semantics of gnupg --keyserver in 2.1
Andre Heinecke
aheinecke at intevation.de
Wed Dec 17 10:37:39 CET 2014
Hi,
On Tuesday, December 16, 2014 06:23:57 PM Daniel Kahn Gillmor wrote:
> in GnuPG 2.1, keyserver operations are delegated to the dirmngr daemon.
>
> This is a good move overall, because it means the daemon can do things
> like keep track of which keyservers it has tried recently.
>
> however, it means that some commands that users may be used to won't do
> what they expect. For example, in 2.1:
>
> gpg --keyserver foo.example --recv 0xdeadbeef
>
> won't actually try to talk to foo.example, if dirmngr is already started
> and has decided that it will use bar.example (e.g. from
> ~/.gnupg/gpg.conf).
Gnupg sends the dirmngr the keyserver it should use with a KEYSERVER command.
In dirmngr's debug output you can see that it sends KEYSERVER --clear <foo>
and then another KEYSERVER command for each keyserver configured.
In my tests it always used the last one.
> Should gpg warn about the fact that --keyserver is being ignored here?
I hacked it for me locally to send the keyserver supplied with --keyserver as
the last one. (Added a commit message and attached this)
I have not sent this to werner as I am not sure that this a proper solution.
If the keyserver setting from the command line should just overwrite the
settings from the config then there is no need for a list. And I would have
expected dirmngr to fall back to the configured keyserver if the server
provided by --keyserver is not available. This also does not happen.
Regards,
Andre
--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-gpg-Append-command-line-keyserver-to-options.patch
Type: text/x-patch
Size: 1318 bytes
Desc: not available
URL: </pipermail/attachments/20141217/c0736afc/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20141217/c0736afc/attachment.sig>
More information about the Gnupg-devel
mailing list