[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: No gpg keyservers available on GuixSD out-of-the-box
From: |
Leo Famulari |
Subject: |
Re: No gpg keyservers available on GuixSD out-of-the-box |
Date: |
Mon, 4 Jan 2016 13:26:44 -0500 |
User-agent: |
Mutt/1.5.24 (2015-08-30) |
On Mon, Jan 04, 2016 at 05:50:47PM +0100, Ni* wrote:
> address@hidden (Ludovic Courtès) writes:
>
> > address@hidden skribis:
> >
> >> On 2016-01-01 19:21, address@hidden wrote:
> >>> On 2015-12-30 22:16, address@hidden wrote:
> >>>> Which version of GnuPG is it, per “gpg2 --version”?
> >>> ~$ gpg2 --version
> >>> gpg (GnuPG) 2.1.10
> >>> libgcrypt 1.6.3
> >>
> >> I now tested with the 2.0 version and the result was that it only
> >> worked when specifying the keyserver (pgp.mit.edu) on the commandline.
> >>
> >> So to sum it up (i'm on an i686 platform):
> >> (with default config-files)
> >> gpg 2.1.10 - keyservers are not reachable at all
> >> gpg 2.0.29 - keyservers are only reachable when using --keyserver
> >> URL-to-keyserver on the commandline omplains about wrong keyserver URI
> >> when not specifying --keyserver URL-to-keyserver).
> >
> > I confirm that 2.1 behaves differently:
> >
> > $ $(guix build gnupg-2.1)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys
> > 3D9AEBB5
> > gpg: key "3D9AEBB5 #EA52ECF4" not found
> > gpg: (check argument of option '--hidden-encrypt-to')
> > $ $(guix build gnupg-2.0)/bin/gpg2 --keyserver pgp.mit.edu --recv-keys
> > 3D9AEBB5
> > gpg: requesting key 3D9AEBB5 from hkp server pgp.mit.edu
> > gpg: key 3D9AEBB5: "Ludovic Courtès <address@hidden>" not changed
> > gpg: Nombro traktita entute: 1
> > gpg: neŝanĝitaj: 1
> >
> > I would suggest reaching out to the GnuPG mailing lists.
> >
> > Ludo’.
> >
>
> Hi,
>
> I thought I figured out my mistake from 12 months ago when GnuPG broke
> (and I faded out using it), the question here got me motivated to look
> into 2.1 issues again.
>
> I got it to the point where it works again, meaning searching for
> keys (although I am unsure wether it uses hkp or hkps protocol), etc.
>
> ~/.gnupg$ tree
> .
> ├── crls.d
> │ └── DIR.txt
> ├── dirmngr.conf
> ├── gpg-agent.conf
> ├── gpg.conf
> ├── openpgp-revocs.d
>
> ├── private-keys-v1.d
>
> ├── pubring.kbx
> ├── pubring.kbx~
> ├── random_seed
> ├── S.dirmngr
> ├── S.gpg-agent
> └── trustdb.gpg
>
> What I did was start from scratch with GnuPG 2.1:
>
> cat gpg.conf
> keyserver-options no-honor-keyserver-url include-revoked
> fixed-list-mode
> keyid-format 0xlong
> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5
> BZIP2 ZLIB ZIP Uncompressed
> use-agent
> verify-options show-uid-validity
> list-options show-uid-validity
> cert-digest-algo SHA512
> no-comments
> with-fingerprint
> no-emit-version
>
> cat dirmngr.conf
> keyserver hkp://hkps.pool.sks-keyservers.net
> hkp-cacert /home/myusername/certificates/sks-keyservers.netCA.pem
>
> cat gpg-agent.conf
> pinentry-program /home/myusername/.guix-profile/bin/pinentry-curses
> default-cache-ttl 86400
>
>
> I noticed that gpg-agent needs at least those 2 entries to work with.
>
> Related question:
> is it intentional that there's no pinentry-gtk and pinentry-qt in Guix?
I'm using the Debian provided pinentry, but it looks like our pinentry
provides a GTK interface and a console (ncurses?) interface, at least
based on the package definition in gnupg.scm.
>
>
> --
> Ni* -- http://www.libertad.pw
> Email is public. Talk to me in private:
> https://psyced.org:34443/~niasterisk
> privacy respecting, secure communication:
> BM-2cSj8qEigE3CMaLU3CwPZf7T3LvzvnttsC
> (bitmessage)
>