017, 07:12 GMT

I found that my /etc/resolv.conf was wrong. I had 127.0.0.1 in it which is not right with systemd-resolved. Once removed the standard-resolver option could be removed. It is working now.

I am sorry for wasting everyones time.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Arch Linux

FS#53070 - [gnupg] Unable to connect to keyserver without "standard-resolver" option

Details

Loading...