packaged gpg 2.1.x can't retrieve any keys from keyservers.. is there any upstream fix or progress?

lists at ssl-mail.com lists at ssl-mail.com
Sat Nov 19 05:11:52 CET 2016 

> I don't know what you mean "package-installed", 

Installed from distribution's packaging, as opposed to my owne from-src builds

> and i don't know what
> version of 2.1.x you're talking about (though you mention 2.1.15 below).
> can you be more specific?

rpm -qa | grep -i gpg2 | grep -v pubkey
  gpg2-2.1.15-197.4.x86_64
  gpg2-lang-2.1.15-197.4.noarch

which gpg
  /usr/bin/gpg

ls -al /usr/bin/gpg
  lrwxrwxrwx 1 root root 4 Nov 15 11:29 /usr/bin/gpg -> gpg2*

gpg2 --version
  gpg (GnuPG) 2.1.15
  libgcrypt 1.7.3
  Copyright (C) 2016 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.
  
  Home: /root/.gnupg
  Supported algorithms:
  Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
  Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
          CAMELLIA128, CAMELLIA192, CAMELLIA256
  Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
  Compression: Uncompressed, ZIP, ZLIB, BZIP2

> Perhaps you could try increasing the logging for dirmngr ("log-level
> guru" and "log-file /path/to/wherever/dirmngr.log" in
> ~/.gnupg/dirmngr.conf) and review the output? 

cat ~/.gnupg/dirmngr.conf
	verbose
	debug 1024
	debug-level guru
	log-file   /var/log/gnupg/dirmngr.log

	keyserver hkps://hkps.pool.sks-keyservers.net:443
	hkp-cacert /usr/share/gnupg/sks-keyservers.netCA.pem

	nameserver 10.1.1.100


gpg -v --debug-all --recv-keys 0x673A03E4C1DB921F
	gpg: reading options from '/root/.gnupg/gpg.conf'
	gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing cardio ipc clock lookup extprog
	gpg: DBG: [not enabled in the source] start
	gpg: DBG: chan_3 <- # Home: /root/.gnupg
	gpg: DBG: chan_3 <- # Config: /root/.gnupg/dirmngr.conf
	gpg: DBG: chan_3 <- OK Dirmngr 2.1.15 at your service
	gpg: DBG: connection to the dirmngr established
	gpg: DBG: chan_3 -> GETINFO version
	gpg: DBG: chan_3 <- D 2.1.15
	gpg: DBG: chan_3 <- OK
	gpg: DBG: chan_3 -> KEYSERVER --clear hkps://hkps.pool.sks-keyservers.net:443
	gpg: DBG: chan_3 <- OK
	gpg: DBG: chan_3 -> KS_GET -- 0x673A03E4C1DB921F
	gpg: DBG: chan_3 <- ERR 167772346 No keyserver available <Dirmngr>
	gpg: keyserver receive failed: No keyserver available
	gpg: DBG: chan_3 -> BYE
	gpg: DBG: [not enabled in the source] stop
	gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
	              outmix=0 getlvl1=0/0 getlvl2=0/0
	gpg: secmem usage: 0/65536 bytes in 0 blocks

tail -f /var/log/gnupg/dirmngr.log


	2016-11-18 20:05:21 dirmngr[20059.0] handler for fd 0 started
	2016-11-18 20:05:21 dirmngr[20059.0] DBG: chan_0 -> # Home: /root/.gnupg
	2016-11-18 20:05:21 dirmngr[20059.0] DBG: chan_0 -> # Config: /root/.gnupg/dirmngr.conf
	2016-11-18 20:05:21 dirmngr[20059.0] DBG: chan_0 -> OK Dirmngr 2.1.15 at your service
	2016-11-18 20:05:21 dirmngr[20059.0] connection from process 20330 (0:0)
	2016-11-18 20:05:21 dirmngr[20059.0] DBG: chan_0 <- GETINFO version
	2016-11-18 20:05:21 dirmngr[20059.0] DBG: chan_0 -> D 2.1.15
	2016-11-18 20:05:21 dirmngr[20059.0] DBG: chan_0 -> OK
	2016-11-18 20:05:21 dirmngr[20059.0] DBG: chan_0 <- KEYSERVER --clear hkps://hkps.pool.sks-keyservers.net:443
	2016-11-18 20:05:21 dirmngr[20059.0] DBG: chan_0 -> OK
	2016-11-18 20:05:21 dirmngr[20059.0] DBG: chan_0 <- KS_GET -- 0x673A03E4C1DB921F
	2016-11-18 20:05:21 dirmngr[20059.0] host 'hkps.pool.sks-keyservers.net' marked as dead
	2016-11-18 20:05:21 dirmngr[20059.0] command 'KS_GET' failed: No keyserver available
	2016-11-18 20:05:21 dirmngr[20059.0] DBG: chan_0 -> ERR 167772346 No keyserver available <Dirmngr>
	2016-11-18 20:05:21 dirmngr[20059.0] DBG: chan_0 <- BYE
	2016-11-18 20:05:21 dirmngr[20059.0] DBG: chan_0 -> OK closing connection
	2016-11-18 20:05:21 dirmngr[20059.0] handler for fd 0 terminated



> If that doesn't give you more pointers

I honestly don't know.  Does it?

> could you attatch to dirmngr (with debug symbols
> installed) and see what it's doing inside dirmngr/http.c,
> dirmngr/ks-engine-hkp.c, and dirmngr/dns-stuff.c, where the actual SRV
> lookups (and A and AAAA lookups) are generated.

Will need some more specific guidance here ...

More information about the Gnupg-devel mailing list